Abstract
Random number generation is a fundamental security primitive. This relatively simple requirement is beyond the capacity of passive RFID (radio frequency identification) tags, however. A recent proposal, fingerprint extraction and random number generation in SRAM (FERNS), uses onboard RAM as a randomness source. Unfortunately, practical considerations prevent this approach from reaching its full potential. First, the amount of RAM available for utilization as a randomness generator may be severely restricted due to competition with other system functionalities. Second, RAM is subject to data remanence; there is a period after losing power during which stored data remains intact in memory. Thus, after memory has been used for entropy collection once it will require time without power before it can be reused. This may lead to unacceptable delays in a usable security application. In this paper, the practical considerations that must be taken into account when using RAM as an entropy source are demonstrated. The implementation of a true random number generator on Intel’s WISP (wireless identification and sensing platform) RFID tag is also presented, which is the first to the authors’ best knowledge. By relating this to the requirements of some popular RFID authentication protocols, the practicality of utilizing memory-based randomness techniques on resource-constrained devices is assessed.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
EPC Global Class 1 Generation 2 UHF Air Interface Protocol Standard “Gen 2”. Available at http://www.epcglobalinc.org/standards/uhfc1g2/uhfc1g2_1_2_0-standard-20080511.pdf (2008)
IAR Embedded Workbench. Available at http://www.iar.com/ew (2009)
Iminj’s UHF Gen 2 RFID Speedway Reader. Available at http://www.impinj.com/products/rfid-reader.aspx (2009)
MSP430 USB Debugging Interface—MSP-FET430UIF. Available at http://focus.ti.com/docs/toolsw/folders/print/msp-fet430uif.html (2009)
Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: Fast and Secure Message Authentication. In: CRYPTO (1999)
Bringer, J., Chabanne, H.: Trusted-HB: a low-cost version of HB+ secure against man-in-the-middle attacks. In: IEEE Transactions on Information Theory (2008)
Bringer, J., Chabanne, H., Dottax, E.: HB++: a lightweight authentication protocol secure against some attacks. In: Security, Privacy and Trust in Pervasive and Ubiquitous Computing (2006)
Czeskis, A., Koscher, K., Smith, J., Kohno, T.: RFIDs and secret handshakes: Defending against ghost-and-leech attacks and unauthorized reads with context-aware communications. In: ACM Conference on Computer and Communications Security (2008)
Gutmann, P.: Data remanence in semiconductor devices. In: USENIX Security Symposium (2001)
Gilbert, Y.S.H., Robshaw, M.: HB#: Increasing the security and efficiency of HB+. In: EuroCrypt (2008)
Halderman, J., Schoen, S., Heninger, N., Clarkson, W., Paul, W., Calandrino, J., Feldman, A., Apelbaum, J., Felten, E.: Least we remember: cold boot attacks on encryption keys. In: USENIX Security Symposium (2008)
Hammouri, G., Sunar, B.: PUF-HB: A tamper-resilient HB based authentication protocol. In: ACNS (2008)
Holcomb, D.: Personal communication (April 2009)
Holcomb, D., Burleson, W., Fu, K.: Initial SRAM state as a fingerprint and source of true random numbers for RFID Tags. In: Conference on RFID Security (2007)
Holcomb, D.E., Burleson, W.P., Fu, K.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. (2009) (to appear)
Hopper, N., Blum, M.: Secure human identification protocols. In: Asiacrypt (2001)
Juels, A., Weis, S.: Authenticating pervasive devices with human protocols. In: CRYPTO (2005)
Katz, J., Shin, J.: Parallel and concurrent security of the HB and HB+ protocols. In: EUROCRYPT (2006)
Matsumoto M., NishimuraT.: Mersenne twister: A 623-dimensionally equidistributed uniform pseudorandom number generator. ACM Trans. Model. Comput. Simul. 8(1), 3–30 (1998)
Molnar, D., Wagner, D.: Privacy and security in library RFID: issues, practices, and architectures. In: ACM Computer and Communications Security (2004)
Sample, A., Yeager, D., Powledge, P., Smith, J.: Design of a passively-powered, programmable sensing platform for UHF RFID systems. In: IEEE International Conference on RFID (2007)
Saxena, N., Voris, J.: Accelerometer based random number generation on RFID tags. In: WISP Summit (2009)
Saxena, N., Voris, J.: We can remember it for you wholesale: implications of data remanence on the use of RAM for true random number generation on RFID tags. In: Workshop on RFID Security (2009)
Skorobogatov, S.: Low Temperature Data Remanence in Static RAM. Available at http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-536.html (2002)
Smith, J., Sample, A., Powledge, P., Mamishev, A., Roy, S.: A wirelessly-powered platform for sensing and computation. In: Proceedings of 8th international conference on ubiquitous computing (2006)
Weimer, F.: New openssl packages fix predictable random number generator. Available at http://lists.debian.org/debian-security-announce/2008/msg00152.html (2008)
Yuksel, K., Kaps, J., Sunar, B.: Universal hash functions for emerging ultra-low-power networks. In: Communications Networks and Distributed Systems Modeling and Simulation Conference (2004)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Saxena, N., Voris, J. Data remanence effects on memory-based entropy collection for RFID systems. Int. J. Inf. Secur. 10, 213–222 (2011). https://doi.org/10.1007/s10207-011-0139-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-011-0139-0