The Design and Analysis of a True Random Number Generator in a Field Programmable Gate Array. By Paul Kohlbrenner November 20, 2003

Similar documents
True Random Number Generation TRNG Master SETI

FPGA BASED RANDOM NUMBER GENERATION ACCESSED THROUGH ARDUINO

Design and evaluation of random number generators

CSC 580 Cryptography and Computer Security

FPGA. Logic Block. Plessey FPGA: basic building block here is 2-input NAND gate which is connected to each other to implement desired function.

Cryptographic Implementations In Digital Design

PINE TRAINING ACADEMY

AES Core Specification. Author: Homer Hsing

Field Programmable Gate Array (FPGA)

EECS150 - Digital Design Lecture 6 - Field Programmable Gate Arrays (FPGAs)

Network Security. Random Number Generation. Chapter 6. Network Security (WS 2003): 06 Random Number Generation 1 Dr.-Ing G.

Outline. EECS150 - Digital Design Lecture 6 - Field Programmable Gate Arrays (FPGAs) FPGA Overview. Why FPGAs?

Chapter 6 Random Number Generation

DESIGNING OF STREAM CIPHER ARCHITECTURE USING THE CELLULAR AUTOMATA

Lab 3 Sequential Logic for Synthesis. FPGA Design Flow.

TABLE OF CONTENTS CHAPTER NO. TITLE PAGE NO.

FPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed

INTRODUCTION TO FPGA ARCHITECTURE

! Program logic functions, interconnect using SRAM. ! Advantages: ! Re-programmable; ! dynamically reconfigurable; ! uses standard processes.

Efficient Hardware Design and Implementation of AES Cryptosystem

FPGA: What? Why? Marco D. Santambrogio

A Secured Key Generation Scheme Using Enhanced Entropy

Summary. Circuits for True Random Number Generation with On-Line Quality Monitoring. Applications of Random Numbers Generators (RNGs)

FPGA architecture and design technology

Random and Pseudorandom Bit Generators

Design and Implementation of Multi-Rate Encryption Unit Based on Customized AES

Topics. Midterm Finish Chapter 7

IMPLEMENTATION OF PSEUDO-RANDOM SEQUENCE GENERATOR (PRNG) BASED ON SECURE HASH -1 ALGORITHM

Synthesis of VHDL Code for FPGA Design Flow Using Xilinx PlanAhead Tool

Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware

CSC 482/582: Computer Security. Applying Cryptography

HOWTO: A Simple Random Number Generator for the ATmega1280 Microcontroller under C and TinyOS

Hello, and welcome to this presentation of the STM32 Random Number Generator. The features of this peripheral, which is widely used to provide random

Embedded Systems: Hardware Components (part I) Todor Stefanov

Sequential Logic Blocks

ECE 331 Digital System Design

FPGA for Complex System Implementation. National Chiao Tung University Chun-Jen Tsai 04/14/2011

SHA3 Core Specification. Author: Homer Hsing

Fast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays

Field Programmable Gate Array

Don t expect to be able to write and debug your code during the lab session.

FPGA BASED CRYPTOGRAPHY FOR INTERNET SECURITY

Survey of Commercially available chips and IP cores implementing cryptographic algorithms

Topics. Key Generation. Applying Cryptography

What is the Q in QRNG?

Design of Convolution Encoder and Reconfigurable Viterbi Decoder

Improved Structure of True Random Number Generator with Direct Amplification of Analog Noise V. Kote 1, 2, V. Molata 1, 2, J.

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

The Next Generation of Cryptanalytic Hardware

Stream Ciphers. Koç ( ucsb ccs 130h explore crypto fall / 13

True Random Number Generator using Solar Output Characteristics

Evaluation of ASIC Implementation of Physical Random Number Generators using RS Latches

DESIGN AND IMPLEMENTATION OF SDR SDRAM CONTROLLER IN VHDL. Shruti Hathwalia* 1, Meenakshi Yadav 2

RC6 Implementation including key scheduling using FPGA

Bus Matrix Synthesis Based On Steiner Graphs for Power Efficient System on Chip Communications

Dolphin DCI 1.2. FIPS Level 3 Validation. Non-Proprietary Security Policy. Version 1.0. DOL.TD DRM Page 1 Version 1.0 Doremi Cinema LLC

Topics. Midterm Finish Chapter 7

Section 6. Memory Components Chapter 5.7, 5.8 Physical Implementations Chapter 7 Programmable Processors Chapter 8

Xilinx ASMBL Architecture

EECS150, Fall 2004, Midterm 1, Prof. Culler. Problem 1 (15 points) 1.a. Circle the gate-level circuits that DO NOT implement a Boolean AND function.

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Programmable Logic Devices

Sign here to give permission for your test to be returned in class, where others might see your score:

A True Random Number Generator Based On Meta-stable State Lingyan Fan 1, Yongping Long 1, Jianjun Luo 1a), Liangliang Zhu 1 Hailuan Liu 2

EECS150 - Digital Design Lecture 17 Memory 2

Attack on Sun s MIDP Reference Implementation of SSL

Stream Ciphers. Çetin Kaya Koç Winter / 13

Lecture #1: Introduction

FPGA briefing Part II FPGA development DMW: FPGA development DMW:

CPE/EE 422/522. Introduction to Xilinx Virtex Field-Programmable Gate Arrays Devices. Dr. Rhonda Kay Gaede UAH. Outline

Basic FPGA Architectures. Actel FPGAs. PLD Technologies: Antifuse. 3 Digital Systems Implementation Programmable Logic Devices

קורס VHDL for High Performance. VHDL

VHDL for Synthesis. Course Description. Course Duration. Goals

Outline. EECS Components and Design Techniques for Digital Systems. Lec 11 Putting it all together Where are we now?

PROGRAMMABLE MODULES SPECIFICATION OF PROGRAMMABLE COMBINATIONAL AND SEQUENTIAL MODULES

Memories. Design of Digital Circuits 2017 Srdjan Capkun Onur Mutlu.

FPGA BASED ADAPTIVE RESOURCE EFFICIENT ERROR CONTROL METHODOLOGY FOR NETWORK ON CHIP

A VARIETY OF ICS ARE POSSIBLE DESIGNING FPGAS & ASICS. APPLICATIONS MAY USE STANDARD ICs or FPGAs/ASICs FAB FOUNDRIES COST BILLIONS

Introduction to Field Programmable Gate Arrays

GENERATION OF PSEUDO-RANDOM NUMBER BY USING WELL AND RESEEDING METHOD. V.Divya Bharathi 1, Arivasanth.M 2

Randomness in Cryptography

Midterm Exam ECE 448 Spring 2019 Wednesday, March 6 15 points

Overview. CSE372 Digital Systems Organization and Design Lab. Hardware CAD. Two Types of Chips

Method We follow- How to Get Entry Pass in SEMICODUCTOR Industries for 3rd year engineering. Winter/Summer Training

Performance Imrovement of a Navigataion System Using Partial Reconfiguration

Lecture 7. Standard ICs FPGA (Field Programmable Gate Array) VHDL (Very-high-speed integrated circuits. Hardware Description Language)

EE 1315: DIGITAL LOGIC LAB EE Dept, UMD

Interfacing a High Speed Crypto Accelerator to an Embedded CPU

Lecture 4: Hashes and Message Digests,

MM23SC8128RM Flash Security Turbo Microcontroller Smart Card Chip With 1024 bit RSA & Maths Co-processor

Lecture 3. Behavioral Modeling Sequential Circuits. Registers Counters Finite State Machines

Random number generation

University of Toronto Faculty of Applied Science and Engineering Edward S. Rogers Sr. Department of Electrical and Computer Engineering

Custom Computing. wl

High Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields

Hardware Design with VHDL PLDs IV ECE 443

Reconfigurable PLL for Digital System

VHX - Xilinx - FPGA Programming in VHDL

Recommended Design Techniques for ECE241 Project Franjo Plavec Department of Electrical and Computer Engineering University of Toronto

FPGA design with National Instuments

Transcription:

The Design and Analysis of a True Random Number Generator in a Field Programmable Gate Array By Paul Kohlbrenner November 20, 2003

Presentation Organization 1. Thesis goal 2. The need for random bits in crypto systems 3. What is an FPGA? 4. Characteristics of Random Number Generators 5. Testing RNGs 6. My RNG design 7. Conclusion and future work 20 November, 2003 2

Thesis Goal Design and build a TRNG in an FPGA with the following characteristics: 1. Uses only the standard CLBs in the FPGA. 2. Output bits pass the standard statistical tests of randomness. 3. Acceptable output bit rate. 20 November, 2003 3

Why Do Cryptographic Processes Need Random Bits? Keys Initialization Vectors Challenges 20 November, 2003 4

Bad Generators Netscape V1.1 (circa: 1996) Used randomness sources of Process IDs and the machine uptime. Mixed the above bits with the MD5 hash function. The resulting keys (used for SSL security) were easily guessed. 20 November, 2003 5

What is a Field Programmable Gate Array (FPGA)? An FPGA is an electrical component that allows on-the-fly reconfiguration of its internal electrical configuration and interconnections. 20 November, 2003 6

FPGA Internals CLB 96 Columns Slice Flip-flops 64 Rows 4-input Lookup Tables Switching Fabric 20 November, 2003 7

Why are FPGAs Good Platforms for Crypto Systems? Algorithm and resource efficiencies In-service algorithm modification Low development costs More effective intrusion detection Near ASIC encryption speeds 20 November, 2003 8

What is a Random Number Generator? Intuitive definition: A RNG is a device that produces a stream of numbers each of which is a surprise, but over the long run the numbers should follow a specified distribution. 20 November, 2003 9

What is a Random Number Generator? Working definition (from Bruce Schneier): 1. The output looks random. 2. It is unpredictable. 3. It cannot be reliably reproduced. 20 November, 2003 10

Kinds of RNGs Pseudo Random Number Generator (PRNG) An algorithm that is initialized with an externally generated sequence and produces a much longer sequence that appears to be random. 20 November, 2003 11

Kinds of RNGs Cryptographically Secure Pseudo Random Number Generators (CSPRNGs) If, given all the previous output from a PRNG and the complete algorithm, it is computationally infeasible to predict the next output, then a PRNG is considered cryptographically secure. 20 November, 2003 12

Kinds of RNGs True Random Number Generators (TRNG) RNGs that base their output entirely on an underlying random physical process. 20 November, 2003 13

Kinds of RNGs TRNG Cannot be Reproduced CSPRNG Unpredictable Unpredictable PRNG Looks Random Looks Random Looks Random 20 November, 2003 14

What RNG? Some users don t want RNGs with all three properties. Simulation Key stream generators 20 November, 2003 15

Sources of Randomness Electrical noise Quantum mechanical properties of photons Radioactivity Human machine interactions Internal systems of computers 20 November, 2003 16

Previous Work 20 November, 2003 17

Previous Work Oscillator based designs: Direct sampling of the noise source. Noise source drives a Voltage Controlled Oscillator (VCO) which is sampled. Signal jitter in a free-running oscillator. 20 November, 2003 18

The Intel RNG: Previous Work From: The Intel Random Number Generator a white paper prepared for Intel by Cryptography Research Inc. 20 November, 2003 19

Testing RNGs Use a variety of statistical tests to examine the output to make sure it meets the desired characteristics. (TRNGs only) Make sure the physical source of randomness is functioning. 20 November, 2003 20

Testing RNGs Two widely used public domain test suites: 1. DIEHARD 2. NIST 20 November, 2003 21

Testing RNGs RNG testing system for small sets of data: 1. Bit frequency test 2. Poker test 3. Runs and gaps test 4. Auto-correlation test 20 November, 2003 22

Current Position: 8388608 Test 01 Start, Monobit test (pass = 0.00393 < V < 3.841) Segment size: 8388608, Ones: 4195161, Zeros: 4193447, V: 0.350213 [Pass] Test 01 End. Test 02 Start, Poker test SeqSize: 2, V: 2.00927 [Pass] SeqSize: 3, V: 2.79469 [Pass] SeqSize: 4, V: 11.727 [Pass] SeqSize: 5, V: 38.62 [Pass] SeqSize: 6, V: 57.0581 [Pass] SeqSize: 7, V: 124.818 [Pass] SeqSize: 8, V: 230.43 [Pass] SeqSize: 9, V: 507.068 [Pass] SeqSize: 10, V: 1075.83 [Pass] Test 02 End. 20 November, 2003 23

Test 03 Start, Runs and Gaps test Len 0's 1's MaxGap=24, MaxRun=24 (max: 24) 1 : 1049881 1049047 2 : 524072 524624 3 : 262901 262646 4 : 130522 131176 5 : 65605 65388 6 : 32448 32503 7 : 16504 16471 8 : 8234 8274 9 : 4008 4001 10 : 2020 2080 11 : 983 1005 12 : 527 504 13 : 244 239 14 : 109 126 15 : 81 69 16 : 31 27 17 : 19 13 18 : 11 8 19 : 5 4 20 : 3 2 21 : 0 0 22 : 0 1 23 : 0 0 24 : 1 1 Test 03 End. 20 November, 2003 24

Test 04 Start, Autocorrelation test Shift: 1, misses: 4196417, X: 1.45944 Shift: 2, misses: 4194980, X: 0.467492 Shift: 3, misses: 4195929, X: 1.12315 Shift: 4, misses: 4192056, X: -1.55094 Shift: 5, misses: 4195340, X: 0.71712 Shift: 6, misses: 4192718, X: -1.09312 Shift: 7, misses: 4195872, X: 1.08517 Shift: 8, misses: 4194054, X: -0.169871 Shift: 9, misses: 4194819, X: 0.358733 Shift: 10, misses: 4192790, X: -1.04202 Shift: 11, misses: 4193852, X: -0.308324 Shift: 12, misses: 4195906, X: 1.11038 Shift: 13, misses: 4194056, X: -0.166764 Shift: 14, misses: 4195781, X: 1.02475 Shift: 15, misses: 4193244, X: -0.726788 Shift: 16, misses: 4195956, X: 1.14629 Test 04 End. Test 05 Start, Approximate Entropy (ApEn) test Phi(1)=-0.693147; ApEn[1]=0.693147; Chi2=2.48155; [Passed] Phi(2)=-1.38629; ApEn[2]=0.693147; Chi2=3.0131; [Passed] Phi(3)=-2.07944; ApEn[3]=0.693147; Chi2=6.58304; [Passed] Phi(4)=-2.77259; ApEn[4]=0.693146; Chi2=15.0438; [Passed] Phi(5)=-3.46573; ApEn[5]=0.693146; Chi2=24.967; [Passed] Phi(6)=-4.15888; ApEn[6]=0.693144; Chi2=45.1833; [FAILED] (46.595 <= 45.1833 <= 83.675 Phi(7)=-4.85202; ApEn[7]=0.693141; Chi2=104.621; [Passed] Test 05 End. Test 06 Start. Parameters: L=9, Q=5120, K=926947 Xu: 8.17695, (Exp: 8.17642, Var: 3.311) Zu: 0.000286276 Universal P-Value is: 0.654705 Test 06 End. 20 November, 2003 25

TRNG Certification Two possible routes: 1. FIPS-140-2: National Institute of Standards and Technology (NIST) - Security Requirements for Cryptographic Modules. 2. AIS 31: German Federal Office for Information Security (BSI) Functionality Classes and Evaluation Methodology for True (Physical) Random Number Generators. 20 November, 2003 26

My Design The Ring Oscillators ClkOut D Q D Q 0 G 0 G 20 November, 2003 27

My Design The Ring Oscillators FeedBack1 ClkOut A4 A3 A2 A1 LUT D=A1 D D G Q Init A4 A3 A2 A1 LUT D=~A 1 D D G Q Init ClkEnable ClkReset FeedBack0 20 November, 2003 28

20 November, 2003 29

S26 S21 S16 S11 S6 1 6 11 16 21 26 31 36 41 46 51 56 61 66 71 76 81 86 91 96 S1 20 November, 2003 30

My Design The Sampler Clk0 D Q S0 1 D Q BitReady Clk1 CE Init ReadAck D Q C0 D Q RandOut Init CE R0 S0 E0 From/To Control 20 November, 2003 31

My Design The Sampler Clk1 Clk0 S0 C0 RandOut 1 0 20 November, 2003 32

My Design The Control Circuits Disable the output flip-flops in the sampler after a bit is sampled to prevent bounce. Reset the counter flip-flop to prevent correlations between successive bits. 20 November, 2003 33

My Design Evidence of Jitter Experiment Add a counter to the clk0 signal and latch the count every time a random bit is output. If there is no jitter then the count will always be at most two different values. 20 November, 2003 34

My Design Evidence of Jitter 3500 3000 Number of Occurances 2500 2000 1500 1000 500 0 211 212 213 214 215 216 217 218 219 220 221 More Signal S0 Size 20 November, 2003 35

My Design Evidence of Jitter 1600 Number of Occurances 1400 1200 1000 800 600 400 200 0 325 327 329 331 333 335 337 339 341 343 Signal S0 Size 20 November, 2003 36

My Design - Testing Windows 2000 VHDL (Text files) Compiler (Synplify V7.2) Placement and Routing (Xilinx ISE-4 toolset) Bit file (Binary file) Red Hat Linux Control file (Compiled C++) Control Process SLAAC Board (Contains FPGAs and control logic) 20 November, 2003 37

My Design - Testing Create 128MByte file of bits (1Gbit). NIST suite ran for three days on CPE02. Results showed no failures. 20 November, 2003 38

Future Work I created a design that used one CLK1 signal sampling four CLK0s. Initial tests showed that out of 78 placements across the top half of the FPGA only four failed to produce initial evidence of randomness. 20 November, 2003 39

Future Work Slower ring oscillators might produce wider tolerances for oscillator differences. 20 November, 2003 40

Questions 20 November, 2003 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback