Paper 2013/304
Secure PRNG Seeding on Commercial Off-the-Shelf Microcontrollers
Anthony Van Herrewege, Vincent van der Leest, André Schaller, Stefan Katzenbeisser, and Ingrid Verbauwhede
Abstract
The generation of high quality random numbers is crucial to many cryptographic applications, including cryptographic protocols, secret of keys, nonces or salts. Their values must contain enough randomness to be unpredictable to attackers. Pseudo-random number generators require initial data with high entropy as a seed to produce a large stream of high quality random data. Yet, despite the importance of randomness, proper high quality random number generation is often ignored. Primarily embedded devices often suffer from weak random number generators. In this work, we focus on identifying and evaluating SRAM in commercial off-the-shelf microcontrollers as an entropy source for PRNG seeding. We measure and evaluate the SRAM start-up patterns of two popular types of microcontrollers, a STMicroelectronics STM32F100R8 and a Microchip PIC16F1825. We also present an efficient software-only architecture for secure PRNG seeding. After analyzing over 1 000 000 measurements in total, we conclude that of these two devices, the PIC16F1825 cannot be used to securely seed a PRNG. The STM32F100R8, however, has the ability to generate very strong seeds from the noise in its SRAM start-up pattern. These seeds can then be used to ensure a PRNG generates high quality data.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- pseudo-randomnessPRNGseedingentropy
- Contact author(s)
- anthony vanherrewege @ esat kuleuven be
- History
- 2013-05-29: revised
- 2013-05-25: received
- See all versions
- Short URL
- https://ia.cr/2013/304
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2013/304, author = {Anthony Van Herrewege and Vincent van der Leest and André Schaller and Stefan Katzenbeisser and Ingrid Verbauwhede}, title = {Secure {PRNG} Seeding on Commercial Off-the-Shelf Microcontrollers}, howpublished = {Cryptology {ePrint} Archive, Paper 2013/304}, year = {2013}, url = {https://eprint.iacr.org/2013/304} }