An Evaluation On The Entropy Supplying Capability Of Smartphone Sensors

IF 1.5 4区 计算机科学 Q4 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE Computer Journal Pub Date : 2023-09-20 DOI:10.1093/comjnl/bxad081
Dinghua Zhang, Shihao Wu, Yang Li, Quan Pan
{"title":"An Evaluation On The Entropy Supplying Capability Of Smartphone Sensors","authors":"Dinghua Zhang, Shihao Wu, Yang Li, Quan Pan","doi":"10.1093/comjnl/bxad081","DOIUrl":null,"url":null,"abstract":"Abstract Random numbers are very important for the security of computer system. However, generating qualified random numbers is difficult because we cannot always successfully introduce dedicated random number hardware into computer system. Although most operating systems provide random number generation capabilities, the effective entropy supply is still dependent on the hardware platform including memory and clocks etc. However, obtaining hardware events such as clocks requires system privileges, which is not conducive for entropy estimation at the application layer. In contrast, data related to the sensor hardware can be extracted directly at the application layer. These sensor data contain some randomness and may be used as a noise source. In this way, applications can use these sensors to implement their own proprietary random number generators. Before taking these sensors as the noise source, it is necessary to fully evaluate their entropy supply capability. In this paper, 300 Android smartphones and 30 iOS smartphones are selected as samples and their sensor entropy supply capabilities are comprehensively evaluated. Based on the entropy evaluation results, we give some suggestions on how to generate random numbers using these sensor data. We first design a framework for evaluating the entropy supply capability for smartphone sensors, based on the min-entropy estimation method proposed in NIST SP 800-90B. According to this framework, we simulate stationary and mobile working states for each smartphone, and collect sufficient sensor data as the min-entropy estimation dataset. The min-entropy estimation results show that in the stationary working state, each ACCELEROMETER sensor data collection can obtain at least 1.5 bits of entropy in Android, while each GYROSCOPE sensor data collection can obtain at least 20 bits of entropy in iOS. In the mobile working state, each ACCELEROMETER sensor data collection can obtain at least 1.9 bits of entropy, while each GYROSCOPE sensor data acquisition in iOS system can obtain at least 27 bits of entropy. This means that we can still get a stable entropy output from the sensor even when the smartphone is in stationary working state. Statistical analysis of the data using cross correlation methods suggests it is hard for an attacker to guess or predict the random numbers generated by a smartphone through another smartphone put in the similar external environment.","PeriodicalId":50641,"journal":{"name":"Computer Journal","volume":"47 1","pages":"0"},"PeriodicalIF":1.5000,"publicationDate":"2023-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1093/comjnl/bxad081","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

Abstract

Abstract Random numbers are very important for the security of computer system. However, generating qualified random numbers is difficult because we cannot always successfully introduce dedicated random number hardware into computer system. Although most operating systems provide random number generation capabilities, the effective entropy supply is still dependent on the hardware platform including memory and clocks etc. However, obtaining hardware events such as clocks requires system privileges, which is not conducive for entropy estimation at the application layer. In contrast, data related to the sensor hardware can be extracted directly at the application layer. These sensor data contain some randomness and may be used as a noise source. In this way, applications can use these sensors to implement their own proprietary random number generators. Before taking these sensors as the noise source, it is necessary to fully evaluate their entropy supply capability. In this paper, 300 Android smartphones and 30 iOS smartphones are selected as samples and their sensor entropy supply capabilities are comprehensively evaluated. Based on the entropy evaluation results, we give some suggestions on how to generate random numbers using these sensor data. We first design a framework for evaluating the entropy supply capability for smartphone sensors, based on the min-entropy estimation method proposed in NIST SP 800-90B. According to this framework, we simulate stationary and mobile working states for each smartphone, and collect sufficient sensor data as the min-entropy estimation dataset. The min-entropy estimation results show that in the stationary working state, each ACCELEROMETER sensor data collection can obtain at least 1.5 bits of entropy in Android, while each GYROSCOPE sensor data collection can obtain at least 20 bits of entropy in iOS. In the mobile working state, each ACCELEROMETER sensor data collection can obtain at least 1.9 bits of entropy, while each GYROSCOPE sensor data acquisition in iOS system can obtain at least 27 bits of entropy. This means that we can still get a stable entropy output from the sensor even when the smartphone is in stationary working state. Statistical analysis of the data using cross correlation methods suggests it is hard for an attacker to guess or predict the random numbers generated by a smartphone through another smartphone put in the similar external environment.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
智能手机传感器的熵供给能力评价
摘要随机数对于计算机系统的安全是非常重要的。然而,由于我们不能总是成功地在计算机系统中引入专用的随机数硬件,因此产生合格的随机数是困难的。尽管大多数操作系统都提供随机数生成功能,但有效熵供应仍然依赖于硬件平台,包括内存和时钟等。然而,获取硬件事件(如时钟)需要系统特权,这不利于在应用层进行熵估计。相反,与传感器硬件相关的数据可以直接在应用层提取。这些传感器数据具有一定的随机性,可能被用作噪声源。通过这种方式,应用程序可以使用这些传感器来实现它们自己专有的随机数生成器。在将这些传感器作为噪声源之前,有必要充分评估它们的熵供给能力。本文选取300部Android智能手机和30部iOS智能手机作为样本,对其传感器熵供给能力进行综合评价。根据熵值评价结果,对如何利用这些传感器数据生成随机数提出了一些建议。我们首先基于NIST SP 800-90B中提出的最小熵估计方法,设计了一个评估智能手机传感器熵供应能力的框架。根据该框架,我们模拟了每个智能手机的固定和移动工作状态,并收集了足够的传感器数据作为最小熵估计数据集。最小熵估计结果表明,在静止工作状态下,每次加速度计传感器数据采集在Android中至少可以获得1.5比特的熵,而每次陀螺仪传感器数据采集在iOS中至少可以获得20比特的熵。在移动工作状态下,每次加速度计传感器数据采集可获得至少1.9比特的熵,而在iOS系统中,每次陀螺仪传感器数据采集可获得至少27比特的熵。这意味着即使智能手机处于静止工作状态,我们仍然可以从传感器获得稳定的熵输出。使用相互关联方法对数据进行统计分析表明,攻击者很难猜测或预测智能手机通过放置在类似外部环境中的另一部智能手机产生的随机数。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Computer Journal
Computer Journal 工程技术-计算机:软件工程
CiteScore
3.60
自引率
7.10%
发文量
164
审稿时长
4.8 months
期刊介绍: The Computer Journal is one of the longest-established journals serving all branches of the academic computer science community. It is currently published in four sections.
期刊最新文献
Correction to: Automatic Diagnosis of Diabetic Retinopathy from Retinal Abnormalities: Improved Jaya-Based Feature Selection and Recurrent Neural Network Eager Term Rewriting For The Fracterm Calculus Of Common Meadows An Intrusion Detection Method Based on Attention Mechanism to Improve CNN-BiLSTM Model Enhancing Auditory Brainstem Response Classification Based On Vision Transformer Leveraging Meta-Learning To Improve Unsupervised Domain Adaptation
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1