Date de l'exposé : 21 mars 2014, 10h30-11h30, salle Petri/Turing
True Random Number Generators: Security aspects and new designs using asynchronous techniquesTrue Random Number Generators (TRNG) rely on physical random processes to generate random bit sequences that are used in key generation, authentication protocols, padding, digital signatures, etc. Their security is mostly based on the unpredictability of their output. It depends on a great extent on the quality of the source of randomness and on the way this source is exploited, and it should be assessed by properly modeling this randomness source and the entropy extraction mechanism. While many TRNG designs exist, only a few of them deal with security aspects, which is surprising considering that they are low-level primitives in a cryptographic system (a weak TRNG can jeopardize a whole cryptographic system).
In the first part of this presentation, we discuss standard randomness generation schemes that use inverter ring oscillators or PLLs (Phase-Locked Loops) from both a performance and security point of view. We stress out that only a few designs allow a comprehensive and realistic entropy assessment at their output. Moreover, one of the most popular architectures (found in many commercial chips), based on the combination of multiple inverter ring oscillators, seems to present serious security weaknesses and vulnerabilities. In the second part of the presentation, we show how oscillators that use asynchronous handshake protocols (Self-timed Rings) provide an easy and straightforward solution for building a high-speed, secure TRNG with a simple and comprehensive entropy extraction scheme. Entropy at the output of the generator can be controlled by properly setting the ring parameters in relationship with measured parameters of the entropy source; it can be set as high as needed with regards to the target application. We also discuss other security aspects of the design (internal testability, thread model) and evaluate implementations in FPGA (re-programmable circuits) and integrated circuits (350 nm CMOS technology).