External entropy supply for IoT devices employing a RISC-V Trusted Execution Environment
This addresses the critical security issue of entropy provisioning for IoT device fleets, though it is an incremental improvement leveraging existing TEE and TRNG technologies.
The paper tackles the problem of insufficient entropy for secure cryptographic key generation in constrained IoT devices by proposing an external entropy service using a RISC-V Trusted Execution Environment, demonstrating feasibility and effectiveness through an open-source implementation.
Entropy--a measure of randomness--is compulsory for the generation of secure cryptographic keys; however, Internet of Things (IoT) devices that are small or constrained often struggle to collect suf ficient entropy. In this article, we solve the entropy provisioning problem for a fleet of IoT devices that can generate a limited amount of entropy. We employ a Trusted Execution Environment (TEE) based on RISC-V to create an external entropy service for a fleet of IoT devices. A small measure of true entropy or pre-installed keys can establish initial secure communication. Once connected, devices can request cryptographically strong entropy from a TEE-backed server. RISC-V offers True Random Number Generators (TRNGs) and a TEE for devices to attest that they are receiving reliable entropy. In addition, this solution can be expanded by adding IoT devices with sensors that produce high-quality entropy as additional entropy sources for the RISC-V entropy provider. Our open-source implementation shows that building trusted entropy infrastructure for IoT is both feasible and effective on open RISC-V platforms.