Fault model of electromagnetic attacks targeting ring oscillator-based true random number generators

Abstract

Many side channels including power consumption, electromagnetic emanation, optical radiation, and even sound have been studied since the first publication of a side channel attack at the end of the 1990s. Most of these channels can be relatively easily used for an overall analysis of the cryptographic system (implementation of efficient passive attacks) or for injection of faults. Until recently, only the optical channel allowed both analysis of locally leaked information and precise injection of faults (single-bit errors). Recent works showed that the near-field electromagnetic channel enables similar results to be obtained. Like the optical channel, the near-field electromagnetic channel allows both active and passive attacks, which, in addition, can be theoretically non-invasive and contactless. However, the cost of the attack bench that is needed to exploit the near-field electromagnetic channel is less than that of an optical channel. Recently, we showed that it is possible to use the near-field electromagnetic channel to perform an efficient active attack targeting the true random number generator (TRNG) based on ring oscillators. In cryptography, TRNGs are chiefly used to generate encryption keys and other critical security parameters, so the proposed active attack could have serious consequences for the security of the whole cryptographic system. Here, we present the coupling of a passive attack and an active attack. The proposed coupled attack first uses a spectral differential analysis of the TRNG electromagnetic radiation to obtain valuable information on the position of ring oscillators and their frequency range. This information is then used to tune the electromagnetic harmonic signal to temporarily synchronize the ring oscillators. In this paper, we propose a fault model of the entropy extractor which shows that the behavior of the ring oscillators changes, and that it occurs additional and unwanted “fake rising edges” of the clock signal which disturb the flip-flops involved in such TRNGs. The effectiveness of our proposed coupled attack questions the use of ring oscillators in the design of TRNGs.