[Cryptech Tech] Discussion: On-line tests for entropy providers in Cryptech

[Joachim Strömbergson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

I would like to start up a discussion about what on-line tests we are to
implement in our entropy providers.

The general plan is that we develop a healt monitor HW-module that
should be integrated in the entropy provider module. The module
continuously monitors the entropy source connected to the provider and
alarms the system if the entropy source is found by the module to be
faulty. Note that my idea is that there is one health monitor for each
entropy source. The purpose of the monitor is not to provide a quality
metric of the entopy currently provided by the source, but to detect if
the entropy source is broken. Quality tests are assumed to be done
offline by extracting entropy and then run tests


One direct question is if it possible to develop a single module and use
it to monitor all types of entropy sources? At least the types we have
today (based on avalanche noise and ring oscillators respectively)? Or
would we need to adapt each on-line test module and the tests it
implements for every type of entropy source?


As far as I'm able to read, there are two main sets of tests for
determine the health of entropy sources: BSI AIS31 and the entropy tests
in NIST SP 800-90B [2[. IMHO the Master's Thesis by Emma Hilmersson
gives a good description of the tests in the standards and how they compare:

http://www.eit.lth.se/sprapport.php?uid=498

(There is also a discussion about entropy testing in the thesis).

AIS31 contains nine tests, most of which are fairly easy to implement
(but needs to be heavily tested). SP 800-90B contains 18 tests. There
are some overlap between them.

Some questions I really would appreciate with are:
- - Which test are a minimum must have requirement (I'm not assuming that
they only comes from AIS31 or 800-90B)?

- - Which test would be good to have?

- - How should the alarm be handled and what should the HW do when a alarm
happens?

- - What about warm up, what grace period should we have as minimum?
Should it be settable?


Also, we should have a similar health detector for the CSPRNG. What
tests should we use there? (BSI AIS20)?



[1]
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_Functionality_classes_for_random_number_generators_e.pdf?__blob=publicationFile

[2] http://csrc.nist.gov/publications/drafts/800-90/draft-sp800-90b.pdf
- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJUt75dAAoJEF3cfFQkIuyNfpwP/1McoRZ07DzaZ6H8Umf+8zFT
Zw5T/WfCfN/9KO3Bbn7IAoc+8kHOM8CEBRYtOTWMb8NqHG1fEusNumolG9q6PGuj
2aAdqtF85oIxb2cbB2yWSJCDvuHforriRkTc9Mi2ru9cUIysI5rnECtuFWp7IOc4
IWJaaYgVQEnc7d1nb6PPNWoXzV2ogBSH3NP7qwXznKKF1ONq/VsJYpzMkCTopjhs
IomYaLLkYmxKSudWQAAbw9Y/iimiSY74goHe266jVjGlZRkyGIThltqaUJ+9xyCH
E/vLq/lWU51t5zQ7j7YmqR5edZZjBBMyz9sUJZWFsP9KMbhsP2GW8j2jRhnNTeE3
+8VfP1yZ4EFksOzLE2nWZTTkppv4lEIEUYoa8LjwRKmqJVDnEQgmVycdW4i/eDJA
s2o0k1AOEqixIXxaBJnoS4yjUFDt1X79O+faksoFg24w1pXrRQe/Dbf1gyRHzvqk
7r8rpwlhfhIfOA8hrqjOge8DuHlup/YenMlPeACwHxZmpcXyaE1TOngeCrglO1B6
RqgB5WxLwL/nRNKnTWCnqdX5ilORNjDYvO8nf/inDHEBXf9mEiFBWsReqH1xSBAV
rMb0gu1omfOhao27XEm2/NVXWMuuR0roITYjIHDE/AFzfpXkwOlG4VgNHmLQ6as2
PVJipjMwzPisuLRQ2MRS
=6Aoa
-----END PGP SIGNATURE-----