A Guideline on Pseudorandom Number Generation (PRNG) in the IoT
share
Security and trust are essential building blocks for the emerging Internet of Things (IoT)-both heavily rely on ubiquitously available crypto primitives with integrity and robustness. In the constrained IoT, this is a challenging desire due to limited availability of memory, CPU cycles, energy, and external data sources. Random input forms such a central crypto primitive that is used virtually everywhere, but hard to obtain on deterministically operated real-time devices without user interface. In this paper, we revisit the generation of randomness from the perspective of an IoT operating system that needs to support general purpose or crypto-secure random numbers. We analyse the potential attack surface, derive common requirements, and discuss the potentials and shortcomings of subsystems in current IoT OSs. A systematic evaluation of current IoT hardware components and popular software generators based on well-established test suits and on experimental performance measurements give rise to a set of clear recommendations on how to build such a random subsystem and which generators to use.
READ FULL TEXT