Abstract
We provide the first provable-security analysis of the Intel Secure Key hardware RNG (ISK-RNG), versions of which have appeared in Intel processors since late 2011. To model the ISK-RNG, we generalize the PRNG-with-inputs primitive, introduced by Dodis et al. at CCS’13 for their /dev/[u]random analysis. The concrete security bounds we uncover tell a mixed story. We find that ISK-RNG lacks backward security altogether, and that the forward-security bound for the “truly random” bits fetched by the RDSEED instruction is potentially worrisome. On the other hand, we are able to prove stronger forward-security bounds for the pseudorandom bits fetched by the RDRAND instruction. En route to these results, our main technical efforts focus on the way in which ISK-RNG employs CBCMAC as an entropy extractor.
Author supplied keywords
Cite
CITATION STYLE
Shrimpton, T., & Terashima, R. S. (2015). A provable-security analysis of Intel’s secure key RNG. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9056, pp. 77–100). Springer Verlag. https://doi.org/10.1007/978-3-662-46800-5_4
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
