🤖 AI Summary
This work addresses the vulnerability of wireless embedded systems during cold boot, where insufficient entropy or flawed random number generators often yield weak randomness that compromises cryptographic security. Focusing on ESP32-class IoT nodes, the study proposes a defense-in-depth entropy enhancement mechanism for system startup. It integrates multiple local hardware entropy sources—including SRAM power-up states, RF burst window measurements, and WDEV register sampling—and introduces, for the first time, a secure seed injection method based on pre-provisioned asymmetric keys. To ensure entropy reliability, the approach incorporates a source state admission policy and an entropy credit model, accepting entropy roots only when both source trustworthiness and protocol validation criteria are satisfied. Experimental results demonstrate that this method significantly improves startup entropy quality across various RF operating modes, thereby strengthening overall system security.
📝 Abstract
Weak randomness has broken deployed cryptography through implementation bugs, boot entropy scarcity, and backdoored generators. Inexpensive wireless sensors concentrate the risk because many boot or operate in highly deterministic conditions while relying on basic, rudimentary, or opaque RNGs. On ESP32-class boards, RF-disabled wireless device RNG register (WDEV) output is pseudorandom by specification yet passes the same statistical screens as RF-active states, showing that output tests cannot replace source-state admission. We propose a defense-in-depth boot path for ESP32-class IoT nodes that combines SRAM startup material, radio burst extraction, and asymmetric entropy capsules under explicit source-state admission. In radio burst extraction, a trusted node in the local IoT network, such as a gateway or dedicated entropy node, sends a public packet burst to open a measurement window. The client samples its own WDEV output and packet timing during that window, then credits only the local response. Capsules cover the cold-start case with a pre-provisioned asymmetric key pair. The trusted node encrypts fresh seed material to the client's public key and signs the capsule; the client verifies, decapsulates, and hashes before it has local entropy. We benchmark the ESP32 RNG under several radio operating modes, the fixed-burst extraction window, the deterministic capsule client path, and SRAM startup reads. Together, these measurements support an admission policy in which each root is credited only when its required source state and protocol checks hold.