Download full Smart Card Research and Advanced Applications 12th International Conference CARDIS 2013 Berlin Germany November 27 29 2013 Revised Selected Papers 1st Edition Aurélien Francillon ebook all chapters
Download full Smart Card Research and Advanced Applications 12th International Conference CARDIS 2013 Berlin Germany November 27 29 2013 Revised Selected Papers 1st Edition Aurélien Francillon ebook all chapters
Download full Smart Card Research and Advanced Applications 12th International Conference CARDIS 2013 Berlin Germany November 27 29 2013 Revised Selected Papers 1st Edition Aurélien Francillon ebook all chapters
com
DOWLOAD NOW
https://textbookfull.com/product/information-security-and-
cryptology-icisc-2013-16th-international-conference-seoul-korea-
november-27-29-2013-revised-selected-papers-1st-edition-hyang-
sook-lee/
https://textbookfull.com/product/formal-aspects-of-component-
software-10th-international-symposium-facs-2013-nanchang-china-
october-27-29-2013-revised-selected-papers-1st-edition-jose-luiz-
fiadeiro/
123
Lecture Notes in Computer Science 8419
Commenced Publication in 1973
Founding and Former Series Editors:
Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen
Editorial Board
David Hutchison
Lancaster University, Lancaster, UK
Takeo Kanade
Carnegie Mellon University, Pittsburgh, PA, USA
Josef Kittler
University of Surrey, Guildford, UK
Jon M. Kleinberg
Cornell University, Ithaca, NY, USA
Alfred Kobsa
University of California, Irvine, CA, USA
Friedemann Mattern
ETH Zurich, Zürich, Switzerland
John C. Mitchell
Stanford University, Stanford, CA, USA
Moni Naor
Weizmann Institute of Science, Rehovot, Israel
Oscar Nierstrasz
University of Bern, Bern, Switzerland
C. Pandu Rangan
Indian Institute of Technology, Madras, India
Bernhard Steffen
TU Dortmund University, Dortmund, Germany
Demetri Terzopoulos
University of California, Los Angeles, CA, USA
Doug Tygar
University of California, Berkeley, CA, USA
Gerhard Weikum
Max Planck Institute for Informatics, Saarbruecken, Germany
123
Editors
Aurélien Francillon Pankaj Rohatgi
EURECOM Cryptography Research Inc.
Biot San Francisco, CA
France USA
These proceedings contain the revised versions of the papers selected for presentation
at CARDIS 2013, the 12th Smart Card Research and Advanced Application Con-
ference, organized by the Chair for Security in Telecommunications (SecT), Technical
University of Berlin, and held at the Moevenpick Hotel, Berlin, Germany.
The CARDIS conference, first held in Lille, France, in 1994, will turn 20 next year.
Over these years, as smart cards became a pervasive, foundational technology for
bootstrapping security and trust, CARDIS became the foremost international con-
ference dedicated to research on all aspects of smart cards and their applications,
including hardware design, operating systems, application software, security proto-
cols, as well as physical and system security.
The conference provides an unparalleled forum for researchers from academia,
industry, testing labs, and government organizations to present and discuss exploratory
research and novel advances in this area. Its unique format allows authors to incor-
porate these discussions and feedback into the final papers that are published here.
This year, the CARDIS Program Committee reviewed 47 submissions and selected
17 papers for presentation at the conference. Each paper received at least three
reviews and all submissions by the Program Committee members received at least five
reviews. This task was performed by the 38 members of the Program Committee
members with the help of 70 external reviewers. The technical program also featured
three invited talks. The first invited speaker, Prof. Srdjan Capkun, from ETH, Zurich,
presented ‘‘Selected Topics in Wireless Physical Layer Security’’. The second invited
speaker, Dr. Mathias Wagner, Fellow and Chief Security Technologist at NXP
Semiconductors, spoke about ‘‘Security in Industry — When is Good, Good
Enough?’’. The third invited speaker, Mr. Olivier Thomas from Texplained, SARL,
spoke on the topic of ‘‘Adequate Security’’.
CARDIS 2013 owes its success to the hard work and dedication of a number of
people, and we would like to use this opportunity to thank them for their service. First
and foremost, we would like to thank the members of the Program Committee and the
external reviewers for conducting the task of evaluating and discussing the submis-
sions with professionalism and within a short and abbreviated timeline. We are very
grateful to Jean-Pierre Seifert, the general chair of CARDIS 2013, and his excellent
team including Kevin Redon, Claudia Petzsch, and Juliane Kraemer for their flawless
conference management. We are especially grateful to Kevin Redon for managing the
conference website and making our task easier. We thank the CARDIS Steering
Committee for giving us the privilege of serving as program chairs of this premier
conference, and we especially thank Prof. Jean-Jacques Quisquater for organizing and
publicizing this event and for his help and guidance throughout the process. Last, not
least, we thank all the authors who submitted papers and all the attendees who con-
tributed to the discussions and made the conference a memorable event.
Executive Committee
Program Committee
Additional Reviewers
Sponsoring Institutions
NXP
Infineon
Cryptography Research
Oberthur Technologies
Brightsight
Gemalto
Event Support
Abstract. Embedded devices such as smart cards and smart phones are
used for secure systems, for example automated banking machines and
electronic money. The security of an embedded device depends strongly
on secret information; cryptographic keys, nonces for authentication or
seeds for a pseudo random number generator, which is generated by a
Physical True Random Number Generator (PTRNG). If a PTRNG gen-
erates random numbers with a low entropy, the security of the embedded
device has a vulnerability because secret information may be predictable
by attackers due to the low entropy. Hence PTRNGs are required to
provide high-quality physical random numbers even in an undesirable
environment, that is, low/high temperature or supply voltage. PTRNGs
also must be small-scale and consume low power due to the limited hard-
ware resources in embedded devices.
In this paper, we fabricate and evaluate 39 PTRNGs using RS Latches
on 0.18 µ m ASICs. Physical random numbers were generated from the
exclusive-OR of 256 RS latches’ outputs. Our PTRNGs passed the
SP800-90B Health Tests and the AIS31 Tests while changing both tem-
perature (from −20 ◦ C to 60 ◦ C) and voltage (1.80 V ±10 %), and thus,
we were able to confirm that our PTRNGs have high-robustness against
environmental stress. The power consumption and circuit scale of our
PTRNG are 0.27 mW and 984.5 gates, respectively. Our PTRNG using
RS latches is small enough to be implemented on embedded devices.
1 Introduction
Embedded devices such as smart cards and smart phones have become wide-
spread in applications where high security is necessary, such as employee ID
cards, electronic money and online banking. These embedded devices have cryp-
tographic hardware for secure communications and identification/authentication.
Cryptographic hardware achieves high-level security by using cryptographic
A. Francillon and P. Rohatgi (Eds.): CARDIS 2013, LNCS 8419, pp. 3–15, 2014.
DOI: 10.1007/978-3-319-08302-5 1, c Springer International Publishing Switzerland 2014
4 H. Kokubo et al.
numbers. (4) We examined whether our PTRNGs have the robustness against
temperature and voltage fluctuations. As a result, our PTRNGs on an ASIC
were found to be small and low-power enough to be implemented on embedded
devices, and able to generate high-quality random numbers even if the environ-
ment changes, thus our PTRNGs can improve the security of embedded devices.
Organization of This Paper. This paper is organized as follows: Sect. 2 briefly
introduces some work related to our research. Section 3 gives an outline of a
PTRNG using RS Latches. Section 4 describes an ASIC implementation of the
PTRNG. In addition, we measured the power consumption of the PTRNG on
an ASIC. Section 5 evaluates the quality of the physical random numbers from
the PTRNG by using the AIS31 and SP800-90B Health Tests. Finally, Sect. 6
gives a summary of this research.
2 Related Work
Figure 1 shows various PTRNGs on LSIs which have been proposed until now.
The PTRNGs are classified into two types; analog-based one and digital-based
one. Analog-based PTRNGs are based on random noise signals such as ther-
mal noise, and they are known to be high-quality random number generators.
However, the weak point of these PTRNGs is that they are difficult to integrate
in high-density in an LSI due to the large-scale thermal sensors. Digital-based
PTRNGs are categorized by entropy sources. One is to use the jitter of oscil-
lators as an entropy source, for example ring oscillators-based PTRNGs [5].
A ring oscillator has a feedback structure composed of an odd number of NOT
gates. Random numbers are obtained from the exclusive-OR of multiple ring
oscillator outputs, and they have the robustness against temperature change.
However, the PTRNGs in this category would be not suitable for embedded
devices with limited resources because the ring oscillator has large power con-
sumption, noise, and circuit scale. The other is to use the metastability of digital
circuits. This type of PTRNG is suitable for embedded devices because of the
small scale and low-power consumption. The prototypes of this PTRNG can
generate high-quality random numbers [6–8]. However they need an additional
dynamic adjustment for the voltage or of internal elements. This adjustment
needs a dedicated full-custom circuit, which causes the large design cost at the
transistor level. Moreover, it is necessary to re-design them when implement-
ing on different CMOS technology because the PTRNGs often do not work as
expected under a different CMOS technology.
Hata et al. have proposed a PTRNG using the metastability of RS latches and
implemented it on an FPGA [1]. The design cost of this PTRNG is quite small
because it uses only digital synchronous circuits. In addition, the PTNRG can
save power consumption by stopping the clock signal inputted to the RS latches
when the random numbers generation is not required. The random numbers
from the PTRNG passes the NIST SP800-22 statistical tests [2]. For the above-
mentioned reasons, the PTRNG proposed by Hata et.al. has better properties
for embedded devices than other PTRNGs.
6 H. Kokubo et al.
Fig. 2. RS latch
4 ASIC Implementation
and a 1-bit flip-flop to store a random number temporarily. Our PTRNG was
synthesized with the Design Compiler 2003.03, and the circuit scale was 984.3
gates. This circuit scale was smaller than the implementation of the PRESENT
cipher which is one of the most famous ultra-lightweight ciphers [11]. In addi-
tion, this circuit size is smaller than the circuit size of Triple DES which is one
of the most widely used in smart cards (e.g. MIFARE DESFire MF31CD40).
We achieved PTRNGs with the very small circuit scale on an ASIC.
5 Evaluation
As mentioned in Sect. 3, PTRNGs may be influenced by both temperature and
voltage fluctuations. This section evaluates whether our PTRNGs fabricated
on ASICs generate high-quality random numbers regardless of environmental
changes.
there is SP800-90B and AIS31 which are tests dedicated to physical random
numbers now. We evaluated our PTRNGs according not to SP800-22 but to
these tests in this paper.
84,700 blocks are evaluated in “Test Settings I” and about 1,350 blocks are
evaluated in “Test Settings II”, in each case of random numbers. We consider
the PTRNGs pass the SP800-90B Health Tests if all blocks pass in both test
settings. This means that the PTRNGs continuously generate random numbers
with high-entropy.
Figures 4 and 5 show the rate of the PTRNGs that passed the SP800-90B
Health Tests. The horizontal axis shows the environment at various tempera-
tures and voltages. The vertical axis shows the rate of the PTRNGs that passed
the tests. In the MN-PTRNGs, all cases pass this test as shown in Fig. 4. In the
ML-PTRNGs, six cases failed the test in Fig. 5, and four cases out of the six hap-
pened when the temperature was −20 ◦ C. This may be because the ML-PTRNGs
have a small number of RS latches outputting random numbers at a low tem-
perature (details are discussed in Sect. 5.4). In contrast, the MN-PTRNGs can
generate high-entropy random numbers even when the temperature and voltage
change. Hence an MN-PTRNG is more suitable for generating physical random
numbers than an ML-PTRNG.
100 100
80 80
Pass Rate(%)
Pass Rate(%)
60 60
40 40
20 20
0 0
-20°C 1.65V
-20°C 1.80V
-20°C 1.95V
+27°C 1.65V
+27°C 1.80V
+27°C 1.95V
+60°C 1.65V
+60°C 1.80V
+60°C 1.95V
-20°C 1.65V
-20°C 1.80V
-20°C 1.95V
+27°C 1.65V
+27°C 1.80V
+27°C 1.95V
+60°C 1.65V
+60°C 1.80V
+60°C 1.95V
Fig. 4. SP800-90B Pass Rate (MN) Fig. 5. SP800-90B Pass Rate (ML)
100 100
80 80
Pass Rate(%)
Pass Rate(%)
60 60
40 40
20 20
0 0
-20°C 1.65V
-20°C 1.80V
-20°C 1.95V
+27°C 1.65V
+27°C 1.80V
+27°C 1.95V
+60°C 1.65V
+60°C 1.80V
+60°C 1.95V
-20°C 1.65V
-20°C 1.80V
-20°C 1.95V
+27°C 1.65V
+27°C 1.80V
+27°C 1.95V
+60°C 1.65V
+60°C 1.80V
+60°C 1.95V
Fig. 6. AIS31 Pass Rate (MN) Fig. 7. AIS31 Pass Rate (ML)
THE END
By FRANKLIN W. DIXON
THE HARDY BOYS: THE TOWER TREASURE
THE HARDY BOYS: THE HOUSE ON THE CLIFF
THE HARDY BOYS: THE SECRET OF THE OLD MILL
THE HARDY BOYS: THE MISSING CHUMS
THE HARDY BOYS: HUNTING FOR HIDDEN GOLD
GROSSET & DUNLAP, PUBLISHERS, NEW YORK
*** END OF THE PROJECT GUTENBERG EBOOK THE MISSING
CHUMS ***
Updated editions will replace the previous one—the old editions will
be renamed.
1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside the
United States, check the laws of your country in addition to the
terms of this agreement before downloading, copying, displaying,
performing, distributing or creating derivative works based on this
work or any other Project Gutenberg™ work. The Foundation makes
no representations concerning the copyright status of any work in
any country other than the United States.
1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if you
provide access to or distribute copies of a Project Gutenberg™ work
in a format other than “Plain Vanilla ASCII” or other format used in
the official version posted on the official Project Gutenberg™ website
(www.gutenberg.org), you must, at no additional cost, fee or
expense to the user, provide a copy, a means of exporting a copy, or
a means of obtaining a copy upon request, of the work in its original
“Plain Vanilla ASCII” or other form. Any alternate format must
include the full Project Gutenberg™ License as specified in
paragraph 1.E.1.
• You pay a royalty fee of 20% of the gross profits you derive
from the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive
Foundation.”
• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.
1.F.
1.F.4. Except for the limited right of replacement or refund set forth
in paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO
OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PURPOSE.
Please check the Project Gutenberg web pages for current donation
methods and addresses. Donations are accepted in a number of
other ways including checks, online payments and credit card
donations. To donate, please visit: www.gutenberg.org/donate.
Most people start at our website which has the main PG search
facility: www.gutenberg.org.