CADET: Investigating a Collaborative and Distributed Entropy Transfer Protocol

The generation of random numbers has traditionally been a task confined to the bounds of a single piece of hardware. However, with the rapid growth and proliferation of resource-constrained devices in the Internet of Things (IoT), standard methods of generating randomness encounter barriers that can limit their effectiveness. In this work, we explore the design, implementation, and efficacy of a Collaborative and Distributed Entropy Transfer protocol (CADET), which aims to move random number generation from an individual task to a collaborative one. Through the sharing of excess random data, devices that are unable to meet their own needs can be aided by contributions from other devices. We implement and test a proof-of-concept version of CADET on a testbed of 49 Raspberry Pi 3B single-board computers, which have been underclocked to emulate the resource constraints of IoT devices. Through this, we evaluate and demonstrate the efficacy and baseline performance of remote entropy protocols of this type, as well as highlight remaining research questions and challenges in this area.

[1]  Eric Wustrow,et al.  Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices , 2012, USENIX Security Symposium.

[2]  Gregory J. Chaitin,et al.  Information, Randomness & Incompleteness - Papers on Algorithmic Information Theory - Second Edition , 1997 .

[3]  Thomas Ristenpart,et al.  When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography , 2010, NDSS.

[4]  Benny Pinkas,et al.  Analysis of the Linux random number generator , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[5]  Patrick Lacharme,et al.  The Linux Pseudorandom Number Generator Revisited , 2012, IACR Cryptol. ePrint Arch..

[6]  Dong Hoon Lee,et al.  Predictability of Android OpenSSL's pseudo random number generator , 2013, CCS.

[7]  Apostol Vassilev,et al.  Entropy as a Service: Unlocking Cryptography's Full Potential , 2016, Computer.

[8]  Bruce Schneier,et al.  Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator , 1999, Selected Areas in Cryptography.

[9]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[10]  Michael M. Swift,et al.  Not-So-Random Numbers in Virtualized Linux and the Whirlwind RNG , 2014, 2014 IEEE Symposium on Security and Privacy.

[11]  Luca Trevisan,et al.  Better Pseudorandom Generators from Milder Pseudorandom Restrictions , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[12]  Kai Zhao,et al.  A Survey on the Internet of Things Security , 2013, 2013 Ninth International Conference on Computational Intelligence and Security.

[13]  Enrique San Millán,et al.  Accelerating secure circuit design with hardware implementation of Diehard Battery of tests of randomness , 2011, 2011 IEEE 17th International On-Line Testing Symposium.

[14]  Elaine B. Barker,et al.  A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications , 2000 .

[15]  Peter Schwabe,et al.  High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers , 2015, Des. Codes Cryptogr..

[16]  Gang Zhou,et al.  Toward Sensor-Based Random Number Generation for Mobile and IoT Devices , 2016, IEEE Internet of Things Journal.

[17]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[18]  David Kaplan,et al.  Attacking the Linux PRNG On Android: Weaknesses in Seeding of Entropic Pools and Low Boot-Time Entropy , 2014, WOOT.