A Guideline on Pseudorandom Number Generation (PRNG) in the IoT
- 13 July 2021
- journal article
- research article
- Published by Association for Computing Machinery (ACM) in ACM Computing Surveys
- Vol. 54 (6), 1-38
- https://doi.org/10.1145/3453159
Abstract
Random numbers are an essential input to many functions on the Internet of Things (IoT). Common use cases of randomness range from low-level packet transmission to advanced algorithms of artificial intelligence as well as security and trust, which heavily rely on unpredictable random sources. In the constrained IoT, though, unpredictable random sources are a challenging desire due to limited resources, deterministic real-time operations, and frequent lack of a user interface. In this article, we revisit the generation of randomness from the perspective of an IoT operating system (OS) that needs to support general purpose or crypto-secure random numbers. We analyze the potential attack surface, derive common requirements, and discuss the potentials and shortcomings of current IoT OSs. A systematic evaluation of current IoT hardware components and popular software generators based on well-established test suits and on experiments for measuring performance give rise to a set of clear recommendations on how to build such a random subsystem and which generators to use.Keywords
Funding Information
- German Ministry of Education and Research
This publication has 40 references indexed in Scilit:
- Cryptanalysis of the windows random number generatorPublished by Association for Computing Machinery (ACM) ,2007
- TestU01ACM Transactions on Mathematical Software, 2007
- Finding Collisions in the Full SHA-1Lecture Notes in Computer Science, 2005
- Algorithm 806: SPRNGACM Transactions on Mathematical Software, 2000
- Security and Composition of Multiparty Cryptographic ProtocolsJournal of Cryptology, 2000
- Cryptanalytic Attacks on Pseudorandom Number GeneratorsLecture Notes in Computer Science, 1998
- Mersenne twisterACM Transactions on Modeling and Computer Simulation, 1998
- Random number generators: good ones are hard to findCommunications of the ACM, 1988
- On the generation of cryptographically strong pseudorandom sequencesACM Transactions on Computer Systems, 1983
- RANDOM NUMBERS FALL MAINLY IN THE PLANESProceedings of the National Academy of Sciences of the United States of America, 1968