Skip to main content

Certifiably Biased: An In-Depth Analysis of a Common Criteria EAL4+ Certified TRNG

Hurley-Smith, Darren, Hernandez-Castro, Julio (2018) Certifiably Biased: An In-Depth Analysis of a Common Criteria EAL4+ Certified TRNG. IEEE Transactions on Information Forensics and Security, 13 (4). pp. 1031-1041. ISSN 1556-6013. E-ISSN 1556-6021. (doi:10.1109/TIFS.2017.2777342) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:67241)

PDF Publisher pdf
Language: English

Restricted to Repository staff only
Contact us about this Publication
[img]
Official URL
https://doi.org/10.1109/TIFS.2017.2777342

Abstract

This paper reports the first in-depth analysis of the DESFire EV1’s EAL4+ certified TRNG and raises some difficult questions regarding the certification of non-deterministic random number generators. We start by analyzing the quality of the purportedly true random number generator (TRNG) on the DESFire EV1 card. Clear and consistent biases are identified, despite good performance in most randomness tests.

TRNG output. Further analysis shows systemic issues affecting TRNG output at the byte level, for which we have developed an accurate explanation. Our results have been acknowledged by the manufacturer, after responsible disclosure.

Item Type: Article
DOI/Identification number: 10.1109/TIFS.2017.2777342
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: Julio Hernandez Castro
Date Deposited: 08 Jun 2018 14:32 UTC
Last Modified: 03 Mar 2020 04:09 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/67241 (The current URI for this page, for reference purposes)
Hernandez-Castro, Julio: https://orcid.org/0000-0002-6432-5328
  • Depositors only (login required):

Downloads

Downloads per month over past year