In light of this past week’s computer bug…fiasco, it’s certainly a good time to talk about who and what you can trust when designing new embedded devices.
Our answer- don’t trust little black boxes.
Let’s dig in to one little black box that doesn’t deserve our trust. The silicon-based Random Number Generator. As the basis for encryption schemes, this is highly important.
The Basis for Encrypting Data
Like their more stationary big brother servers and PCs, embedded devices often communicate over encrypted channels in predefined methods utilizing randomly generated cryptology keys.
FIPS, or the Federal Information Processing Standards, describe document processing and encryption algorithms. FIPS standards also describe random number generators(RNGs) and their requirement for …high levels of entropy (definable randomness). While servers and other hard wired devices have a great number of choices for random number generation, embedded devices, stuck in their tiny little worlds… do not- and the reliance on math doesn’t cut it.
Many hardware manufacturers like Intel, Arm, etc.. do have FIPS-certified silicon based random number generators.
These generators are hidden deep inside of silicon. This is the trust in a black box that we seek to avoid, mentioned at the top of this article.
Call us abundantly paranoid, but it’s quite reasonable to assume that processor manufacturers and the NSA could collude to provide a back door to these number generators- providing the base for code cracking at the very heart of any device using silicon that has otherwise been FIPS approved.
This of course is not a blame or accusation against the chip providers that we certainly rely upon, but a statement made through an ounce of caution.
More Verifiable Random Encryption Keys
When the application demands, Hallsten Innovations prefers a to create random cryptography keys based on hardware with a known high level of entropy- from the noise generated by a Reverse-biased Diode. One particular design was described by our very own Ben Lampert while at Stanford Research and is affectionately called the Lampert circuit.
A full white paper and and abridged presentation for this circuit and its measured results.
Designed with low power and a low footprint in mind, this circuit need only run at startup, and has a minimal costs of $1.44 at production scales (2016, 10,000 piece costs).
When sampled at 128kHz, this circuit can provide a randomly generated string with a verifiable 0.995133 entropy measurement, and a serial correlation measurement of 0.000072 at operating temperature. Satisfying the requirements and design methodology for FIPS compliance, the data results fully described in the white paper are some of the best obtainable.
So what does this mean? It means we can seed our own cryptography keys with a verifiable, high level of entropy. We have a source that meets and exceeds FIPS requirements and design methodology specifications, and we remove of secrecy in the methodology of how such a random number string was created.
While this high entropy bit string could be used raw, using it to seed an on-board silicon based random number generator, or combining it with an XOR (exclusive-OR) secondary random source can minimize the visibility of the actual noise on the circuit. Additionally, the AES-256 in counter mode (Advanced Encryption Standards) with a random seed means we can generate entropy on the fly in high volume with a small processing budget.
Lost in the details..
Yes this is a very small portion of device security, and some of our competitors may say we should focus on more high level aspects of device security in the application layers. But, what good is any of that effort if you can’t trust what you are building upon and trusting as the foundation of your cryptology schema?