Paper 2016/1021

Cryptographic Randomness on a CC2538: a Case Study

Yan Yan, Elisabeth Oswald, and Theo Tryfonas

Abstract

Smart metering, smart parking, health, environment monitoring, and other applications drive the deployment of the so-called Internet of Things (IoT). Whilst cost and energy efficiency are the main factors that con- tribute to the popularity of commercial devices in the IoT domain, secu- rity features are increasingly desired. Security features typically guarantee authenticity of devices and/or data, as well as confidentiality of data in transit. Our study finds that whilst cryptographic algorithms for confi- dentiality and authenticity are supported in hardware on a popular class of devices, there is no adequate support for random number generation available. We show how to passively manipulate the on-board source for randomness, and thereby we can completely undermine the security pro- vided by (otherwise) strong cryptographic algorithms, with devastating results.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. MINOR revision.WIFS 2016
Keywords
IoTSystem on Chip (SoC)Side channel attackRandom Number Generator (RNG)DTLS
Contact author(s)
yanyansmajesty @ gmail com
History
2016-11-01: received
Short URL
https://ia.cr/2016/1021
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/1021,
      author = {Yan Yan and Elisabeth Oswald and Theo Tryfonas},
      title = {Cryptographic Randomness on a CC2538: a Case Study},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1021},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/1021}},
      url = {https://eprint.iacr.org/2016/1021}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.