[Cryptography] An alternative electro-mechanical entropy source (was 'We cannot trust' Intel and Via's chip-based crypto...)

Thu Dec 12 22:16:31 EST 2013

On Thu, Dec 12, 2013 at 3:44 AM, Arnold Reinhold <agr at me.com> wrote:

> On 10 Dec 2013 16:26, Bill Cox wrote:
>
> ... I took a good
> look at Intel's hardware random number generator source. There's a paper
> analyzing it here:
>
> Thanks for the link...

> My problem with the Intel design is that there is no way to audit it.
>

True...

> Here is an idea I have been playing with to provide a slow but auditable
> source of entropy.
>
> I propose combining an accelerometer chip to collect entropy with would
> provide a physically un-cloneable element. The rattle would be completely
> mechanical, but could be designed with solderable leads for automatic part
> placement machines, or it could be epoxied in place. It would be possible
> to immobilize the rattle with a magnet if ferrous ball bearings are used,
> or in a centrifuge. This could be useful for testing and it should be
> possible for software to distinguish the proper operation of the rattle
> statistically.
>
>

> This entropy generator would be cheap, simple and low
>

There are some low cost development tools to play
with sensors.    I think some of these offer potential and
are worthy of investing some effort in.

One is:
element14 MEMS Sensors Board Evaluation Kit
element14 and Freescale have partnered together to introduce an evaluation
platform for Freescale's next-generation Xtrinsic MEMS sensors. The kit
features the following:

MPL3115A2: Highly precise altitude and pressure sensor
 - Pressure range: 20 – 110 kPa
 - Less than 1 foot / 0.3 m resolution
MAG3110: Low-power digital 3-D magnetic sensor
 - Measuring local magnetic fields up to 10 Gauss
MMA8491Q: 3-axis accelerometer
 - Ultra-low-power tamper detection and tilt sensor

Texas instruments has a comparable development board... slightly more
interesting sensors.

So, yes a handful of ball bearing rolling around perturbing the magnetic
sensor a little or a lot.   Voice, AirCon, wind, weather, doors perturbing
the pressure sensor.

Slurp up a data stream from something like this at the end of a USB
link and sprinkle these bits into the bits from the processor RNG and
you have added some serious entropy to the bit stream that I
assert(need-a-test)
could confound the risk that the Intel or Arm processor RNG has some
guessable quality.

I see little or no reason to not encourage a cottage industry of mint-tin
size devices that connect to USB links and serve one or more security
functions from RNG to public key ring keepers not directly under the control
of the main OS or Main System Hardware.

Should someone invent an improved or alternate solution unplug one
mint-tin of fun and plug in another.

I should note that the Raspberry-Pi ARM processor appears to have a RNG
function
and there are are sensor experiments in abundance.

One experiment I might make is an ADC and DAC loop where some input
is read and then an analog output generated to be measured by the
same or another ADC.  The uncertainty of the LSB.

Multiple sensors, multiple methods not exactly the same in many Altoid size
Mint tins might confound
the most skilled external analysis.
</two.cents>

-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131212/dcf27454/attachment.html>