External entropy supply for IoT devices employing a RISC-V Trusted Execution Environment
Arttu Paju, Alejandro Cabrera Aldaya, Nicola Tuveri, Juha Savimäki, Marko Kivikangas, Brian McGillion
TL;DR
This article employs a Trusted Execution Environment (TEE) based on RISC-V to create an external entropy service for a fleet of IoT devices to solve the entropy provisioning problem for a fleet of IoT devices that can generate a limited amount of entropy.
Abstract
Entropy--a measure of randomness--is compulsory for the generation of secure cryptographic keys; however, Internet of Things (IoT) devices that are small or constrained often struggle to collect suf ficient entropy. In this article, we solve the entropy provisioning problem for a fleet of IoT devices that can generate a limited amount of entropy. We employ a Trusted Execution Environment (TEE) based on RISC-V to create an external entropy service for a fleet of IoT devices. A small measure of true entropy or pre-installed keys can establish initial secure communication. Once connected, devices can request cryptographically strong entropy from a TEE-backed server. RISC-V offers True Random Number Generators (TRNGs) and a TEE for devices to attest that they are receiving reliable entropy. In addition, this solution can be expanded by adding IoT devices with sensors that produce high-quality entropy as additional entropy sources for the RISC-V entropy provider. Our open-source implementation shows that building trusted entropy infrastructure for IoT is both feasible and effective on open RISC-V platforms.