[148431] in cryptography@c2.net mail archive
Re: [Cryptography] An alternative electro-mechanical entropy source
daemon@ATHENA.MIT.EDU (Tom Mitchell)
Thu Dec 12 22:21:18 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <EB7148C0-5ADF-46E8-91AA-E62EB0FC63BD@me.com>
Date: Thu, 12 Dec 2013 19:16:31 -0800
From: Tom Mitchell <mitch@niftyegg.com>
To: Arnold Reinhold <agr@me.com>
Cc: Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============2731628862137437666==
Content-Type: multipart/alternative; boundary=001a11c253807e425504ed61e35a
--001a11c253807e425504ed61e35a
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On Thu, Dec 12, 2013 at 3:44 AM, Arnold Reinhold <agr@me.com> wrote:
> On 10 Dec 2013 16:26, Bill Cox wrote:
>
> ... I took a good
> look at Intel's hardware random number generator source. There's a paper
> analyzing it here:
>
> Thanks for the link...
> My problem with the Intel design is that there is no way to audit it.
>
True...
> Here is an idea I have been playing with to provide a slow but auditable
> source of entropy.
>
> I propose combining an accelerometer chip to collect entropy with would
> provide a physically un-cloneable element. The rattle would be completely
> mechanical, but could be designed with solderable leads for automatic par=
t
> placement machines, or it could be epoxied in place. It would be possible
> to immobilize the rattle with a magnet if ferrous ball bearings are used,
> or in a centrifuge. This could be useful for testing and it should be
> possible for software to distinguish the proper operation of the rattle
> statistically.
>
>
> This entropy generator would be cheap, simple and low
>
There are some low cost development tools to play
with sensors. I think some of these offer potential and
are worthy of investing some effort in.
One is:
element14 MEMS Sensors Board Evaluation Kit
element14 and Freescale have partnered together to introduce an evaluation
platform for Freescale's next-generation Xtrinsic MEMS sensors. The kit
features the following:
MPL3115A2: Highly precise altitude and pressure sensor
- Pressure range: 20 =96 110 kPa
- Less than 1 foot / 0.3 m resolution
MAG3110: Low-power digital 3-D magnetic sensor
- Measuring local magnetic fields up to 10 Gauss
MMA8491Q: 3-axis accelerometer
- Ultra-low-power tamper detection and tilt sensor
Texas instruments has a comparable development board... slightly more
interesting sensors.
So, yes a handful of ball bearing rolling around perturbing the magnetic
sensor a little or a lot. Voice, AirCon, wind, weather, doors perturbing
the pressure sensor.
Slurp up a data stream from something like this at the end of a USB
link and sprinkle these bits into the bits from the processor RNG and
you have added some serious entropy to the bit stream that I
assert(need-a-test)
could confound the risk that the Intel or Arm processor RNG has some
guessable quality.
I see little or no reason to not encourage a cottage industry of mint-tin
size devices that connect to USB links and serve one or more security
functions from RNG to public key ring keepers not directly under the contro=
l
of the main OS or Main System Hardware.
Should someone invent an improved or alternate solution unplug one
mint-tin of fun and plug in another.
I should note that the Raspberry-Pi ARM processor appears to have a RNG
function
and there are are sensor experiments in abundance.
One experiment I might make is an ADC and DAC loop where some input
is read and then an analog output generated to be measured by the
same or another ADC. The uncertainty of the LSB.
Multiple sensors, multiple methods not exactly the same in many Altoid size
Mint tins might confound
the most skilled external analysis.
</two.cents>
--=20
T o m M i t c h e l l
--001a11c253807e425504ed61e35a
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">=
On Thu, Dec 12, 2013 at 3:44 AM, Arnold Reinhold <span dir=3D"ltr"><<a h=
ref=3D"mailto:agr@me.com" target=3D"_blank">agr@me.com</a>></span> wrote=
:<br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bo=
rder-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:so=
lid;padding-left:1ex">
<div style=3D"word-wrap:break-word"><div>On 10 Dec 2013 16:26, Bill Cox wro=
te:</div><div><br></div><blockquote type=3D"cite">... I took a good=A0<br>l=
ook at Intel's hardware random number generator source. There's a p=
aper=A0<br>
analyzing it here:</blockquote><div></div></div></blockquote><div>Thanks fo=
r the link...</div><div><br></div><div>=A0</div><blockquote class=3D"gmail_=
quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-=
color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div style=3D"word-wrap:break-word"><div>My problem with the Intel design i=
s that there is no way to audit it. =A0<br></div><div></div></div></blockqu=
ote><div><br></div><div>True...</div><div>=A0</div><blockquote class=3D"gma=
il_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-le=
ft-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div style=3D"word-wrap:break-word"><div>Here is an idea I have been playin=
g with to provide a slow but auditable source of entropy.</div><div><br></d=
iv><div>I propose combining an accelerometer chip to collect entropy with w=
ould provide a physically un-cloneable element. The rattle would be complet=
ely mechanical, but could be designed with solderable leads for automatic p=
art placement machines, or it could be epoxied in place. It would be possib=
le to immobilize the rattle with a magnet if ferrous ball bearings are used=
, or in a centrifuge. This could be useful for testing and it should be pos=
sible for software to distinguish the proper operation of the rattle statis=
tically.</div>
<div><br></div></div></blockquote><div>=A0</div><blockquote class=3D"gmail_=
quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-=
color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div style=
=3D"word-wrap:break-word">
<div></div><div>This entropy generator would be cheap, simple and low</div>=
</div></blockquote></div><div><br></div><div>There are some low cost develo=
pment tools to play</div><div>with sensors. =A0 =A0I think some of these of=
fer potential and</div>
<div>are worthy of investing some effort in.</div><div><br></div></div><blo=
ckquote style=3D"margin:0 0 0 40px;border:none;padding:0px"><div class=3D"g=
mail_extra"><div>One is:</div></div><div class=3D"gmail_extra"><div>element=
14 MEMS Sensors Board Evaluation Kit </div>
</div><div class=3D"gmail_extra"><div>element14 and Freescale have partnere=
d together to introduce an evaluation platform for Freescale's next-gen=
eration Xtrinsic MEMS sensors. The kit features the following:</div></div>
<div class=3D"gmail_extra"><div><br></div></div><div class=3D"gmail_extra">=
<div>MPL3115A2: Highly precise altitude and pressure sensor</div></div><div=
class=3D"gmail_extra"><div>=A0- Pressure range: 20 =96 110 kPa</div></div>=
<div class=3D"gmail_extra">
<div>=A0- Less than 1 foot / 0.3 m resolution</div></div><div class=3D"gmai=
l_extra"><div>MAG3110: Low-power digital 3-D magnetic sensor</div></div><di=
v class=3D"gmail_extra"><div>=A0- Measuring local magnetic fields up to 10 =
Gauss</div>
</div><div class=3D"gmail_extra"><div>MMA8491Q: 3-axis accelerometer</div><=
/div><div class=3D"gmail_extra"><div>=A0- Ultra-low-power tamper detection =
and tilt sensor</div></div></blockquote><div><br></div>Texas instruments ha=
s a comparable development board... slightly more<div>
interesting sensors.<br><br>So, yes a handful of ball bearing rolling aroun=
d perturbing the magnetic<div>sensor a little or a lot. =A0 Voice, AirCon, =
wind, weather, doors perturbing=A0</div><div>the pressure sensor.</div><div=
>
<br></div><div>Slurp up a data stream from something like this at the end o=
f a USB</div><div>link and sprinkle these bits into the bits from the proce=
ssor RNG and</div><div>you have added some serious entropy to the bit strea=
m that I assert(need-a-test)</div>
<div>could confound the risk that the Intel or Arm processor RNG has some=
=A0</div><div>guessable quality.</div><div><br></div><div>I see little or n=
o reason to not encourage a cottage industry of mint-tin</div><div>size dev=
ices that connect to USB links and serve one or more security</div>
<div>functions from RNG to public key ring keepers not directly under the c=
ontrol</div><div>of the main OS or Main System Hardware.</div><div><br></di=
v><div>Should someone invent an improved or alternate solution unplug one=
=A0</div>
<div>mint-tin of fun and plug in another. =A0=A0<br><br>I should note that =
the Raspberry-Pi ARM processor appears to have a RNG function=A0</div><div>=
and there are are sensor experiments in abundance.</div><div><br></div><div=
>One experiment I might make is an ADC and DAC loop where some input</div>
<div>is read and then an analog output generated to be measured by the=A0</=
div><div>same or another ADC. =A0The uncertainty of the LSB.</div><div><br>=
</div><div>Multiple sensors, multiple methods not exactly the same in many =
Altoid size Mint tins might confound</div>
<div>the most skilled external analysis.</div><div></two.cents></div>=
<div><br></div><div><br><div class=3D"gmail_extra"><div><br><br><br>--=A0</=
div><div dir=3D"ltr">=A0 T o m =A0 =A0M i t c h e l l</div>
</div></div></div></div>
--001a11c253807e425504ed61e35a--
--===============2731628862137437666==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============2731628862137437666==--
