ZOEKEN
Producten
Cryptographic Chip
Data Diode - FFDD
Decru Data Fort
Expert Defender
File Encryptor - FFFE
Fox PKI
Fox RandomCard
FoxReplay Analyst
SafeBoot
SafeGuard Easy
Sec-ID
SINA VPN


Fox RandomCard | Print |
Hardware-based True Random Number Generator

RandomCardIn a large number of high-security scenarios truly random data is required to ensure the security of a system. This random data is used to generate for instance secret keys and challenges. In order to guarantee the security of the system it is vital that the used random data is truly unpredictable. The only way to produce truly random data is to use a True Random Number Generator as a source.

Fox RandomCard: True Random Number Generator The Fox RandomCard is a PCMCIA card that contains a hardware-based True Random Number Generator (TRNG). This TRNG is also the basis of a large number of products built specifically for the Dutch government to protect their State Secrets.

The Fox RandomCard itself is bundled with a software library and API for use on the system that uses the Fox RandomCard. This API enables developers to tightly integrate the Fox RandomCard in any system.

In addition it is possible to obtain a production-ready Random Generation Workstation. The Random Generation Workstation is a pre-installed system combined with a Fox Randomcard that can be used as an offline generation station for random data. Ready for integration within an existing system.

System/Security Overview
Everything around the Fox RandomCard focuses on its security. One of the main features of any random source is that it has to be unpredictable. A major risk related to this, is that if it is possible to tamper with the source during transport, this could have grave consequences on the security of the system it is used in. Therefore the design of the Fox RandomCard tries to mitigate this risk by making it possible to ensure the genuiness of the device from within the software.

In order to ensure the genuiness of the device, the firmware inside the Fox RandomCard performs multiple security checks to ensure that the system has not been tampered with. In addition a secure channel is set-up with the client application to guarantee that random data is actually generated inside the secure part of the Fox RandomCard.

Details
To facilitate this, the Fox RandomCard uses authentication and a secure channel to guarantee that the RandomCard is genuine, untampered and fully operational. During initialization of the card the secure channel is set-up between the card and the software library. This channel uses a 2048 bit RSA key for authentication, thus guaranteeing that the software is actually communicating with an genuine, untampered RandomCard. During the key-exchange phase a 112-bit 3-DES key is negotiated. This key is then used to sign all random data generated by the card. By verifying the signature on the received random data, the software can guarantee that the TRNG was actually used to generate this random data.