Feasibility of a T4RNG
We present a T4RNG design that fulfills the aforementioned characteristics. Our example consists of one XOR gate, one AND gate, and two ROs shifted in phase by 180°, as depicted in Fig. 9.4. The example draws from the frequency-injection attack against RO-based TRNGs of . There, the authors can control the phase of several ROs placed in the same device by injecting a sine wave in the power supply. Here, we exploit the same mechanism as a trigger for our Trojan. While the Trojan is not triggered, the complementary outputs of the two ROs are XOR’ed together to produce a logical one. In this case, the TRNG output is not altered. When the Trojan is triggered, the two ROs are in phase and their XOR’ed output produces a logical zero. In this case, the TRNG output is discarded.
It is very important to affect only a few bits so as to pass the statistical tests. We evaluated this through simulations in the MathWorks Simulink environment. The ring oscillators were simulated using pulse-generator blocks. As a TRNG, we used a random-source block that passes already the statistical tests. Figure9.5 depicts the unaltered bitstream generated by the random-source block. Figure9.6 depicts the bitstream generated while multiple Trojan activations occurred. The effect of the Trojan is evident in the minor diagonal. However, this bias goes undetected by the statistical testing: the manipulated output still passes the online tests.
We realized an RO-based TRNG on a Xilinx Spartan-3E FPGA board. The TRNG incorporates 511 stages, as proposed in . Our aim was to showcase the lightweightness of the example T4RNG. Figure 9.7 depicts the Trojan-free design, Fig. 9.8
Fig. 9.4 Proposed Trojan
Fig. 9.5 Trojan-free TRNG output
Fig. 9.6 Trojan-infected TRNG output
Fig. 9.7 Trojan-free TRNG
Fig. 9.8 Trojan-infected TRNG
Fig. 9.9 Trojan part highlighted
depicts the design with the Trojan integrated, and Fig.9.9 highlights the malicious part. It is evident that the malicious circuit consumes indeed a tiny space compared to the overall TRNG implementation.
In the best of our knowledge, this is the first report in the literature5 that describes a hardware Trojan horse against a hardware implementation of a true random number generator. The Trojan design exploits the ring oscillators used as a source of randomness and succeeds in bypassing the embedded statistical testing albeit inserting a clearly identifiable bias in the output of the TRNG. It is evident that additional blocks for protection and detection must be incorporated in the TRNG hardware designs if used in critical environments such as for generating cryptographic key material. Toward this direction, we explore in the next sections the applicability of the ring oscillators which construct as a defense mechanism, for detecting the presence of hardware Trojans in a cryptographic-oriented hardware designs.