商用智能卡中RNG的随机性评估

Anais do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2017) Pub Date : 2017-11-06 DOI:10.5753/sbseg.2017.19531

Wellinton Costa Ribeiro, Marcus Tadeu Pinheiro Silva

{"title":"商用智能卡中RNG的随机性评估","authors":"Wellinton Costa Ribeiro, Marcus Tadeu Pinheiro Silva","doi":"10.5753/sbseg.2017.19531","DOIUrl":null,"url":null,"abstract":"This paper brings results concerning the quality evaluation for the pseudo-random number generator (PRNG) in a commercial smart card. The RNG is a fundamental part for the cryptography carried out in several applications. We have acquired a huge quantity of random numbers from three samples of a commercial smart card. These data were evaluated using the statistical computation package developed by National Institute of Standards and Technology. In order to be used as gold benchmark and to validate our methodology, we have also tested the true random number generator (TRNG) included in a commercial integrated circuit. Our results show that the card PRNG owns quality too inferior than the TRNG. Due to card vendor confidentiality policy is not possible state the tested PRNG is base for the device cryptography. However, if this occurs, results lead us to conclude the tested PRNG is not adequate to provide the required security in the systems that adopt the evaluated smart card.","PeriodicalId":322419,"journal":{"name":"Anais do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2017)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Evaluating the Randomness of the RNG in a Commercial Smart Card\",\"authors\":\"Wellinton Costa Ribeiro, Marcus Tadeu Pinheiro Silva\",\"doi\":\"10.5753/sbseg.2017.19531\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper brings results concerning the quality evaluation for the pseudo-random number generator (PRNG) in a commercial smart card. The RNG is a fundamental part for the cryptography carried out in several applications. We have acquired a huge quantity of random numbers from three samples of a commercial smart card. These data were evaluated using the statistical computation package developed by National Institute of Standards and Technology. In order to be used as gold benchmark and to validate our methodology, we have also tested the true random number generator (TRNG) included in a commercial integrated circuit. Our results show that the card PRNG owns quality too inferior than the TRNG. Due to card vendor confidentiality policy is not possible state the tested PRNG is base for the device cryptography. However, if this occurs, results lead us to conclude the tested PRNG is not adequate to provide the required security in the systems that adopt the evaluated smart card.\",\"PeriodicalId\":322419,\"journal\":{\"name\":\"Anais do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2017)\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-11-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Anais do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2017)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5753/sbseg.2017.19531\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Anais do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2017)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5753/sbseg.2017.19531","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

给出了商用智能卡中伪随机数生成器(PRNG)的质量评价结果。在许多应用中，RNG是密码学的基础部分。我们从一张商业智能卡的三个样本中获得了大量的随机数。使用国家标准与技术研究院开发的统计计算包对这些数据进行评估。为了作为黄金基准并验证我们的方法，我们还测试了包含在商业集成电路中的真随机数生成器(TRNG)。结果表明，卡片PRNG的质量明显低于TRNG。由于卡供应商的保密政策是不可能的状态测试的PRNG是设备加密的基础。然而，如果发生这种情况，结果使我们得出结论，测试的PRNG不足以在采用评估智能卡的系统中提供所需的安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Evaluating the Randomness of the RNG in a Commercial Smart Card

This paper brings results concerning the quality evaluation for the pseudo-random number generator (PRNG) in a commercial smart card. The RNG is a fundamental part for the cryptography carried out in several applications. We have acquired a huge quantity of random numbers from three samples of a commercial smart card. These data were evaluated using the statistical computation package developed by National Institute of Standards and Technology. In order to be used as gold benchmark and to validate our methodology, we have also tested the true random number generator (TRNG) included in a commercial integrated circuit. Our results show that the card PRNG owns quality too inferior than the TRNG. Due to card vendor confidentiality policy is not possible state the tested PRNG is base for the device cryptography. However, if this occurs, results lead us to conclude the tested PRNG is not adequate to provide the required security in the systems that adopt the evaluated smart card.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Anais do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2017)

自引率

0.00%

发文量