SideRand: A Heuristic and Prototype of a Side-Channel-Based Cryptographically Secure Random Seeder Designed to Be Platform- and Architecture-Agnostic

TL;DR

SideRand introduces a platform- and architecture-agnostic side-channel-based method for generating cryptographically secure random seeds, addressing the need for reliable randomness across diverse devices including IoT and embedded systems.

Contribution

The paper presents SideRand, a novel software approach using side-channel measurements to generate secure random seeds applicable to various platforms, emphasizing openness and auditability.

Findings

SideRand successfully generates high-quality entropy across multiple platforms.

It meets criteria of openness and auditability for cryptographic randomness.

Applicable to devices from servers to IoT and maker boards.

Abstract

Generating secure random numbers is vital to the security and privacy infrastructures we rely on today. Having a computer system generate a secure random number is not a trivial problem due to the deterministic nature of computer systems. Servers commonly deal with this problem through hardware-based random number generators, which can come in the form of expansion cards, dongles, or integrated into the CPU itself. With the explosion of network- and internet-connected devices, however, the problem of cryptography is no longer a server-centric problem; even small devices need a reliable source of randomness for cryptographic operations - for example, network devices and appliances like routers, switches and access points, as well as various Internet-of-Things (IoT) devices for security and remote management. This paper proposes a software solution based on side-channel measurements as a source of high-quality entropy (nicknamed "SideRand"), that can theoretically be applied to most platforms (large servers, appliances, even maker boards like RaspberryPi or Arduino), and generates a seed for a regular CSPRNG to enable proper cryptographic operations for security and privacy. This paper also proposes two criteria - openness and auditability - as essential requirements for confidence in any random generator for cryptographic use, and discusses how SideRand meets the two criteria (and how most hardware devices do not).