Trojan Detection in True Random Number Generators
The random number generators, either pseudo (PRNG) or true (TRNG), are an important component of modern security and cryptographic operations. This source of randomness is often used as a starting point for generating ephemeral or long-term cryptographic keys, for ensuring freshness of computed cryptographic tokens, and for protecting against replay attacks. As such, a TRNG can be an attractive target for hardware Trojan infection.
TRNGs commonly use some kind of physical phenomenon as a source of entropy. Typically, these phenomena are analog. Therefore, an extraction mechanism is needed in order to convert the analog values into digital ones. Once the entropy source has been digitized, the statistical properties of the digitized signal will be evaluated with the purpose of establishing the TRNG quality. After this first evaluation, it is often conclude that a post-processing block is required to correct the output distribution. Finally, due to the importance of the TRNGs in security systems, it is recommendable to check the quality of the random output during its generation. Often, embedded (online) tests are employed to set an alarm when the generated output does not comply with some statistical requirements. Some well-known battery of tests used to assess the quality of a TRNG’s output include DIEHARD, ENT, AIS31 , and NIST . The typical blocks of an embedded TRNGs are depicted in Fig. 9.3.