Out-of-Band Electromagnetic Injection Attack on a Quantum Random Number Generator

P.R Smith,D.G Marangon,M Lucamarini,A.J Shields,Z.L Yuan

doi:10.1103/physrevapplied.15.044044

P.R Smith, D.G Marangon + Show 3 more

Open Access

https://doi.org/10.1103/physrevapplied.15.044044

Copy DOI

Abstract

Random number generators underpin the security of current and future cryptographic systems and are therefore a likely target for attackers. Quantum random number generators have been hailed as the ultimate sources of randomness. However, as shown in this work, the susceptibility of the sensitive electronics required to implement such devices poses a serious threat to their security. We present an out-of-band electromagnetic injection attack on a photonic quantum random number generator through which an adversary can gain full control of the output. In our first experiment, the adversary forces the binary output of the generator to become an alternating string of 1s and 0s, with near 100% success. This attack may be spotted by a vigilant user performing statistical tests on their output strings. We therefore envisage a second more subtle attack in which the adversary forces the output to be a random pattern known to them, thus rendering any protection based on statistical tests ineffective.

Highlights

Random number generators (RNGs) are essential for a wide variety of applications, from lotteries to statistics, from computer simulations to cryptography [1,2]
We describe an out-of-band attack against a quantum RNGs (QRNGs), namely a continuous variable (CV QRNG), which is based on the quantum properties of the vacuum field and its subsequent detection via balanced homodyne detection (BHD), see Fig. 1(a)
In this paper we show how an attacker can create and actively exploit an electromagnetic side channel to control the output of a QRNG whilst remaining undetected

Summary

INTRODUCTION

Random number generators (RNGs) are essential for a wide variety of applications, from lotteries to statistics, from computer simulations to cryptography [1,2]. Securitywise, it has been shown that the randomness of ring-oscillator-based RNGs can degrade if their circuits unintentionally act as receiving antennas and pick up electromagnetic radiation from the surrounding environment [10,11,12,13,14,15] This undesired behavior can be turned into an attack. Earlier works used custom-made BHD circuits, which were observed to suffer from picking up electromagnetic noise from the environment due to the difficulty in shielding the highly sensitive electronics involved [31,32,35] This noise has a classical origin and is typically assumed to be passively monitored by, and known to, Eve. The solution to maintain a high secure generation rate has often been to calibrate the output power spectrum of the generator and generate numbers using only the flat regions of the spectrum, which are free from these large classical noise contributions. The autocorrelation and conditional Shannon entropy of the output can be predicted (see Appendices B and C)

Injecting sine wave

Injecting random patterns

CONCLUSION