An Evaluation On The Entropy Supplying Capability Of Smartphone Sensors

IF 1.5 4区计算机科学 Q4 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Journal Pub Date : 2023-09-20 DOI:10.1093/comjnl/bxad081

Dinghua Zhang, Shihao Wu, Yang Li, Quan Pan

{"title":"An Evaluation On The Entropy Supplying Capability Of Smartphone Sensors","authors":"Dinghua Zhang, Shihao Wu, Yang Li, Quan Pan","doi":"10.1093/comjnl/bxad081","DOIUrl":null,"url":null,"abstract":"Abstract Random numbers are very important for the security of computer system. However, generating qualified random numbers is difficult because we cannot always successfully introduce dedicated random number hardware into computer system. Although most operating systems provide random number generation capabilities, the effective entropy supply is still dependent on the hardware platform including memory and clocks etc. However, obtaining hardware events such as clocks requires system privileges, which is not conducive for entropy estimation at the application layer. In contrast, data related to the sensor hardware can be extracted directly at the application layer. These sensor data contain some randomness and may be used as a noise source. In this way, applications can use these sensors to implement their own proprietary random number generators. Before taking these sensors as the noise source, it is necessary to fully evaluate their entropy supply capability. In this paper, 300 Android smartphones and 30 iOS smartphones are selected as samples and their sensor entropy supply capabilities are comprehensively evaluated. Based on the entropy evaluation results, we give some suggestions on how to generate random numbers using these sensor data. We first design a framework for evaluating the entropy supply capability for smartphone sensors, based on the min-entropy estimation method proposed in NIST SP 800-90B. According to this framework, we simulate stationary and mobile working states for each smartphone, and collect sufficient sensor data as the min-entropy estimation dataset. The min-entropy estimation results show that in the stationary working state, each ACCELEROMETER sensor data collection can obtain at least 1.5 bits of entropy in Android, while each GYROSCOPE sensor data collection can obtain at least 20 bits of entropy in iOS. In the mobile working state, each ACCELEROMETER sensor data collection can obtain at least 1.9 bits of entropy, while each GYROSCOPE sensor data acquisition in iOS system can obtain at least 27 bits of entropy. This means that we can still get a stable entropy output from the sensor even when the smartphone is in stationary working state. Statistical analysis of the data using cross correlation methods suggests it is hard for an attacker to guess or predict the random numbers generated by a smartphone through another smartphone put in the similar external environment.","PeriodicalId":50641,"journal":{"name":"Computer Journal","volume":"47 1","pages":"0"},"PeriodicalIF":1.5000,"publicationDate":"2023-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1093/comjnl/bxad081","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Abstract Random numbers are very important for the security of computer system. However, generating qualified random numbers is difficult because we cannot always successfully introduce dedicated random number hardware into computer system. Although most operating systems provide random number generation capabilities, the effective entropy supply is still dependent on the hardware platform including memory and clocks etc. However, obtaining hardware events such as clocks requires system privileges, which is not conducive for entropy estimation at the application layer. In contrast, data related to the sensor hardware can be extracted directly at the application layer. These sensor data contain some randomness and may be used as a noise source. In this way, applications can use these sensors to implement their own proprietary random number generators. Before taking these sensors as the noise source, it is necessary to fully evaluate their entropy supply capability. In this paper, 300 Android smartphones and 30 iOS smartphones are selected as samples and their sensor entropy supply capabilities are comprehensively evaluated. Based on the entropy evaluation results, we give some suggestions on how to generate random numbers using these sensor data. We first design a framework for evaluating the entropy supply capability for smartphone sensors, based on the min-entropy estimation method proposed in NIST SP 800-90B. According to this framework, we simulate stationary and mobile working states for each smartphone, and collect sufficient sensor data as the min-entropy estimation dataset. The min-entropy estimation results show that in the stationary working state, each ACCELEROMETER sensor data collection can obtain at least 1.5 bits of entropy in Android, while each GYROSCOPE sensor data collection can obtain at least 20 bits of entropy in iOS. In the mobile working state, each ACCELEROMETER sensor data collection can obtain at least 1.9 bits of entropy, while each GYROSCOPE sensor data acquisition in iOS system can obtain at least 27 bits of entropy. This means that we can still get a stable entropy output from the sensor even when the smartphone is in stationary working state. Statistical analysis of the data using cross correlation methods suggests it is hard for an attacker to guess or predict the random numbers generated by a smartphone through another smartphone put in the similar external environment.

查看原文本刊更多论文

智能手机传感器的熵供给能力评价

摘要随机数对于计算机系统的安全是非常重要的。然而，由于我们不能总是成功地在计算机系统中引入专用的随机数硬件，因此产生合格的随机数是困难的。尽管大多数操作系统都提供随机数生成功能，但有效熵供应仍然依赖于硬件平台，包括内存和时钟等。然而，获取硬件事件(如时钟)需要系统特权，这不利于在应用层进行熵估计。相反，与传感器硬件相关的数据可以直接在应用层提取。这些传感器数据具有一定的随机性，可能被用作噪声源。通过这种方式，应用程序可以使用这些传感器来实现它们自己专有的随机数生成器。在将这些传感器作为噪声源之前，有必要充分评估它们的熵供给能力。本文选取300部Android智能手机和30部iOS智能手机作为样本，对其传感器熵供给能力进行综合评价。根据熵值评价结果，对如何利用这些传感器数据生成随机数提出了一些建议。我们首先基于NIST SP 800-90B中提出的最小熵估计方法，设计了一个评估智能手机传感器熵供应能力的框架。根据该框架，我们模拟了每个智能手机的固定和移动工作状态，并收集了足够的传感器数据作为最小熵估计数据集。最小熵估计结果表明，在静止工作状态下，每次加速度计传感器数据采集在Android中至少可以获得1.5比特的熵，而每次陀螺仪传感器数据采集在iOS中至少可以获得20比特的熵。在移动工作状态下，每次加速度计传感器数据采集可获得至少1.9比特的熵，而在iOS系统中，每次陀螺仪传感器数据采集可获得至少27比特的熵。这意味着即使智能手机处于静止工作状态，我们仍然可以从传感器获得稳定的熵输出。使用相互关联方法对数据进行统计分析表明，攻击者很难猜测或预测智能手机通过放置在类似外部环境中的另一部智能手机产生的随机数。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Journal 工程技术-计算机：软件工程

CiteScore

3.60

自引率

7.10%

发文量

164

审稿时长

4.8 months

期刊介绍： The Computer Journal is one of the longest-established journals serving all branches of the academic computer science community. It is currently published in four sections.