Cryptographic randomness on a CC2538: a case study

Yan Yan; Elisabeth Oswald; Theo Tryfonas

doi:10.1109/WIFS.2016.7823912

Cryptographic randomness on a CC2538: a case study

Yan Yan, Elisabeth Oswald, Theo Tryfonas

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

2 Citations (Scopus)

Abstract

Smart metering, smart parking, health, environment monitoring, and other applications drive the deployment of the so-called Internet of Things (IoT). Whilst cost and energy efficiency are the main factors that contribute to the popularity of commercial devices in the IoT domain, security features are increasingly desired. Security features typically guarantee authenticity of devices and/or data, as well as confidentiality of data in transit. Our study finds that whilst cryptographic algorithms for confidentiality and authenticity are supported in hardware on a popular class of devices, there is no adequate support for random number generation available. We show how to non-invasive manipulate the on-board source for randomness, and thereby we can completely undermine the security provided by (otherwise) strong cryptographic algorithms, with devastating results.

Original language	English
Title of host publication	8th IEEE International Workshop on Information Forensics and Security, WIFS 2016
Subtitle of host publication	Proceedings of a meeting held 4-7 December 2016, Abu Dhabi, United Arab Emirates.
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Number of pages	6
ISBN (Electronic)	9781509011384
DOIs	https://doi.org/10.1109/WIFS.2016.7823912
Publication status	Published - Mar 2017
Event	8th IEEE International Workshop on Information Forensics and Security, WIFS 2016 - Abu Dhabi, United Arab Emirates Duration: 4 Dec 2016 → 7 Dec 2016

Publication series

Name	International Workshops on Information Forensics and Security
ISSN (Electronic)	2157-4774

Conference

Conference	8th IEEE International Workshop on Information Forensics and Security, WIFS 2016
Country	United Arab Emirates
City	Abu Dhabi
Period	4/12/16 → 7/12/16

Access to Document

10.1109/WIFS.2016.7823912

Fingerprint Dive into the research topics of 'Cryptographic randomness on a CC2538: a case study'. Together they form a unique fingerprint.

Cite this

Yan, Y., Oswald, E., & Tryfonas, T. (2017). Cryptographic randomness on a CC2538: a case study. In 8th IEEE International Workshop on Information Forensics and Security, WIFS 2016: Proceedings of a meeting held 4-7 December 2016, Abu Dhabi, United Arab Emirates. [7823912] (International Workshops on Information Forensics and Security). Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/WIFS.2016.7823912

Yan, Yan ; Oswald, Elisabeth ; Tryfonas, Theo. / Cryptographic randomness on a CC2538 : a case study. 8th IEEE International Workshop on Information Forensics and Security, WIFS 2016: Proceedings of a meeting held 4-7 December 2016, Abu Dhabi, United Arab Emirates.. Institute of Electrical and Electronics Engineers (IEEE), 2017. (International Workshops on Information Forensics and Security).

@inproceedings{1949d9491cc7496bb636ba37141029d2,

title = "Cryptographic randomness on a CC2538: a case study",

abstract = "Smart metering, smart parking, health, environment monitoring, and other applications drive the deployment of the so-called Internet of Things (IoT). Whilst cost and energy efficiency are the main factors that contribute to the popularity of commercial devices in the IoT domain, security features are increasingly desired. Security features typically guarantee authenticity of devices and/or data, as well as confidentiality of data in transit. Our study finds that whilst cryptographic algorithms for confidentiality and authenticity are supported in hardware on a popular class of devices, there is no adequate support for random number generation available. We show how to non-invasive manipulate the on-board source for randomness, and thereby we can completely undermine the security provided by (otherwise) strong cryptographic algorithms, with devastating results.",

author = "Yan Yan and Elisabeth Oswald and Theo Tryfonas",

year = "2017",

month = mar,

doi = "10.1109/WIFS.2016.7823912",

language = "English",

series = "International Workshops on Information Forensics and Security",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

booktitle = "8th IEEE International Workshop on Information Forensics and Security, WIFS 2016",

address = "United States",

note = "8th IEEE International Workshop on Information Forensics and Security, WIFS 2016 ; Conference date: 04-12-2016 Through 07-12-2016",

}

Yan, Y, Oswald, E & Tryfonas, T 2017, Cryptographic randomness on a CC2538: a case study. in 8th IEEE International Workshop on Information Forensics and Security, WIFS 2016: Proceedings of a meeting held 4-7 December 2016, Abu Dhabi, United Arab Emirates.., 7823912, International Workshops on Information Forensics and Security, Institute of Electrical and Electronics Engineers (IEEE), 8th IEEE International Workshop on Information Forensics and Security, WIFS 2016, Abu Dhabi, United Arab Emirates, 4/12/16. https://doi.org/10.1109/WIFS.2016.7823912

Cryptographic randomness on a CC2538 : a case study. / Yan, Yan; Oswald, Elisabeth; Tryfonas, Theo.

8th IEEE International Workshop on Information Forensics and Security, WIFS 2016: Proceedings of a meeting held 4-7 December 2016, Abu Dhabi, United Arab Emirates.. Institute of Electrical and Electronics Engineers (IEEE), 2017. 7823912 (International Workshops on Information Forensics and Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

TY - GEN

T1 - Cryptographic randomness on a CC2538

T2 - 8th IEEE International Workshop on Information Forensics and Security, WIFS 2016

AU - Yan, Yan

AU - Oswald, Elisabeth

AU - Tryfonas, Theo

PY - 2017/3

Y1 - 2017/3

N2 - Smart metering, smart parking, health, environment monitoring, and other applications drive the deployment of the so-called Internet of Things (IoT). Whilst cost and energy efficiency are the main factors that contribute to the popularity of commercial devices in the IoT domain, security features are increasingly desired. Security features typically guarantee authenticity of devices and/or data, as well as confidentiality of data in transit. Our study finds that whilst cryptographic algorithms for confidentiality and authenticity are supported in hardware on a popular class of devices, there is no adequate support for random number generation available. We show how to non-invasive manipulate the on-board source for randomness, and thereby we can completely undermine the security provided by (otherwise) strong cryptographic algorithms, with devastating results.

AB - Smart metering, smart parking, health, environment monitoring, and other applications drive the deployment of the so-called Internet of Things (IoT). Whilst cost and energy efficiency are the main factors that contribute to the popularity of commercial devices in the IoT domain, security features are increasingly desired. Security features typically guarantee authenticity of devices and/or data, as well as confidentiality of data in transit. Our study finds that whilst cryptographic algorithms for confidentiality and authenticity are supported in hardware on a popular class of devices, there is no adequate support for random number generation available. We show how to non-invasive manipulate the on-board source for randomness, and thereby we can completely undermine the security provided by (otherwise) strong cryptographic algorithms, with devastating results.

UR - http://www.scopus.com/inward/record.url?scp=85015070900&partnerID=8YFLogxK

U2 - 10.1109/WIFS.2016.7823912

DO - 10.1109/WIFS.2016.7823912

M3 - Conference Contribution (Conference Proceeding)

AN - SCOPUS:85015070900

T3 - International Workshops on Information Forensics and Security

BT - 8th IEEE International Workshop on Information Forensics and Security, WIFS 2016

PB - Institute of Electrical and Electronics Engineers (IEEE)

Y2 - 4 December 2016 through 7 December 2016

ER -

Yan Y, Oswald E, Tryfonas T. Cryptographic randomness on a CC2538: a case study. In 8th IEEE International Workshop on Information Forensics and Security, WIFS 2016: Proceedings of a meeting held 4-7 December 2016, Abu Dhabi, United Arab Emirates.. Institute of Electrical and Electronics Engineers (IEEE). 2017. 7823912. (International Workshops on Information Forensics and Security). https://doi.org/10.1109/WIFS.2016.7823912