a survey of ais 20 31 compliant trng cores suitable for
play

A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices - PowerPoint PPT Presentation

Goals Methodology Implementation results Conclusions A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices Oto P E TURA , Ugo M UREDDU , Nathalie B OCHARD , Viktor F ISCHER , Lilian B OSSUET Univ Lyon, UJM-Saint-Etienne, CNRS


  1. Goals Methodology Implementation results Conclusions A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices Oto P E ˇ TURA , Ugo M UREDDU , Nathalie B OCHARD , Viktor F ISCHER , Lilian B OSSUET Univ Lyon, UJM-Saint-Etienne, CNRS Laboratoire Hubert Curien UMR 5516 F-42023, SAINT-ETIENNE, France oto.petura@univ-st-etienne.fr FPL 2016, Lausanne, Switzerland, August 2016 1/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  2. Goals Methodology Implementation results Conclusions Goals of the TRNG evaluation Selected TRNG principles Outline Goals 1 2 Methodology 3 Implementation results Conclusions 4 2/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  3. Goals Methodology Implementation results Conclusions Goals of the TRNG evaluation Selected TRNG principles Goals of the TRNG evaluation Fair comparison of different TRNG principles in terms of: ◮ feasibility and reproducibility ◮ area (cost) ◮ speed (bitrate) ◮ power consumption ◮ entropy 3/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  4. Goals Methodology Implementation results Conclusions Goals of the TRNG evaluation Selected TRNG principles Selected TRNG principles Based on the selection criteria: ◮ AIS-31 compliance ◮ Feasibility in FPGAs The next TRNGs were selected and implemented: ◮ Elementary oscillator based TRNG (ELO-TRNG) ◮ Coherent sampling oscillator based TRNG (COSO-TRNG) ◮ Multiple ring oscillator based TRNG (MURO-TRNG) ◮ Phase locked loop based TRNG (PLL-TRNG) ◮ Transient effect ring oscillator based TRNG (TERO-TRNG) ◮ Self timed ring based TRNG (STR-TRNG) 4/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  5. Goals Methodology Implementation results Conclusions Fair comparison Hardware Consumption measurement Evaluated parameters Outline Goals 1 2 Methodology 3 Implementation results Conclusions 4 5/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  6. Goals Methodology Implementation results Conclusions Fair comparison Hardware Consumption measurement Evaluated parameters Methodology to achieve a fair comparison ◮ Unified external interface (as simple as possible) ◮ Reduced complexity of the design (just the TRNG core, no post-processing) ◮ All designs implemented in all the devices (Xilinx Spartan 6 FPGA, Altera Cyclone V FPGA, Microsemi SmartFusion2 FPGA) ◮ Statistical properties (entropy) evaluated using the procedure B of the AIS-20/31 statistical test suite 6/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  7. Goals Methodology Implementation results Conclusions Fair comparison Hardware Consumption measurement Evaluated parameters Hardware configuration DUT FPGA module LVDS Data USB ◮ FPGA module with the RNG Cypress bus DUT FPGA Host PC core LVDS Clock/Strobe EZ USB ◮ Simple serial data interface ◮ Two LVDS lines (data, 4 MB clock/strobe) RAM Evariste motherboard Acquisition card ◮ Evariste motherboard and Cyclone III FPGA module ◮ Can store up to 4 MB of continuous data at 0 – 400 Mbits/s 7/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  8. Goals Methodology Implementation results Conclusions Fair comparison Hardware Consumption measurement Evaluated parameters Power consumption measurement strategy FPGA '1' LVDS 1 '0' A reference design is used to measure the power consumption of an FPGA with no logic Sel inside (about 4 mW) LVDS 2 '1' '0' 8/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  9. Goals Methodology Implementation results Conclusions Fair comparison Hardware Consumption measurement Evaluated parameters Power consumption measurement strategy FPGA The power consumption of the TRNG core is '1' computed by subtracting the consumption of LVDS 1 Ready the ‘empty’ project from the total power consumption Sel The multiplexers are used to eliminate an LVDS 2 '1' impact of output drivers on the power Data consumption measurement. TRNG core 9/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  10. Goals Methodology Implementation results Conclusions Fair comparison Hardware Consumption measurement Evaluated parameters Evaluated parameters ◮ Area in terms of LUTs and registers ◮ Net power consumption ◮ Output bit rate ◮ Entropy evaluated using test T8 of the AIS-20/31 test suite Newly defined parameters: ◮ Energy efficiency number of bits generated consuming one µ Ws of energy ◮ Entropy & bit rate product bit rate with full entropy 10/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  11. Goals Methodology Implementation results Conclusions ERO COSO MURO PLL TERO STR Summary Outline Goals 1 2 Methodology 3 Implementation results Conclusions 4 11/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  12. Goals Methodology Implementation results Conclusions ERO COSO MURO PLL TERO STR Summary ERO-TRNG core 1 Digital '1' ... D noise RO1 1 N -1 Q clk Frequency divider by K Clk ... clk RO2 1 N -1 Family N K Area Power cons. Bit rate Entropy [ · 10 3 ] (LUT/L&R) [mW] [Mbits/s] per bit Spartan 6 3 80 46/19 2.16 0.0042 0.999 Cyclone V 5 135 34/20 3.24 0.0027 0.990 SmartFusion 2 5 20 45/19 4 0.014 0.980 1 M. Baudet, D. Lubicz, J. Micolond, and A. Tassiaux, "On the security of oscillator-based random number generators," Journal of Cryotology, vol. 24, no. 2, pp. 398–425, 2011. 12/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  13. Goals Methodology Implementation results Conclusions ERO COSO MURO PLL TERO STR Summary ERO-TRNG core ... Digital '1' D noise RO1 1 N -1 Q clk Frequency divider by K Clk ... clk RO2 1 N -1 Observations: ◮ Easy to implement – no placement or routing constraints needed ◮ Very good reproducibility ◮ Based on the jitter size, the K value might be very high, the size of the counter ( ≤ 20 bits) can affect scalability 13/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  14. Goals Methodology Implementation results Conclusions ERO COSO MURO PLL TERO STR Summary COSO-TRNG core 1 s 1 Beat ... D D Q D Digital signal RO1 1 N -1 Q noise s 3 Q '1' clk clk nQ clk reset s 2 Clk ... RO2 1 N -1 Family N RO freq. Area Power cons. Bit rate Entropy [MHz] (LUT/L&R) [mW] [Mbits/s] per bit Spartan 6 8 144.5 18/3 1.22 0.54 0.999 Cyclone V 6 315.5 13/3 0.9 1.44 0.999 SmartFusion 2 10 185.2 23/3 1.94 0.328 0.999 1 P . Kohlbrenner and K. Gaj, "An embedded true random number generator for FPGAs," in Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays. ACM, 2004, pp. 71–78. 14/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  15. Goals Methodology Implementation results Conclusions ERO COSO MURO PLL TERO STR Summary COSO-TRNG core s 1 Beat ... D Digital signal D Q D RO1 1 N -1 Q noise s 3 Q '1' clk clk nQ clk reset s 2 Clk ... RO2 1 N -1 Observations: ◮ The difference in periods has to be very small – difficult to achieve ◮ Disadvantage: Finding a suitable configuration requires long time (several hours) and the same configuration is not guaranteed to work on another device ◮ Placement and routing constraints are required 15/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  16. Goals Methodology Implementation results Conclusions ERO COSO MURO PLL TERO STR Summary MURO-TRNG core 1 D-FF '1' D ... Family Area Power cons. Bit rate Entropy Q RO1 clk D-FF (LUT/L&R) [mW] [Mbits/s] per bit '1' ... D Q RO2 Spartan 6 521/131 54.72 2.57 0.999 clk D-FF . Digital . . D noise . Q Cyclone V 525/130 34.93 2.2 0.999 D-FF clk '1' ... D SmartFusion 2 545/130 66.41 3.62 0.999 ROm Q clk Frequency divider by K clk ref m = 120 Clk '1' clk_in ... ROr K = 100 1 B. Sunar, W. Martin, and D. Stinson, "A Provably Secure True Random Number Generator with Built-In Tolerance ti Active Attacks," IEEE Transactions on Computers, pp. 109–119, 2007. 16/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

  17. Goals Methodology Implementation results Conclusions ERO COSO MURO PLL TERO STR Summary MURO-TRNG core Observations: D-FF '1' D ... Q RO1 ◮ The generator requires a large number of clk D-FF '1' ... D identical rings to be implemented RO2 Q clk D-FF . Digital . . D noise ◮ The rings might lock which is extremely hard to . Q D-FF clk '1' ... D detect given their number ROm Q clk ◮ No need of manual place and route Frequency divider by K clk ref Clk '1' clk_in ... ROr 17/28 O. P E ˇ A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices TURA

Recommend


More recommend