Next Article in Journal
Fluctuation-Driven Transport in Biological Nanopores. A 3D Poisson–Nernst–Planck Study
Previous Article in Journal
Quantum Probabilities as Behavioral Probabilities
Article Menu
Issue 3 (March) cover image

Export Article

Open AccessArticle
Entropy 2017, 19(3), 113; doi:10.3390/e19030113

Recoverable Random Numbers in an Internet of Things Operating System

1
Department of Financial Information Security, Kookmin University, Seoul 02707, Korea
2
Department of Mathematics, Kookmin University, Seoul 02707, Korea
*
Author to whom correspondence should be addressed.
Academic Editor: Kevin H. Knuth
Received: 29 December 2016 / Revised: 20 February 2017 / Accepted: 9 March 2017 / Published: 13 March 2017
View Full-Text   |   Download PDF [1094 KB, uploaded 13 March 2017]   |  

Abstract

Over the past decade, several security issues with Linux Random Number Generator (LRNG) on PCs and Androids have emerged. The main problem involves the process of entropy harvesting, particularly at boot time. An entropy source in the input pool of LRNG is not transferred into the non-blocking output pool if the entropy counter of the input pool is less than 192 bits out of 4098 bits. Because the entropy estimation of LRNG is highly conservative, the process may require more than one minute for starting the transfer. Furthermore, the design principle of the estimation algorithm is not only heuristic but also unclear. Recently, Google released an Internet of Things (IoT) operating system called Brillo based on the Linux kernel. We analyze the behavior of the random number generator in Brillo, which inherits that of LRNG. In the results, we identify two features that enable recovery of random numbers. With these features, we demonstrate that random numbers of 700 bytes at boot time can be recovered with the success probability of 90% by using time complexity for 5.20 × 2 40 trials. Therefore, the entropy of random numbers of 700 bytes is merely about 43 bits. Since the initial random numbers are supposed to be used for sensitive security parameters, such as stack canary and key derivation, our observation can be applied to practical attacks against cryptosystem. View Full-Text
Keywords: Linux Random Number Generator; random number recovery; entropy source; Brillo; Internet of Things (IoT) operating system Linux Random Number Generator; random number recovery; entropy source; Brillo; Internet of Things (IoT) operating system
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. (CC BY 4.0).

Scifeed alert for new publications

Never miss any articles matching your research from any publisher
  • Get alerts for new papers matching your research
  • Find out the new papers from selected authors
  • Updated daily for 49'000+ journals and 6000+ publishers
  • Define your Scifeed now

SciFeed Share & Cite This Article

MDPI and ACS Style

Yoo, T.; Kang, J.-S.; Yeom, Y. Recoverable Random Numbers in an Internet of Things Operating System. Entropy 2017, 19, 113.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Entropy EISSN 1099-4300 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top