Abstract
With the advent of ubiquitous computing and the Internet of Things (IoT), the security and privacy issues for various smart devices such as radio-frequency identification (RFID) tags and wireless sensor nodes are receiving increased attention from academia and industry. A number of lightweight cryptographic primitives have been proposed to provide security services for resource-constrained smart devices. As one of the core primitives, a cryptographically secure pseudorandom number generator (PRNG) plays an important role for lightweight embedded applications. The most existing PRNGs proposed for smart devices employ true random number generators as a component, which generally incur significant power consumption and gate count in hardware. In this article, we present Warbler family, a new pseudorandom number generator family based on nonlinear feedback shift registers (NLFSRs) with desirable randomness properties. The design of the Warbler family is based on the combination of modified de Bruijn blocks together with a nonlinear feedback Welch-Gong (WG) sequence generator, which enables us to precisely characterize the randomness properties and to flexibly adjust the security level of the resulting PRNG. Some criteria for selecting parameters of the Warbler family are proposed to offer the maximum level of security. Two instances of the Warbler family are also described, which feature two different security levels and are dedicated to EPC C1 Gen2 RFID tags and wireless sensor nodes, respectively. The security analysis shows that the proposed instances not only can pass the cryptographic statistical tests recommended by the EPC C1 Gen2 standard and NIST but also are resistant to the cryptanalytic attacks such as algebraic attacks, cube attacks, time-memory-data tradeoff attacks, Mihaljević et al.’s attacks, and weak internal state and fault injection attacks. Our ASIC implementations using a 65nm CMOS process demonstrate that the proposed two lightweight instances of the Warbler family can achieve good performance in terms of speed and area and provide ideal solutions for securing low-cost smart devices.
- Raja Naeem Akram, Konstantinos Markantonakis, and Keith Mayes. 2012. Pseudorandom number generation in smart cards: An implementation, performance and randomness analysis. In 2012 5th International Conference on New Technologies, Mobility and Security (NTMS’12). 1--7. DOI:http://dx.doi.org/10.1109/NTMS.2012.6208760Google ScholarCross Ref
- Jean-Philippe Aumasson, Luca Henzen, Willi Meier, and Mara Naya-Plasencia. 2013. Quark: A lightweight hash. Journal of Cryptology 26, 2 (2013), 313--339. DOI:http://dx.doi.org/10.1007/s00145-012-9125-6 Google ScholarDigital Library
- Ganesh K. Balachandran and Raymond E. Barnett. 2008. A 440-nA true random number generator for passive RFID tags. IEEE Transactions on Circuits and Systems I: Regular Papers, 55, 11 (Dec. 2008), 3723--3732. DOI:http://dx.doi.org/10.1109/TCSI.2008.927220Google ScholarCross Ref
- Lawrence E. Bassham, III, Andrew L. Rukhin, Juan Soto, James R. Nechvatal, Miles E. Smid, Elaine B. Barker, Stefan D. Leigh, Mark Levenson, Mark Vangel, David L. Banks, Nathanael Alan Heckert, James F. Dray, and San Vo. 2010. SP 800-22 Rev. 1a. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. Technical Report. Gaithersburg, MD. Google ScholarDigital Library
- Alex Biryukov and Adi Shamir. 2000. Cryptanalytic time/memory/data tradeoffs for stream ciphers. In Advances in Cryptology (ASIACRYPT’00), Tatsuaki Okamoto (Ed.). Lecture Notes in Computer Science, Vol. 1976. Springer, Berlin, 1--13. DOI:http://dx.doi.org/10.1007/3-540-44448-3_1 Google ScholarDigital Library
- Andrey Bogdanov, Miroslav Kneevi, Gregor Leander, Deniz Toz, Kerem Varc, and Ingrid Verbauwhede. 2011. Spongent: A lightweight hash function. In Cryptographic Hardware and Embedded Systems (CHES’11), Bart Preneel and Tsuyoshi Takagi (Eds.). Lecture Notes in Computer Science, Vol. 6917. Springer, Berlin, 312--325. DOI:http://dx.doi.org/10.1007/978-3-642-23951-9_21 Google ScholarDigital Library
- Wenyi Che, Huan Deng, Wang Tan, and Junyu Wang. 2008. A random number generator for application in RFID tags. In Networked RFID Systems and Lightweight Cryptography, Peter H. Cole and Damith C. Ranasinghe (Eds.). Springer, Berlin, 279--287. DOI:http://dx.doi.org/10.1007/978-3-540-71641-9_16Google Scholar
- Nicolas T. Courtois, Daniel Hulme, Kumail Hussain, Jerzy A. Gawinecki, and Marek Grajek. 2013. On bad randomness and cloning of contactless payment and building smart cards. In 2013 IEEE Security and Privacy Workshops (SPW’13). 105--110. DOI:http://dx.doi.org/10.1109/SPW.2013.29 Google ScholarDigital Library
- Nicolas T. Courtois and Willi Meier. 2003. Algebraic attacks on stream ciphers with linear feedback. In Proceedings of the 22nd International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT’03). Springer-Verlag, Berlin, 345--359. Google ScholarDigital Library
- Itai Dinur and Adi Shamir. 2009. Cube attacks on tweakable black box polynomials. In Advances in Cryptology (EUROCRYPT’09), Antoine Joux (Ed.). Lecture Notes in Computer Science, Vol. 5479. Springer, Berlin , 278--299. DOI:http://dx.doi.org/10.1007/978-3-642-01001-9_16 Google ScholarDigital Library
- EPCglobal. 2015. EPC radio-frequency identification protocols generation-2 UHF RFID: Specifications for RFID air interface protocols for communications at 860 MHz - 960 MHz, version 2.0.1 ratified. Retrieved from http://www.gs1.org/sites/default/files/docs/epc/Gen2_Protocol_Standard.pdf.Google Scholar
- Aurelien Francillon and Claude Castelluccia. 2007. TinyRNG: A cryptographic random number generator for wireless sensors network nodes. In 5th International Symposium on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks and Workshops, 2007 (WiOpt’07). 1--7. DOI:http://dx.doi.org/ 10.1109/WIOPT.2007.4480051Google ScholarCross Ref
- Vincenzo Gaglio, Alessandra De Paola, Marco Ortolani, and Giuseppe Lo Re. 2010. A TRNG exploiting multi-source physical data. In Proceedings of the 6th ACM Workshop on QoS and Security for Wireless and Mobile Networks (Q2SWinet’10). ACM, New York, NY, 82--89. DOI:http://dx.doi.org/ 10.1145/1868630.1868646 Google ScholarDigital Library
- Solomon W. Golomb and Guang Gong. 2004. Signal Design for Good Correlation: For Wireless Communication, Cryptography, and Radar. Cambridge University Press, New York, NY. Google ScholarDigital Library
- Guang Gong, Sondre Rnjom, Tor Helleseth, and Honggang Hu. 2011. Fast discrete fourier spectra attacks on stream ciphers. IEEE Transactions on Information Theory 57, 8 (Aug. 2011), 5555--5565. DOI:http://dx.doi.org/ 10.1109/TIT.2011.2158480 Google ScholarDigital Library
- Guang Gong and Amr M. Youssef. 2001. On welch-gong transformation sequence generators. In Selected Areas in Cryptography, Douglas R. Stinson and Stafford Tavares (Eds.). Lecture Notes in Computer Science, Vol. 2012. Springer, Berlin, 217--232. DOI:http://dx.doi.org/10.1007/3-540-44983-3_16 Google ScholarDigital Library
- Jian Guo, Thomas Peyrin, and Axel Poschmann. 2011. The PHOTON family of lightweight hash functions. In Advances in Cryptology (CRYPTO’11), Phillip Rogaway (Ed.). Lecture Notes in Computer Science, Vol. 6841. Springer, Berlin, 222--239. DOI:http://dx.doi.org/10.1007/978-3-642-22792-9_13 Google ScholarDigital Library
- Daniel E. Holcomb, Wayne P. Burleson, and Kevin Fu. 2007. Initial SRAM state as a fingerprint and source of true random numbers for RFID tags. In Proceedings of the Conference on RFID Security.Google Scholar
- Honggang Hu and Guang Gong. 2011. Periods on two kinds of nonlinear feedback shift registers with time varying feedback functions. International Journal of Foundations of Computer Science 22, 6 (2011), 1317--1329. DOI:http://dx.doi.org/10.1142/S0129054111008738Google ScholarCross Ref
- Chris Karlof, Naveen Sastry, and David Wagner. 2004. TinySec: A link layer security architecture for wireless sensor networks. In Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems (SenSys’04). ACM, New York, NY, 162--175. DOI:http://dx.doi.org/10.1145/1031495.1031515 Google ScholarDigital Library
- Elif Bilge Kavun and Tolga Yalcin. 2010. A lightweight implementation of keccak hash function for radio-frequency identification applications. In Radio Frequency Identification: Security and Privacy Issues, SiddikaBerna Ors Yalcin (Ed.). Lecture Notes in Computer Science, Vol. 6370. Springer, Berlin, 258--269. DOI:http://dx.doi.org/10.1007/978-3-642-16822-2_20 Google ScholarDigital Library
- John Kelsey, Bruce Schneier, and Niels Ferguson. 2000. Yarrow-160: Notes on the design and analysis of the yarrow cryptographic pseudorandom number generator. In Selected Areas in Cryptography, Howard Heys and Carlisle Adams (Eds.). Lecture Notes in Computer Science, Vol. 1758. Springer, Berlin, 13--33. DOI:http://dx.doi.org/10.1007/3-540-46513-8_2 Google ScholarDigital Library
- Edwin L. Key. 2006. An analysis of the structure and complexity of nonlinear binary sequence generators. IEEE Transactions on Information Theory 22, 6 (Sept. 2006), 732--736. DOI:http://dx.doi.org/ 10.1109/TIT.1976.1055626 Google ScholarDigital Library
- Wolfgang Killmann and Werner Schindler. 2001. A proposal for: Functionality classes and evaluation methodology for true (Physical) random number generators, version 3.1 (25.09.2001), Mathematical-technical reference of {AIS31}, English translation. Retrieved from https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_ Functionality_classes_evaluation_methodology_for_true_RNG_e.pdf?__blob=publicationFile.Google Scholar
- Andrew Klapper. 2005. Linear complexity of finite field sequences over different fields. In International Workshop on Sequence Design and Applications (IWSDA’05).Google Scholar
- Donald E. Knuth. 1997. The Art of Computer Programming, Volume 2 (3rd ed.): Seminumerical Algorithms. Addison-Wesley Longman Publishing Co., Boston, MA. Google ScholarDigital Library
- Philip Levis and David Gay. 2009. TinyOS programming. Retrieved from http://csl.stanford.edu/pal/pubs/ tos-programming-web.pdf. Google ScholarDigital Library
- Giuseppe Lo Re, Fabrizio Milazzo, and Marco Ortolani. 2011. Secure random number generation in wireless sensor networks. In Proceedings of the 4th International Conference on Security of Information and Networks (SIN’11). ACM, New York, NY, 175--182. DOI:http://dx.doi.org/10.1145/2070425.2070453 Google ScholarDigital Library
- Kalikinkar Mandal. 2013. Design and analysis of cryptographic pseudorandom number/sequence generators with applications in RFID. Ph.D Dissertation. University of Waterloo, ON, Canada. http://hdl.handle.net/10012/7730.Google Scholar
- Kalikinkar Mandal, Xinxin Fan, and Guang Gong. 2012. Warbler: A lightweight pseudorandom number generator for EPC C1 Gen2 tags. In Volume 8: Radio Frequency Identification System Security. Cryptology and Information Security Series, Vol. 1758. IOS Press, 73--84. DOI:http://dx.doi.org/ 10.3233/978-1-61499-143-4-73Google Scholar
- Kalikinkar Mandal, Xinxin Fan, and Guang Gong. 2013. Warbler: A lightweight pseudorandom number generator for EPC C1 Gen2 passive RFID tags. International Journal of RFID Security and Cryptography (IJRFIDSC) 2, 1--4 (Mar-Dec. 2013), 82--91.Google Scholar
- Kalikinkar Mandal and Guang Gong. 2012. Probabilistic generation of good span n sequence from nonlinear feedback shift registers. CACR Technical Report CACR 06-2012, University of Waterloo, ON, Canada.Google Scholar
- Kalikinkar Mandal, Guang Gong, Xinxin Fan, and Mark Aagaard. 2014. Optimal parameters for the WG stream cipher family. Cryptography Communications 6, 2 (June 2014), 117--135. DOI:http://dx.doi.org/ 10.1007/s12095-013-0091-0 Google ScholarDigital Library
- Honorio Martin, Enrique San Millan, Luis Entrena, Pedro Peris Lopez, and Julio Cesar Hernandez Castro. 2011. AKARI-X: A pseudorandom number generator for secure lightweight systems. In 2011 IEEE 17th International On-Line Testing Symposium (IOLTS’11). 228--233. DOI:http://dx.doi.org/10.1109/IOLTS.2011.5994534 Google ScholarDigital Library
- Willi Meier and Othmar Staffelbach. 1989. Fast correlation attacks on certain stream ciphers. Journal of Cryptology 1, 3 (Jan. 1989), 159--176. DOI:http://dx.doi.org/10.1007/BF02252874 Google ScholarDigital Library
- Joan Melia-Segui, Joaquin Garcia-Alfaro, and Jordi Herrera-Joancomarti. 2010. Analysis and improvement of a pseudorandom number generator for EPC Gen2 tags. In Proceedings of the 14th International Conference on Financial Cryptograpy and Data Security (FC’10). Springer-Verlag, Berlin, 34--46. Google ScholarDigital Library
- Joan Melia-Segui, Joaquin Garcia-Alfaro, and Jordi Herrera-Joancomarti. 2013. J3Gen: A PRNG for low-cost passive RFID. Sensors 13, 3 (2013), 3816. DOI:http://dx.doi.org/10.3390/s130303816Google ScholarCross Ref
- Mohamad Merhi, Julio Cesar Hernandez-Castro, and Pedro Peris-Lopez. 2011. Studying the pseudo random number generator of a low-cost RFID tag. In 2011 IEEE International Conference on RFID-Technologies and Applications (RFID-TA’11). 381--385. DOI:http://dx.doi.org/10.1109/RFID-TA.2011.6068666Google ScholarCross Ref
- Miodrag J. Mihaljevic, Sugata Gangopadhyay, Goutam Paul, and Hideki Imai. 2012. Internal state recovery of Grain-v1 employing normality order of the filter function. IET Information Security, 6, 2 (June 2012), 55--64. DOI:http://dx.doi.org/10.1049/iet-ifs.2011.0107Google ScholarCross Ref
- Yassir Nawaz and Guang Gong. 2008. WG: A family of stream ciphers with designed randomness properties. Information Science 178, 7 (April 2008), 1903--1916. DOI:http://dx.doi.org/10.1016/j.ins.2007.12.002 Google ScholarDigital Library
- Pedro Peris-Lopez, Julio Cesar Hernandez-Castro, Juan M. Estevez-Tapiador, and Arturo Ribagorda. 2009. LAMED a PRNG for EPC class-1 generation-2 RFID specification. Computer Standards & Interfaces 31, 1 (2009), 88--97. DOI:http://dx.doi.org/10.1016/j.csi.2007.11.013 Google ScholarDigital Library
- Wolfgang Rankl and Wolfgang Effing. 1997. Smart Card Handbook. John Wiley & Sons, New York, NY. Google ScholarDigital Library
- Matthew Robshaw and Olivier Billet. 2008. New Stream Cipher Designs -- The eSTREAM Finalists. Springer-Verlag, Berlin. DOI:http://dx.doi.org/10.1007/978-3-540-68351-3 Google ScholarDigital Library
- Sanjay E. Sarma, Stephen A. Weis, and Daniel Engels. 2003a. Radio-frequency-identification security risks and challenges. Cryptobytes 6, 1 (2003), 2--9.Google Scholar
- Sanjay E. Sarma, Stephen A. Weis, and Daniel W. Engels. 2003b. RFID systems and security and privacy implications. In Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’02). Springer-Verlag, London, 454--469. Google ScholarDigital Library
- Bo Sun, Chung-Chih Li, Kui Wu, and Yang Xiao. 2006. A LCG-based secure protocol for wireless sensor networks. In IEEE International Conference on Communications, 2006 (ICC’06). Vol. 8, 3627--3632. DOI:http://dx.doi.org/10.1109/ICC.2006.255635Google ScholarCross Ref
- Vikram B. Suresh and Wayne P. Burleson. 2010. Entropy extraction in metastability-based TRNG. In 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST’10). 135--140. DOI:http://dx.doi.org/10.1109/HST.2010.5513099Google Scholar
- Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest, and Daniel W. Engels. 2004. Security and privacy aspects of low-cost radio frequency identification systems. In Security in Pervasive Computing, Dieter Hutter, Gnter Mller, Werner Stephan, and Markus Ullmann (Eds.). Lecture Notes in Computer Science, Vol. 2802. Springer, Berlin, 201--212. DOI:http://dx.doi.org/10.1007/978-3-540-39881-3_18Google Scholar
- Hongjun Wu and Bart Preneel. 2005. Chosen IV attack on stream cipher WG. ECRYPT Stream Cipher Project Report 2005/045. Retrieved from http://cr.yp.to/streamciphers/wg/045.pdf.Google Scholar
Index Terms
- Design and Implementation of Warbler Family of Lightweight Pseudorandom Number Generators for Smart Devices
Recommendations
A Practical Implementation Attack on Weak Pseudorandom Number Generator Designs for EPC Gen2 Tags
The Electronic Product Code Generation 2 (EPC Gen2) is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. As a consequence, security on board of ...
LXM: better splittable pseudorandom number generators (and almost as fast)
In 2014, Steele, Lea, and Flood presented SplitMix, an object-oriented pseudorandom number generator (prng) that is quite fast (9 64-bit arithmetic/logical operations per 64 bits generated) and also splittable. A conventional prng object provides a ...
Splittable pseudorandom number generators using cryptographic hashing
Haskell '13We propose a new splittable pseudorandom number generator (PRNG) based on a cryptographic hash function. Splittable PRNGs, in contrast to linear PRNGs, allow the creation of two (seemingly) independent generators from a given random number generator. ...
Comments