Entropy as a Service: A Lightweight Random Number Generator for Decentralized IoT Applications

Cryptographic Pseudorandom Number Generators (CPRNG) play a very crucial role in Internet of Things (IoT) security. Cryptographic protocols require random numbers for nonces, salts, and key generation. However, developing secure and lightweight CPRNG is strenuous. Insecure source of randomness can evolve in vulnerabilities and can jeopardize security mechanisms. As the number of IoT devices are expected to exceed over billions, the demand for distributed CPRNG increases. Manually configuring random numbers in large numbers of IoT devices is practically challenging and insecure. In this paper, we propose a cryptographically secure pseudorandom number generator based on sensor data as source of randomness. The appealing characteristic of a sensor data based random number generator is that sensor can possibly generate infinite data. Thus, having longer period and perhaps higher entropy. We also present proof-of-concept of potential usage of sensor data as a source of randomness. Furthermore, the mechanism is evaluated with the NIST statistical suite.