A test that we had to dig deeper into was Approximate Entropy, which had the largest discrepancy, a sudden drop from a high pass rate to zero. We extracted all of the Approximate Entropy values and computed key statistics across the 181 runs.
While the G-SHA1 entropy values are about 30% lower than the Blum-Blum-Shub, our Washed-Rinsed seeds possess an entropy that is within 3% of the Blum-Blum-Shub, despite not passing the NIST test. The Raw Accelerometer data on the other hand, have entropy levels that are barely close to 50% of the G-SHA1, and little more than a third of the Blum-Blum-Shub and Washed + Rinsed data. Making matters worse, the Raw Accelerometer Data are highly unstable, with a range that is larger than the mean. This means that on some occasions, the data sequences are extremely predictable. Even the maximum entropy of the Raw Accelerometer data is only about half of the Washed-Rinsed data and Blum-Blum-Shub. Complete results from the NIST Test Suite are available for download: G-SHA1 results, Blum-Blum-Shub results, and Washed + Rinsed results, and Raw Accelerometer results. A complete explanation of the tests and NIST Test Suite functions can be found here.
The take home message here is that the RNGs used here require seeds that are sufficiently unpredictable in order to function securely. These tests results show that our data sequences are within range of being random enough to be used for secure communication, well beyond just serving as seeds for the RNGs. And, raw sensor data that capture user behaviors are NOT unpredictable enough to be cryptographically secure.
Advantages of this Technology 1) Availability. First off, this method of seeding the random number generator takes advantage of user behavior as an initial source of unpredictability. Indeed, password managers seed their RNGs with potentially unpredictable user behavior, but crudely, e.g., accelerometer data obtained from the shaking of the smartphone (STRIP) or mouse movements and a keypress (KeePass). All a hacker needs to do then, is learn a little bit about their target, and the "random" passwords begin to fall like dominoes. Now, instead of using user behavior alone as seeds, we leverage that initial source of unpredictability and remove the predictable parts of user behavior and boost the unpredictability further. 2) Reliability. Second, this technology is particularly suited for the growth in always-on technology, such as smartwatches, Google Glass, etc. where a constant stream of data is available. Even if the device is not always on, for example, a smartphone, start-up time would be enough to provide an initial data sequence. While we collected data at 100Hz, the Bosch accelerometer is capable of sampling unfiltered data at 2,000Hz (see p. 16 of spec sheet). This would mean that a 5 second startup time is enough to kick start and seed an RNG. 3) Cost-Free. Third, this technology does not introduce additional power or hardware requirements to any existing system. Sensors are already embedded as working components of virtually all mobile computing devices, and the number of sensors will only increase over time. 4) Security. Last, but most important is the security that this technology provides. If the generation of the random numbers is done at a level where no software access is provided, hackers are kept out.
No comments:
Post a Comment