Security Flaws in an Efficient Pseudo-Random Number Generator for Low-Power Environments
In 2004, Settharam and Rhee tackled the design of a lightweight Pseudo-Random Number Generator (PRNG) suitable for low-power environments (e.g. sensor networks, low-cost RFID tags). First, they explicitly fixed a set of requirements for this primitive. Then, they proposed a PRNG conforming to these requirements and using a free-running timer . We analyze this primitive discovering important security faults. The proposed algorithm fails to pass even relatively non-stringent batteries of randomness such as ENT (i.e. a pseudorandom number sequence test program). We prove that their recommended PRNG has a very short period due to the flawed design of its core. The internal state can be easily revealed, compromising its backward and forward security. Additionally, the rekeying algorithm is defectively designed mainly related to the unpractical value proposed for this purpose.
KeywordsSensor networks RFID PRNG security cryptanalysis
Unable to display preview. Download preview PDF.
- 1.David Sexton’s battery (2005), http://www.geocities.com/da5id65536
- 2.Barak, B., Halevi, S.: A model and architecture for pseudo-random generation with applications to /dev/random. In: ACM Conference on Computer and Communications Security, pp. 203–212 (2005)Google Scholar
- 3.Bernstein, D.J.: Salsa20 specifications (2005), http://www.ecrypt.eu.org/stream/
- 5.Marsaglia, G.: The Marsaglia Random Number CDROM Including the DIEHARD Battery of Tests of Randomness (1996), http://stat.fsu.edu/pub/diehard
- 6.Phan, R.C.-W., Wu, J., Ouafi, K., Stinson, D.R.: Privacy Analysis of Forward and Backward Untraceable RFID Authentication Schemes (2008), http://www.cacr.math.uwaterloo.ca/~dstinson/papers/bfrfid-2.pdf
- 7.Rhee, S., Seetharam, D., Liu, S., Wang, N., Xiao, J.: i-Bean Network: An Ultra-Low Power Wireless Sensor Network. In: Proceedings of UBICOMP 2003 (2003)Google Scholar
- 8.Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, A., Dray, J., Vo, S.: A statistical test suite for random and pseudorandom number generators for cryptographic applications. NIST special publication 800-22 (2001), http://csrc.nist.gov/rng/
- 9.Seetharam, D., Rhee, S.: An Efficient Pseudo Random Number Generator for Low-Power Sensor Networks. In: Proceedings of LCN 2004, pp. 560–562. IEEE Computer Society, Los Alamitos (2004)Google Scholar
- 10.Walker, J.: Randomness Battery (1998), http://www.fourmilab.ch/random/