Abstract
We provide the first provable-security analysis of the Intel Secure Key hardware RNG (ISK-RNG), versions of which have appeared in Intel processors since late 2011. To model the ISK-RNG, we generalize the PRNG-with-inputs primitive, introduced by Dodis et al. at CCS’13 for their /dev/[u]random analysis. The concrete security bounds we uncover tell a mixed story. We find that ISK-RNG lacks backward-security altogether, and that the forward-security bound for the “truly random” bits fetched by the \(\mathtt {RDSEED}\) instruction is potentially worrisome. On the other hand, we are able to prove stronger forward-security bounds for the pseudorandom bits fetched by the \(\mathtt {RDRAND}\) instruction. En route to these results, our main technical efforts focus on the way in which ISK-RNG employs CBCMAC as an entropy extractor.
Chapter PDF
References
Barak, B., Halevi, S.: A model and architecture for pseudo-random generation with applications to /dev/random. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 203–212. ACM (2005)
Bellare, M., Rogaway, P.: The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006)
Chevassut, O., Fouque, P.-A., Gaudry, P., Pointcheval, D.: The Twist-AUgmented Technique for Key Exchange. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 410–426. Springer, Heidelberg (2006)
Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 494–510. Springer, Heidelberg (2004)
Dodis, Y., Pointcheval, D., Ruhault, S., Vergniaud, D., Wichs, D.: Security analysis of pseudo-random number generators with input: /dev/random is not robust. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 647–658. ACM (2013)
Everspaugh, A., Zhai, Y., Jellinek, R., Ristenpart, T., Swift, M.: Not-so-random numbers in virtualized Linux and the Whirlwind RNG. In: IEEE Symposium on Security And Privacy (2014)
Gutterman, Z., Pinkas, B., Reinman, T.: Analysis of the Linux random number generator. In: 2006 IEEE Symposium on Security and Privacy, p. 15. IEEE (2006)
Hamburg, M., Kocher, P., Marson, M.E.: Analysis of Intel’s Ivy Bridge digital random number generator (2012). http://www.cryptography.com/public/pdf/Intel_TRN G_Report_20120312. pdf
Heninger, N., Durumeric, Z., Wustrow, E., Alex Halderman, J.: Mining your ps and qs: Detection of widespread weak keys in network devices. In: USENIX Security Symposium, pp. 205–220 (2012)
Hofemeier, G.: Intel Digital Random Number Generator (DRNG) software implementation guide (August 2012). https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide (accessed May 2014)
Hofemeier, G., Chesebrough, R.: Introduction to Intel AES-NI and Intel Secure Key instructions (July 2012). https://software.intel.com/en-us/articles/introduction-to-intel-aes-ni-and-intel-secure-key-instructions (accessed May 2014)
JD Johnston (Intel). Personal communication (May 2014)
Lacharme, P., Röck, A., Strubel, V., Videau, M.: The Linux pseudorandom number generator revisited. IACR Cryptology ePrint Archive 2012, 251 (2012)
Mechalas, J.: The difference between RDRAND and RDSEED (November 2012). https://software.intel.com/en-us/blogs/2012/11/17/the-difference-between-rdrand-and-rdseed (accessed April 2014)
Radhakrishnan, J., Ta-Shma, A.: Bounds for dispersers, extractors, and depth-two superconcentrators. SIAM Journal on Discrete Mathematics 13(1), 2–24 (2000)
Shrimpton, T., Seth Terashima, R.: A provable security analysis of Intel’s Secure Key RNG. Cryptology ePrint Archive, Report 2014/504 (2014). http://eprint.iacr.org/
Walker, J.: Conceptual foundations of the Ivy Bridge random number generator. http://www.ists.dartmouth.edu/docs/walker_ivy-bridge.pdf (November 2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 International Association for Cryptologic Research
About this paper
Cite this paper
Shrimpton, T., Terashima, R.S. (2015). A Provable-Security Analysis of Intel’s Secure Key RNG. In: Oswald, E., Fischlin, M. (eds) Advances in Cryptology -- EUROCRYPT 2015. EUROCRYPT 2015. Lecture Notes in Computer Science(), vol 9056. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-46800-5_4
Download citation
DOI: https://doi.org/10.1007/978-3-662-46800-5_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-46799-2
Online ISBN: 978-3-662-46800-5
eBook Packages: Computer ScienceComputer Science (R0)