In this example, the client system is equipped with a Hardware Root of Trust (HRT) device. Examples of HRT devices are the Trusted Platform Module, Intel® Identity Protection Technology, and the ARM® TrustZone technology. The client system runs a dedicated software application capable of interfacing with the local HRT device on the one end and with the EaaS on the other end. The application communicates with the entropy server using standard plaintext protocols, such as HTTP.
WARNING:The resulting from Step 6 of the protocol random data shall not be used directly for constructing cryptographic keys with it or as a seed to a DRBG. Instead, known cryptographic mechanisms for combining multiple random data sources shall be used to mix random data obtained from multiple remote EaaS instances with local, with respect to the client system and the HRT device, randomness to create a seed for a NIST approved DRBG. Such cryptographic mechanisms are known in the trade as entropy/randomness extraction.
It is strongly recommended at a minimum two independent EaaS instances located in different geopolitical locales be used as remote sources. The resulting data from the randomness extraction process shall be provided as a seed to a NIST approved DRBG. The seeded NIST approved DRBG on the client system or inside the HRT device shall then be used for generating cryptographic keys using NIST approved methods.
This construction ensures that an attacker would not have any meaningful advantage to gain insight into the cryptographic keys generated locally on the client system.
Security and Privacy: assurance, key management, random number generation, roots of trust, testing & validation
Technologies: hardware