TY - GEN
T1 - Cryptographic randomness on a CC2538
T2 - 8th IEEE International Workshop on Information Forensics and Security, WIFS 2016
AU - Yan, Yan
AU - Oswald, Elisabeth
AU - Tryfonas, Theo
PY - 2017/3
Y1 - 2017/3
N2 - Smart metering, smart parking, health, environment monitoring, and other applications drive the deployment of the so-called Internet of Things (IoT). Whilst cost and energy efficiency are the main factors that contribute to the popularity of commercial devices in the IoT domain, security features are increasingly desired. Security features typically guarantee authenticity of devices and/or data, as well as confidentiality of data in transit. Our study finds that whilst cryptographic algorithms for confidentiality and authenticity are supported in hardware on a popular class of devices, there is no adequate support for random number generation available. We show how to non-invasive manipulate the on-board source for randomness, and thereby we can completely undermine the security provided by (otherwise) strong cryptographic algorithms, with devastating results.
AB - Smart metering, smart parking, health, environment monitoring, and other applications drive the deployment of the so-called Internet of Things (IoT). Whilst cost and energy efficiency are the main factors that contribute to the popularity of commercial devices in the IoT domain, security features are increasingly desired. Security features typically guarantee authenticity of devices and/or data, as well as confidentiality of data in transit. Our study finds that whilst cryptographic algorithms for confidentiality and authenticity are supported in hardware on a popular class of devices, there is no adequate support for random number generation available. We show how to non-invasive manipulate the on-board source for randomness, and thereby we can completely undermine the security provided by (otherwise) strong cryptographic algorithms, with devastating results.
UR - http://www.scopus.com/inward/record.url?scp=85015070900&partnerID=8YFLogxK
U2 - 10.1109/WIFS.2016.7823912
DO - 10.1109/WIFS.2016.7823912
M3 - Conference Contribution (Conference Proceeding)
AN - SCOPUS:85015070900
T3 - International Workshops on Information Forensics and Security
BT - 8th IEEE International Workshop on Information Forensics and Security, WIFS 2016
PB - Institute of Electrical and Electronics Engineers (IEEE)
Y2 - 4 December 2016 through 7 December 2016
ER -