[Cryptography] A review per day of TRNGs: OneRNG

Bill Cox waywardgeek at gmail.com
Wed Oct 22 10:01:59 EDT 2014


I had a ton of fun reviewing PHC candidates, and I learned a lot in the
process.  If people think it would be fun to review TRNGs in a similar
manner on this thread, then I'll do a review once per day-ish, until I
can't find any more TRNGs to review.

I'll start with my favorite, to begin on a positive note: OneRNG.

    http://onerng.info/

OneRNG is free-hardware and free-software, as in freedom.  It's typically
called open-hardware and open-source.  This is *very* important for a
TRNG.  *Any* TRNG that has either unavailable software source, or
unavailable hardware design is going to get a poor rating by me, since
security-through-obscurity has been shown over and over again to fail,
particularly with TRNGs. AFAIK, OneRNG is the *only* open-hardware/software
device that has been built which is suitable for cryptography (mine has
only been breadboarded so far).  TrueRNG claims to be, but I have yet to
see a schematic, let along a board layout or software source.  However,
maybe I'll find it when I do that review :-)  Rob Seward gets an honorable
mention:

    http://robseward.com/misc/RNG2/

This is free hardware and software in the best form.  However, as he
states, there are some security issues with this design that make it more
suitable for white noise generation than cryptography.

To support secure crypto, OneRNG takes unpredictability of their resulting
data *very* seriously.  Rather than rely on either radio noise or zener
noise, they put *both* on their board, and mix the streams together.  They
continuously monitor the health of both, and shut down if either is not
functioning properly.

They also disabled programming over USB, so nasty malware cannot subvert
the device.  This is a limitation of Rob Seward's design that he wisely
states in his documentation.  However, it is possible to intercept a OneRNG
in the mail, and reprogram it in nasty ways.  Users who are particularly
concerned about this possibility are encouraged to re-flash the device
themselves.

This brings up threat models.  No hardware can be considered secure if sent
through the mail, unless we assume the mail service is trustworthy.  This
is true for laptops as well as TRNGs.  More than any other TRNG, OneRNG has
considered this a real threat and done something about it.  To verify you
have a genuine OneRNG, the metal shielding is removable.  You are
encouraged to inspect the board yourself and compare it to the picture
online.  The microcontroller label can be inspected, though it's hard to
prove it is not an impostor.  However, it is *very* difficult to make an
impostor of a microcontroller that functions properly with a programmer and
debugging interface.  It most likely has to be built by the original
manufacturer, in this case TI.  So, there is an assumption that a complex
$4 chip has no back-door, but I find that far more palatable than the
assumption that Intel's RDRAND instruction has no back door.

The radio entropy source can be influenced remotely by a radio transmitter,
so the OneRNG randomly skips around in the frequency being sampled, and
makes that decision I assume using output at includes the zener noise.
While I am not sure I would want to rely on radio alone, when combined with
the zener, it seems secure enough to me.

The zener noise is, I believe, generated a typical reverse base-emitter
breakdown, because the fabs don't bother to make this mode of using a
transistor low-noise.  Real zeners are far less noisy.  This circuit is
cheap, but has some problems.  It drifts over time, and the noise level can
very a great deal from part to part, making it hard to build a reliable,
dependable entropy source.  However, they do monitor it's health, and shut
down if it fails.

Because of the saturating amplification of the zener noise, an attacker can
influence the output with a very small injected signal.  To counter this
threat, OneRNG encases all of the analog circuits in a solid metal box.
The back side of the board under this box is a solid ground plane, with
several vias connecting the box to this ground plane.  Paul seems to know
what he's doing here, and I think he has likely succeeded in an excellent
shield against external interference.

As for downsides, OneRNG is not as simple as some TRNGs.  This makes it
tougher to insure it is secure.  Also, the possibility of having it
reprogrammed by an attacker who intercepts it in the mail remains an issue,
since most users will not likely re-flash their device.  I am not sure if
the flash can be dumped securely over USB, or if an attacker can mod the
program to deliver the original firmware, hiding the malware.

The biggest current downside to OneRNG is that you cannot buy one yet.
They are in Beta stage.  Paul has his own pick-and-place machine, and
hopefully will ramp production soon.  I plan to buy one when he does.

In summary, I give this TRNG my highest rating: secure for all
cryptographic purpose, IMO.  All threat models I can conceive have been
considered.  I would encourage users concerned about mail interception to
compare their firmware to that on the website, and then re-flash it anyway.

Also, Paul has been very helpful to me on my own TRNG project, which is
going beyond the call of duty.  He really does seem to want the world to be
more secure, and is willing to help other TRNG developers towards that
goal.  I do hope that in a future version, Paul might consider dropping the
zener and use a more noise injection resistant and more consistently
manufacturable Infinite Noise Multiplier, but he should ship what he has
for now.  Upgrading to an INM might be splitting hairs for the security of
this device.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141022/6cea93c8/attachment.html>


More information about the cryptography mailing list