Cloud native EDA tools & pre-optimized hardware platforms
Dana Neustadter, Sr. Product Marketing Manager, Synopsys
The proliferation of connected devices and the evolving nature of attacks, breaches, and malware make the need for security in products and ecosystems more important than ever. True random numbers are at the heart of any secure system and their quality contributes to the security strength of designs. Many cryptographic operations require a source of random numbers, such as the creation of cipher keys and initial values for counters and protocol parameters. Weak or predictable random numbers open the door for attacks that can compromise keys, intercept data, and ultimately hack devices and their communication.
Designing True Random Number Generators (TRNGs) that provide consistently high-quality entropy across processes, temperature, voltage, and frequency variations is very complex. To help ensure the highest quality, international standards bodies have developed criteria to substantiate the truly random nature of TRNGs in a verifiable and statistically rigorous manner.
The article highlights the importance of TRNGs, describes their main components and characteristics, lists the specifications they need to adhere to, and provides a high-level introduction to Synopsys¡¯ DesignWare TRNG Security IP.
A TRNG is a function or device based on an unpredictable physical phenomenon, called an entropy source, that is designed to generate non-deterministic data (e.g., a succession of numbers) to seed security algorithms.
Connected devices are becoming part of everyday life and we expect them to operate correctly while protecting business and personal information. TRNGs are at the base of securing these devices as they are used to create and protect secrets and other sensitive information. They are part of a ¡°chain of trust¡± that needs to be established starting with the SoC, moving to the application layers and communication to the cloud. A chain of trust is only as strong as its weakest link.
Predictable random number generators (RNGs) open doors to many possible attacks that can hack devices and compromise data. To be effective, random numbers must be unpredictable, statistically independent (unrelated to any previously generated random numbers), uniformly distributed (equal probability for any number to be generated) and protected (Figure 1).
Figure 1: True random numbers are crucial for security
True random numbers are used for applications such as gaming, gambling, and in cryptography, where randomness is critically important. For example, many cryptographic algorithms and security protocols depend on keys and their strength is defined by the number of key bits that an attacker needs to determine before breaking a system. If keys are compromised, the security strength of the whole system is compromised.
True random numbers are required in a variety of security scenarios:
Several standards and certification associations are driving specifications and validation methods for TRNGs to define the guidelines for design and certification of truly random solutions.
The US National Institute of Standards and Technology (NIST) agency has developed a set of NIST SP 800-90A/B/c standards (¡°c¡± is still in draft stage) to define the statistical-analysis criteria that an RNG must meet before being considered random enough for cryptographic applications. The German standards body, Bundesamt f¨¹r Sicherheit in der Informationstechnik (BSI), has long had a separate set of RNG standards (AIS 20/31).
Both standards serve to weed out seemingly random generators that may appear to work but may have statistical flaws that could undermine the security of the system. However, while these standards give some high-level architecture guidelines, they do not specifically describe how to create a TRNG; only how to verify whether it works. The implementation details are left to the creativity of the designers, and therefore permits many alternative approaches. In all cases though, the TRNGs must meet the four criteria previously mentioned: they must be unpredictable, uniform, independent, and undiscoverable.
Figure 2: RNG Standards ¨C NIST & BSI
In addition to the NIST SP 800-90A/B/c and BIS AIS 20-31 conformance tests, NIST has released a statistical test suite for random and pseudo-random number generators for cryptographic applications called NIST SP800-20. However, these tests are not sufficient to detect some weaknesses in random number generators and thus other tests have been designed to augment the randomization testing for TRNGs, including the Diehard and Dieharder suites.
Certifications such as the US Federal Information Processing Standard (FIPS) 140-2 and recently released 140-3, Common Criteria (CC), and the Chinese Office of State Commercial Cryptography Administration (OSCCA), are meant to ensure that final products are fully compliant with the requirements stated in specifications. Specialized labs review the TRNG architecture, evaluate the randomness generation properties, test, and validate that the products are indeed proven for compliance.
True randomness is very difficult to achieve. A properly constructed TRNG needs to harvest entropy from some form of random process (like the noise produced by current flowing in a transistor, or the time between radioactive decay events), and then condition the entropy signal to remove bias and whiten the spectrum of the resulting sequence of outputs. This process must be controlled for factors such as operating temperature, aging, susceptibility to electronic noise and upset, voltage variation, and operating frequency range. Without controlling these factors, the TRNG circuit could potentially be modified by outsiders attempting to influence its operation.
One example of an RNG architecture is to seed a cryptographic quality pseudorandom number generator (PRNG) with an unknown seed value and then use the PRNG for a period of time or to produce a quantity of random data. The PRNG will then be re-seeded and used again for a while, and so on. The seed for the PRNG should be a secret, random input derived from an ¡°entropy source¡± such as a high-quality TRNG.
Synopsys has developed standards-compliant and certification-ready TRNGs that are applicable to any digital semiconductor device and are highly portable across any ASIC and most FPGA process technologies. The TRNGs have been widely deployed down to 5nm processes, are customer configurable, and support a variety of attractive features including wide system clock dynamic range, redundant and selectable number of internal seed generators, automatic and manual reseeding, output streams for side channel countermeasures, and various interfaces (memory mapped, serial and nonce which is suitable for HDCP 2.3 content protection modules):
Figure 3: DesignWare TRNG block diagram
The core has the option to include up to 8 virtual TRNGs which provides the ability to access random numbers securely between multiple users such as in a multi-core processor system. The IP also supports background raw noise collection to generate new entropy in the background and store it for the next seeding operation, thereby eliminating the wait time for the next reseeding.
Figure 4: DesignWare TRNG NIST SP800-90c block diagram
Connected devices and their communication need to be secured against evolving threats and attacks to protect ecosystems and valuable personal and business information. High quality TRNGs are a fundamental technology required to build a chain of trust in systems as many cryptographic algorithms for encryption/authentication and security protocols depend on true random numbers for generation of keys, challenges, initial values, and nonces. The overall security strength in systems and applications depends on the quality of the source of entropy that TRNGs provide. Flaws in random number generators can be used by attackers to compromise devices that are otherwise algorithmically secure. Synopsys has developed efficient TRNGs that are compliant with the NIST and AIS standards and can be certified in final products for certifications such FIPS 140-2 / 140-3, Common Criteria (CC), and China¡¯s OSCCA.
In addition to TRNGs, Synopsys provides a broad portfolio of highly integrated security IP solutions that use a common set of standards-based building blocks and security concepts to enable the most efficient silicon design and highest levels of security for a range of products in the mobile, automotive, digital home, IoT, and cloud computing markets.
Synopsys¡¯ highly configurable security IP solutions include hardware secure modules with Root of Trust, content protection, cryptography, and security protocol accelerators for integration into SoCs. These integrated solutions enable the heart of many security standards, supporting confidentiality, data integrity, user/system authentication, non-repudiation, and positive authorization. Combined, Synopsys¡¯ security IP solutions help prevent a wide range of evolving threats in connected devices such as theft, tampering, side channels attacks, malware and data breaches.
For more information: DesignWare True Random Number Generators