We Can Remember It for You Wholesale: Implications of Data Remanence on the Use of RAM for True Random Number Generation on RFID Tags RFIDSec 2009 - Computer Science > Cryptography and SecurityReport as inadecuate




We Can Remember It for You Wholesale: Implications of Data Remanence on the Use of RAM for True Random Number Generation on RFID Tags RFIDSec 2009 - Computer Science > Cryptography and Security - Download this document for free, or read online. Document in PDF available to download.

Abstract: Random number generation is a fundamental security primitive for RFIDdevices. However, even this relatively simple requirement is beyond thecapacity of today-s average RFID tag. A recently proposed solution, FingerprintExtraction and Random Number Generation in SRAM FERNS 14, 15, involves theuse of onboard RAM as the source of -true- randomness. Unfortunately, practicalconsiderations prevent this approach from reaching its full potential. First,this method must compete with other system functionalities for use of memory.Thus, the amount of uninitialized RAM available for utilization as a randomnessgenerator may be severely restricted. Second, RAM is subject to data remanence;there is a time period after losing power during which stored data remainsintact in memory. This means that after a portion of memory has been used forentropy collection once it will require a relatively extended period of timewithout power before it can be reused. In a usable RFID based securityapplication, which requires multiple or long random numbers, this may lead tounacceptably high delays.In this paper, we show that data remanence negatively affects RAM basedrandom number generation. We demonstrate the practical considerations that mustbe taken into account when using RAM as an entropy source. We also discuss theimplementation of a true random number generator on Intel-s WISP RFID tag,which is the first such implementation to the authors- best knowledge. Byrelating this to the requirements of some popular RFID authenticationprotocols, we assess the impracticality of utilizing memory based randomnesstechniques on resource constrained devices.



Author: Nitesh Saxena, Jonathan Voris

Source: https://arxiv.org/



DOWNLOAD PDF




Related documents