1 / 15

How to generate random numbers on RFID Tag ?

How to generate random numbers on RFID Tag ?. Kirti Chawla kirti@cs.virginia.edu. Basic Problem and Challenges. > Basic Problem: To generate reliable and unpredictable random numbers on a RFID tag. > Hardware description of RFID tag:

rudolf
Télécharger la présentation

How to generate random numbers on RFID Tag ?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How to generate random numbers on RFID Tag ? Kirti Chawla kirti@cs.virginia.edu

  2. Basic Problem and Challenges > Basic Problem: To generate reliable and unpredictable random numbers on a RFID tag • > Hardware description of RFID tag: • Battery (Active tags) or battery-less operation (Passive Tags) • Paper, PET (plastic) Inlay • Various form factors (stamp-size to PDA-size) • > Challenges: • Limited power supply (Passive tags power off reader supplied RF signal) • Limited circuit space (1 RFID tag ~ 4k-8k Gates) • Lower limits on circuit complexity (Limits the use of stronger RNG schemes) • Strength of generated random numbers (True-RNG, Pseudo-RNG)

  3. Requirements and Approaches > EPC C1 G2 Protocol for Communication at 860-960 MHz Requirement: An EPC C1 G2 compliant Tag must contain a 16-bit random or pseudo-random number generator • > A few candidate approaches: • Direct Amplification • Oscillator Sampling • Discrete-time Chaos • Initial SRAM state • Physically Unclonable Functions (PUFs)

  4. Approach 1: Direct Amplification • > How it works ? • Use high-gain high-bandwidth OP-AMP to process the AC voltage produced by a noise (e.g. thermal or shot noise) source. • Noise must be sufficiently amplified to a level where it can be accurately captured in a bias-free manner. > More Precisely: 1 K.r(n) < VOffset B(n) = 0 otherwise K B(n) r(n) Paper: Craig S. Petrie, and J. Alvin Connelly , “A Noise-Based IC Random Number Generator for Applications in Cryptography”

  5. Approach 1: Direct Amplification • > Merits: • Popular technique for single-chip solution, where shielding of noise source is possible. • Simple concept. • Less power and circuit-space requirement. • > De-Merits: • In an integrated circuit (IC) environment, lack of appropriate shielding of noise source from power supply and substrate signals can prohibit the use of this method. • May be affected by 1/f (pink) noise.

  6. Approach 2: Oscillator Sampling • > How it works ? • Use free running oscillators as a source of phase noise to generate randomness. • Output of a fast oscillator is sampled on the rising edge of a slower clock using D flip-flop. • Oscillator jitter causes randomness in exact sampled values. > More Precisely: 1 t(n + 1) < m[C0 + C1r(n) + C2r2(n)] B(n) = 0 otherwise Where, .t(n+1) = ((t(n) + Ts)MOD(C0 + C1r(n) + C2r2(n)) .m = fast oscillator duty cycle. [0, 1] .C0, C1, C2 = Model non-linear transfer function .Ts = slow clock frequency .MOD = modulo operator B(n) t(n+1) r(n) Paper: Craig S. Petrie, and J. Alvin Connelly , “A Noise-Based IC Random Number Generator for Applications in Cryptography”

  7. Approach 2: Oscillator Sampling • Merits: • More robust technique in the presence of deterministic noise. • Randomness can be artificially enhanced by careful selection of ratio of fast and slow oscillator frequencies. • De-Merits: • Research shows that, certain levels of oscillator jitter are not sufficient to produce statistical randomness. • Use of pseudo-random techniques to mitigate 1, can further degrade randomness of the output.

  8. Approach 3: Discrete-time Chaos • > How it works ? • Uses discrete-time analog signal processing techniques such as PWL system • Divergence of dynamic properties of the signal (or trajectory) and addition of noise generates randomness. > More Precisely: 1 i(n+1) < Iref B(n) = 0 otherwise Where, .i(n+1) = A1[[BN(i(n) + r(n))] MOD Iref] + A0 .N = # of stages .B = Stage gain .Iref = Reference current .A0 and A1 = Sample-Hold offset and gain Paper: Craig S. Petrie, and J. Alvin Connelly , “A Noise-Based IC Random Number Generator for Applications in Cryptography”

  9. Approach 3: Discrete-time Chaos • Merits: • Insensitive to the presence of deterministic noise. • Randomness is obtained from robust signal dynamic properties and not noise. • De-Merits: • Circuit inaccuracies that limit A/D resolution also lead to statistical non-randomness.

  10. Approach 4: Initial SRAM State • > How it works ? • Process variation in SRAM cell enables the noise influence to determine the outcome of the bit. • Well matched devices (based on doping concentration) are used as entropy source. These devices are randomly scattered over the SRAM. • Uses entropy extractor to for fetching entropy from randomly scattered well matched devices. Paper: Daniel E. Holcomb, Wayne P. Burleson, and Kevin Fu, “Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags”

  11. Approach 4: Initial SRAM State • Merits: • Small volatile memory can be added to tag cheaply. • Use of Universal hash function provides statistical randomness. • De-Merits: • Gathered entropy from the scattered devices may not have statistical randomness. • Implementing Universal hash function can be costly on RFID tag.

  12. Approach 5: PUFs • > How it works ? • Maps a set of challenges to a set of responses using a intractably complex physical system. • Process variation causes significant delay differences between various ICs. • Relative delay between two paths can be measured. Paper: Charles W. O’Donnell, G. Edward Suh, and Srinivas Devadas, “PUF Based Random Number Generation”

  13. Approach 5: PUFs • Merits: • PUFs generate statistical randomness. • Randomness is based on easily available process variation. • De-Merits: • Corrector / decorrelator is required. • It is possible that in 1 run less than desired no. of bits are produced.

  14. References • Charles W. O’Donnell, G. Edward Suh, and Srinivas Devadas, “PUF Based Random Number Generation”, MIT CSAIL, Technical Memo, 2004 • Karsten Nohl, “Implementable Privacy for RFID Systems”, Ph.D Thesis, University of Virginia, 2009 • Damith C. Ranasinghe, “Lightweight Cryptography on Low cost RFID”, Networked RFID Systems and Lightweight Cryptography, Springer, 2007 • Wenyi Che, Huan Deng, Xi Tan, and Junyu Wang, “A Random Number Generator for Application in RFID Tags”, Networked RFID Systems and Lightweight Cryptography, Springer, 2007 • Craig S. Petrie, M and J. Alvin Connelly, “A Noise-Based IC Random Number Generator for Applications in Cryptography”, IEEE Transactions on Circuits and Systems: Fundamental Theory, Vol. 47, No. 5, May 2000 • Ganesh K. Balachandran, and Raymond E. Barnett, “A 440-nA True Random Number Generator for Passive RFID Tags”, IEEE Transactions on Circuit and Systems, Vol. 55. No. 11, December 2008 • Daniel E. Holcomb, Wayne P. Burleson, and Kevin Fu, “Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags”, RFIDSec, 2007

  15. Questions ?

More Related