Cryptology ePrint Archive: Report 2016/1021

Cryptographic Randomness on a CC2538: a Case Study

Yan Yan and Elisabeth Oswald and Theo Tryfonas

Abstract: Smart metering, smart parking, health, environment monitoring, and other applications drive the deployment of the so-called Internet of Things (IoT). Whilst cost and energy efficiency are the main factors that con- tribute to the popularity of commercial devices in the IoT domain, secu- rity features are increasingly desired. Security features typically guarantee authenticity of devices and/or data, as well as confidentiality of data in transit. Our study finds that whilst cryptographic algorithms for confi- dentiality and authenticity are supported in hardware on a popular class of devices, there is no adequate support for random number generation available. We show how to passively manipulate the on-board source for randomness, and thereby we can completely undermine the security pro- vided by (otherwise) strong cryptographic algorithms, with devastating results.

Category / Keywords: applications / IoT, System on Chip (SoC), Side channel attack, Random Number Generator (RNG), DTLS

Original Publication (with minor differences): WIFS 2016

Date: received 26 Oct 2016

Contact author: yanyansmajesty at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20161101:015718 (All versions of this report)

Short URL: ia.cr/2016/1021

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]