Random data and key generation evaluation of some commercial tokens and smart cards

Author

Boorghany, Ahmad ; Sarmadi, Siavash Bayat ; Yousefi, Pamian ; Gorji, Pouneh ; Jalili, Rasool

Author_Institution

Comput. Eng. Dept., Sharif Univ. of Technol., Tehran, Iran

fYear

2014

fDate

3-4 Sept. 2014

Firstpage

49

Lastpage

54

Abstract

In this paper, we report our evaluation of the strength of random number generator and RSA key-pair generator of some commercially available ¹ constrained hardware modules, i.e., tokens and smart cards. That was motivated after recent related attacks to RSA public keys, which are generated by constrained network devices and smart cards, and turned out to be insecure due to low-quality randomness. Those attacks are mostly computing pair-wise GCD between the moduli in public keys, and resulted in breaking several thousands of these keys. Our results show that most of the tested hardware modules behave well. However, some have abnormal or weak random generators which seem to be unsuitable for cryptographic purposes. Moreover, another hardware module, in some rare circumstances, unexpectedly generates moduli which are divisible by very small prime factors.

Keywords

public key cryptography; smart cards; RSA key-pair generator; RSA public keys; commercial tokens; commercially available constrained hardware modules; constrained network devices; cryptographic purposes; key generation evaluation; low-quality randomness; pair-wise GCD; random data evaluation; random number generator; smart cards; weak random generators; Generators; Hardware; Java; Public key; Smart cards; Cryptography; GCD Attack; Hardware Security Module; RSA Common Prime; Random Generator Evaluation;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on

Conference_Location

Tehran

Type

conf

DOI

10.1109/ISCISC.2014.6994021

Filename

6994021