Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

9/20/2010
10:11 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Research breakthrough brings ubiquitous True Random Number Generators A Step Closer

TRNGs are essential for IT security because virtually any security application relies on unpredictable numbers

The widespread use of true random number generators (TRNGs) has taken a step closer following the creation of the most lightweight designs to date by researchers at Queens University Belfasts Institute of Electronics, Communications and Information Technology (ECIT).

Members of the Institutes cryptography research team have produced a series of circuits that are up to 50 per cent smaller than anything else currently available. Optimised for digital circuits, FPGA and ASIC, they push efficiency to the limit by using just one logic gate, one look-up table and four transistors respectively.

TRNGs are essential for IT security because virtually any security application relies on unpredictable numbers such as cryptographic keys. Current systems however are either too expensive or are not fast enough for many applications. That is why more nimble pseudo-random number generators are in more widespread use even though the sequences they generate can be detected under certain types of attack, making them much less secure.

The approach of ECIT researchers Jiang Wu and Dr Mire ONeill has been to use the white noise inside the circuit to generate the randomness, effectively simulating the toss of a coin. To do this, they developed a new mechanism to measure the noise and generate the random output.

The most challenging part of the work was to find the new mechanism that can effectively sample the noise, says Wu.

True random number generators have been extensively studied in recent years; many very efficient designs based on different noise measurement mechanisms have been proposed. It was not clear if more efficient designs were even possible. After investigating several candidates, finally we found a successful one, he adds.

The next step is to find ways of making the generators sufficiently robust to be embedded in devices such as mobile phones, smartcards and RFID tags, and where they are used for security applications - to secure them from attack and develop appropriate countermeasures.

Other related work currently underway at ECIT includes designs for highly efficient physical unclonable functions (PUFs). These authenticate individual chips by extracting and identifying but without revealing - their unique fingerprints which can then be used in a variety of security applications.

ECIT

Part of The School of Electronics, Electrical Engineering and Computer Science at Queens University Belfast, ECIT is housed in a specially designed 4,000m2 building, located off-campus, at the Northern Ireland Science Park in Belfasts Titanic Quarter. The Institute has four research groups covering areas such as broadband wireless communications, electronic data security, image and speech processing, telecommunications software and antenna design for mobile communications. The Institute currently employs 140 people.

Research at ECITs High Frequency Electronics Circuits division covers aspects ranging from custom high performance gallium arsenide and sub micron silicon integrated chips to self adapting antenna solutions, monolithic packaging strategies and analytical and computational electromagnetics.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27218
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.