How randomly moving electrons can improve cyber security
Newswise: In October 2017, technology giant Yahoo! revealed a data breach that had leaked sensitive information from more than 3 billion user accounts, exposing them to identity theft. The company had to force all affected users to change their passwords and re-encrypt their credentials. In recent years, there have been several cases of security breaches that have left users vulnerable.
“Almost everything we do on the Internet is encrypted for security. The strength of this encryption depends on the quality of random number generation,” says Nithin Abraham, a doctoral student in the Department of Electrical Communication Engineering (ECE). Indian Institute of Science (IISc). Abraham is part of a team led by Kausik Majumdar, an associate professor at the ECE, who has developed a record-breaking real number generator (TRNG) that can improve data encryption and provide better security for data. sensitive digital information, such as credit card details. , passwords and other personal information. The study describing this device has been published in the journal ACS Nano.
Encrypted information can only be decrypted by authorized users who have access to a cryptographic “key”. But the key must be unpredictable and therefore randomly generated to resist piracy. Cryptographic keys are typically generated on computers by pseudo-random number generators (PRNGs), which are based on mathematical formulas or preprogrammed tables to produce numbers that appear random but are not. Instead, a TRNG extracts random numbers from inherently random physical processes, making it more secure.
In IISc’s innovative TRNG device, random numbers are generated by the random movement of electrons. It consists of an artificial electron trap built by stacking atomically thin layers of materials such as black phosphorus and graphene. The current measured from the device increases when an electron is trapped and decreases when it is released. Because electrons move in and out of the trap randomly, the measured current also changes randomly. The timing of this change determines the random number generated. “You can’t predict exactly what time the electron will enter the trap. So there’s an inherent randomness that’s built into that process,” Majumdar explains.
Device performance in standard testing for cryptographic applications designed by the U.S. National Institute of Standards and Technology (NIST) has exceeded Majumdar’s expectations. “When I was first struck by the idea, I knew it would be a good random number generator, but I didn’t expect it to have a record min-entropy,” he says.
Min-entropy is a parameter used to measure the performance of TRNGs. Its value ranges from 0 (completely predictable) to 1 (completely random). The Majumdar lab device showed a record minimum entropy of 0.98, a significant improvement over previously reported values, which were around 0.89. “Ours is by far the highest min-entropy reported among TRNGs,” says Abraham.
The team’s electronic TRNG is also more compact than its more clumsy counterparts that rely on optical phenomena, Abraham says. “Because our device is purely electronic, millions of such devices can be created on a single chip,” adds Majumdar. He and his group plan to improve the device by making it faster and developing a new manufacturing process that would allow mass production of these chips.