SideRand: A Heuristic and Prototype of a Side-Channel-Based Cryptographically Secure Random Seeder Designed to Be Platform- and Architecture-Agnostic

04/09/2018
by   JV Roig, et al.
0

Generating secure random numbers is vital to the security and privacy infrastructures we rely on today. Having a computer system generate a secure random number is not a trivial problem due to the deterministic nature of computer systems. Servers commonly deal with this problem through hardware-based random number generators, which can come in the form of expansion cards, dongles, or integrated into the CPU itself. With the explosion of network- and internet-connected devices, however, the problem of cryptography is no longer a server-centric problem; even small devices need a reliable source of randomness for cryptographic operations - for example, network devices and appliances like routers, switches and access points, as well as various Internet-of-Things (IoT) devices for security and remote management. This paper proposes a software solution based on side-channel measurements as a source of high-quality entropy (nicknamed "SideRand"), that can theoretically be applied to most platforms (large servers, appliances, even maker boards like RaspberryPi or Arduino), and generates a seed for a regular CSPRNG to enable proper cryptographic operations for security and privacy. This paper also proposes two criteria - openness and auditability - as essential requirements for confidence in any random generator for cryptographic use, and discusses how SideRand meets the two criteria (and how most hardware devices do not).

READ FULL TEXT

page 1

page 2

page 3

page 4

10/01/2018

Stronger Cryptography For Every Device, Everywhere

Generating secure random numbers is a central problem in cryptography th...
03/22/2019

A Random Number Generator Built from Repurposed Hardware in Embedded Systems

Quality randomness is fundamental to cryptographic operations but on emb...
06/30/2020

Firmware Insider: Bluetooth Randomness is Mostly Random

Bluetooth chips must include a Random Number Generator (RNG). This RNG i...
07/23/2020

A Guideline on Pseudorandom Number Generation (PRNG) in the IoT

Security and trust are essential building blocks for the emerging Intern...
01/10/2019

Secure and Computationally-Efficient Cryptographic Primitive based on Cellular Automation

Mageto, a random number generator based on one-dimensional cellular auto...
11/24/2020

A decentralized approach towards secure firmware updates and testing over commercial IoT Devices

Internet technologies have made a paradigm shift in the fields of comput...
06/19/2022

Construction and Optimization of TRNG Based Substitution Boxes for Block Encryption Algorithms

Internet of Things is an ecosystem of interconnected devices that are ac...