An Entropy Source based on the Bluetooth Received Signal Strength Indicator
Resumo
The Bluetooth Low Energy (BLE) is one of the popular communication technologies employed in the Internet of Things (IoT) context. IoT devices need random numbers to feed their security mechanisms, where the generation of random numbers presupposes the existence of entropy sources. However, there are few entropy sources available, due to the limited hardware resources of those devices. Given this scenario, this paper presents a scalable approach for gathering entropy, called Bluerandom. The approach is based on the Received Signal Strength Indicator (RSSI) within Bluetooth communications. The results show that Bluerandom can be used as an alternative source of entropy, improving the robustness of the cryptographic mechanisms for the IoT context.
Referências
Bassham, L. E., Rukhin, A. L., Soto, J., Nechvatal, J. R., Smid, M. E., Leigh, S. D., Levenson, M., Vangel, M., Heckert, N. A., and Banks, D. L. (2010). A statistical test suite for random and pseudorandom number generators for cryptographic applications. Technical report, National Institute of Standards and Technology (NIST).
BlueZ (2018). BlueZ: Official Linux Bluetooth protocol stack. BlueZ Project. Available at: http://www.bluez.org/.
Böcker, S., Arendt, C., and Wietfeld, C. (2017). On the suitability of bluetooth 5 for the internet of things: Performance and scalability analysis. In 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC), pages 1–7. IEEE.
Brown, R. G. (2019). Dieharder, a random number test suite. version 3.31.1. Available at: http://webhome.phy.duke.edu/~rgb/General/dieharder.php.
Cha, S.-C., Yeh, K.-H., and Chen, J.-F. (2017). Toward a robust security paradigm Sensors, for bluetooth low energy-based smart objects in the internet-of-things. 17(10):2348.
Checkoway, S., Niederhagen, R., Everspaugh, A., Green, M., Lange, T., Ristenpart, T., Bernstein, D. J., Maskiewicz, J., Shacham, H., and Fredrikson, M. (2014). On the practical exploitability of dual {EC} in {TLS} implementations. In 23rd {USENIX} Security Symposium ({USENIX} Security 14), pages 319–335.
Collotta, M., Pau, G., Talty, T., and Tonguz, O. K. (2018). Bluetooth 5: A concrete step forward toward the iot. IEEE Communications Magazine, 56(7):125–131.
Cypress (2019). CE221295 PSoC 6 MCU Cryptography: True Random Number Generation. Cypress Semiconductor Corporation. Available at: https://www.cypress.com/file/404176/download.
Dinca, L. M. and Hancke, G. (2017). Behavioural sensor data as randomness source for iot devices. In 2017 IEEE 26th International Symposium on Industrial Electronics (ISIE), pages 2038–2043. IEEE.
Gutterman, Z., Pinkas, B., and Reinman, T. (2006). Analysis of the linux random number generator. In 2006 IEEE Symposium on Security and Privacy (S&P’06), pages 15–pp. IEEE.
Herrero-Collantes, M. and Garcia-Escartin, J. C. (2017). Quantum random number generators. Reviews of Modern Physics, 89(1):015004.
Huh, J.-H., Bu, Y., and Seo, K. (2016). Bluetooth-tracing rssi sampling method as basic technology of indoor localization for smart homes. Int. J. Smart Home, 10(10):1–14.
Kohlbrenner, P. and Gaj, K. (2004). An embedded true random number generator for fpgas. In Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays, pages 71–78. ACM.
Langley, A., Chang, W., Mavrogiannopoulos, N., Strombergson, J., and Josefsson, S. (2016). Chacha20-poly1305 cipher suites for transport layer security (tls). RFC 7905, RFC Editor.
MCrypt. Libmcrypt data encryption library. Available at: http://mcrypt.hellug.gr/lib/mcrypt.3.html.
Müller, S. (2018). Linux random number generator—a new approach.
Nordic (2019). nRF52811 Product Brief Version 1.0. Nordic Semiconductor.
OpenSSL. OpenSSL Cryptography and SSL/TLS Toolkit. OpenSSL.org. Available at: https://www.openssl.org/.
Procter, G. (2014). A security analysis of the composition of chacha20 and poly1305. IACR Cryptology ePrint Archive, 2014:613.
Seo, H., Choi, J., Kim, H., Park, T., and Kim, H. (2014). Pseudo random number generator and hash function for embedded microprocessors. In 2014 IEEE World Forum on Internet of Things (WF-IoT), pages 37–40. IEEE.
Shokri-Ghadikolaei, H., Fischione, C., and Modiano, E. (2016). On the accuracy of interference models in wireless communications. In 2016 IEEE International Conference on Communications (ICC), pages 1–6. IEEE.
SIG (2019). Bluetooth Core Specification Version 5.1. Bluetooth Special Interest Group (SIG).
Stallings, W. (2017). Cryptography and network security: principles and practice. Pearson Upper Saddle River, 7 edition.
Szczepanski, J., Wajnryb, E., Amigó, J. M., Sanchez-Vives, M. V., and Slater, M. (2004). Biometric random number generators. Computers & Security, 23(1):77–84.
Tan, H., Tsudik, G., and Jha, S. (2019). Mtra: Multi-tier randomized remote attestation in iot networks. Computers & Security, 81:78–93.
TI (2018). CC1312R SimpleLink High-Performance Sub-1 GHz Wireless MCU. Texas Instruments Incorporated. Revised March 2019.
von zur Gathen, J. (2015). Crypto School. Springer-Verlag, 1 edition.
Walker, J. (2008). Ent: a pseudorandom number sequence test program. Software and documentation available at: https://www.fourmilab.ch/random/S.
Wallace, K., Moran, K., Novak, E., Zhou, G., and Sun, K. (2016). Toward sensor-based random number generation for mobile and iot devices. IEEE Internet of Things Journal, 3(6):1189–1201.
Wang, Q., Su, H., Ren, K., and Kim, K. (2011). Fast and scalable secret key generation exploiting channel phase randomness in wireless networks. In 2011 Proceedings IEEE INFOCOM, pages 1422–1430. IEEE.
Willers, O., Huth, C., Guajardo, J., Seidel, H., and Deutsch, P. (2019). On the feasibility of deriving cryptographic keys from mems sensors. Journal of Cryptographic Engineering, pages 1–17.
Zhu, H., Zhao, C., Zhang, X., and Yang, L. (2013). A novel iris and chaos-based random number generator. computers & security, 36:40–48.
BlueZ (2018). BlueZ: Official Linux Bluetooth protocol stack. BlueZ Project. Available at: http://www.bluez.org/.
Böcker, S., Arendt, C., and Wietfeld, C. (2017). On the suitability of bluetooth 5 for the internet of things: Performance and scalability analysis. In 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC), pages 1–7. IEEE.
Brown, R. G. (2019). Dieharder, a random number test suite. version 3.31.1. Available at: http://webhome.phy.duke.edu/~rgb/General/dieharder.php.
Cha, S.-C., Yeh, K.-H., and Chen, J.-F. (2017). Toward a robust security paradigm Sensors, for bluetooth low energy-based smart objects in the internet-of-things. 17(10):2348.
Checkoway, S., Niederhagen, R., Everspaugh, A., Green, M., Lange, T., Ristenpart, T., Bernstein, D. J., Maskiewicz, J., Shacham, H., and Fredrikson, M. (2014). On the practical exploitability of dual {EC} in {TLS} implementations. In 23rd {USENIX} Security Symposium ({USENIX} Security 14), pages 319–335.
Collotta, M., Pau, G., Talty, T., and Tonguz, O. K. (2018). Bluetooth 5: A concrete step forward toward the iot. IEEE Communications Magazine, 56(7):125–131.
Cypress (2019). CE221295 PSoC 6 MCU Cryptography: True Random Number Generation. Cypress Semiconductor Corporation. Available at: https://www.cypress.com/file/404176/download.
Dinca, L. M. and Hancke, G. (2017). Behavioural sensor data as randomness source for iot devices. In 2017 IEEE 26th International Symposium on Industrial Electronics (ISIE), pages 2038–2043. IEEE.
Gutterman, Z., Pinkas, B., and Reinman, T. (2006). Analysis of the linux random number generator. In 2006 IEEE Symposium on Security and Privacy (S&P’06), pages 15–pp. IEEE.
Herrero-Collantes, M. and Garcia-Escartin, J. C. (2017). Quantum random number generators. Reviews of Modern Physics, 89(1):015004.
Huh, J.-H., Bu, Y., and Seo, K. (2016). Bluetooth-tracing rssi sampling method as basic technology of indoor localization for smart homes. Int. J. Smart Home, 10(10):1–14.
Kohlbrenner, P. and Gaj, K. (2004). An embedded true random number generator for fpgas. In Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays, pages 71–78. ACM.
Langley, A., Chang, W., Mavrogiannopoulos, N., Strombergson, J., and Josefsson, S. (2016). Chacha20-poly1305 cipher suites for transport layer security (tls). RFC 7905, RFC Editor.
MCrypt. Libmcrypt data encryption library. Available at: http://mcrypt.hellug.gr/lib/mcrypt.3.html.
Müller, S. (2018). Linux random number generator—a new approach.
Nordic (2019). nRF52811 Product Brief Version 1.0. Nordic Semiconductor.
OpenSSL. OpenSSL Cryptography and SSL/TLS Toolkit. OpenSSL.org. Available at: https://www.openssl.org/.
Procter, G. (2014). A security analysis of the composition of chacha20 and poly1305. IACR Cryptology ePrint Archive, 2014:613.
Seo, H., Choi, J., Kim, H., Park, T., and Kim, H. (2014). Pseudo random number generator and hash function for embedded microprocessors. In 2014 IEEE World Forum on Internet of Things (WF-IoT), pages 37–40. IEEE.
Shokri-Ghadikolaei, H., Fischione, C., and Modiano, E. (2016). On the accuracy of interference models in wireless communications. In 2016 IEEE International Conference on Communications (ICC), pages 1–6. IEEE.
SIG (2019). Bluetooth Core Specification Version 5.1. Bluetooth Special Interest Group (SIG).
Stallings, W. (2017). Cryptography and network security: principles and practice. Pearson Upper Saddle River, 7 edition.
Szczepanski, J., Wajnryb, E., Amigó, J. M., Sanchez-Vives, M. V., and Slater, M. (2004). Biometric random number generators. Computers & Security, 23(1):77–84.
Tan, H., Tsudik, G., and Jha, S. (2019). Mtra: Multi-tier randomized remote attestation in iot networks. Computers & Security, 81:78–93.
TI (2018). CC1312R SimpleLink High-Performance Sub-1 GHz Wireless MCU. Texas Instruments Incorporated. Revised March 2019.
von zur Gathen, J. (2015). Crypto School. Springer-Verlag, 1 edition.
Walker, J. (2008). Ent: a pseudorandom number sequence test program. Software and documentation available at: https://www.fourmilab.ch/random/S.
Wallace, K., Moran, K., Novak, E., Zhou, G., and Sun, K. (2016). Toward sensor-based random number generation for mobile and iot devices. IEEE Internet of Things Journal, 3(6):1189–1201.
Wang, Q., Su, H., Ren, K., and Kim, K. (2011). Fast and scalable secret key generation exploiting channel phase randomness in wireless networks. In 2011 Proceedings IEEE INFOCOM, pages 1422–1430. IEEE.
Willers, O., Huth, C., Guajardo, J., Seidel, H., and Deutsch, P. (2019). On the feasibility of deriving cryptographic keys from mems sensors. Journal of Cryptographic Engineering, pages 1–17.
Zhu, H., Zhao, C., Zhang, X., and Yang, L. (2013). A novel iris and chaos-based random number generator. computers & security, 36:40–48.
Publicado
13/10/2020
Como Citar
GIRON, Alexandre; CUSTÓDIO, Ricardo.
An Entropy Source based on the Bluetooth Received Signal Strength Indicator. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 20. , 2020, Petrópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 106-118.
DOI: https://doi.org/10.5753/sbseg.2020.19231.
