Hi RS,
On Thu, Oct 05, 2017 at 11:16:45PM -0700, ringsignature@riseup.net wrote:
Might those devices be interesting as a research target for generating entropy from a radio interface? The specification suggests that the device does indeed have a radio interface. If so, perhaps it would be a useful experiment for someone to attempt to create an OsmoEntropy subproject?
Technically, it would of course make sense, and conceptually it's a great idea. However, specifically on the sysmoBTS (as some other devices we support), the proprietary PHY (and hence any part that directly obtains baseband samples) runs on a separate DSP core.
On osmo-bts using that PHY we only have access to figures like BER, RSSI, clock drift, burst arrival timing, ... It might be possible to use some of those for generating entropy, too - if proper care is taken to avoid situations where all of those parameters are controlled by an attacker, of course.
For devices using osmo-trx (the SDR based implementation of a GSM PHY), the situation is different: OsmoTRX receives the baseband samples and is performing the radiomodem function on it. osmo-bts-trx then performs the bust demodulation/decoding. One could hence possibly add some module to either of the two (probably osmo-trx).
However, the much higher CPU requirements of a osmo-trx + osmo-bts-trx setup require a larger/higher-end system (like embedded PC) to run the related code, and hence the probability of having a hardware randomness source is much higher than on the deeply embedded sysmoBTS or osmo-bts-octphy / osmo-bts-litecell15 devices which all run a proprietary PHY in a DSP.
I would be interested in undertaking such a project, if it would be useful and especially if it would be used.
I think if it existed for osmo-bts-sysmo, we'd for sure use it. I'm still not sure if it's really worth the effort, given that most non-trivial setups typically have an external computer as BSC/NITB anyway, as stated below:
However, in most realistic scenarios you would have more than one BTS and run the NITB/MSC/SGSN on some kind of (embedded?) x86 or ARM board, and most systems have had hardware random number generators for quite a long time.
Regards, Harald