Research Article
Security Flaws in an Efficient Pseudo-Random Number Generator for Low-Power Environments
@INPROCEEDINGS{10.1007/978-3-642-11526-4_3, author={Pedro Peris-Lopez and Julio Hernandez-Castro and Juan Tapiador and Enrique Mill\^{a}n and Jan Lubbe}, title={Security Flaws in an Efficient Pseudo-Random Number Generator for Low-Power Environments}, proceedings={Security in Emerging Wireless Communication and Networking Systems. First International ICST Workshop, SEWCN 2009, Athens, Greece, September 14, 2009, Revised Selected Papers}, proceedings_a={SEWCN}, year={2012}, month={5}, keywords={Sensor networks RFID PRNG security cryptanalysis}, doi={10.1007/978-3-642-11526-4_3} }
- Pedro Peris-Lopez
Julio Hernandez-Castro
Juan Tapiador
Enrique Millán
Jan Lubbe
Year: 2012
Security Flaws in an Efficient Pseudo-Random Number Generator for Low-Power Environments
SEWCN
Springer
DOI: 10.1007/978-3-642-11526-4_3
Abstract
In 2004, Settharam and Rhee tackled the design of a lightweight Pseudo-Random Number Generator (PRNG) suitable for low-power environments (e.g. sensor networks, low-cost RFID tags). First, they explicitly fixed a set of requirements for this primitive. Then, they proposed a PRNG conforming to these requirements and using a free-running timer [9]. We analyze this primitive discovering important security faults. The proposed algorithm fails to pass even relatively non-stringent batteries of randomness such as ENT (i.e. a pseudorandom number sequence test program). We prove that their recommended PRNG has a very short period due to the flawed design of its core. The internal state can be easily revealed, compromising its backward and forward security. Additionally, the rekeying algorithm is defectively designed mainly related to the unpractical value proposed for this purpose.