Attacking Hardware Random Number Generators in a Multi-Tenant Scenario

Abstract

True random number generators are important building blocks for cryptographic systems and can be the target of adversaries that want to break cryptographic protocols by reducing the unpredictability of the used random numbers. This paper examines the viability of three different types of potential attacks on these generators when they are implemented on field programmable gate arrays, namely the voltage manipulation attack, the ring-oscillator locking attack and the replica observation attack. The proposed attacks only make use of the available programmable logic of the device and as such do not require physical access to it. They can technically be mounted remotely in a multi-tenant scenario by adversaries that only have bitstream write access to a part of the programmable logic. The attacks try to exploit interactions that can exist between an attack circuit and the targeted circuit because they reside on the same chip. The paper presents two case studies: an elementary ring oscillator design and a transition effect ring oscillator design. For the first case study, all three scenarios were tested and for the second case study, only the voltage manipulation attack scenario is examined. Our results show that this voltage manipulation attack is the most effective of the three proposed attacks.