Trusted and Localized Entropy Source for Advanced IoT Security (E13a)
Unpredictable random numbers are essential elements of cryptography. Encryption system is as safe as the quality of random numbers used. CMVP provides a slew of deterministic random number generators that are broadly used for its convenience and speed, but they are predictable. As computing powers increase, there is a potential for hacking and manipulation due to its predictability. Furthermore, the weak entropy problem is compounded for IoT devices with limited access to physical random events. Ideal random numbers for crypto application must be unpredictable, independent, and unbiased.
To satisfy the critical cryptographic computing needs of IoT applications, encryption modules must be small, fast, and resource efficient. Typically, the primary driving factor in the IoT applications aims to deliver the highest value IoT product at the lowest cost. Unfortunately, implementing cryptographic security protocols in any environment is resource intensive in CPU, RAM, and ROM which IoT devices often find difficult to support. Hardware entropy can help off-load resource-intensive cryptographic calculations.
Not all hardware random number generators are created equal. Hardware random number generators using thermal noise or electrical noise are less prone to hacking but ultimately deterministic and can be manipulated. Furthermore, black box approach that produces random numbers as an output from a sealed chip does not inspire confidence. RSA was able to implement DUAL_EC_DRBG (a weak random number generator with backdoors) as default setting since it is based on closed source protocols that cannot be audited.
Quantum random number generators that extract randomness from quantum phenomena provides ideal randomness suitable for crypto applications. We discuss a method to extract randomness from time intervals between radioactive isotope decay events. This method consumes less resources since it uses alpha particles emitted naturally. By using safely sealed small amount of radioactive isotope, it is possible to make a very small and affordable system on chip (SOC) solution that can be easily integrated into the microcontroller (MCU). Furthermore, this method can be trusted because it provides analog pulse from the known source. It is based on the verifiable presence of radioactive source inside the chip. If the source is removed, no analog pulse will be produced by the chip. We introduce successful testing of micro quantum entropy chip (2mm x 2mm) using the radioactive isotope decay and its potential for various application areas, especially the advanced security of IoT devices. It will be paired with FIPS 140-2 validated encryption modules specifically engineered to be small, fast, and resource efficient.