#### True Random number generators: the point of view of a semiconductor company

#### **Patrick Haddad**

System Research and Application: Security Team

With the helpful support of B. Kasser, J. Lee, U. Mureddu, M. Lacruche, A. Martinez, M. Agoyan, S. Chesnais





#### Introduction

- STMicroelectronics
- Security in ST products
- The System Research and Application Security Team
- Our TRNG activities
- TRNG in the design / integration flow of a product
- Analysis of promising TRNGs proposed in the literature
  - Study of the manufacturability
  - Study of the voltage supply influence
  - Study of malicious manipulations



- A global semiconductor leader
- 2017 revenues of \$8.35B with year-• on-year growth of 19.7%
- Listed: NYSE, Euronext Paris and Borsa Italiana, Milan

- Research & Development Main Sales & Marketing Front-End Manufacturing
- Back-End Manufacturing



Who We are 3

- Approximately 45,500 employees worldwide
- Approximately 7,400 people working in R&D
- **11** manufacturing sites

•

Over 80 sales & marketing offices •

As of December 31, 2017

#### Security Pervasion 4

#### Security becoming key for our target end-markets / applications



### Security Needs Across ST Products

System security needs to translate into hardware security foundations in ST products





Except for "discrete", most of ST product lines are impacted by security ST products provide foundations & enablers for designing secure systems

# SRA Security Team

#### SRA Missions: •

• To provide ST with leading edge innovation in security, imaging-video, connectivity, ultra-low power & healthcare ensuring an early IP access to all ST's divisions

#### SRA Security team:

- Anticipate (customers, consortia & standards, ...)
  - Develop or make available (3<sup>rd</sup> parties, partners, etc.) critical hardware or software security IP blocks, architectures or expertise that will be needed by ST product divisions 3-5 years down the road.
  - Work closely with product divisions to ensure proper awareness and anticipation
- Support ST product divisions & deploy security expertise within ST
- Help promote ST's product portfolio to customers when our security expertise can make the ٠ difference (reference designs, demonstrators, ...)
- Identify, prototype & champion/nurture **innovation opportunities** for ST in the field of security ۲
- The team: 2<sup>4</sup> security engineers & researcher (Rousset + Agrate)



## The Strategy of Our TRNG Activities \_\_\_\_

- Address a worldwide market with the same RNG IP
- Provide to our customers (internal/external):
  - Common RNGs for cryptographic application
    - SP800-90 compliant
    - AIS31 compliant
    - PCI compliant
    - KCMVP
    - ...

|                                                                                              | 1 |                                                                                                       |
|----------------------------------------------------------------------------------------------|---|-------------------------------------------------------------------------------------------------------|
| NIST Special Publication 800-90B                                                             |   | A preport for Functionality classes for and/on smaller protection                                     |
| Recommendation for the Entropy<br>Sources Used for Random Bit<br>Generation                  |   | Deudroant far Schebert is in                                                                          |
| Melhum Scienzer Taran<br>Erasan Burker<br>Karay A Mellay<br>Kary A Mellay<br>Mark Booje      |   | A proposal for:<br>Functionality classes for madora anna<br>Vuon 10                                   |
| This publication is available flow of charge from<br>https://doi.org/10.6028/NEST.5P.100-90B |   | 18 September 2011                                                                                     |
| COMPUTER SECURITY                                                                            |   |                                                                                                       |
|                                                                                              |   | <sup>1</sup> The matters with to represe their limits in the assuments,<br>surgerand and the foremand |
| to as department of Commentan                                                                |   | 18 Spender 2011 A25 28-485 31                                                                         |
|                                                                                              |   |                                                                                                       |



- Leveraging the most advanced research activities & funneling them into commercial products, helping improve security of products in the field
- In concertation with national / private certification agencies



## Our TRNG Activities

- **Support** ST product divisions for integration in products •
  - More details in next slide
- **Support** ST product divisions for certification:
  - Payment Card Industry  $\rightarrow$  classical statistical tests suites •
  - Korea Crypto Module Verification Program  $\rightarrow$  classical statistical tests suites
  - Common Criteria  $\rightarrow$  AIS31
  - Federal Information Processing Standard  $\rightarrow$  SP800-X
- **Follow** and **contribute** to evolutions of evaluation methodologies •
  - AIS31 V2.0, SP800-90B, …
- **Follow** and **contribute** to worldwide research activities •
  - Several publications: CHES, FDTC, DATE, …
- Anticipate security features and performances next years needed for ST product.
  - Test structures proposed in recent publications





#### **TRNG** in the Design / Integration Flow



## TRNG in the Design / Integration Flow 10

MANUFACTURING

| SYSTEM<br>SPECIFICATIONS                                                     | ARCHI.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |                                                                                         |                                                                                                                         | Data Data Data San Juni Juni Juni Juni Juni Juni Juni Jun |
|------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------|
| Marketing analysis<br>feedback                                               | SPECIFICATIONS                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |                                                                                         | Activation RO                                                                                                           | Data<br>buta<br>registers<br>Carry<br>lockahead           |
| <ul><li>Secure firmware</li><li>ECC, AES, RSA</li></ul>                      | Mapping of unitary blocks                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | FUNCTIONAL & LOGIC DESIGN                                                               |                                                                                                                         | ALU - Instruction decode                                  |
| <ul> <li>HO SCA prot.</li> <li>HA SCA prot.</li> <li>TRNG certif.</li> </ul> | <ul><li>RAM</li><li>Masked AES</li><li>Robust CPU</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | HDL code<br>writing / reuse                                                             | CIRCUIT DESIGN                                                                                                          | PHYSICAL DESIGN                                           |
| •                                                                            | <ul> <li>TRNG interface.</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | <ul><li>Mode of Oper.</li><li>Wrappers,</li></ul>                                       | Gate level<br>modif. / tuning                                                                                           |                                                           |
| Gregg Gumkowski<br>Product Marketing Engineer                                | System     20 System       Transmitter     20 System       Transmitter | <ul> <li>Boolean masked AES</li> <li>TRNG:<br/>Online Tests<br/>Post Proces.</li> </ul> | <ul> <li>Avoid glitches</li> <li>Ring Oscillators</li> <li>Delay chains</li> <li>Paths for testing</li> <li></li> </ul> | Silicon level<br>modif. / tuning Place and route          |

#### Master the TRNG behavior is a key point for an IC manufacturer

- against variation of manufacturing process ٠
- against variation of power supply
- against variation of temperature
- against malicious environmental modifications



. . .



### Study of the TRNG Manufacturability



#### A Transistor 12

- ICs are composed of gates and memories •
  - Inverter, XOR, NAND, Flip-flops ... •
- Logic gates and memories are composed of transistors •
- A transistor is like a valve
  - Allows the flow according to inputs values
- A transistor is a stack of different materials
  - allows the flow charges according to its input







# The Manufacturing 13

- Manufacture an IC is not a print process
- Manufacture an IC is
  - A set of complex & precise «stencil printing»
  - Expensive to set up
  - A long process (few months for one  $\mu$ C)
    - Fortunately we can manufacture in parallel
- Tailored for mass production
- Not tailored for test chips
  - Fortunately we can design/manufacture some
- Under quality control
  - But quality transistors is not cloned transistors













#### Cost of a set > $2^{21}$ dollars

### The Defaults of a Transistor

- Electrical parameters of the transistor are slightly impacted by:
  - The regularity of the stacks
  - The doping variations of the materials

Example: lacksquare

$$I_{DS} = \mu \cdot C_{ox} \cdot \frac{W}{L} \cdot \frac{(V_G - V_{TH})}{2}$$



- Fortunately variation of  $\mu$ , W, L, C<sub>OX</sub> and V<sub>TH</sub> are well studied
  - We know theirs laws •
  - The laws can be used for simulations



#### The Defaults at Gate Level 15

Logic gates and memories are composed of non homogeneous transistors



life.gugmented

#### The Defaults at Gate Level 16

Logic gates and memories are composed of non homogeneous transistors



This is an issue for several TRNG, but not for deterministic blocks such as AES







#### For several TRNGs this is an even more complex issue

The case of the TERO





- When CTRL signal is "0", TERO does not oscillate and it output is "1" •
- When CTRL goes to "1", then TERO oscillates until it reaches a stable state .
- There is a race between the 2 delay lines which leads to oscillation
- TERO generates pulses whose widths decrease until complete disappearance ٠
- Entropy is carried by the phase noise which accumulates along the successive pulses •
- The random bit is the parity value of the number of generated pulses. ٠





[VD10] M. Varchola, M. Drutarovsky, New high entropy element for FPGA based true random number generators

19





• TEROs are composed of non homogeneous transistors





• The results:



• The results:



- Low entropy or throughput in more than 50% of the manufactured ICs
  - => verdict for TERO based TRNG:

too sensitive to manufacturing variations





### Study of the Voltage Supply Influence



#### TRNG Behavior & Voltage Variations 23

- Electrical parameters of the transistor are impacted by:
  - The voltage supply.
  - The temperature.







• Voltage variation lower than 10 % => non negligible entropy variations => verdict for TERO based TRNG:

too sensitive to voltage supply variations



#### First Conclusions 24

- Manufacture an IC is a set of complex, precise, long and expensive to set up processes •
  - Fortunately we manufacture in parallel
- Tailored for mass production => Low unitary cost
- Master factors impacting the TRNG behavior is a key point for an IC manufacturer such as manufacturing process variations:
  - To avoid TRNG flaws in nominal conditions
  - Detectable with design phase simulations
- The voltage supply and the temperature are also studied factors. •
  - To guarantee enough entropy in the IC range of usage conditions
- Allows us to evaluate the industrialization of TERO for next generations TRNGs.
- The TRNG behavior can also be maliciously impacted by environmental factors: Perturbation attacks









#### **Study of Malicious Manipulations**



## Malicious Manipulations

#### Perturbation attacks are generating and exploiting faults in embedded systems

Non or semi-invasive active HW attacks (if chip-package needs to be removed)

- Identify source capable of generating exploitable faults
  - Glitches on power-supply or clock, EM perturbation, Laser shot, etc.



- Disturb normal IC behavior & exploit resulting faults
  - Skip CPU instructions → bypass software checks, change execution flow, etc.
  - Alter product configuration bits (Ex: lifecycle state)
  - Fault in crypto processing (Ex: Differential Fault Analysis or "Safe-Error" attacks)
  - Influence / bias random number generators



26





### The DC-TRNG 27

- The DC-TRNG is a fully digital TRNG introduce in [RYBV15]
- Entropy is carried by the phase noise of a ring oscillator
- The phase noise digitization is performed by a « chronophotograph » technique
  - Implemented using a sampled delay chain •
- An encoder transform the chronophotograph into a random bit.



#### Is the DC-TRNG vulnerable against EM pulsed perturbations?







### Malicious Manipulation of DC-TRNG

- We generate a pulsed electromagnetic field above the IC during the generations of random numbers
- We verify the presence of simple statistical defects:
  - e.g.: mono-bit, poker ...





- After a pulse, we observe: two consecutives stuck at 1
- Is this attack decrease the security level ?
  - The time between 2 pulses is 500 µs for a high end pulser
  - 1 random bit is generated each 25 µs
- In the worst case 1% of the bit can be manipulated



#### Conclusions 29

- Our goal is to develop by anticipation what will be needed by ST product divisions in 3-5 years
  - Security IP blocks (HW or SW)
  - Architectures
  - Expertise



- Leveraging the most advanced research activities & funneling them into commercial products, helping improve security of products in the field
- For TRNG IPs, we continuously analyze promising TRNGs proposed in the literature :
  - against variations of manufacturing process (e.g.: TERO TRNG)
  - against variations of **power supply** (e.g.: TERO TRNG)
  - against variations of temperature
  - against classical **physical attacks** (e.g.: DC TRNG)





 Works done in concertation with national / private certification agencies to improve the standards and share compatibles roadmaps





#### Thank You

