Paper 2016/1021
Cryptographic Randomness on a CC2538: a Case Study
Yan Yan, Elisabeth Oswald, and Theo Tryfonas
Abstract
Smart metering, smart parking, health, environment monitoring, and other applications drive the deployment of the so-called Internet of Things (IoT). Whilst cost and energy efficiency are the main factors that con- tribute to the popularity of commercial devices in the IoT domain, secu- rity features are increasingly desired. Security features typically guarantee authenticity of devices and/or data, as well as confidentiality of data in transit. Our study finds that whilst cryptographic algorithms for confi- dentiality and authenticity are supported in hardware on a popular class of devices, there is no adequate support for random number generation available. We show how to passively manipulate the on-board source for randomness, and thereby we can completely undermine the security pro- vided by (otherwise) strong cryptographic algorithms, with devastating results.
Metadata
- Available format(s)
-
PDF
- Category
- Applications
- Publication info
- Published elsewhere. Minor revision. WIFS 2016
- Keywords
- IoTSystem on Chip (SoC)Side channel attackRandom Number Generator (RNG)DTLS
- Contact author(s)
- yanyansmajesty @ gmail com
- History
- 2016-11-01: received
- Short URL
- https://ia.cr/2016/1021
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2016/1021,
author = {Yan Yan and Elisabeth Oswald and Theo Tryfonas},
title = {Cryptographic Randomness on a {CC2538}: a Case Study},
howpublished = {Cryptology {ePrint} Archive, Paper 2016/1021},
year = {2016},
url = {https://eprint.iacr.org/2016/1021}
}
