Skip to main content
SpringerLink
Log in

A Hardware Trojan Attack on FPGA-Based Cryptographic Key Generation: Impact and Detection

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

True Random Number Generator (TRNG) circuits are important components of cryptographic systems. Lack of statistical randomness in the generated bitstreams from a TRNG can result in compromised keys, leading to serious security breaches. In this paper, we describe a Hardware Trojan Horse (HTH)-based attack on the TRNG of an FPGA-based cryptosystem, that results in reduced entropy and increased predictability of the generated keys. The proposed HTH does not cause any functional failure in the cryptosystem, and its impact is undetectable by analysis of the compromised bitstream using standard statistical randomness testing software suites (NIST, two enhanced versions of NIST Dieharder, and LIL-tests), and by a circuit-level HTH detection technique using Transition Effect Ring Oscillator (TERO). Finally, we show that the impact of the HTH can be detected by applying Wavelet Transform on the compromised bitstream.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Fischer V (2012) A closer look at security in random number generators design. In: Schindler W, Huss SA (eds) Proceedings of the third international workshop on constructive side-channel analysis and secure design (COSADE 2012). Springer, Berlin, pp 167–182

    Chapter  Google Scholar 

  2. Massey J (1969) Shift-register synthesis and BCH decoding. IEEE Trans Inf Theory 15(1):122–127

    Article  MathSciNet  Google Scholar 

  3. Von Neumann J (1951) Various techniques used in connection with random digits. Natl Bur Stand Appl Math Ser 12:36–38

    Google Scholar 

  4. Killmann W, Schindler W (2011) A proposal for: functionality classes for random number generators. Bundesamt für Sicherheit in der Informationstechnik (BSI) publication. Accessed: May 2017

  5. Fischer V (2014) Random number generators for cryptography design and evaluation. Summer School on Design and Security of Cryptographic Algorithms and Devices, Šibenik, Croatia, June 2014. Accessed: May 2017

  6. National Institute of Standards and Technology (2002) FIPS PUB 140-2. Security requirements for cryptographic modules. Federal Information Processing Standards (FIPS) publication. Accessed: May 2017

  7. Rukhin A et al (2010) A statistical test suite for random and pseudorandom number generators for cryptographic applications. Accessed: May 2017

  8. Brown RG, Eddelbuettel D, Bauer D (2017) Dieharder: a random number test suite (v 3.31.1). Accessed: December 2017

  9. Marsaglia G (1995) Diehard battery of tests of randomness. Accessed: December 2017

  10. Wang Y (2014) On the design of LIL tests for (pseudo) random generators and some experimental results. IACR Cryptology ePrint Archive. 2014:31

  11. Kumagai J (2000) Chip detectives [reverse engineering]. IEEE Spectrum 37(11):43–48

    Article  Google Scholar 

  12. DARPA (2007) TRUST in integrated circuits (TIC). [Online]. Available: http://www.darpa.mil/MTO/solicitations/baa07-24

  13. Adee S (2008) The hunt for the kill switch. IEEE Spectrum 45(5):34–39

    Article  Google Scholar 

  14. Bhunia S, Hsiao MS, Banga M, Narasimhan S (2014) Hardware Trojan attacks: threat analysis and countermeasures. Proc IEEE 102(8):1229–1247

    Article  Google Scholar 

  15. Tehranipoor M, Koushanfar F (2010) A survey of hardware trojan taxonomy and detection. IEEE Des Test Comput 27(1):10–25

    Article  Google Scholar 

  16. Xiao K, Forte D, Jin Y, Karri R, Bhunia S, Tehranipoor M (2016) Hardware trojans: lessons learned after one decade of research. ACM Trans Des Autom Electron Syst 22(1):6:1–6:23

    Article  Google Scholar 

  17. Ali SS, Chakraborty RS, Mukhopadhyay D, Bhunia S (2011) Multi-level attacks: an emerging security concern for cryptographic hardware. In: Proceedings of design, automation & test in Europe conference & exhibition (DATE 2011), pp 1–4

  18. Stinson D (2006) Cryptography: theory and practice, 3rd edn. CRC Press/Chapman and Hall, Boca Raton

    Google Scholar 

  19. Kitsos P, Stefanidis K, Voyiatzis AG (2016) Tero-based detection of hardware trojans on fpga implementation of the AES algorithm. In: 2016 Euromicro conference on digital system design (DSD), pp 678–681

  20. Johnson AP, Patranabis S, Chakraborty RS, Mukhopadhyay D (2016) Remote dynamic clock reconfiguration based attacks on internet of things applications. In: Euromicro conference on digital system design (DSD 2016), pp 431–438

  21. Martin H, Di Natale G, Entrena L (2017) Towards a dependable true random number generator with self-repair capabilities. IEEE Trans Circ Syst Regul Pap PP(99):1–10

    Google Scholar 

  22. Yang B, Rožić V, Mentens N, Dehaene W, Verbauwhede I (2015) Embedded HW/SW platform for on-the-fly testing of true random number generators. In: Proceedings of design, automation & test in europe conference & exhibition (DATE 2015), pp 345–350

  23. Rao RM, Bopardikar AS (1998) Wavelet transforms: introduction to theory and applications. Prentice Hall/Chapman and Hall, Englewood Cliffs

    MATH  Google Scholar 

  24. Lampert B, Wahby RS, Leonard S, Levis P (2016) Robust, low-cost, auditable random number generation for embedded system security. In: Proceedings of the 14th ACM conference on embedded network sensor systems CD-ROM, SenSys ’16. ACM, New York, pp 16–27

  25. Sunar B, Martin WJ, Stinson DR (2007) A provably secure true random number generator with built-in tolerance to active attacks. IEEE Trans Comput 56(1):109–119

    Article  MathSciNet  Google Scholar 

  26. Wold K, Tan CH (2008) Analysis and enhancement of random number generator in FPGA based on oscillator rings. In: Proceedings of the international conference on reconfigurable computing and FPGAs (ReConFig 2008), pp 385–390

  27. Lao Y, Tang Q, Kim CH, Parhi KK (2016) Beat frequency detector–based high-speed true random number generators: statistical modeling and analysis. J Emerg Technol Comput Syst 13(1):9:1–9:25

    Article  Google Scholar 

  28. Haddad P, Fischer V, Bernard F, Nicolai J (2015) A physical approach for stochastic modeling of tero-based trng. In: Workshop on cryptographic hardware and embedded systems, CHES 2015, St-Malo, France

    Google Scholar 

  29. Petura O, Mureddu U, Bochard N, Fischer V, Bossuet L (2016) A survey of ais-20/31 compliant trng cores suitable for FPGA devices. In: 2016 26th international conference on field programmable logic and applications (FPL), pp 1–10

  30. Chari SN, Diluoffo VV, Karger PA, Palmer ER, Rabin T, Rao JR, Rohotgi P, Scherzer H, Steiner M, Toll DC (2010) Designing a side channel resistant random number generator. In: Smart card research and advanced application: 9th IFIP WG 8.8/11.2 international conference, CARDIS 2010, Passau, Germany, April 14–16, 2010. Proceedings. Springer, Berlin, pp 49–64

    Google Scholar 

  31. Zhu S, Ma Y, Lin J, Zhuang J, Jing J (2016) More powerful and reliable second-level statistical randomness tests for NIST SP 800-22. In: Proceedings of advances in cryptology—ASIACRYPT 2017. Springer, pp 307–329

  32. Pareschi F, Rovatti R, Setti G (2007) Second-level NIST randomness tests for improving test reliability. In: Proceedings of IEEE international symposium on circuits and systems 2017, pp 1437–1440

  33. Yutao F, Guiping S (2014) A new testing method of randomness for true random sequences. In: 2014 IEEE 5th international conference on software engineering and service science, pp 537– 540

  34. Greenland S, Senn SJ, Rothman KJ, Carlin JB, Poole C, Goodman SN, Altman DG (2016) Statistical tests, p values, confidence intervals, and power: a guide to misinterpretations. Eur J Epidemiol 337–350

    Article  Google Scholar 

  35. Varchola M, Drutarovsky M (2010) New high entropy element for fpga based true random number generators. In: Mangard S, Standaert F-X (eds) Cryptographic hardware and embedded systems, CHES 2010. Berlin, Heidelberg, pp 351–365

    Chapter  Google Scholar 

  36. Haddad P, Fischer V, Bernard F, Nicolai J (2015) A physical approach for stochastic modeling of TERO-based TRNG. In: Workshop on cryptographic hardware and embedded systems, CHES 2015

  37. (2018) Haar Wavelet. Wikipedia article on Haar Wavelet. https://en.wikipedia.org/wiki/Haar_wavelet. Accessed: May 2017

  38. Bhunia S, Roy K, Segura J (2002) A novel wavelet transform based transient current analysis for fault detection and localization. In: Proceedings of the IEEE/ACM design automation conference (DAC’02), pp 361–366

  39. Zynq Evaluation and Development Hardware User’s Guide (2017) Xilinx online documentation. Accessed: January 2018

  40. Xilinx Zynq-2000 XADC UserGuide(UG480) (2017) Xilinx online documentation. Accessed: December 2017

  41. Theodore MA, Moore SW (2009) The frequency injection attack on ring-oscillator-based true random number generators. In: Proceedings of the 11th international workshop on cryptographic hardware and embedded systems, CHES’09, pp 317–331

  42. De Cannière C, Preneel B TRIVIUM Specifications, 2005. eSTREAM submitted papers. Accessed: May 2017

  43. Roy DB, Bhasin S, Guilley S, Danger J-L, Mukhopadhyay D, Ngo XT, Najm Z (2015) Reconfigurable lut: a double edged sword for security-critical applications. In: Proceedings of the 5th international conference on security, privacy, and applied cryptography engineering, vol 9354, SPACE 2015, pp 248–268

    Chapter  Google Scholar 

  44. Malladi S, Alves-Foss J, Heckendorn RB (2002) On preventing replay attacks on security protocols. DARPA technical report by University of Idaho Moscow. Accessed: May 2017

  45. Yang B, Rožić V, Mentens N, Dehaene W, Verbauwhede I (2016) TOTAL: TRNG on-the-fly testing for attack detection using Lightweight hardware. In: Proceedings of the design, automation test in Europe conference exhibition, DATE’16, pp 127–132

  46. Marsaglia G, Tsang WW (2002) Some difficult-to-pass tests of randomness. J Stat Softw 7(3):1–9

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Secured Embedded Architecture Laboratory (SEAL), Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur, Kharagpur, West Bengal, 721302, India

    Vidya Govindan, Rajat Subhra Chakraborty & Pranesh Santikellur

  2. Centre for Artificial Intelligence and Robotics, DRDO Complex, C. V. Raman Nagar, Bangalore, 560093, India

    Aditya Kumar Chaudhary

Authors
  1. Vidya Govindan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rajat Subhra Chakraborty
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pranesh Santikellur
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Aditya Kumar Chaudhary
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vidya Govindan.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Govindan, V., Chakraborty, R.S., Santikellur, P. et al. A Hardware Trojan Attack on FPGA-Based Cryptographic Key Generation: Impact and Detection. J Hardw Syst Secur 2, 225–239 (2018). https://doi.org/10.1007/s41635-018-0042-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-018-0042-5

Keywords

Search

Navigation