Recoverable Random Numbers in an Internet of Things Operating System

Yoo, Taeill; Kang, Ju-Sung; Yeom, Yongjin

doi:10.3390/e19030113

Cited by 8 publications

(5 citation statements)

References 9 publications

(13 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As we have discussed and analyzed in sections III, IV and V, there are many solutions to generate and collect entropy to be consumed by the final user. Unfortunately, after analyzing all the literature, we found that none of those techniques can be employed to solve the boot-time starvation problem [8]- [11].…”

Section: The Problem: Boot-time Entropy Starvationmentioning

confidence: 99%

See 1 more Smart Citation

E-BOOT: Preventing Boot-Time Entropy Starvation in Cloud Systems

Vañó-García

Marco-Gisbert

2020

IEEE Access

View full text Add to dashboard Cite

Due to the impracticability of generating true randomness by running deterministic algorithms in computers, boot-loaders and operating systems undergo the lack of enough supplies of entropy at boot-time. This problem remains a challenge and affects all computer systems, including virtualization technologies. Unfortunately, this situation leads to undesired side effects, affecting the security of important kernel components and causing large blocking waits in the start-up of userland processes. For example, SSHD is delayed up to 4 minutes. In this paper, we analyze the boot-time entropy starvation problem, performing a comprehensive analysis of the Linux kernel boot process revealing that the problem not only affects userland applications but up to 33 kernel functions at boot time. Those functions are weakly fed by random numbers from a non-initialized CSPRNG. To overcome this problem, we propose E-Boot, a novel technique that provides high-quality random numbers to guest virtual machines. E-Boot is the first technique that completely satisfies the entropy demand of virtualized boot-loaders and operating systems at boot time. We have implemented E-Boot in Linux v5.3 and our experiments show that it effectively solves the boot-time entropy starvation problem. Our proposal successfully feeds bootloaders and boot time Linux kernel hardening techniques with high-quality random numbers, reducing also to zero the number of userspace blocks and delays. The total time overhead introduced by E-Boot is around 2 µs and has zero memory overhead, since the memory is freed before the kernel boot ends, which makes E-boot a practical solution for cloud systems.

show abstract

Section: The Problem: Boot-time Entropy Starvationmentioning

confidence: 99%

“…Unfortunately, there are scenarios where this is not always possible. An important example is the boot-entropy starvation problem [8]- [11], which appears when a system (e.g., boot-loader or operating system) requires entropy at boot-time but it is unable to generate or collect enough entropy.…”

Section: Introductionmentioning

confidence: 99%

E-BOOT: Preventing Boot-Time Entropy Starvation in Cloud Systems

Vañó-García

Marco-Gisbert

2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Kim, Han & Lee (2013) presented a technique to recover PreMasterSecret (PMS) of the first SSL session in Android by 2 58 complexity since PMS is generated from insufficient entropy of OpenSSL PRNG at boot-time. Ristenpart & Yilek (2010), Bernstein et al (2013), Michaelis, Meyer & Schwenk (2013), Schneier et al (2015), and Yoo, Kang & Yeom (2017) describe the attacks caused by weakness of entropy collectors or incorrect estimations of the entropy that are exaggerated or too conservative.…”

Section: Introductionmentioning

confidence: 99%

Accelerated implementation for testing IID assumption of NIST SP 800-90B using GPU

Yewon

Yeom

2021

PeerJ Computer Science

Self Cite

View full text Add to dashboard Cite

In cryptosystems and cryptographic modules, insufficient entropy of the noise sources that serve as the input into random number generator (RNG) may cause serious damage, such as compromising private keys. Therefore, it is necessary to estimate the entropy of the noise source as precisely as possible. The National Institute of Standards and Technology (NIST) published a standard document known as Special Publication (SP) 800-90B, which describes the method for estimating the entropy of the noise source that is the input into an RNG. The NIST offers two programs for running the entropy estimation process of SP 800-90B, which are written in Python and C++. The running time for estimating the entropy is more than one hour for each noise source. An RNG tends to use several noise sources in each operating system supported, and the noise sources are affected by the environment. Therefore, the NIST program should be run several times to analyze the security of RNG. The NIST estimation runtimes are a burden for developers as well as evaluators working for the Cryptographic Module Validation Program. In this study, we propose a GPU-based parallel implementation of the most time-consuming part of the entropy estimation, namely the independent and identically distributed (IID) assumption testing process. To achieve maximal GPU performance, we propose a scalable method that adjusts the optimal size of the global memory allocations depending on GPU capability and balances the workload between streaming multiprocessors. Our GPU-based implementation excluded one statistical test, which is not suitable for GPU implementation. We propose a hybrid CPU/GPU implementation that consists of our GPU-based program and the excluded statistical test that runs using OpenMP. The experimental results demonstrate that our method is about 3 to 25 times faster than that of the NIST package.

show abstract

“…Moreover, technology is constantly evolving with significant advances in the new generation of embedded systems with greater computing power including multi-core processors, for that reason, new threats and vulnerabilities that compromise security information in telecommunications systems are being devised [ 60 ]. Recently, several attacks and cryptanalysis to cryptosystems have been reported in the literature [ 61 , 62 , 63 , 64 , 65 , 66 ], therefore, it is important to continue with the development of new cryptosystems with greater complexity and efficiency, that is, to increase their security, such as key space, entropy, resistance against differential and statistical attacks, among others. Thus, the great technological advances and new emerging technologies have allowed an exponential increase in practical applications for the Internet of Things (IoT), for which it is expected that by the year 2020, more than 50,000 million devices, machines, and systems with digital communication technology through the use of embedded systems will be connected to the Internet [ 67 , 68 , 69 ].…”

Section: Introductionmentioning

confidence: 99%

Implementing a Chaotic Cryptosystem by Performing Parallel Computing on Embedded Systems with Multiprocessors

Flores-Vergara

Inzunza-González²,

García-Guerrero³

et al. 2019

Entropy

View full text Add to dashboard Cite

Profiling and parallel computing techniques in a cluster of six embedded systems with multiprocessors are introduced herein to implement a chaotic cryptosystem for digital color images. The proposed encryption method is based on stream encryption using a pseudo-random number generator with high-precision arithmetic and data processing in parallel with collective communication. The profiling and parallel computing techniques allow discovery of the optimal number of processors that are necessary to improve the efficiency of the cryptosystem. That is, the processing speed improves the time for generating chaotic sequences and execution of the encryption algorithm. In addition, the high numerical precision reduces the digital degradation in a chaotic system and increases the security levels of the cryptosystem. The security analysis confirms that the proposed cryptosystem is secure and robust against different attacks that have been widely reported in the literature. Accordingly, we highlight that the proposed encryption method is potentially feasible to be implemented in practical applications, such as modern telecommunication devices employing multiprocessors, e.g., smart phones, tablets, and in any embedded system with multi-core hardware.

show abstract

Recoverable Random Numbers in an Internet of Things Operating System

Cited by 8 publications

References 9 publications

E-BOOT: Preventing Boot-Time Entropy Starvation in Cloud Systems

E-BOOT: Preventing Boot-Time Entropy Starvation in Cloud Systems

Accelerated implementation for testing IID assumption of NIST SP 800-90B using GPU

Implementing a Chaotic Cryptosystem by Performing Parallel Computing on Embedded Systems with Multiprocessors

Contact Info

Product

Resources

About