The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators

Markettos, A. Theodore; Moore, Simon W.

doi:10.1007/978-3-642-04138-9_23

Cited by 126 publications

(104 citation statements)

References 12 publications

Supporting

Mentioning

103

Contrasting

Unclassified

Order By: Relevance

“…Markettos and Moore [7] explored how otherwise secure true random number generators could be manipulated to produce more deterministic output, and how to exploit a weak RNG in an EMV transaction. But this paper is the first work to show that poor random number generators exist in the wild, that they have been implicated in fraud, how they can be exploited, and the protocol flaws in the EMV specification that make this so hard to counter.…”

Section: Discussionmentioning

confidence: 99%

“…Even the suggested construction (hash or exclusive-or of previous ARQCs, transaction counter and time) would not be adequate if the ATM is rebooted and both the time and transaction counter are predictable. 1) UN data collection: Markettos and Moore [7] first showed that a pre-play attack was possible against EMV if the attacker could sabotage the RNG. However, before our work, there was no empiral work on the quality of the RNGs used by actual ATMs or POS terminals.…”

Section: B Pre-play Attacks Based On a Weak Rngmentioning

confidence: 99%

See 1 more Smart Citation

Be Prepared: The EMV Preplay Attack

Bond

Choudary

Murdoch

et al. 2015

IEEE Secur. Privacy

View full text Add to dashboard Cite

Abstract-EMV, also known as "Chip and PIN", is the leading system for smartcard-based payments worldwide; it is widely deployed in Europe and is starting to be introduced in the USA too. It replaces the familiar mag-strip cards with chip cards. A cryptographic protocol is executed between a chip card and bank servers based on a message authentication code (MAC) over transaction data, including a nonce called the unpredictable number.We discovered two protocol flaws: first, the lack of a terminal ID to identify involved parties, and second that the nonce is not generated by the relying party. Together, these make EMV vulnerable to the pre-play attack: pre-recorded transaction data from a target card can be replayed at a future location. This powerful attack can be exploited due to weak random number generators, by a man-in-the-middle between the terminal and the acquirer, or by malware in an ATM or POS terminal.Our investigation started when we discovered that EMV implementers often used counters, timestamps or home-grown algorithms to supply the nonce. We describe the survey methodology we developed to chart the scope of this weakness, evidence from ATM and terminal experiments in the field, and our proof-of-concept attack implementation. Finally, we explore why these flaws evaded detection until now.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: B Pre-play Attacks Based On a Weak Rngmentioning

confidence: 99%

Be Prepared: The EMV Preplay Attack

Bond

Choudary

Murdoch

et al. 2015

IEEE Secur. Privacy

View full text Add to dashboard Cite

show abstract

“…Controlled variation in power supply or temperature fluctuations are used to attack the TRNG devices and control the randomness of the bits generated. In [11], R. Santoro et al have demonstrated an attack on ring oscillator based TRNG used in a smart card by introducing noise on the power supply through electromagnetic injection. Such an attack reduced the entropy of the TRNG and hence made the smart card unsafe for use.…”

Section: Effect Of Variation On Biasmentioning

confidence: 99%

Entropy extraction in metastability-based TRNG

Suresh¹,

Burleson²

2010

2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)

View full text Add to dashboard Cite

Abstract-True Random Number Generators (TRNG) implemented in deep sub micron (DSM) technologies become biased in bit generation due to process variations and fluctuations in operating conditions. A variety of mechanisms ranging from analog and digital circuit techniques to algorithmic postprocessing can be employed to remove bias. In this work we compare the effectiveness of digital post-processing using the XOR function and Von Neumann Corrector with circuit calibration technique for a meta-stability based reference TRNG design. The energy consumption per random bit is used as the metric for comparison of the different techniques. The results indicate that the calibration technique is effective for 12% larger process variation than the XOR function and extracts entropy comparable to the Von Neumann Corrector at 56% lesser energy/bit. The analysis thereby demonstrates that circuit calibration provides an efficient tradeoff between entropy and energy/bit for removing bias in lightweight TRNG.

show abstract

“…For example, in [4] Markettos and Moore could manipulate "random" numbers generated in a secure commercial processor by injecting a periodic signal to its power supply. In [5], Bayon et al could manipulate numbers generated by a set of 50 ring oscillators even to a bigger extent by using strong electromagnetic fields.…”

Section: Introductionmentioning

confidence: 99%

Design and testing methodologies for true random number generators towards industry certification

Balasch

Bernard

Fischer

et al. 2018

2018 IEEE 23rd European Test Symposium (ETS)

View full text Add to dashboard Cite

Abstract-The objective of this paper is to provide insight on the design, evaluation and testing of modern True Random Number Generators (TRNGs) aimed towards certification. We discuss aspects related to each of these stages by means of two illustrative TRNG designs: PLL-TRNG and DC-TRNG. Topics covered in the paper include: the importance of formal security evaluations based on a stochastic model of the entropy source, the development of suitable and lightweight embedded tests to detect failures, the implementation and testing of TRNGs in dedicated FPGA platforms, and a robustness assessment to environmental and/or physical modifications.

show abstract

The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators

Cited by 126 publications

References 12 publications

Be Prepared: The EMV Preplay Attack

Be Prepared: The EMV Preplay Attack

Entropy extraction in metastability-based TRNG

Design and testing methodologies for true random number generators towards industry certification

Contact Info

Product

Resources

About