论文信息 - Cryptographic randomness on a CC2538: A case study

Cryptographic randomness on a CC2538: A case study

Smart metering, smart parking, health, environment monitoring, and other applications drive the deployment of the so-called Internet of Things (IoT). Whilst cost and energy efficiency are the main factors that contribute to the popularity of commercial devices in the IoT domain, security features are increasingly desired. Security features typically guarantee authenticity of devices and/or data, as well as confidentiality of data in transit. Our study finds that whilst cryptographic algorithms for confidentiality and authenticity are supported in hardware on a popular class of devices, there is no adequate support for random number generation available. We show how to non-invasive manipulate the on-board source for randomness, and thereby we can completely undermine the security provided by (otherwise) strong cryptographic algorithms, with devastating results.

[1] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[2] Elaine B. Barker,et al. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications , 2000 .

[3] Alfred Menezes,et al. The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[4] Eric Rescorla,et al. Datagram Transport Layer Security , 2006, RFC.

[5] Elaine B. Barker,et al. Recommendation for Random Number Generation Using Deterministic Random Bit Generators , 2007 .

[6] Hannes Tschofenig,et al. Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) , 2005, RFC.

[7] Bodo Möller,et al. Network Working Group Elliptic Curve Cryptography (ecc) Cipher Suites for Transport Layer Security (tls) , 2006 .

[8] George S. Kang,et al. Automatic gain control , 1984, ICASSP.

[9] W. W. PETERSONt,et al. Cyclic Codes for Error Detection * , 2022 .

[10] John Kelsey,et al. Recommendation for Random Number Generation Using Deterministic Random Bit Generators , 2014 .

[11] Kazumaro Aoki,et al. SEC X.2: Recommended Elliptic Curve Domain Parameters , 2008 .