Analysis on Entropy Sources based on Smartphone Sensors

Random number generator (RNG) is the basic primitive in cryptography. The randomness of random numbers generated by RNGs is the base of the security of various cryptosystems implemented in network and communications. With the popularization of smart mobile devices (such as smartphones) and the surge in demand for cryptographic applications of such devices, research on providing random number services for mobile devices has attracted more and more attentions. As the important components of smartphones, sensors are used to collect data from user behaviors and environments, and some data sources have the non-deterministic properties. Currently, some work focuses on how to design sensor-based RNG towards smartphones, since no additional hardware is required by this method. It is critical to evaluate the quality of entropy sources which is the main source of randomness for RNGs. However, as far as we know, there is no work to systematically analyze the feasibility for utilizing the raw sensor data to generate random sequences, and how much the entropy contained in the data is. In this paper, we aim to providing an analysis method for quantifying the entropy in the raw data captured by sensors embedded in smartphones, and studying the feasibility of generating random numbers from the data. We establish several data collection models for some typical sensors with different scenarios and data sampling frequencies. Furthermore, we propose a universal entropy estimation scheme for multivariate data to quantify the entropy of the sensor data, and apply it on a type of Android smartphones. The experiments demonstrate that the raw data collected by the sensors has a considerable amount of entropy, and the ability of different sensors to provide entropy has a certain relationship with the usage scenarios of smartphones and the sampling frequency of sensor data. Particularly, when in a static scenario and the sampling frequency is 50Hz, we get a conservative entropy estimation for our testing smartphones based on the min-entropy, which is about 189bits/s, 13bits/s and 254bits/s for the accelerometer, gyroscope, and magnetometer respectively. While the randomness of sensor data in dynamic scenarios will increase compared to static scenarios, because the environment and the way that the user uses the smartphones actually exist differences each time, parts of which are unknowable to the attacker.