Search papers, labs, and topics across Lattice.
This paper addresses the challenge of insufficient entropy for cryptographic key generation in constrained IoT devices by proposing an external entropy service leveraging a RISC-V Trusted Execution Environment (TEE). The system uses a small amount of initial entropy or pre-installed keys to establish secure communication with a TEE-backed server that provides cryptographically strong entropy. The open-source implementation demonstrates the feasibility and effectiveness of building trusted entropy infrastructure for IoT devices using RISC-V platforms, even allowing for expansion with IoT sensors as additional entropy sources.
IoT devices struggling with weak entropy can now get a cryptographic boost from a RISC-V trusted execution environment, turning entropy provisioning into a manageable service.
Entropy--a measure of randomness--is compulsory for the generation of secure cryptographic keys; however, Internet of Things (IoT) devices that are small or constrained often struggle to collect suf ficient entropy. In this article, we solve the entropy provisioning problem for a fleet of IoT devices that can generate a limited amount of entropy. We employ a Trusted Execution Environment (TEE) based on RISC-V to create an external entropy service for a fleet of IoT devices. A small measure of true entropy or pre-installed keys can establish initial secure communication. Once connected, devices can request cryptographically strong entropy from a TEE-backed server. RISC-V offers True Random Number Generators (TRNGs) and a TEE for devices to attest that they are receiving reliable entropy. In addition, this solution can be expanded by adding IoT devices with sensors that produce high-quality entropy as additional entropy sources for the RISC-V entropy provider. Our open-source implementation shows that building trusted entropy infrastructure for IoT is both feasible and effective on open RISC-V platforms.
