TRNG - EVALUATION & CERTIFICATION
WRAC’H 2019 | DUMAS Cécile | 15 avril 2019
TRNG - EVALUATION & CERTIFICATION WRACH 2019 | DUMAS Ccile | 15 - - PowerPoint PPT Presentation
TRNG - EVALUATION & CERTIFICATION WRACH 2019 | DUMAS Ccile | 15 avril 2019 OUTLINE Evaluation Lab Random Number Generators Evaluation of RNG Conclusion & Perspectives WRACH 2019 | Ccile Dumas | 15 avril
TRNG - EVALUATION & CERTIFICATION
WRAC’H 2019 | DUMAS Cécile | 15 avril 2019
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
OUTLINE
2
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
FRENCH CERTIFICATION SCHEME
ITSEF Information Technology Security Evaluation Facility CESTI Centre d’Évaluation de la Sécurité des Technologies d’Information ANSSI
3
ACCREDITATION N°1-1294 PORTEE DISPONIBLE SUR WWW.COFRAC.FR
Leti ITSEF
4
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
ITSEF – EVALUATION TASKS
Product
Report
5
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
ITSEF – EVALUATION TASKS
Product Functions
Encryption / decryption Signature Authentication Key generation / exchange …
Mechanisms
Symmetrical algorithms Asymmetrical algorithms Hash functions Random number generator
Hardware / Software
= Smart card Applications Banking Identity Health PayTV … Report
5
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
ITSEF – EVALUATION TASKS
Product Report Functions
Encryption / decryption Signature Authentication Key generation / exchange …
Mechanisms
Symmetrical algorithms Asymmetrical algorithms Hash functions Random number generator
Hardware / Software
= Smart card Applications Banking Identity Health PayTV …
Source: Security IC Platform Protection Profile - BSI-PP-0084
5
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
ITSEF – EVALUATION TASKS
Product Report Functions
Encryption / decryption Signature Authentication Key generation / exchange …
Mechanisms
Symmetrical algorithms Asymmetrical algorithms Hash functions Random number generator
Hardware / Software
= Smart card Applications Banking Identity Health PayTV …
Source: Security IC Platform Protection Profile - BSI-PP-0084
5
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
ITSEF – EVALUATION TASKS
Product Report = Smart card
Efficiency
Conformity
6
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
OUTLINE
7
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
RANDOM NUMBER GENERATOR
8
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
RANDOM NUMBER GENERATOR
9
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
RNG ARCHITECTURE TRNG Online tests Post- processing Cryptographic post-processing Initialization
Output
Hardware Software
10
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
RNG – EVALUATION TASKS
Product Report = Smart card with a RNG
Efficiency
Conformity
11
TRNG non deterministic !!
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
RNG EVALUATION TASKS TRNG Online tests Post- processing Cryptographic post-processing Initialization
Output
Statistical tests: no default (all tests, all conditions) Source analysis Cryptanalysis Forward secrecy Backward secrecy Efficiency analysis Alarm management Efficiency analysis Initialization analysis Alarm management Functional testing Attacks
Hardware Software
Conformity Environment alteration
12
Référentiel Général de Sécurité
Anwendungshinweise und Interpretationen zum Schema
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
EVALUATION NORMS
13
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
OUTLINE
14
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
RNG EVALUATION TASKS TRNG Online tests Post- processing Cryptographic post-processing Initialization
Output
Statistical tests: no default (all tests, all conditions) Functional testing Environment alteration Attacks Source analysis Cryptanalysis Forward secrecy Backward secrecy Efficiency analysis Alarm management Efficiency analysis Initialization analysis Alarm management
THIS TALK
Conformity
15
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
OUTLINE
16
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
RANDOM NUMBERS ACQUISITION
17
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
RANDOM NUMBERS ACQUISITION
Resistor heater ambiant ~ 120°C Peltier cooler
Liquid nitrogen
18
Source: M. Sourcarros, Analyse des générateurs de nombres aléatoires dans des conditions anormales d’utilisation, rapport de thèse - 2006
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
RANDOM NUMBERS ACQUISITION
19
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
OUTLINE
Focus on one property of uniform i.i.d. random variables
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
STATISTICAL TESTS
20,000 bits ~80,000,000 bits ~1,000,000,000 bits ~100,000,000 bits
20
Leti ITSEF statistical tool
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
ADAPTED TESTS
post-processing source biased unbiased
21
Example 𝑄
1 = 0.46 before post-processing
𝑦 𝑄[𝑌2 = 𝑦]
16 5000 × 𝑗=0 15 𝑔(𝑗)2 − 5000
𝑔(𝑗) pattern occurrence number follows a 2 distribution with 15 degrees of freedom
1.03 < 𝑌2 < 57.4
𝑄𝑠 𝑌2 > 57.4 = 7.0184 × 10−7 𝑄𝑠 𝑌2 < 1.03 = 3.1236 × 10−7
ADAPTED TESTS
WRAC’H 2019 | Cécile Dumas | 15 avril 2019 22
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
ADAPTED TESTS
𝑄
1 = 0.46
the test fails with high probability
𝑞 𝑗 = 1 16 𝑄[𝑌2 = 𝑦] 𝑦
23
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
ADAPTED TESTS
where π(𝑗) is the Hamming weight of 𝑗
15 𝑔 𝑗 −5000×𝑞 𝑗
2
5000×𝑞 𝑗
follows a 2 distribution with 15 degrees of freedom
Examples
𝑞 0000 = 1 − 𝑄
1 4
𝑞 0001 = 𝑄
1 1 − 𝑄 1 3
𝑞 0011 = 𝑄
1 2 1 − 𝑄 1 2
24
𝑞 𝑗 = 𝑄
1 𝜌(𝑗) 1 − 𝑄 1 4−𝜌(𝑗)
de44432885 f 6e081ed69b565788e38e9… 33111211124230113322322231132132
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
ADAPTED TESTS
p +1 +2 +3 +4 …
… 1111011010110111010110101101011110001000 de44432885 f 6e081ed69b565788e38e9… de44432885 f 6e081ed69b565788e38e9… 33111211124230113322322231132132
25
Generated method 𝑄
1
AIS31 failed Tests TestU01 failed tests Adapted tests for 𝑄
1 = 0,46
Biased sequence 0.46 T1, T2, T3 T6 T8 50 / 57 4 tests pass Markov order 1 0.46 T1, T2, T3 T5 T6 T8 51 / 57 4 tests fail Biased sequence with 1/10 pattern 0100 replaced by 0010 0.46 T1, T2, T3 T6 T8 50 / 57 3 tests pass 1 test fails (adapted Poker)
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
ADAPTED TESTS
= 0.5 = 0.58 1
26
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
OUTLINE
27
Degradation Expected default
How many random bits are generated before detection?
How many online tests are performed before detection? Minimal number of online tests to ensure a good probability of detection?
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
ONLINE TESTS
28
Degradation Expected default
How many random bits are generated before detection?
How many online tests are performed before detection? Minimal number of online tests to ensure a good probability of detection?
𝑂 = number of online tests to reach a detection 𝑂 follows a geometric law of parameter 𝑞 𝑄 𝑂 ≤ 𝑙 = 1 − 1 − 𝑞 𝑙 If a good probability of detection is 95% 𝑙 =
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
ONLINE TESTS
28
log(1 − 𝑞) log(1 − 0.95)
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
ONLINE TESTS
29
For example increasing bias
𝑞 = Mean number of times the online tests returns FAIL
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
ONLINE TESTS - SIMULATION
𝑞 ^
Tolerable weakness Non-tolerable weakness 0.03 𝑙 = Minimal number of online tests for 95% of detection Minimal number of generated bits for 95% of detection
30
^
𝑞𝑏𝑐
^
𝑞𝑏𝑐
^
probability of the detection
log(1 − 𝑞𝑏𝑐) log(1 − 0.95)
^
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
OUTLINE
31
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
ATTACKS
32
A combination of these methods
PROFILING ATTACK ON RNG: PRINCIPLE
WRAC’H 2019 | Cécile Dumas | 15 avril 2019 33
Source: C. Giraud, Attaques de cryptosystèmes embarqués et contre-mesures associées, rapport de thèse - 2007
Success in only one observation
Difficulty of synchronization
Everything may leak!
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
PROFILING ATTACK ON RNG: REMARKS
TRNG Online tests Post- processing Cryptographic post-processing Initialization
Output
User code
34
PERTURBATION ATTACK ON RNG
example: reset a bit
Need of multiple faults Need of statistical tests
example: change the configuration
Need of only one fault Visible effect
examples:
WRAC’H 2019 | Cécile Dumas | 15 avril 2019 35
TRNG Online tests Post- processing Cryptographic post-processing Initialization
Output
User code
WRAC’H 2019 | Cécile Dumas | 15 avril 2019
OUTLINE
36
CONCLUSION
AIS31 P2 high AIS31 PTG.2-3 RGS v1.0 RGS v2.0 Statistical tests Attacks LETI ITSEF Evaluations
WRAC’H 2019 | Cécile Dumas | 15 avril 2019 37
Commissariat à l’énergie atomique et aux énergies alternatives 17 rue des Martyrs | 38054 Grenoble Cedex www.cea-tech.fr Établissement public à caractère industriel et commercial | RCS Paris B 775 685 019
I’m sensitive to aging… There is 2.73% chance today is my birthday I’m like a TRNG Fortunately it’s low