Entropy--a measure of randomness--is compulsory for the generation of secure cryptographic keys; however, Internet of Things (IoT) devices that are small or constrained often struggle to collect suf ficient entropy. In this article, we solve the entropy provisioning problem for a fleet of IoT devices that can generate a limited amount of entropy. We employ a Trusted Execution Environment (TEE) based on RISC-V to create an external entropy service for a fleet of IoT devices. A small measure of true entropy or pre-installed keys can establish initial secure communication. Once connected, devices can request cryptographically strong entropy from a TEE-backed server. RISC-V offers True Random Number Generators (TRNGs) and a TEE for devices to attest that they are receiving reliable entropy. In addition, this solution can be expanded by adding IoT devices with sensors that produce high-quality entropy as additional entropy sources for the RISC-V entropy provider. Our open-source implementation shows that building trusted entropy infrastructure for IoT is both feasible and effective on open RISC-V platforms.

翻译：熵——随机性的度量指标——是生成安全加密密钥的必要条件；然而，小型或资源受限的物联网设备往往难以收集足够的熵。本文针对仅能生成有限熵量的物联网设备群，解决了其熵供应问题。我们采用基于RISC-V的可信执行环境，为物联网设备群构建外部熵服务。少量真熵或预置密钥即可建立初始安全通信。连接建立后，设备可从TEE支持的服务端请求密码学强度的熵。RISC-V提供真随机数生成器及可信执行环境，使设备能够验证所接收熵的可靠性。此外，该方案可通过集成配备高质量熵生成传感器的物联网设备进行扩展，将其作为RISC-V熵供应器的辅助熵源。我们的开源实现表明，在开放RISC-V平台上为物联网构建可信熵基础设施兼具可行性与有效性。