400G ultra low latency 56/112G FEC and SERDES IP sub 10ns latency
Industry Expert Blogs
How Random is Random? Part 3: TRNG Attacks - When It's No SecretElliptic's Blog - David A. Jones, Senior Field Engineer, Elliptic TechnologiesMay. 13, 2015 |
Since 2004, I have seen the "Bayesian Estimation of Discrete Entropy" technique used to break mp3 players, mobile devices, tablets, DRM devices from many large international corporations that I won't mention by name. Almost all device secrets originate from a trusted or true random number generator somewhere in the system. What is not a device secret is the usually the algorithm that generated those device secrets. The algorithm is usually part of a standard specification and also known to the attacker. If the algorithm is not known it's to the disadvantage of the attacker. Keep this in mind as it will be useful in developing countermeasures using custom derivation functions that operate on the random number instead of seeding it directly to the PRNG (Pseudo Random Number Generator).
If you can manipulate the input to all 0's or all 1's you can capture the state of the device and generate the same device secret external to the device on a PC. Then it wouldn't be a device secret any more. These device secrets should be generated from some large random number. It seems that 128 bits of entropy can generate 2^128 pool of combinations. You can calculate the correct answer by brute force but that's not feasible to any attacker as time is a factor against the attacker. If it takes 85 years or even 20 years to calculate the answer then usually that is good enough to protect most eco-systems for today's modern consumer electronic devices.
Related Blogs
- Mitigating Side-Channel Attacks In Post Quantum Cryptography (PQC) With Secure-IC Solutions
- Intel Embraces the RISC-V Ecosystem: Implications as the Other Shoe Drops
- Let's Talk PVT Monitoring: Understanding Your Chip's Age
- Obsolete & EOL Parts
- Let's Talk PVT Monitoring: Thermal Issues Associated with Modern SoCs - How Hot is Hot?