Security in Emerging Wireless Communication and Networking Systems. First International ICST Workshop, SEWCN 2009, Athens, Greece, September 14, 2009, Revised Selected Papers

Research Article

Security Flaws in an Efficient Pseudo-Random Number Generator for Low-Power Environments

Download94 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-11526-4_3,
        author={Pedro Peris-Lopez and Julio Hernandez-Castro and Juan Tapiador and Enrique Mill\^{a}n and Jan Lubbe},
        title={Security Flaws in an Efficient Pseudo-Random Number Generator for Low-Power Environments},
        proceedings={Security in Emerging Wireless Communication and Networking Systems. First International ICST Workshop, SEWCN 2009, Athens, Greece, September 14, 2009, Revised Selected Papers},
        proceedings_a={SEWCN},
        year={2012},
        month={5},
        keywords={Sensor networks RFID PRNG security cryptanalysis},
        doi={10.1007/978-3-642-11526-4_3}
    }
    
  • Pedro Peris-Lopez
    Julio Hernandez-Castro
    Juan Tapiador
    Enrique Millán
    Jan Lubbe
    Year: 2012
    Security Flaws in an Efficient Pseudo-Random Number Generator for Low-Power Environments
    SEWCN
    Springer
    DOI: 10.1007/978-3-642-11526-4_3
Pedro Peris-Lopez1,*, Julio Hernandez-Castro2,*, Juan Tapiador3,*, Enrique Millán4,*, Jan Lubbe1,*
  • 1: Delft University of Technology
  • 2: Buckingham Building, Lion Terrace
  • 3: University of York, Heslington
  • 4: University Carlos III of Madrid
*Contact email: p.perislopez@tudelft.nl, julio.hernandez-castro@port.ac.uk, jet@cs.york.ac.uk, quique@ing.uc3m.es, j.c.a.vanderlubbe@tudelft.nl

Abstract

In 2004, Settharam and Rhee tackled the design of a lightweight Pseudo-Random Number Generator (PRNG) suitable for low-power environments (e.g. sensor networks, low-cost RFID tags). First, they explicitly fixed a set of requirements for this primitive. Then, they proposed a PRNG conforming to these requirements and using a free-running timer [9]. We analyze this primitive discovering important security faults. The proposed algorithm fails to pass even relatively non-stringent batteries of randomness such as ENT (i.e. a pseudorandom number sequence test program). We prove that their recommended PRNG has a very short period due to the flawed design of its core. The internal state can be easily revealed, compromising its backward and forward security. Additionally, the rekeying algorithm is defectively designed mainly related to the unpractical value proposed for this purpose.