Fwd: [Cryptography] A review per day of TRNGs: OneRNG

[ianG]

-------- Original Message --------
Subject: 	[Cryptography] A review per day of TRNGs: OneRNG
Date: 	Wed, 22 Oct 2014 10:01:59 -0400
From: 	Bill Cox <waywardgeek at gmail.com>
To: 	cryptography at metzdowd.com <cryptography at metzdowd.com>



I had a ton of fun reviewing PHC candidates, and I learned a lot in the
process.  If people think it would be fun to review TRNGs in a similar
manner on this thread, then I'll do a review once per day-ish, until I
can't find any more TRNGs to review.

I'll start with my favorite, to begin on a positive note: OneRNG.

    http://onerng.info/

OneRNG is free-hardware and free-software, as in freedom.  It's
typically called open-hardware and open-source.  This is *very*
important for a TRNG.  *Any* TRNG that has either unavailable software
source, or unavailable hardware design is going to get a poor rating by
me, since security-through-obscurity has been shown over and over again
to fail, particularly with TRNGs. AFAIK, OneRNG is the *only*
open-hardware/software device that has been built which is suitable for
cryptography (mine has only been breadboarded so far).  TrueRNG claims
to be, but I have yet to see a schematic, let along a board layout or
software source.  However, maybe I'll find it when I do that review
:-)Â  Rob Seward gets an honorable mention:

    http://robseward.com/misc/RNG2/

This is free hardware and software in the best form.  However, as he
states, there are some security issues with this design that make it
more suitable for white noise generation than cryptography.

To support secure crypto, OneRNG takes unpredictability of their
resulting data *very* seriously.  Rather than rely on either radio
noise or zener noise, they put *both* on their board, and mix the
streams together.  They continuously monitor the health of both, and
shut down if either is not functioning properly.

They also disabled programming over USB, so nasty malware cannot subvert
the device.  This is a limitation of Rob Seward's design that he wisely
states in his documentation.  However, it is possible to intercept a
OneRNG in the mail, and reprogram it in nasty ways.  Users who are
particularly concerned about this possibility are encouraged to re-flash
the device themselves.

This brings up threat models.  No hardware can be considered secure if
sent through the mail, unless we assume the mail service is
trustworthy.  This is true for laptops as well as TRNGs.  More than
any other TRNG, OneRNG has considered this a real threat and done
something about it.  To verify you have a genuine OneRNG, the metal
shielding is removable.  You are encouraged to inspect the board
yourself and compare it to the picture online.  The microcontroller
label can be inspected, though it's hard to prove it is not an
impostor.  However, it is *very* difficult to make an impostor of a
microcontroller that functions properly with a programmer and debugging
interface.  It most likely has to be built by the original
manufacturer, in this case TI.  So, there is an assumption that a
complex $4 chip has no back-door, but I find that far more palatable
than the assumption that Intel's RDRAND instruction has no back door.

The radio entropy source can be influenced remotely by a radio
transmitter, so the OneRNG randomly skips around in the frequency being
sampled, and makes that decision I assume using output at includes the
zener noise.  While I am not sure I would want to rely on radio alone,
when combined with the zener, it seems secure enough to me.

The zener noise is, I believe, generated a typical reverse base-emitter
breakdown, because the fabs don't bother to make this mode of using a
transistor low-noise.  Real zeners are far less noisy.  This circuit
is cheap, but has some problems.  It drifts over time, and the noise
level can very a great deal from part to part, making it hard to build a
reliable, dependable entropy source.  However, they do monitor it's
health, and shut down if it fails.

Because of the saturating amplification of the zener noise, an attacker
can influence the output with a very small injected signal.  To counter
this threat, OneRNG encases all of the analog circuits in a solid metal
box.  The back side of the board under this box is a solid ground
plane, with several vias connecting the box to this ground plane.  Paul
seems to know what he's doing here, and I think he has likely succeeded
in an excellent shield against external interference.

As for downsides, OneRNG is not as simple as some TRNGs.  This makes it
tougher to insure it is secure.  Also, the possibility of having it
reprogrammed by an attacker who intercepts it in the mail remains an
issue, since most users will not likely re-flash their device.  I am
not sure if the flash can be dumped securely over USB, or if an attacker
can mod the program to deliver the original firmware, hiding the malware.

The biggest current downside to OneRNG is that you cannot buy one yet.Â
They are in Beta stage.  Paul has his own pick-and-place machine, and
hopefully will ramp production soon.  I plan to buy one when he does.

In summary, I give this TRNG my highest rating: secure for all
cryptographic purpose, IMO.  All threat models I can conceive have been
considered.  I would encourage users concerned about mail interception
to compare their firmware to that on the website, and then re-flash it
anyway.

Also, Paul has been very helpful to me on my own TRNG project, which is
going beyond the call of duty.  He really does seem to want the world
to be more secure, and is willing to help other TRNG developers towards
that goal.  I do hope that in a future version, Paul might consider
dropping the zener and use a more noise injection resistant and more
consistently manufacturable Infinite Noise Multiplier, but he should
ship what he has for now.  Upgrading to an INM might be splitting hairs
for the security of this device.

Bill