© 2018 | hepia - LSN Laboratoire de Systèmes Numériques, rue de la Prairie 4, CH-1202 GENEVE

Calcul haute performance

Projet HERVA

High Throughput Embedded Random Numbers Validator

Collaborators: Dr. Laurent Gantel, Prof. Florent Gluck, Prof. Fabien Vannel,  Prof. Andres Upegui

The Internet of Things (IoT) is a technology in which billions of physical devices are endowed with sensing and communicating. Huge amounts of data are generated, processed and transferred to larger systems for further analysis and storage. This network brings its own share of security and privacy concerns. These issues must be addressed by ensuring secure end-to-end communications as well as dealing with authorization and authentication problems. Recently, the notorious Dyn DDoS attack [0] that compromised thousands of IoT devices is one of the largest security breach in history and just a glimpse of what’s awaiting us.

Cryptography and computer security rely heavily on random numbers for key exchange or authentication algorithms. A recent article [11] about IoT security states: “How we build the next generation of IoT devices with security in their DNA from the start. The trouble is, when it comes to security, a good random number is hard to find these days. What we need is a new approach to crypto-based IoT applications based on entropy, ….”

Today, IoT security is often based on poor quality random number generators (RNG). Mainstream RNG employ entropy (randomness) sources of various quality (sensors, time, keyboard, ...) to generate sequences of random numbers which are usually insufficient for high security applications. The quality of a RNG can be assessed by statistical tests such as the National Institute of Standards and Technology (NIST) test suite. Although high quality True RNG (TRNG) exist (eg. quantum-RNG), they require post-processing to correct hardware imperfections and ensure desired statistical behaviour. To avoid any potential drift over time, validation of the system must be performed on a regular basis to ensure the constant quality of the RNG.

Currently, there is no high quality TRNG device that features a physical entropy source, the dedicated post-processing and high quality validation onto a single embedded device. The aim of this project is to fulfil this need by designing and implementing a novel hardware evaluation platform for assessing TRNG for a given entropy source. The hardware platform will allow to perform post-processing of the entropy source to generate the desired probability distribution and embed suites of statistical tests (eg. NIST) and certifications (eg. AIS-31) for both instant online validation and extensive offline validation. The implementation will rely on an embedded hybrid computation device (eg. FPGA and HPS). Although post-processing must be adapted to the physical source, the architecture of the evaluation platform will be general enough to plug any post-processing core required by the entropy source.

Our evaluation platform will be used to design and produce TRNG tailored to specific categories of devices and applications, such as embeddable System-on-Chip for IoT devices and data centers.