TI-TRNG: Technology Independent True Random Number Generator Md. Tauhidur Rahman, Kan Xiao, Domenic Forte, Xuhei Zhang, Jerry Shi, and Mohammad Tehranipoor ECE Department, University of Connecticut {tauhid, kanxiao, forte, xuz09001, zshi, tehrani}@engr.uconn.edu ABSTRACT and customer-facing web access [1-8]. A quality RNG gen- True random number generators (TRNGs) are needed for erates statistically independent and unpredictable sequences a variety of security applications and protocols. The qual- of random numbers. Compromising an RNG often means ity (randomness) of TRNGs depends on sensitivity to ran- compromising an entire system. dom noise, environmental conditions, and aging. Random A true RNG (TRNG) translates random physical phenom- sources of noise improve TRNG quality. In older or more ena such as thermal noise, atmospheric noise, shot noise, ra- mature technologies, the random sources are limited result- dio noise, flicker noise, clock jitter, phase noise, noise in a ing in low TRNG quality. Prior work has also shown that compact memory etc. into random digits [1-8]. A TRNG attackers can manipulate voltage supply and temperature must have uniform statistics; non-uniform statistics due to to bias the TRNG output. In this paper, we propose bias biased random sequences help attackers to guess the ran- detection mechanisms and a technology independent TRNG dom numbers. Generally, random numbers are generated by (TI-TRNG) architecture. The TI-TRNG enhances power comparing two symmetric devices which possess some pro- supply noise for older technologies and uses a self-calibration cess variation (PV) and random inner noise. Variations in mechanism that reduces bias in TRNG output due to ag- the inherent process, operating temperature, VDD , and ag- ing and attacks. Experiment results on 130 nm , 90 nm , and ing may bias the TRNG output by introducing large asym- 45 nm FPGAs demonstrate the quality of random sequences metry between them. An attacker might exploit the depen- from the TI-TRNG across aging and different environmental dence of the TRNG on supply voltage and temperature to conditions. intentionally bias the TRNG [9, 10]. In addition, the ran- domness of a TRNG is affected by limited PV when inner random noise source cannot provide enough source of en- Categories and Subject Descriptors tropy alone. Older and more mature technologies possess SEC1 [ Hardware Security ]: Device, circuit, and architec- less PV and provides less randomness. The randomness of ture techniques for security TRNG in such technologies can become even worse under environmental variations and different aging mechanisms. General Terms This presents a major issue for military and space applica- tions which must typically rely on older technology nodes Security, Design due to reliability concerns. Most of the TRNGs presented in literature discuss the Keywords randomness due to process and inner random noise in lower True random number generator, Tunable ring oscillator, At- technology nodes [1, 3, 11, 12]. Many challenges not fully tacks detection, Random supply noise addressed in prior work include: (i) insufficient PV in older and more mature technologies, (ii) robustness to aging, and 1. INTRODUCTION (iii) potential attacks that exploit environmental conditions to bias a TRNG. A random number generator (RNG) is an important se- In this paper, we propose innovative techniques that over- curity block widely used in most cryptographic applications comes each of the above challenges. In order to provide high such as one time pads, session and temporary keys, nonce, quality entropy, extra power supply noise is induced by in- seeds, challenges for authentication, zero knowledge proto- ternal circuit switching in order to compensate for the in- cols, hardware metering, generation of primes, secure com- sufficient PV in older technology nodes. It also overcomes munications, secured servers and processors, VPN access, the entropy loss due to aging by supplying continuous ran- Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not dom noise. A self-compensation mechanism is proposed to made or distributed for profit or commercial advantage and that copies bear improve randomness of TRNG across time, operating con- this notice and the full citation on the first page. Copyrights for components ditions, and attacks. In addition, a bias monitoring unit of this work owned by others than ACM must be honored. Abstracting with is proposed to detect attacks (manipulation of environmen- credit is permitted. To copy otherwise, or republish, to post on servers or to tal conditions). We call our overall approach Technology redistribute to lists, requires prior specific permission and/or a fee. Request Independent TRNG (TI-TRNG) because it automatically permissions from [email protected]. DAC ’14, June 01 - 05 2014, San Francisco, CA, USA overcomes attacks and lack of randomness regardless of the Copyright 2014 ACM 978-1-4503-2730-5/14/06..$15.00 technology used. Results from the NIST test suite [13] show http://dx.doi.org/10.1145/2593069.2593236 . ′ ′ that the proposed TI-TRNG possesses sufficient randomness much faster than the other. The c will largely favor a 0 ′ ′ ′ ′ over adverse environmental conditions, aging, and several at the output while the last bit may be either 0 or 1 due technology nodes (old, mature, current) while only costing to jitter. Figure 2(b) illustrates the impact of decreasing ∼ 14 .62% area overhead compared to a conventional TRNG. VDD , increasing operating temperature, or aging. Each case The rest of the paper is organized as follows: In Section 2, causes a decrease in the frequency of the ROs resulting in a we discuss the background of TRNG and the motivation of deterministic output sequence ’100’ . Figure 2(c) highlights our proposed TI-TRNG. Attack/bias detection techniques the impact of increasing VDD and/or decreasing tempera- are addressed in Section 3. In Section 4, we discuss the ar- ture. Both increase the RO frequency resulting in another chitecture and working principle of the proposed TI-TRNG. deterministic bitstream ’101’ . Figures 2(b,c) illustrate how The experimental results and analyses are shown in Section altering the voltage supply and operating temperature or 5. We conclude the paper in Section 6. aging the chip can reduce the randomness in the TRNG output. An attacker can exploit this deterministic behav- 2. BACKGROUND AND MOTIVATION ior by manipulating the device’s operating environment in order to break the security provided by the TRNG. 1 1$1 1<: 1QJ Q R]`QHV1J$ 2 CQH@ Q R ]`QHV1J$ ^:_ : N 7 : RR H ` J `Q]7Q%`HV R `VV 1LQ]Q R]`QHV1J$ CQH@ ^G_ G ^:_ G RR ^H_ H 1LQ]Q R]`QHV1J$ 1 V` H RR ^R_ R VC`RH:C1G`: 1QJ R RRH H ` ^V_ V ^G_ V RR` ` ` Figure 1: (a) Conventional RO-based TRNG with post-processing (b) TRNG with calibration. Figure 2: Deterministic behavior for (a) conven- A basic TRNG consists of a source of randomness (en- tional RO-based TRNG, (b) decreasing frequency tropy) and a randomness extractor. Metastability of logic due to aging and environmental variations, (c) cells and timing jitter of Ring Oscillators (ROs) are the increasing frequency due to operating conditions. most common sources of entropy for a TRNG [1-9]. Sim- Overcoming bias by (d) widening jitter and (e) ad- plicity of implementation and entropy collection have made justing delay of RO (tunable RO). the RO-based TRNG most popular. Figure 1(a) shows a conventional RO-based TRNG where the RO outputs are As touched upon above, the entropy source has an inter- combined by a XOR-tree. The output of the XOR-tree, esting relationship with respect to PV. On the one hand, SXOR , is sampled constantly by a synchronous D flip-flop large process variations can make one RO much faster than driven by the system clock to convert RO jitter into a ran- another. On the other hand, PV plays a dominant role in dom digital sequence. Jitter in this case represents the de- the random jitter experienced by the ROs (gray areas shown viation from ideal RO behavior caused by random process in Figure 2). Random dopant fluctuation, sub-wavelength variation and temporal variations such as random physical lithography, rapid-thermal anneal, high-stress capping lay- noise, environmental variations, and aging. Without jitter, ers etc. are the main sources of process variations [14, 15]. the ROs will possess almost identical phase and the output Number of dopant atoms have been decreasing with semi- of XOR-tree would be almost constant which is undesirable. conductor scaling. Hence, in older technology nodes, PV is Among the variations, only the random physical noise (ther- limited due to large number of dopant atoms resulting in mal noise, atmospheric noise, shot noise, radio noise, flicker less jitter and therefore lower quality TRNG bitstreams. noise, etc.) improves the randomness/entropy of the bit- There are several major issues highlighted by the above stream output by the TRNG. Large process variations can discussion. First, attackers can bias TRNG output by ma- improve TRNG quality by increasing susceptibility to this nipulation of the voltage supply and operating temperature. random noise. The remaining variations reduce the random- Second, unavoidable IC aging will reduce the randomness ness of the bitstreams by deterministically biasing the jitter. of TRNG bitstreams. Third, mature technologies may not Figure 2 illustrates how the output of XOR-tree, SXOR , be sensitive enough to random noise resulting in low-quality and bitstreams, R, is affected by process variations, environ- TRNG. There have been two basic approaches for address- ′ ′ ′ ′ mental conditions and aging. In the figure, 1 and 0 rep- ing the above issues: post-processing and calibration. Both resent deterministic output; c represents a critical bit that are illustrated in Figure 1.