Well put piece, technical .... introduction.
The Challenges of IoT, TLS, and Random Number Generators in the Real World
Bad random numbers are still with us and are proliferating in modern systems.
By James P. Hughes, Whitfield Diffie
IoT (Internet of things) is now a first-class member of the Internet, communicating with cloud infrastructure. With this come additional requirements to ensure confidentiality, integrity, and authentication for every customer's data. The IETF TLS (Transport Layer Security) protocol is used for almost all Internet traffic security, but TLS is not as secure as the general public believes it to be. The current TLS protocol has been proven secure, but do IoT implementations live up to that promise? IoT does not always have the luxury of hardware RNGs (random number generators) or other features typically found on servers, laptops, or even phone processors. The history of RNGs that have not been as random as expected has led to this question.
TLS does not make things easy. It uses fragile constructions such as DSA (Digital Signature Algorithm), RSA (Rivest-Shamir-Adleman), and GCM (Galois/CounterMode), and the protocol itself fails in many ways if the random numbers are not perfectly random. NIST (National Institute of Standards and Technology) and others have created standards for building, testing, and standardizing RNGs. These standards have been implemented in open-source projects that have made these tools available to the community, but there can be issues with RNGs even when using the standardized open-source libraries. Programmers are not solely to blame.
Many in the cryptographic community scoff at the mistakes made in implementing RNGs. Many cryptographers and members of the IETF resist the call to make TLS more resilient to this class of failures. This article discusses the history, current state, and fragility of the TLS protocol, and it closes with an example of how to improve the protocol. The goal is not to suggest a solution but to start a dialog to make TLS more resilient by proving that the security of TLS without the assumption of perfect random numbers is possible. ... ')
No comments:
Post a Comment