Na Lv
ABSTRACT
Random number generator (RNG) is the basic primitive in cryptography. The randomness of random numbers generated by RNGs is the base of the security of various cryptosystems implemented in network and communications. With the popularization of smart mobile devices (such as smartphones) and the surge in demand for cryptographic applications of such devices, research on providing random number services for mobile devices has attracted more and more attentions. As the important components of smartphones, sensors are used to collect data from user behaviors and environments, and some data sources have the non-deterministic properties. Currently, some work focuses on how to design sensor-based RNG towards smartphones, since no additional hardware is required by this method. It is critical to evaluate the quality of entropy sources which is the main source of randomness for RNGs. However, as far as we know, there is no work to systematically analyze the feasibility for utilizing the raw sensor data to generate random sequences, and how much the entropy contained in the data is. In this paper, we aim to providing an analysis method for quantifying the entropy in the raw data captured by sensors embedded in smartphones, and studying the feasibility of generating random numbers from the data. We establish several data collection models for some typical sensors with different scenarios and data sampling frequencies. Furthermore, we propose a universal entropy estimation scheme for multivariate data to quantify the entropy of the sensor data, and apply it on a type of Android smartphones. The experiments demonstrate that the raw data collected by the sensors has a considerable amount of entropy, and the ability of different sensors to provide entropy has a certain relationship with the usage scenarios of smartphones and the sampling frequency of sensor data. Particularly, when in a static scenario and the sampling frequency is 50Hz, we get a conservative entropy estimation for our testing smartphones based on the min-entropy, which is about 189bits/s, 13bits/s and 254bits/s for the accelerometer, gyroscope, and magnetometer respectively. While the randomness of sensor data in dynamic scenarios will increase compared to static scenarios, because the environment and the way that the user uses the smartphones actually exist differences each time, parts of which are unknowable to the attacker.
- ISO/IEC18031.2011.Information Technology-Security Techniques-Random bit generationGoogle Scholar
- François Goichon, Cédric Lauradoux, Guillaume Salagnac and Thibaut Vuillemin. 2012. Entropy Transfers in the Linux Random Number Generator. Technical Report. INRIA, Montbonnot-Saint-MartinGoogle Scholar
- Lacharme Patrick, Rock Andrea, Strubel Vincent, and Videau Marion. 2012. The Linux Pseudorandom Number Generator Revisited. IACR Cryptology ePrint Archive 2012, 251Google Scholar
- Zvi Gutterman, Benny Pinkas, and Tzachy Reinman. 2006. Analysis of the Linux random number generator. 2006 IEEE Symposium on Security and Privacy (S&P'06). IEEE, 371-385. DOI=https://ieeexplore.ieee.org/document/1624027/Google ScholarDigital Library
- Kim Soo Hyeon, Han Daewan, and Lee Dong Hoon. 2013. Predictability of Android OpenSSL's pseudo random number generator. Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (CCS ’13). ACM, New York, NY, USA, 659 - 668. DOI= https://doi.org/10.1145/2508859.2516706Google ScholarDigital Library
- Apple, “iOS security,” .2014. White Paper, Apple Inc., Cupertino, CA, USA, Feb. 2014Google Scholar
- https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-softwareimplementation-guideGoogle Scholar
- Krhovják Jan, Matyas, V., and Svenda, P. 2007. The sources of randomness in mobile devices. In Proceeding of NORDSEC pp. 73–84 (2007)Google Scholar
- Suciu Alin, Lebu Daniel, and Marton Kinga. 2011. Unpredictable random number generator based on mobile sensors. IEEE 7th International Conference on Intelligent Computer Communication and Processing. IEEE, 445–448. DOI= https://doi.org/10.1109/ICCP.2011.6047913Google Scholar
- Hong Siang Lee, and Liu Chang. 2015. Sensor-based random number generator seeding. IEEE Access 562–568. DOI= https://ieeexplore.ieee.org/document/7109113Google Scholar
- Wallace Kyle, Moran Kevin, Novak Ed, Zhou Gang, and Sun Kun. 2016. Toward Sensor-based Random Number Generation for Mobile and IoT Devices. IEEE Internet of Things Journal 3(6), 1189–1201. DOI= https://ieeexplore.ieee.org/document/7477997Google ScholarCross Ref
- Killmann Wolfgang, and Schindler Werner. 20001. AIS 31: Functionality Classes and Evaluation Methodology for True (Physical) Random Number Generators. Version 3.1. T-Systems GEI GmbH and Bundesamt f1r Sicherheit in der Information-stechnik (BSI), Bonn, GermanyGoogle Scholar
- Turan Melte, Barker Elaine, Kelsey John, McKay Kerry, Baish Mary, and Boyle Michael. 2018. NIST Special Publication 800-90B: Recommendation for the Entropy Sources Used for Random Bit GenerationGoogle Scholar
- Shannon, C.E. 1948. A mathematical theory of communication. Bell system technical journal 27(3), 379–423. DOI= https://doi.org/10.1002/j.1538-7305.1948.tb01338.xGoogle Scholar
- Turan, Melte, Barker Elaine, Kelsey John, McKay Kerry, Baish Mary, and Boyle Michael. 2016. (Second DRAFT) Nist Special Publication 800-90b: Recommendation for the Entropy Sources Used for Random Bit GenerationGoogle Scholar
- Kelsey John, McKay Kerry, and Turan Melte. 2015. Predictive models for min-entropy estimation. Cryptographic Hardware and Embedded Systems (CHES 2015)-17th International Workshop, Saint-Malo, France, September 13-16, 2015, Proceedings. Springer (9293), 373 - 392. DOI= https://doi.org/10.1007/978-3-662-48324-4\_19Google ScholarDigital Library
- Zhu Shuangyi, Ma Yuan, Chen Tianyu, Lin Jingqiang, and Jing Jiwu. 2017. Analysis and Improvement of Entropy Estimators in NIST SP 800-90b for Non-IID Entropy Sources. IACR Trans. Symmetric Cryptol. 2017(3), 151–168. DOI= https://doi.org/10.13154/tosc.v2017.i3.151-168Google Scholar
- Yang Jing, Zhu Shuangyi, Chen Tianyu, Ma Yuan, Lv Na, and Lin Jingqiang. 2018. Neural Network Based Min-entropy Estimation for Random Number Generators. Security and Privacy in Communication Networks-14th International Conference (Singapore, August 08 - 10, 2018). SecureComm 2018. Springer, 231–250. DOI= https://doi.org/10.1007/978-3-030-01704-0\_13Google Scholar
- Lv Na, Chen Tianyu, Zhu Shuangyi, Yang Jing, Ma Yuan, Jing Jiwu, Lin Jingqiang. 2020. High-efficiency Min-entropy Estimation Based on Neural Network for Random Number Generators. Security and Communication Networks (SCN), 1–18. DOI= https://doi.org/10.1155/2020/4241713Google Scholar
- Rukhin Andrew L, Soto Juan, Nechvatal James R, Smid Miles E, Barker Elaine B, Leigh Stefan D, Levenson Mark, Vangel Mark, Banks David L, and Heckert Nathanael Alan. 2010. SP 800-22 rev.1a. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. NIST Special PublicationGoogle Scholar
- Barker Elaine, and Kelsey John. 2012. Draft NIST Special Publication 800-90B: Recommendation for the Entropy Sources Used for Random Bit GenerationGoogle Scholar
- Masoud Z. Masoud, Jaradat Yousef, Manasrah Ahmad, and Jannoud Ismael. 2019. Sensors of Smart Devices in the Internet of Everything (IoE) Era: Big Opportunities and Massive Doubts. Journal of Sensors, 1–26. DOI= https://doi.org/10.1155/2019/6514520Google ScholarCross Ref
- Pongnumkul Suporn, Chaovalit Pimwadee, and Surasvadi Navaporn. 2015. Applications of Smartphone-Based Sensors in Agriculture: A Systematic Review of Research. Journal of Sensors, 1–18. DOI= https://doi.org/10.1155/2015/195308Google Scholar
- https://developer.android.google.cn/reference/android/hardware/SensorEvent?hl=enGoogle Scholar
- Ashraf Imran, Hur Soojung, Shafiq Muhammad, and Park Yongwan. 2019. Floor identification using magnetic field data with smartphone sensors. Sensors 19(11). DOI= https://doi.org/10.3390/s19112538Google Scholar
- https://stuff.mit.edu/afs/sipb/project/android/docs/reference/android/hardware/Sensor.htmlGoogle Scholar
- https://developer.android.google.cn/reference/android/hardware/SensorManager#SENSOR_DELAY_GAMEGoogle Scholar
Recommendations
Detecting repackaged smartphone applications in third-party android marketplaces
CODASPY '12: Proceedings of the second ACM conference on Data and Application Security and PrivacyRecent years have witnessed incredible popularity and adoption of smartphones and mobile devices, which is accompanied by large amount and wide variety of feature-rich smartphone applications. These smartphone applications (or apps), typically organized ...
An Overview of the Capabilities and Limitations of Smartphone Sensors
Few technical details are available about the various sensors embedded in modern smartphones, and what details are available can be hard to assemble and interpret by the broader technical community that uses these devices. Since the physical and ...
Smartphone Energy Drain in the Wild: Analysis and Implications
SIGMETRICS '15: Proceedings of the 2015 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer SystemsThe limited battery life of modern smartphones remains a leading factor adversely affecting the mobile experience of millions of smartphone users. In order to extend battery life, it is critical to understand where and how is energy drain happening on ...
Comments