research-article

Design and Implementation of Warbler Family of Lightweight Pseudorandom Number Generators for Smart Devices

Authors:
Kalikinkar Mandal

University of Washington, Washington, USA

University of Washington, Washington, USA
View Profile

,
Xinxin Fan

Robert Bosch Research and Technology Center, Pennsylvania, USA

Robert Bosch Research and Technology Center, Pennsylvania, USA
View Profile

,
Guang Gong

University of Waterloo, Ontario, Canada

University of Waterloo, Ontario, Canada
View Profile

Authors Info & Claims

ACM Transactions on Embedded Computing Systems Volume 15 Issue 1Article No.: 1pp 1–28https://doi.org/10.1145/2808230

Published:20 February 2016Publication History

ACM Transactions on Embedded Computing Systems

Abstract

With the advent of ubiquitous computing and the Internet of Things (IoT), the security and privacy issues for various smart devices such as radio-frequency identification (RFID) tags and wireless sensor nodes are receiving increased attention from academia and industry. A number of lightweight cryptographic primitives have been proposed to provide security services for resource-constrained smart devices. As one of the core primitives, a cryptographically secure pseudorandom number generator (PRNG) plays an important role for lightweight embedded applications. The most existing PRNGs proposed for smart devices employ true random number generators as a component, which generally incur significant power consumption and gate count in hardware. In this article, we present Warbler family, a new pseudorandom number generator family based on nonlinear feedback shift registers (NLFSRs) with desirable randomness properties. The design of the Warbler family is based on the combination of modified de Bruijn blocks together with a nonlinear feedback Welch-Gong (WG) sequence generator, which enables us to precisely characterize the randomness properties and to flexibly adjust the security level of the resulting PRNG. Some criteria for selecting parameters of the Warbler family are proposed to offer the maximum level of security. Two instances of the Warbler family are also described, which feature two different security levels and are dedicated to EPC C1 Gen2 RFID tags and wireless sensor nodes, respectively. The security analysis shows that the proposed instances not only can pass the cryptographic statistical tests recommended by the EPC C1 Gen2 standard and NIST but also are resistant to the cryptanalytic attacks such as algebraic attacks, cube attacks, time-memory-data tradeoff attacks, Mihaljević et al.’s attacks, and weak internal state and fault injection attacks. Our ASIC implementations using a 65nm CMOS process demonstrate that the proposed two lightweight instances of the Warbler family can achieve good performance in terms of speed and area and provide ideal solutions for securing low-cost smart devices.

References

Raja Naeem Akram, Konstantinos Markantonakis, and Keith Mayes. 2012. Pseudorandom number generation in smart cards: An implementation, performance and randomness analysis. In 2012 5th International Conference on New Technologies, Mobility and Security (NTMS’12). 1--7. DOI:http://dx.doi.org/10.1109/NTMS.2012.6208760Google ScholarCross Ref
Jean-Philippe Aumasson, Luca Henzen, Willi Meier, and Mara Naya-Plasencia. 2013. Quark: A lightweight hash. Journal of Cryptology 26, 2 (2013), 313--339. DOI:http://dx.doi.org/10.1007/s00145-012-9125-6 Google ScholarDigital Library
Ganesh K. Balachandran and Raymond E. Barnett. 2008. A 440-nA true random number generator for passive RFID tags. IEEE Transactions on Circuits and Systems I: Regular Papers, 55, 11 (Dec. 2008), 3723--3732. DOI:http://dx.doi.org/10.1109/TCSI.2008.927220Google ScholarCross Ref
Lawrence E. Bassham, III, Andrew L. Rukhin, Juan Soto, James R. Nechvatal, Miles E. Smid, Elaine B. Barker, Stefan D. Leigh, Mark Levenson, Mark Vangel, David L. Banks, Nathanael Alan Heckert, James F. Dray, and San Vo. 2010. SP 800-22 Rev. 1a. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. Technical Report. Gaithersburg, MD. Google ScholarDigital Library
Alex Biryukov and Adi Shamir. 2000. Cryptanalytic time/memory/data tradeoffs for stream ciphers. In Advances in Cryptology (ASIACRYPT’00), Tatsuaki Okamoto (Ed.). Lecture Notes in Computer Science, Vol. 1976. Springer, Berlin, 1--13. DOI:http://dx.doi.org/10.1007/3-540-44448-3_1 Google ScholarDigital Library
Andrey Bogdanov, Miroslav Kneevi, Gregor Leander, Deniz Toz, Kerem Varc, and Ingrid Verbauwhede. 2011. Spongent: A lightweight hash function. In Cryptographic Hardware and Embedded Systems (CHES’11), Bart Preneel and Tsuyoshi Takagi (Eds.). Lecture Notes in Computer Science, Vol. 6917. Springer, Berlin, 312--325. DOI:http://dx.doi.org/10.1007/978-3-642-23951-9_21 Google ScholarDigital Library
Wenyi Che, Huan Deng, Wang Tan, and Junyu Wang. 2008. A random number generator for application in RFID tags. In Networked RFID Systems and Lightweight Cryptography, Peter H. Cole and Damith C. Ranasinghe (Eds.). Springer, Berlin, 279--287. DOI:http://dx.doi.org/10.1007/978-3-540-71641-9_16Google Scholar
Nicolas T. Courtois, Daniel Hulme, Kumail Hussain, Jerzy A. Gawinecki, and Marek Grajek. 2013. On bad randomness and cloning of contactless payment and building smart cards. In 2013 IEEE Security and Privacy Workshops (SPW’13). 105--110. DOI:http://dx.doi.org/10.1109/SPW.2013.29 Google ScholarDigital Library
Nicolas T. Courtois and Willi Meier. 2003. Algebraic attacks on stream ciphers with linear feedback. In Proceedings of the 22nd International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT’03). Springer-Verlag, Berlin, 345--359. Google ScholarDigital Library
Itai Dinur and Adi Shamir. 2009. Cube attacks on tweakable black box polynomials. In Advances in Cryptology (EUROCRYPT’09), Antoine Joux (Ed.). Lecture Notes in Computer Science, Vol. 5479. Springer, Berlin , 278--299. DOI:http://dx.doi.org/10.1007/978-3-642-01001-9_16 Google ScholarDigital Library
EPCglobal. 2015. EPC radio-frequency identification protocols generation-2 UHF RFID: Specifications for RFID air interface protocols for communications at 860 MHz - 960 MHz, version 2.0.1 ratified. Retrieved from http://www.gs1.org/sites/default/files/docs/epc/Gen2_Protocol_Standard.pdf.Google Scholar
Aurelien Francillon and Claude Castelluccia. 2007. TinyRNG: A cryptographic random number generator for wireless sensors network nodes. In 5th International Symposium on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks and Workshops, 2007 (WiOpt’07). 1--7. DOI:http://dx.doi.org/ 10.1109/WIOPT.2007.4480051Google ScholarCross Ref
Vincenzo Gaglio, Alessandra De Paola, Marco Ortolani, and Giuseppe Lo Re. 2010. A TRNG exploiting multi-source physical data. In Proceedings of the 6th ACM Workshop on QoS and Security for Wireless and Mobile Networks (Q2SWinet’10). ACM, New York, NY, 82--89. DOI:http://dx.doi.org/ 10.1145/1868630.1868646 Google ScholarDigital Library
Solomon W. Golomb and Guang Gong. 2004. Signal Design for Good Correlation: For Wireless Communication, Cryptography, and Radar. Cambridge University Press, New York, NY. Google ScholarDigital Library
Guang Gong, Sondre Rnjom, Tor Helleseth, and Honggang Hu. 2011. Fast discrete fourier spectra attacks on stream ciphers. IEEE Transactions on Information Theory 57, 8 (Aug. 2011), 5555--5565. DOI:http://dx.doi.org/ 10.1109/TIT.2011.2158480 Google ScholarDigital Library
Guang Gong and Amr M. Youssef. 2001. On welch-gong transformation sequence generators. In Selected Areas in Cryptography, Douglas R. Stinson and Stafford Tavares (Eds.). Lecture Notes in Computer Science, Vol. 2012. Springer, Berlin, 217--232. DOI:http://dx.doi.org/10.1007/3-540-44983-3_16 Google ScholarDigital Library
Jian Guo, Thomas Peyrin, and Axel Poschmann. 2011. The PHOTON family of lightweight hash functions. In Advances in Cryptology (CRYPTO’11), Phillip Rogaway (Ed.). Lecture Notes in Computer Science, Vol. 6841. Springer, Berlin, 222--239. DOI:http://dx.doi.org/10.1007/978-3-642-22792-9_13 Google ScholarDigital Library
Daniel E. Holcomb, Wayne P. Burleson, and Kevin Fu. 2007. Initial SRAM state as a fingerprint and source of true random numbers for RFID tags. In Proceedings of the Conference on RFID Security.Google Scholar
Honggang Hu and Guang Gong. 2011. Periods on two kinds of nonlinear feedback shift registers with time varying feedback functions. International Journal of Foundations of Computer Science 22, 6 (2011), 1317--1329. DOI:http://dx.doi.org/10.1142/S0129054111008738Google ScholarCross Ref
Chris Karlof, Naveen Sastry, and David Wagner. 2004. TinySec: A link layer security architecture for wireless sensor networks. In Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems (SenSys’04). ACM, New York, NY, 162--175. DOI:http://dx.doi.org/10.1145/1031495.1031515 Google ScholarDigital Library
Elif Bilge Kavun and Tolga Yalcin. 2010. A lightweight implementation of keccak hash function for radio-frequency identification applications. In Radio Frequency Identification: Security and Privacy Issues, SiddikaBerna Ors Yalcin (Ed.). Lecture Notes in Computer Science, Vol. 6370. Springer, Berlin, 258--269. DOI:http://dx.doi.org/10.1007/978-3-642-16822-2_20 Google ScholarDigital Library
John Kelsey, Bruce Schneier, and Niels Ferguson. 2000. Yarrow-160: Notes on the design and analysis of the yarrow cryptographic pseudorandom number generator. In Selected Areas in Cryptography, Howard Heys and Carlisle Adams (Eds.). Lecture Notes in Computer Science, Vol. 1758. Springer, Berlin, 13--33. DOI:http://dx.doi.org/10.1007/3-540-46513-8_2 Google ScholarDigital Library
Edwin L. Key. 2006. An analysis of the structure and complexity of nonlinear binary sequence generators. IEEE Transactions on Information Theory 22, 6 (Sept. 2006), 732--736. DOI:http://dx.doi.org/ 10.1109/TIT.1976.1055626 Google ScholarDigital Library
Wolfgang Killmann and Werner Schindler. 2001. A proposal for: Functionality classes and evaluation methodology for true (Physical) random number generators, version 3.1 (25.09.2001), Mathematical-technical reference of {AIS31}, English translation. Retrieved from https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_ Functionality_classes_evaluation_methodology_for_true_RNG_e.pdf?__blob=publicationFile.Google Scholar
Andrew Klapper. 2005. Linear complexity of finite field sequences over different fields. In International Workshop on Sequence Design and Applications (IWSDA’05).Google Scholar
Donald E. Knuth. 1997. The Art of Computer Programming, Volume 2 (3rd ed.): Seminumerical Algorithms. Addison-Wesley Longman Publishing Co., Boston, MA. Google ScholarDigital Library
Philip Levis and David Gay. 2009. TinyOS programming. Retrieved from http://csl.stanford.edu/pal/pubs/ tos-programming-web.pdf. Google ScholarDigital Library
Giuseppe Lo Re, Fabrizio Milazzo, and Marco Ortolani. 2011. Secure random number generation in wireless sensor networks. In Proceedings of the 4th International Conference on Security of Information and Networks (SIN’11). ACM, New York, NY, 175--182. DOI:http://dx.doi.org/10.1145/2070425.2070453 Google ScholarDigital Library
Kalikinkar Mandal. 2013. Design and analysis of cryptographic pseudorandom number/sequence generators with applications in RFID. Ph.D Dissertation. University of Waterloo, ON, Canada. http://hdl.handle.net/10012/7730.Google Scholar
Kalikinkar Mandal, Xinxin Fan, and Guang Gong. 2012. Warbler: A lightweight pseudorandom number generator for EPC C1 Gen2 tags. In Volume 8: Radio Frequency Identification System Security. Cryptology and Information Security Series, Vol. 1758. IOS Press, 73--84. DOI:http://dx.doi.org/ 10.3233/978-1-61499-143-4-73Google Scholar
Kalikinkar Mandal, Xinxin Fan, and Guang Gong. 2013. Warbler: A lightweight pseudorandom number generator for EPC C1 Gen2 passive RFID tags. International Journal of RFID Security and Cryptography (IJRFIDSC) 2, 1--4 (Mar-Dec. 2013), 82--91.Google Scholar
Kalikinkar Mandal and Guang Gong. 2012. Probabilistic generation of good span n sequence from nonlinear feedback shift registers. CACR Technical Report CACR 06-2012, University of Waterloo, ON, Canada.Google Scholar
Kalikinkar Mandal, Guang Gong, Xinxin Fan, and Mark Aagaard. 2014. Optimal parameters for the WG stream cipher family. Cryptography Communications 6, 2 (June 2014), 117--135. DOI:http://dx.doi.org/ 10.1007/s12095-013-0091-0 Google ScholarDigital Library
Honorio Martin, Enrique San Millan, Luis Entrena, Pedro Peris Lopez, and Julio Cesar Hernandez Castro. 2011. AKARI-X: A pseudorandom number generator for secure lightweight systems. In 2011 IEEE 17th International On-Line Testing Symposium (IOLTS’11). 228--233. DOI:http://dx.doi.org/10.1109/IOLTS.2011.5994534 Google ScholarDigital Library
Willi Meier and Othmar Staffelbach. 1989. Fast correlation attacks on certain stream ciphers. Journal of Cryptology 1, 3 (Jan. 1989), 159--176. DOI:http://dx.doi.org/10.1007/BF02252874 Google ScholarDigital Library
Joan Melia-Segui, Joaquin Garcia-Alfaro, and Jordi Herrera-Joancomarti. 2010. Analysis and improvement of a pseudorandom number generator for EPC Gen2 tags. In Proceedings of the 14th International Conference on Financial Cryptograpy and Data Security (FC’10). Springer-Verlag, Berlin, 34--46. Google ScholarDigital Library
Joan Melia-Segui, Joaquin Garcia-Alfaro, and Jordi Herrera-Joancomarti. 2013. J3Gen: A PRNG for low-cost passive RFID. Sensors 13, 3 (2013), 3816. DOI:http://dx.doi.org/10.3390/s130303816Google ScholarCross Ref
Mohamad Merhi, Julio Cesar Hernandez-Castro, and Pedro Peris-Lopez. 2011. Studying the pseudo random number generator of a low-cost RFID tag. In 2011 IEEE International Conference on RFID-Technologies and Applications (RFID-TA’11). 381--385. DOI:http://dx.doi.org/10.1109/RFID-TA.2011.6068666Google ScholarCross Ref
Miodrag J. Mihaljevic, Sugata Gangopadhyay, Goutam Paul, and Hideki Imai. 2012. Internal state recovery of Grain-v1 employing normality order of the filter function. IET Information Security, 6, 2 (June 2012), 55--64. DOI:http://dx.doi.org/10.1049/iet-ifs.2011.0107Google ScholarCross Ref
Yassir Nawaz and Guang Gong. 2008. WG: A family of stream ciphers with designed randomness properties. Information Science 178, 7 (April 2008), 1903--1916. DOI:http://dx.doi.org/10.1016/j.ins.2007.12.002 Google ScholarDigital Library
Pedro Peris-Lopez, Julio Cesar Hernandez-Castro, Juan M. Estevez-Tapiador, and Arturo Ribagorda. 2009. LAMED a PRNG for EPC class-1 generation-2 RFID specification. Computer Standards & Interfaces 31, 1 (2009), 88--97. DOI:http://dx.doi.org/10.1016/j.csi.2007.11.013 Google ScholarDigital Library
Wolfgang Rankl and Wolfgang Effing. 1997. Smart Card Handbook. John Wiley & Sons, New York, NY. Google ScholarDigital Library
Matthew Robshaw and Olivier Billet. 2008. New Stream Cipher Designs -- The eSTREAM Finalists. Springer-Verlag, Berlin. DOI:http://dx.doi.org/10.1007/978-3-540-68351-3 Google ScholarDigital Library
Sanjay E. Sarma, Stephen A. Weis, and Daniel Engels. 2003a. Radio-frequency-identification security risks and challenges. Cryptobytes 6, 1 (2003), 2--9.Google Scholar
Sanjay E. Sarma, Stephen A. Weis, and Daniel W. Engels. 2003b. RFID systems and security and privacy implications. In Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’02). Springer-Verlag, London, 454--469. Google ScholarDigital Library
Bo Sun, Chung-Chih Li, Kui Wu, and Yang Xiao. 2006. A LCG-based secure protocol for wireless sensor networks. In IEEE International Conference on Communications, 2006 (ICC’06). Vol. 8, 3627--3632. DOI:http://dx.doi.org/10.1109/ICC.2006.255635Google ScholarCross Ref
Vikram B. Suresh and Wayne P. Burleson. 2010. Entropy extraction in metastability-based TRNG. In 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST’10). 135--140. DOI:http://dx.doi.org/10.1109/HST.2010.5513099Google Scholar
Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest, and Daniel W. Engels. 2004. Security and privacy aspects of low-cost radio frequency identification systems. In Security in Pervasive Computing, Dieter Hutter, Gnter Mller, Werner Stephan, and Markus Ullmann (Eds.). Lecture Notes in Computer Science, Vol. 2802. Springer, Berlin, 201--212. DOI:http://dx.doi.org/10.1007/978-3-540-39881-3_18Google Scholar
Hongjun Wu and Bart Preneel. 2005. Chosen IV attack on stream cipher WG. ECRYPT Stream Cipher Project Report 2005/045. Retrieved from http://cr.yp.to/streamciphers/wg/045.pdf.Google Scholar

Index Terms

Design and Implementation of Warbler Family of Lightweight Pseudorandom Number Generators for Smart Devices
1. Networks
  1. Network protocols

Recommendations

A Practical Implementation Attack on Weak Pseudorandom Number Generator Designs for EPC Gen2 Tags

The Electronic Product Code Generation 2 (EPC Gen2) is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. As a consequence, security on board of ...
Read More
LXM: better splittable pseudorandom number generators (and almost as fast)

In 2014, Steele, Lea, and Flood presented SplitMix, an object-oriented pseudorandom number generator (prng) that is quite fast (9 64-bit arithmetic/logical operations per 64 bits generated) and also splittable. A conventional prng object provides a ...
Read More
Splittable pseudorandom number generators using cryptographic hashing
Haskell '13

We propose a new splittable pseudorandom number generator (PRNG) based on a cryptographic hash function. Splittable PRNGs, in contrast to linear PRNGs, allow the creation of two (seemingly) independent generators from a given random number generator. ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Embedded Computing Systems Volume 15, Issue 1
February 2016
530 pages
ISSN:1539-9087
EISSN:1558-3465
DOI:10.1145/2872313
Editor:
Sandeep K. Shukla
Indian Institute of Technology, India
Issue’s Table of Contents
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States

Journal Family
ACM Journals for the Design of Smart and Connected Systems
Publication History
- Published: 20 February 2016
- Revised: 1 July 2015
- Accepted: 1 July 2015
- Received: 1 January 2015
Published in tecs Volume 15, Issue 1

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
NLFSRs
PRNG
RFID
hardware imple-mentation
security
stream ciphers
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 21
  Total Citations
  View Citations
- 394
  Total Downloads
- Downloads (Last 12 months)15
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Design and Implementation of Warbler Family of Lightweight Pseudorandom Number Generators for Smart Devices

ACM Transactions on Embedded Computing Systems

Abstract

References

Cited By

Index Terms

Recommendations

A Practical Implementation Attack on Weak Pseudorandom Number Generator Designs for EPC Gen2 Tags

LXM: better splittable pseudorandom number generators (and almost as fast)

Splittable pseudorandom number generators using cryptographic hashing