the frequency injection attack on ring oscillator based
play

The Frequency Injection Attack on Ring-Oscillator-Based True Random - PowerPoint PPT Presentation

Aug 25, 2023 •489 likes •796 views

The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators A. Theodore Markettos and Simon Moore www.cl.cam.ac.uk/research/security Computer Laboratory A.T. Markettos and S. W. Moore, The Frequency Injection Attack

  1. The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators A. Theodore Markettos and Simon Moore www.cl.cam.ac.uk/research/security Computer Laboratory A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  2. Importance of unpredictable random number generation Many protocols are vulnerable to attacks if the random number generator (RNG) is predictable. ◮ Many kinds of key generation ◮ Replay attacks ◮ Digital Signature Algorithm ◮ Masking of RSA to protect against DPA A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  3. A source of randomness... jitter ◮ Sources of cryptographic randomness measure some physical property ◮ Jitter: timing variations due to noise ◮ Measure jitter of ring oscillators σ ∆ t t 0 ∆ t A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  4. A source of randomness... jitter ◮ Sources of cryptographic randomness measure some physical property ◮ Jitter: timing variations due to noise ◮ Measure jitter of ring oscillators Ring 1 1 2 ... n1 Whitening Random D-type eg LFSR bitstream latch Ring r Sampling 1 2 ... nr clock A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  5. Injection locking ◮ But what happens to jitter if the ring oscillators aren’t independent? ◮ Christiaan Huyghens, 1665: Independent pendulum clocks on a wall tend to synchronise via nonlinear vibrations through the wall ◮ Applying a signal near to the fundamental ‘pulls-in’ the oscillator to a different nearby frequency | ω inj − ω 0 | Locking range V ω inj ω 0 Pulling ω inj ω 1 ω 0 ω 2 A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  6. Injection locking in ring oscillators ◮ Ring oscillators tend to ring synchronise by parasitic injection locking ◮ ...so what if we try to force them to lock? ◮ A basic ring oscillator ◮ ...can have an injection signal coupled into the ring (not easy) ◮ A ring oscillator with power supply/EM injection is balanced ◮ ...unless it isn’t ◮ ...or until an extra load is added A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  7. Injection locking in ring oscillators ◮ Ring oscillators tend to ring synchronise by parasitic injection locking ◮ ...so what if we try to force them to lock? ◮ A basic ring oscillator ◮ ...can have an injection signal coupled into the ring (not easy) ◮ A ring oscillator with power supply/EM injection is balanced ◮ ...unless it isn’t ◮ ...or until an extra load is added A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  8. Injection locking in ring oscillators ◮ Ring oscillators tend to ring synchronise by parasitic injection locking ◮ ...so what if we try to force them to lock? ◮ A basic ring oscillator ◮ ...can have an injection signal coupled into the ring (not easy) ◮ A ring oscillator with power supply/EM injection is balanced ◮ ...unless it isn’t ◮ ...or until an extra load is added A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  9. Injection locking in ring oscillators ◮ Ring oscillators tend to ring synchronise by parasitic injection locking ◮ ...so what if we try to force them to lock? ◮ A basic ring oscillator ◮ ...can have an injection signal coupled into the ring (not easy) ◮ A ring oscillator with power supply/EM injection is balanced ◮ ...unless it isn’t ◮ ...or until an extra load is added A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  10. Injection locking in ring oscillators ◮ Ring oscillators tend to ring synchronise by parasitic injection locking ◮ ...so what if we try to force them to lock? ◮ A basic ring oscillator ◮ ...can have an injection signal coupled into the ring (not easy) ◮ A ring oscillator with power supply/EM injection is balanced ◮ ...unless it isn’t ◮ ...or until an extra load is added A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  11. Injection locking in ring oscillators ◮ Ring oscillators tend to ring synchronise by parasitic injection locking ◮ ...so what if we try to force them to lock? ◮ A basic ring oscillator ◮ ...can have an injection signal coupled into the ring (not easy) ◮ A ring oscillator with power supply/EM injection is balanced ◮ ...unless it isn’t ◮ ...or until an extra load is added A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  12. Injection locking in ring oscillators ◮ Ring oscillators tend to ring synchronise by parasitic injection locking ◮ ...so what if we try to force them to lock? ◮ A basic ring oscillator ◮ ...can have an injection signal coupled into the ring (not easy) ◮ A ring oscillator with power supply/EM injection is balanced ◮ ...unless it isn’t ◮ ...or until an extra load is added ◮ Injection locking reduces global jitter ◮ Injection locking of multiple rings prevents measurement of jitter differences between them A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  13. Experiment with discrete logic gates Injection locking is: ◮ Difficult to solve analytically ◮ Difficult to simulate with SPICE ◮ Difficult to measure inside an FPGA So we tried some discrete logic gates: ◮ 74HC04 inverter, 3-element and 5-element rings, inject 24 MHz +5V IC1: 74HC04N Vdd Vss Oscilloscope Vdd Vss 50 Ω f inject IC2: 74HC04N 100 Ω 900mV pk-pk ADT1-1WT GND (0-800MHz @ <3dB) A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  14. Experiment with discrete logic gates Yellow = output of 3-element ring (trigger), blue = 5-element 8 V 8 V 200 ns 200 ns No injection 10 MHz injection at 900 mV pk-pk A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  15. Experiment with discrete logic gates Yellow = output of 3-element ring (trigger), blue = 5-element 8 V 8 V 200 ns 200 ns No injection 10 MHz injection at 900 mV pk-pk Trigger on rising edge 50% of 3-element ring, measure phase lag until 50% rising of 5-element 300 300 Occurrences 200 Occurrences 200 100 100 0 0 0 20 40 60 0 20 40 60 No injection: phase lag/ns 24MHz injection: phase lag/ns A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  16. ATM secure microcontroller ◮ 8051-based 8-bit microcontroller, used in ATMs ◮ Tamper detection, anti-probing coating, ‘the most secure’ at release ◮ Our example datecode 1995, still recommended for new banking applications ◮ TRNG from frequency differences between ring oscillators and system crystal ◮ 8 bits entropy every 160 µ s ◮ 64 bits make up internal key A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  17. ATM secure microcontroller ◮ Injected 500 mV sinusoid into 5 V power supply. ◮ Extract full bitstream from microcontroller. Bit patterns as rasters: No injection A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  18. ATM secure microcontroller ◮ Injected 500 mV sinusoid into 5 V power supply. ◮ Extract full bitstream from microcontroller. Bit patterns as rasters: No injection 1.822880 MHz injection 1.929629 MHz injection A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  19. ATM secure microcontroller Overlaid sequences from 1.822880 MHz injection. Tuples made from random bits one each from two recordings black=(0,0), grey=(1,1), yellow=(0,1), cyan=(1,0) 32 bits has not 2 32 possible values but 225! A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  20. EMV smartcard ◮ EMV (‘Chip and PIN’) payment card from major British bank, issued 2004 (first one we picked) ◮ First we worked out an injection frequency using an electromagnetic attack: Copper tape overlaid on each side Tektronix TDS7254B to minimise magnetic loop area oscilloscope (used as passthrough amplifier, internal bandwidth filters off) CH3 CH3 OUT P7330 0-3.5GHz differential probe Anritsu MS2601B spectrum analyser IN Copper foil on underside Topside copper foil of card below chip on ground pad of chip A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

  21. EMV smartcard ◮ Then we modified a card reader to inject a 1 V 24.04 MHz sinusoid into the 5 V supply ◮ Device still ran EMV transactions ◮ Read 1.6 Gbit from ISO7816 GET CHALLENGE command ◮ Without injection, failed 1 of 188 NIST tests ◮ With injection, failed 160 of 188 NIST tests ◮ Obvious failures: 32 × 32 rank test, discrete Fourier transform A.T. Markettos and S. W. Moore, The Frequency Injection Attack on Ring-Oscillator TRNGs, CHES 2009

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A 107 W MedRadio Injection-Locked Clock Multiplier with a CTAT-biased 126 ppm/ C Ring

A 107 W MedRadio Injection-Locked Clock Multiplier with a CTAT-biased 126 ppm/ C Ring

Session 3 - Oscillators and PLLs A 107 W MedRadio Injection-Locked Clock Multiplier with a CTAT-biased 126 ppm/ C Ring Oscillator Somok Mondal and Drew A. Hall University of California, San Diego La Jolla, CA, (USA) IEEE CICC, Austin, TX,

652 views • 29 slides
High Frequency Voltage Controlled Ring Oscillators in Standard CMOS Yalcin Alper Eken PhD

High Frequency Voltage Controlled Ring Oscillators in Standard CMOS Yalcin Alper Eken PhD

High Frequency Voltage Controlled Ring Oscillators in Standard CMOS Yalcin Alper Eken PhD Candidate in School of ECE GaTech July 7 th , 2003 1 Agenda Integrated VCO types Ring oscillator theory Important characteristics of ring

514 views • 18 slides
Automated Oscillator Macromodelling Techniques for Capturing Amplitude Variations and Injection

Automated Oscillator Macromodelling Techniques for Capturing Amplitude Variations and Injection

Automated Oscillator Macromodelling Techniques for Capturing Amplitude Variations and Injection Locking Xiaolue Lai, Jaijeet Roychowdhury ECE Dept., University of Minnesota, Minneapolis Slide 1 December 10, 2004 Oscillators and Perturbation

502 views • 26 slides
Ring the hydrogen bells! H c H e H g H c H e H g frequency H c H e H g time frequency time Cl

Ring the hydrogen bells! H c H e H g H c H e H g frequency H c H e H g time frequency time Cl

Cl Cl NO 2 Cl H E H G H C Br Ring the hydrogen bells! H c H e H g H c H e H g frequency H c H e H g time frequency time Cl NO 2 Cl Cl H E H G Br H C How do 1 H nuclei ring (or resonate)? the force required to cause ringing is

397 views • 19 slides
Challenges of on-axis swap-out injection for fourth-generation storage ring light sources Michael

Challenges of on-axis swap-out injection for fourth-generation storage ring light sources Michael

Challenges of on-axis swap-out injection for fourth-generation storage ring light sources Michael Borland, Ryan Lindberg, Vadim Sajaev, Seungwhan Shin, Yipeng Sun, Aimin Xiao 2 nd RUL Topical Workshop on Injection and Injection Systems April 1,

539 views • 28 slides
Injection mismatch type of injection mismatch will lead to an emittance blow-up. Off axis

Injection mismatch type of injection mismatch will lead to an emittance blow-up. Off axis

Injection mismatch: As a rule, proton/ion accelerators need their full aperture at injection, thus avoiding mismatch allows a beam of larger normalized emittance * and containing more Protons. In proton/ion ring accelerators any Injection

454 views • 4 slides
Gigahertz Electromagnetic Structures via Direct Ink Writing Radio-Frequency Oscillator and

Gigahertz Electromagnetic Structures via Direct Ink Writing Radio-Frequency Oscillator and

Gigahertz Electromagnetic Structures via Direct Ink Writing Radio-Frequency Oscillator and Transmitter Applications Chengye Liu Inductors and Capacitors B B C. Liu et al., Advanced Material (2017) Coplanar Strip (CPS) Standing Wave Resonator

359 views • 11 slides
cc cc . Earthquake attack ccc ccc . Sticker injection attack The day disaster struck the

cc cc . Earthquake attack ccc ccc . Sticker injection attack The day disaster struck the

The day disaster struck the northeastern part of Japan ' or 1=1 -- Protect Y ourself c . SQL injection attack cc cc . Earthquake attack ccc ccc . Sticker injection attack The day disaster struck the northeastern part of Japan ' or 1=1 --

546 views • 22 slides
A Classification of SQL Injection Attack Techniques and Countermeasures William G.J. Halfond,

A Classification of SQL Injection Attack Techniques and Countermeasures William G.J. Halfond,

A Classification of SQL Injection Attack Techniques and Countermeasures William G.J. Halfond, Jeremy Viegas &amp; Alessandro Orso Georgia Institute of Technology This work was partially supported by DHS contract FA8750-05-2-0214 and NSF award

425 views • 29 slides
A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a password manager is a good idea! SQL injection is ironic SQL injection is funny Overviewtrated Account Summary Account: Account: &quot;SELECT

445 views • 32 slides
Muhammad Obaidullah Bilal Arshad Tarar Introduction Problem Design a Wien bridge

Muhammad Obaidullah Bilal Arshad Tarar Introduction Problem Design a Wien bridge

Muhammad Obaidullah Bilal Arshad Tarar Introduction Problem Design a Wien bridge oscillator to provide 18 KHz frequency. Use MULTSIM to simulate your oscillator. Modify oscillator for amplitude stabilization. Implement

342 views • 30 slides
A 10-bit Linearity Current-Controlled Ring Oscillator with Rolling Regulation for Smart Sensing

A 10-bit Linearity Current-Controlled Ring Oscillator with Rolling Regulation for Smart Sensing

10-bit Linearity CCRO with Rolling Regulation Intro CCRO Rolling-Regulation Example Conclusions 1/19 A 10-bit Linearity Current-Controlled Ring Oscillator with Rolling Regulation for Smart Sensing M.Dei 1 , J.Sacristn 1 , E.Marig 2

529 views • 19 slides
SQL Injection Attack 1 Brief Tutorial of SQL MySQL: an open-source relational database

SQL Injection Attack 1 Brief Tutorial of SQL MySQL: an open-source relational database

SQL Injection Attack 1 Brief Tutorial of SQL MySQL: an open-source relational database management system Log in to MySQL Create a Database : SHOW DATABSES command: list existing databases. Create a new database called

521 views • 30 slides
Other Forms of Injection Attack Professor Larry Heimann Web Application Security Information

Other Forms of Injection Attack Professor Larry Heimann Web Application Security Information

Other Forms of Injection Attack Professor Larry Heimann Web Application Security Information Systems Course exam scheduled on October 19 th There is an alternative exam on October 17 th at 6:00pm In Wean 5310 Lab 5 key lessons Lab was a form

300 views • 19 slides
Phase and Frequency detection Detection of sinusoidal signal characteristics Phase

Phase and Frequency detection Detection of sinusoidal signal characteristics Phase

Phase and Frequency detection Detection of sinusoidal signal characteristics Phase Frequency Usually involves some type of feedback. Typically use a local oscillator (DDS) for a comparison. The Analogy PLL The digital World

374 views • 26 slides
Multi-Level Formal Analysis A New Direction for Fault Injection Attack? L. Sauvage, T. Graba, T.

Multi-Level Formal Analysis A New Direction for Fault Injection Attack? L. Sauvage, T. Graba, T.

Institut Mines-Tlcom Multi-Level Formal Analysis A New Direction for Fault Injection Attack? L. Sauvage, T. Graba, T. Porteboeuf PROOFS September 17, 2015 Presentation Outline Introduction, Motivation Multi-level Formal Verification

485 views • 27 slides
Lab 9. Speed Control of a D.C. motor Sensing Motor Speed (Tachometer Frequency Method) Motor

Lab 9. Speed Control of a D.C. motor Sensing Motor Speed (Tachometer Frequency Method) Motor

Lab 9. Speed Control of a D.C. motor Sensing Motor Speed (Tachometer Frequency Method) Motor Speed Control Project 1. Generate PWM waveform 2. Amplify the waveform to drive the motor 3. Measure motor speed 4. Measure motor parameters 5.

489 views • 28 slides
Statistical Analysis of Corpus Data with R Word Frequency Distributions: The zipfR Package Designed

Statistical Analysis of Corpus Data with R Word Frequency Distributions: The zipfR Package Designed

Statistical Analysis of Corpus Data with R Word Frequency Distributions: The zipfR Package Designed by Marco Baroni 1 and Stefan Evert 2 1 Center for Mind/Brain Sciences (CIMeC) University of Trento 2 Institute of Cognitive Science (IKW)

1.06k views • 88 slides
Test slide Optical Atomic Clocks Defining and measuring (Optical) Frequencies then, now and next

Test slide Optical Atomic Clocks Defining and measuring (Optical) Frequencies then, now and next

Test slide Optical Atomic Clocks Defining and measuring (Optical) Frequencies then, now and next Jun Ye John L. Hall JILA, National Institute of Standards and Technology and Department of Physics, University of Colorado at Boulder

2.79k views • 58 slides
BREAKING INTO SOFTWARE DEFINED RADIO Presented by Kelly Albrink WHOAMI Kelly Albrink

BREAKING INTO SOFTWARE DEFINED RADIO Presented by Kelly Albrink WHOAMI Kelly Albrink

BREAKING INTO SOFTWARE DEFINED RADIO Presented by Kelly Albrink WHOAMI Kelly Albrink Pentester at Bishop Fox Specialize in network, wireless, and hardware security Member of Noisebridge Hackerspace in San Francisco Loves 3D

659 views • 40 slides
The OpenLexicons Project - Development and Uses of SUBTLEX-Corpora for Investigating Sound

The OpenLexicons Project - Development and Uses of SUBTLEX-Corpora for Investigating Sound

Introduction Corpus Enrichment Lexicon Modelling Analyses Conclusion The OpenLexicons Project - Development and Uses of SUBTLEX-Corpora for Investigating Sound Symbolism and Brazilian Portuguese. Kevin Tang Pawe Mandera Emmanuel Keuleers

664 views • 41 slides
XL1A: Graph Nominal Frequency Data Using Excel2013 3/10/2017 V0E XL1A: V0E XL1A: V0E Graph

XL1A: Graph Nominal Frequency Data Using Excel2013 3/10/2017 V0E XL1A: V0E XL1A: V0E Graph

XL1A: Graph Nominal Frequency Data Using Excel2013 3/10/2017 V0E XL1A: V0E XL1A: V0E Graph Categorical Count Data using Excel2013 1 Graph Categorical Count Data using Excel2013 2 Graph Nominal Frequency Goal: Graph Data using Excel 2013

620 views • 14 slides
Multi-Frequency Phase Synchronization Tingran Gao 1 Zhizhen Zhao 2 1 Committee on Computational and

Multi-Frequency Phase Synchronization Tingran Gao 1 Zhizhen Zhao 2 1 Committee on Computational and

Multi-Frequency Phase Synchronization Tingran Gao 1 Zhizhen Zhao 2 1 Committee on Computational and Applied Mathematics Department of Statistics University of Chicago 2 Department of Electrical and Computer Engineering Coordinated Science

714 views • 8 slides
Retrieval by Content Part 2: Text Retrieval Term Frequency and Inverse Document Frequency

Retrieval by Content Part 2: Text Retrieval Term Frequency and Inverse Document Frequency

Retrieval by Content Part 2: Text Retrieval Term Frequency and Inverse Document Frequency Srihari: CSE 626 1 Text Retrieval Retrieval of text-based information is referred to as Information Retrieval (IR) Used by text search engines

562 views • 16 slides

More recommend