Skip to main content

Advertisement

Springer Nature Link
Log in
Menu
Find a journal Publish with us Track your research
Search
Cart
  1. Home
  2. Cryptographic Hardware and Embedded Systems - CHES 2009
  3. Conference paper

The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators

  • Conference paper
  • pp 317–331
  • Cite this conference paper
Cryptographic Hardware and Embedded Systems - CHES 2009 (CHES 2009)
The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators
  • A. Theodore Markettos18 &
  • Simon W. Moore18 

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5747))

Included in the following conference series:

  • International Workshop on Cryptographic Hardware and Embedded Systems

  • 6685 Accesses

  • 152 Citations

  • 6 Altmetric

Abstract

We have devised a frequency injection attack which is able to destroy the source of entropy in ring-oscillator-based true random number generators (TRNGs). A TRNG will lock to frequencies injected into the power supply, eliminating the source of random jitter on which it relies. We are able to reduce the keyspace of a secure microcontroller based on a TRNG from 264 to 3300, and successfully attack a 2004 EMV (‘Chip and PIN’) payment card. We outline a realistic covert attack on the EMV payment system that requires only 13 attempts at guessing a random number that should require 232. The theory, three implementations of the attack, and methods of optimisation are described.

Download to read the full chapter text

Chapter PDF

Similar content being viewed by others

Pushing the Optimization Limits of Ring Oscillator-Based True Random Number Generators

Chapter © 2016

Fault model of electromagnetic attacks targeting ring oscillator-based true random number generators

Article 06 November 2015

Pyramid Entropy Source for True Random Number Generator on FPGA

Chapter © 2020

Explore related subjects

Discover the latest articles, books and news in related subjects, suggested using machine learning.
  • Computer Crime
  • Cryptology
  • Cybercrime
  • Interspersed repetitive sequences
  • Lab-on-a-Chip
  • Mobile and Network Security

References

  1. EMVCo, LLC: EMV 4.2 specification (June 2008) http://www.emvco.com/

  2. Bellare, M., Goldwasser, S., Micciancio, D.: “Pseudo-random” number generation within cryptographic algorithms: The DSS case. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 277–291. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  3. Bello, L.: DSA-1571-1 openssl – predictable random number generator. Debian Security Advisory (2008), http://www.debian.org/security/2008/dsa-1571

  4. Hajimiri, A., Limotyrakis, S., Lee, T.H.: Jitter and phase noise in ring oscillators. IEEE J. Solid-State Circuits 34(6), 790–804 (1999)

    Article  Google Scholar 

  5. Eastlake, D., Schiller, J., Crocker, S.: Best Common Practice 106: Randomness requirements for security. Technical report, IETF (2005)

    Google Scholar 

  6. Sunar, B., Martin, W.J., Stinson, D.R.: A provably secure true random number generator with built-in tolerance to active attacks. IEEE Trans. Computers 56(1), 109–119 (2007)

    Article  MathSciNet  Google Scholar 

  7. Bak, P.: The Devil’s staircase. Physics Today 39(12), 38–45 (1986)

    Article  Google Scholar 

  8. Adler, R.: A study of locking phenomena in oscillators. In: Proc. IRE and Waves and Electrons, vol. 34, pp. 351–357 (1946)

    Google Scholar 

  9. Mesgarzadeh, B., Alvandpour, A.: A study of injection locking in ring oscillators. In: Proc. IEEE International Symposium on Circuits and Systems, vol. 6, pp. 5465–5468 (2005)

    Google Scholar 

  10. Yoo, S.K., Karakoyunlu, D., Birand, B., Sunar, B.: Improving the robustness of ring oscillator TRNGs, http://ece.wpi.edu/~sunar/preprints/rings.pdf

  11. Lai, X., Roychowdhury, J.: Analytical equations for predicting injection locking in LC and ring oscillators. In: IEEE 2005 Custom Integrated Circuits Conference, pp. 461–464 (2005)

    Google Scholar 

  12. Rukhin, A., et al.: A statistical test suite for random and pseudorandom number generators for cryptographic applications. Technical Report SP800-22, National Institute of Standards and Technology, USA (2008)

    Google Scholar 

  13. Brown, R.G., Eddelbuettel, D.: Dieharder: A random number test suite, http://www.phy.duke.edu/~rgb/General/dieharder.php (accessed 2009-03-03)

  14. Mills, E.: Hacked ATMs let criminals steal cash, PINs. ZDNet UK (June 2009), http://news.zdnet.co.uk/security/0,1000000189,39660339,00.htm

  15. Bogdanich, W.: Stealing the code: Con men and cash machines; criminals focus on A.T.M.’s, weak link in banking system. The New York Times (August 2003), http://query.nytimes.com/gst/fullpage.html?res=9803E6DD103EF930A3575BC0A9659C8B63

  16. Rousseau, L.: pcsc_tools package: ATR table, http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt (accessed 2009-03-03)

  17. Sunar, B.: True random number generators for cryptography. In: Koç, Ç.K. (ed.) Cryptographic Engineering, pp. 55–74. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  18. Herzel, F., Razavi, B.: A study of oscillator jitter due to supply and substrate noise. IEEE Trans. Circuits and Systems II 46(1), 36–42 (1999)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Laboratory, University of Cambridge, UK

    A. Theodore Markettos & Simon W. Moore

Authors
  1. A. Theodore Markettos
    View author publications

    Search author on:PubMed Google Scholar

  2. Simon W. Moore
    View author publications

    Search author on:PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Département de Mathématiques et d’Informatique, Université de Limoges, 83, rue d’Isle, 87000, Limoges, France

    Christophe Clavier

  2. ECE Department, George Mason University, 22030, Fairfax, VA, USA

    Kris Gaj

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Markettos, A.T., Moore, S.W. (2009). The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators. In: Clavier, C., Gaj, K. (eds) Cryptographic Hardware and Embedded Systems - CHES 2009. CHES 2009. Lecture Notes in Computer Science, vol 5747. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04138-9_23

Download citation

  • .RIS
  • .ENW
  • .BIB

  • DOI: https://doi.org/10.1007/978-3-642-04138-9_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04137-2

  • Online ISBN: 978-3-642-04138-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Keywords

  • Phase Noise
  • Prime Ring
  • Copper Foil
  • Ring Oscillator
  • Payment Card

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Publish with us

Policies and ethics

Search

Navigation

  • Find a journal
  • Publish with us
  • Track your research

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Journal finder
  • Publish your research
  • Language editing
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our brands

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Discover
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support
  • Legal notice
  • Cancel contracts here

173.236.255.191

Not affiliated

Springer Nature

© 2025 Springer Nature