Visible to the public A Worst-Case Entropy Estimation of Oscillator-Based Entropy Sources: When the Adversaries Have Access to the History Outputs

TitleA Worst-Case Entropy Estimation of Oscillator-Based Entropy Sources: When the Adversaries Have Access to the History Outputs
Publication TypeConference Paper
Year of Publication2019
AuthorsZhu, S., Chen, H., Xi, W., Chen, M., Fan, L., Feng, D.
Conference Name2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
Date Publishedaug
Keywordsaverage conditional Shannon entropy, cryptographic system, cryptography, Entropy, entropy evaluation, entropy source, Estimation, History, Jitter, oscillator-based entropy sources, Oscillators, pubcrawl, randomness, resilience, Resiliency, Ring Oscillator, ring oscillator-based entropy sources, RO-based entropy sources, Scalability, security, specific conditional Shannon entropy, Stochastic Computing Security, Stochastic processes, thermal noise, unpredictable random numbers, worst-case entropy estimation
AbstractEntropy sources are designed to provide unpredictable random numbers for cryptographic systems. As an assessment of the sources, Shannon entropy is usually adopted to quantitatively measure the unpredictability of the outputs. In several related works about the entropy evaluation of ring oscillator-based (RO-based) entropy sources, authors evaluated the unpredictability with the average conditional Shannon entropy (ACE) of the source, moreover provided a lower bound of the ACE (LBoACE). However, in this paper, we have demonstrated that when the adversaries have access to the history outputs of the entropy source, for example, by some intrusive attacks, the LBoACE may overestimate the actual unpredictability of the next output for the adversaries. In this situation, we suggest to adopt the specific conditional Shannon entropy (SCE) which exactly measures the unpredictability of the future output with the knowledge of previous output sequences and so is more consistent with the reality than the ACE. In particular, to be conservative, we propose to take the lower bound of the SCE (LBoSCE) as an estimation of the worst-case entropy of the sources. We put forward a detailed method to estimate this worst-case entropy of RO-based entropy sources, which we have also verified by experiment on an FPGA device. We recommend to adopt this method to provide a conservative assessment of the unpredictability when the entropy source works in a vulnerable environment and the adversaries might obtain the previous outputs.
Citation Keyzhu_worst-case_2019