research-article

Open access

Side-Channel Analysis of the Random Number Generator in STM32 MCUs

Authors:

Elena DubrovaAuthors Info & Claims

GLSVLSI '22: Proceedings of the Great Lakes Symposium on VLSI 2022

Pages 15 - 20

https://doi.org/10.1145/3526241.3530324

Published: 06 June 2022 Publication History

Abstract

The hardware random number generator (RNG) integrated in STM32 MCUs is intended to ensure that the numbers it generates cannot be guessed with a probability higher than a random guess. The RNG is based on several ring oscillators whose outputs are combined and post-processed to produce a 32-bit random number per round of computation. In this paper, we show that it is possible to train a neural network capable of recovering the Hamming weight of these random numbers from power traces with a higher than 60% probability. This is a 4-fold improvement over the 14% probability of the most likely Hamming weight.

References

[1]

Melissa Azouaoui, Davide Bellizia, Ileana Buhan, Nicolas Debande, Sebastien Duval, Christophe Giraud, Eliane Jaulmes, Francois Koeune, Elisabeth Oswald, Francois-Xavier Standaert, and Carolyn Whitnall. 2020. A Systematic Appraisal of Side Channel Evaluation Strategies. Cryptology ePrint Archive, Report 2020/1347. https://ia.cr/2020/1347.

[2]

Pierre Bayon, Lilian Bossuet, Alain Aubert, and Viktor Fischer. 2013a. Electromagnetic analysis on ring oscillator-based true random number generators. In IEEE Int. Symp. on Circuits and Systems (ISCAS). 1954--1957. https://doi.org/10.1109/ISCAS.2013.6572251

[3]

Pierre Bayon, Lilian Bossuet, Alain Aubert, and Viktor Fischer. 2013b. EM radiation analysis on true random number generators: Frequency and localization retrieval method. In IEEE Asia-Pacific Int. Symp. and Exhibition on EM Compatibility.

[4]

Pierre Bayon, Lilian Bossuet, Alain Aubert, and Viktor Fischer. 2016. Fault model of electromagnetic attacks targeting ring oscillator-based true random number generators. Journal of Cryptographic Engineering, Vol. 6, 1 (April 2016), 61--74. https://doi.org/10.1007/s13389-015-0113--2

[5]

Pierre Bayon, Lilian Bossuet, Alain Aubert, Viktor Fischer, Francc ois Poucheret, Bruno Robisson, and Philippe Maurine. 2012. Contactless Electromagnetic Active Attack on Ring Oscillator Based True Random Number Generator. In Constructive Side-Channel Analysis and Secure Design. Springer, 151--166.

[6]

Georg Becker, Francesco Regazzoni, Christof Paar, and Wayne P. Burleson. 2013. Stealthy Dopant-Level Hardware Trojans. Proc. of Cryptographic Hardware and Embedded Systems (CHES'2013), LNCS 8086 (2013), 197--214.

Digital Library

[7]

Eric Brier, Christophe Clavier, and Francis Olivier. 2004. Correlation Power Analysis with a Leakage Model. In Cryptographic Hardware and Embedded Systems. Springer, 16--29.

[8]

Yang Cao, Vladimir Rozic, Bohan Yang, Josep Balasch, and Ingrid Verbauwhede. 2016. Exploring active manipulation attacks on the TERO random number generator. In 2016 IEEE 59th Int. Midwest Symp. on Circuits and Systems (MWSCAS). 1--4. https://doi.org/10.1109/MWSCAS.2016.7870007

[9]

Sreeja Chowdhury, Ana Covic, Rabin Acharya, Spencer Dupee, Fatemeh Ganji, and Domenic Forte. 2021. Physical security in the post-quantum era: A survey on side-channel analysis, random number generators, and physically unclonable functions. Journal of Cryptographic Engineering (02 2021). https://doi.org/10.1007/s13389-021-00255-w

[10]

CW308 UFO Target. 2021. https://wiki.newae.com/CW308_UFO_Target.

[11]

Debayan Das, Anupam Golder, Josef Danial, Santosh Ghosh, Arijit Raychowdhury, and Shreyas Sen. 2019. X-DeepSCA: Cross-device deep learning side channel attack. In Proceedings of the 56th Annual Design Automation Conference 2019. 1--6.

Digital Library

[12]

Samaneh Ghandali, Daniel Holcomb, and Christof Paar. 2019. Temperature-Based Hardware Trojan For Ring-Oscillator-Based TRNGs. arxiv: 1910.00735 [cs.CR]

[13]

Ian Goodfellow, Yoshua Bengio, and Aaron Courville. 2016. Deep Learning .MIT Press.

Digital Library

[14]

Gilbert Goodwill, Benjamin Jun, Josh Jaffe, and Pankaj Rohatgi. 2011. "A testing methodology for side-channel resistance validation". In NIST Mon-Invasive Attack Testing Workshop.

[15]

Jaehun Kim, Stjepan Picek, Annelie Heuser, Shivam Bhasin, and Alan Hanjalic. 2019. Make some noise. unleashing the power of convolutional neural networks for profiled side-channel analysis. IACR Transactions on Cryptographic Hardware and Embedded Systems (2019), 148--179.

[16]

A. Theodore Markettos and Simon W. Moore. 2009. The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators. In Cryptographic Hardware and Embedded Systems - CHES 2009. Springer, 317--331.

[17]

Honorio Martin, Thomas Korak, Enrique Millán, and Michael Hutter. 2015. Fault Attacks on STRNGs: Impact of Glitches, Temperature, and Underpowering on Randomness. IEEE Transactions on Information Forensics and Security, Vol. 10 (02 2015), 266 -- 277. https://doi.org/10.1109/TIFS.2014.2374072

Digital Library

[18]

Honorio Martin, Pedro Martin-Holgado, Pedro Peris-Lopez, Yolanda Morilla, and Luis Entrena. 2018. On the Entropy of Oscillator-Based True Random Number Generators under Ionizing Radiation. Entropy, Vol. 20, 7 (2018). https://doi.org/10.3390/e20070513

[19]

NewAE Technology Inc. 2021. ChipWhisperer. https://newae.com/tools/chipwhisperer.

[20]

Mathieu Renauld, Francc ois-Xavier Standaert, Nicolas Veyrat-Charvillon, Dina Kamel, and Denis Flandre. 2011. A formal study of power variability issues and side-channel attacks for nanoscale devices. In Annual Int. Conference on the Theory and Applications of Cryptographic Techniques. Springer, 109--128.

[21]

Werner Schindler and Wolfgang Killmann. 2003. Evaluation Criteria for True (Physical) Random Number Generators Used in Cryptographic Applications. In Cryptographic Hardware and Embedded Systems. Berlin, Heidelberg, 431--449.

[22]

Mathilde Soucarros, Jessy Clédière, Cécile Dumas, and Philippe Elbaz-Vincent. 2013. Fault Analysis and Evaluation of a True Random Number Generator Embedded in a Processor. J. Electron. Test., Vol. 29, 3 (2013). https://doi.org/10.1007/s10836-013--5356--1

[23]

STMicroelectronics. 2021. RM0090 Reference manual: STM32F405/415, STM32F407/417, STM32F427/437 and STM32F429/439 advanced ARM-based 32-bit MCUs. https://https://www.st.com/resource/en/reference_manual/dm00031020-stm32f405--415-stm32f407--417-stm32f427--437-and-stm32f429--439-advanced-arm-based-32-bit-mcus-stmicroelectronics.pdf.

[24]

B. Sunar, W. J. Martin, and D. R. Stinson. 2007. A Provably Secure True Random Number Generator with Built-In Tolerance to Active Attacks. IEEE Trans. Comput., Vol. 56, 1 (2007), 109--119.

[25]

Huanyu Wang, Martin Brisfors, Sebastian Forsmark, and Elena Dubrova. 2019. How diversity affects deep-learning side-channel attacks. In IEEE Nordic Circuits and Systems Conference (NORCAS). 1--7.

[26]

Ruize Wang, Huanyu Wang, and Elena Dubrova. 2020. Far Field EM Side-Channel Attack on AES Using Deep Learning. In Proc. of the 4th ACM Workshop on Attacks and Solutions in Hardware Security (ASHES'2020).

Digital Library

[27]

Yang Yu, Michail Moraitis, and Elena Dubrova. 2021. Can Deep Learning Break a True Random Number Generator" IEEE Transactions on Circuits and Systems II: Express Briefs, Vol. 68, 5 (2021), 1710--1714. https://doi.org/10.1109/TCSII.2021.3066338

Cited By

Wang RNgo KGärtner JDubrova E(2024)Unpacking Needs ProtectionIACR Communications in Cryptology10.62056/a0fh89n4eOnline publication date: 7-Oct-2024
https://doi.org/10.62056/a0fh89n4e
Chen YTian YZhou RMartínez Castro DGuo DZhou Q(2024)NDSTRNG: Non-Deterministic Sampling-Based True Random Number Generator on SoC FPGA SystemsIEEE Transactions on Computers10.1109/TC.2024.336595573:5(1313-1326)Online publication date: May-2024
https://doi.org/10.1109/TC.2024.3365955
Yazid MFahmi FSutanto ESetiawan RAripriharta Aziz M(2023)Simple Authentication Method for Vehicle Monitoring IoT Device With Verifiable Data IntegrityIEEE Internet of Things Journal10.1109/JIOT.2022.322892610:8(7027-7037)Online publication date: 15-Apr-2023
https://doi.org/10.1109/JIOT.2022.3228926
Show More Cited By

Index Terms

Side-Channel Analysis of the Random Number Generator in STM32 MCUs
1. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

A Random Number Generator Based on Electronic Noise and the Xorshift Algorithm
ICNCC '18: Proceedings of the 2018 VII International Conference on Network, Communication and Computing

This paper introduces a random number generator (RNG) based on the avalanche noise of two diodes. A true random number generator (TRNG) generates true random numbers with the use of the electronic noise produced by two avalanche diodes. The amplified ...
True Random Number Generator Based on Ring Oscillator PUFs
ICMSSP 2017: Proceedings of the 2017 2nd International Conference on Multimedia Systems and Signal Processing

Random number generator is an important building block for many cryptographic primitives and protocols. Random numbers are used to initialize key bits, nonces and initialization vectors and seed pseudo-random number generators. Physical Unclonable ...
Designing a side channel resistant random number generator
CARDIS'10: Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application

This paper describes the design of the random number generator (RNG) in the Caernarvon high assurance smart card operating system. Since it is used in the generation of cryptographic keys and other sensitive materials, the RNG has a number of stringent ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

GLSVLSI '22: Proceedings of the Great Lakes Symposium on VLSI 2022

June 2022

560 pages

ISBN:9781450393225

DOI:10.1145/3526241

General Chairs:
Ioannis Savidis
Drexel University, USA
,
Avesta Sasan
University of California, Davis, USA
,
Program Chairs:
Himanshu Thapliyal
University of Tennessee, Knoxville, USA
,
Ronald F. DeMara
University of Central Florida, USA

Copyright © 2022 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGDA: ACM Special Interest Group on Design Automation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 June 2022

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Swedish Research Council
Swedish Civil Contingencies Agency

Conference

GLSVLSI '22

Sponsor:

SIGDA

GLSVLSI '22: Great Lakes Symposium on VLSI 2022

June 6 - 8, 2022

CA, Irvine, USA

Acceptance Rates

Overall Acceptance Rate 312 of 1,156 submissions, 27%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
1,105
Total Downloads

Downloads (Last 12 months)541
Downloads (Last 6 weeks)37

Reflects downloads up to 14 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wang RNgo KGärtner JDubrova E(2024)Unpacking Needs ProtectionIACR Communications in Cryptology10.62056/a0fh89n4eOnline publication date: 7-Oct-2024
https://doi.org/10.62056/a0fh89n4e
Chen YTian YZhou RMartínez Castro DGuo DZhou Q(2024)NDSTRNG: Non-Deterministic Sampling-Based True Random Number Generator on SoC FPGA SystemsIEEE Transactions on Computers10.1109/TC.2024.336595573:5(1313-1326)Online publication date: May-2024
https://doi.org/10.1109/TC.2024.3365955
Yazid MFahmi FSutanto ESetiawan RAripriharta Aziz M(2023)Simple Authentication Method for Vehicle Monitoring IoT Device With Verifiable Data IntegrityIEEE Internet of Things Journal10.1109/JIOT.2022.322892610:8(7027-7037)Online publication date: 15-Apr-2023
https://doi.org/10.1109/JIOT.2022.3228926
Macchetti MPelletier HGroux C(2023)A New Fast and Side-Channel Resistant AES Hardware Architecture2023 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR57506.2023.10224984(572-579)Online publication date: 31-Jul-2023
https://doi.org/10.1109/CSR57506.2023.10224984
Ngo KDubrova EJohansson T(2023)A side-channel attack on a masked and shuffled software implementation of SaberJournal of Cryptographic Engineering10.1007/s13389-023-00315-313:4(443-460)Online publication date: 25-Apr-2023
https://doi.org/10.1007/s13389-023-00315-3

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents