Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 6 June 2018
  • Workshops will be held on 5 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here.
Back To Schedule
Wednesday, June 6 • 16:15 - 17:15
Random Problems in IoT

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Random Numbers are important. Really f***ing important! Yet, they are so often misunderstood. Decent Random Number generation is relied upon by large chunks of our cryptographic wizardry, and yet mistakes are repeatedly made - and we're seeing these mistakes bleeding into IoT.
With the proliferation of 'smart' devices, what affects the security of these devices could affect anything from lightbulbs to pacemakers. The author's own research has found some real problems with embedded devices generating random numbers, some proposed fixes, and then some problems with those for good measure.
We will present an overview of what 'random' is (with little to no scary maths), the current state of the art, and overview of embedded devices RNG's, our assessment results, and how things can move forward.
This talk will give you:
  • A solid overview of the basics of RNG
  • Some handy hints and nifty tricks for understanding what 'random' really is
  • An overview of the well-known problems in embedded/IoT RNG's - microcontrollers and SDK's just doing it wrong
  • An assessment of what fixes are available - which ones we found issues with, and which seem to work better
  • HSM's and other solutions we look to assess
  • What manufacturers, vendors, compliance bodies, and developers can do
This talk is suitable for people of any technical level, but is aimed at those with an interest in IoT security, cryptography, and hardware.

avatar for Mark Carney

Mark Carney

Security Research Labs
Hacker & Math guy, formerly a Musician; Having started out on helpdesk in a software firm, then becoming violinist with a degree in Music w/ Philosophy via being a DBA for a firm, Mark then went on to do an MSc and now full-time PhD study in Mathematics. This rounded off several years... Read More →

Wednesday June 6, 2018 16:15 - 17:15 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD