Speakers: Jos Wetzels, Ali Abbasi
Secure random number generators play a crucial role in the wider security ecosystem. In the absence of a dedicated hardware True Random Number Generator (TRNG), computer systems have to resort to a software (cryptographically secure) Pseudo-Random Number Generator (CSPRNG). Since the (secure) design of a CSPRNG is an involved and complicated effort and since randomness is such a security-critical resource, many operating systems provide a CSPRNG as a core system service and many popular security software products assume their presence. The constraints imposed by the embedded world, however, pose a variety of unique challenges to proper OS (CS)PRNG design and implementation which have historically resulted in security failures. In this talk we will discuss these challenges, how they affect the quality of (CS)PRNGs in embedded operating systems and illustrate our arguments by means of the first public analysis of the OS random number generators of several popular embedded operating systems.
Randomness is a fundamental, security-critical resource in the wider security ecosystem utilized by everything from cryptographic software (eg. key and nonce generation) to exploit mitigations (eg. ASLR and stack canary generation). Ideally secure random number generation is done using a dedicated hardware True Random Number Generator (TRNG) collecting entropy from physical processes such as radioactive decay or shot noise. TRNGs, however, are both relatively slow in their provision of random data and often too expensive to integrate in a system which means computer systems have to resort to a software (cryptographically secure) Pseudo-Random Number Generator (CSPRNG). Such a CSPRNG is seeded (both initially and continuously) from a variety of sources of 'true' entropy which are effectively stretched into additional pseudo-random data using cryptographic methods. Since the design and implementation of such CSPRNGs is a complicated and involved
