A verifiable source of random numbers
High-quality entropy is vital for cryptography (among other functions), but adequate sources for it are hard to come by on standard computer hardware. Entropy sources that can be verified as trustworthy are even rarer. At linux.conf.au 2015 in Auckland, Jim Cheetham and Paul Campbell presented a session about OneRNG, their new hardware random number generator (RNG). OneRNG rapidly produces random bits that can be fed into the kernel's entropy pool, but it also offers protection against various security attacks: users can independently verify the integrity of all software, firmware, and hardware components.
Cheetham started off the talk with a background discussion about random number generation and explained the approach taken by the OneRNG—both how its random numbers are generated, and how they are provided to Linux. A true random number generator is critical, he said. Most of the alleged sources for entropy on a computer—such as network-traffic and hard-disk timing—are not as random as we would like them to be and can even be subject to sophisticated attacks. Furthermore, even a cryptographically secure pseudo-random number generator (CSPRNG) requires true random numbers as seed values.
The OneRNG's primary entropy source is an avalanche diode circuit that generates quantum noise, sampled in the analog domain. The same circuit has been used in other RNGs. This, he said, is one of just a few options for "physics that we cannot predict yet." A second entropy source is also present in the device: a de-tuned radio-frequency (RF) receiver chip that frequency hops at random intervals. Cheetham explained that it is theoretically possible for an attacker to skew the output of the RF receiver circuit by transmitting powerful RF signals, so the receiver is disabled by default. But it is available for users who wish to use it and are prepared to deal with the potential attacks; if properly used it can provide even better entropy than the avalanche diode.
There is also an AES chip present in the integrated circuit, but it is not used by the OneRNG at all because the integrity of its output cannot be independently validated. The issue, he explained, is that it remains conceivable that the US National Security Agency (NSA) or other powerful players have broken AES without anyone else knowing it.
The output of the avalanche circuit (as well as that of the RF receiver, if enabled) is run through a "whitening" CRC16 hash function before it is delivered to the RNG daemon, rngd. A separate rngd process is started for each OneRNG device plugged into a given system, and each rngd process is terminated when the device is unplugged. Each rngd daemon stirs its device's output into the kernel's entropy pool, which is accessible through the usual means: /dev/random and /dev/urandom.
The original goal of OneRNG, the speakers explained, was cryptography, which is "incredibly hungry" for entropy, and also incredibly sensitive. Android's pseudorandom number generator only had a tiny flaw, Cheetham noted, but that was enough for an exploit to rob people of Bitcoins ("note that I'm not saying they lost money," Cheetham quipped, "just Bitcoins."). But, he continued, there are several other important uses for RNGs—most notably scientific research that relies on numerical simulations and the online gambling industry, which has to prove to government regulators that it runs unbiased "games."
Design and verification
Campbell then took center stage, explaining the circuit design and the decisions that went into making the device something that users can audit. All of the software and firmware is open source and publicly available, of course, as are the schematics and board layouts. In addition, Campbell took pains to make the circuitry as simple as possible, so that its functionality is simpler to verify. There is only one "dense block" involved—the CC2531 CPU—and it was chosen because it is an older device available from many sources.
The same chip is also found in many older remote controls; if users are worried about the integrity of the CPU, he added "ask yourself if the NSA compromised this usage—of this chip—five years before this usage was invented." The truly paranoid, he said, can replace the CPU shipped on the device with another one that they acquire themselves.
The firmware included on the OneRNG is signed; users can dump it to a file, verify the signature, and verify that the firmware dump is exactly 256K. In fact, the actual firmware needed by the device is less than 256K; the team padded out the rest of the 256K size (with random data) to prevent attackers from adding an additional payload.
The device's operation can also be double-checked, Campbell said. "Don't trust me to write good code: lift the lid and check." In particular, the whitening function can be disabled, so that users can test the raw avalanche-circuit output. An audience member asked why the whitening step was included at all, given that the circuit is designed to produce true random numbers. Campbell replied that there is a slight DC bias to the entropy as generated by the circuit, so it generates about 5% more ones than zeros.
Due to that bias, the kernel may complain about the quality of the results. Whitening the output removes that obstacle at no additional cost. Correcting the DC bias in hardware would raise the per-unit price to $10,000, he said. As is, the end result is approximately 7.5 bits of entropy per byte, which can be stirred in with other entropy sources to further improve the quality level. The OneRNG is advertised as generating 350Kbps of entropy, Campbell said, although his tests generally show an even better performance (closer to 500Kbps).
Finally, although the OneRNG device is a USB stick, programming the device must be done with a special hardware tool (also open hardware). The OneRNG is not programmable through its USB port, in order to guard against attackers modifying the firmware.
Users should therefore be able to examine the physical circuitry, the firmware, the raw output, and all of the software used to support the OneRNG, verifying that each piece has not been tampered with. Startup scripts should perform the firmware and software verification every time a OneRNG is plugged in. Nevertheless, Campbell said, he advised that all users take the precaution of using multiple hardware RNGs: in addition to the OneRNG, he pointed to Paul Warren's rtl-entropy, Keith Packard and Bdale Garbee's USBtrng, John Denker's Turbid, and Yutaka Niibe's NeuG as other projects to consider.
Funding and further development
OneRNG is intended to be a low-cost tool. After making the first few prototypes, Campbell and Cheetham launched a fundraiser on Kickstarter. The project reached its 100% funding level in just six days (and, in fact, was still running with nearly two weeks left at the time of the talk). Campbell estimated that the total was on track to hit $32,000 (more than triple the target), which he called "really amazing." Since their talk, the total has exceeded that prediction. With more funds available than initially expected, Campbell said he was working on building device programmers with which users can build and upload their own firmware, and has ideas for other stretch goals (at least one of which, an internal version of the device for servers, has since been announced).
The two also discussed a few of the project's ongoing challenges. One is that building a serial-over-USB device like the OneRNG proves to be tricky because ModemManager assumes the device to be a modem and tries to take it over. From the audience, Packard asked why the team doesn't simply make the hardware appear as some other device type; Campbell replied that producing the numbers over a serial port was important because it would enable users on any (i.e. non-Linux) operating system use it as well.
Campbell also reported that it was tricky to start the firmware-verification script, followed by launching the rngd process, in a way that integrated smoothly with Linux init systems. Thus, the project starts the daemon using an at command instead. Finally, he noted that when unplugging the OneRNG it can be easy for udev to get "confused" about which device was removed. "Apparently, no one uses udev removal scripts, probably because udev removal is so broken."
There was a brief question-and-answer period at the end of the talk. One audience member asked if the team had any concerns about ordering its chips from China, given that the team had taken so many measures to guard against tampering by the US government. Campbell replied that he always has some concerns, but that in the past he has only had trouble with one chip being replaced with the wrong (but a similar) part. Usually, he added, working closely with the supplier in question prevents those problems—but the OneRNG team also has code prepared to validate all of the chips it receives.
The Kickstarter fundraiser campaign will conclude on January 28. The first, hand-made OneRNG units should be available in March, with the mass-produced units to follow a couple of months later.
[The author would like to thank LCA 2015 for travel assistance
to Auckland.]
| Index entries for this article | |
|---|---|
| Security | Random number generation |
| Conference | linux.conf.au/2015 |