Monday, January 25, 2010

ZStack PRNG Fixed

by Travis Goodspeed <travis at>
concerning versions 2.2.2 and 2.3.0 of TI Z-Stack
and a fix of the ZigBee Smart Energy Profile ECC vulnerability.

Texas Instruments has released version 2.3.0 of Z-Stack, their ZigBee stack for the TI/Chipcon CC2530, MSP430, and CC430 chips. The new version adds a variety of new features, but chief among them is a fix to the random number generator which used to be utterly insufficient for cryptographic use. Technical details on the vulnerability were first revealed publicly in my last article. (Nate Lawson's translation is here.)

Source code for the new generator is not included, but rather references as a Security Service Provider (SSP). Since 2.2.3, they have extended the SSP API to include SSP_GetTrueRandAES() for generating random numbers by an AES key.

ZStack 2.3.0-1.40 TrueRand Functions

This is then called in zclGeneral_KeyEstablishment_GetRandom(), which in previous versions used the 16-bit LFSR.

ZStack 2.3.0-1.4.0

Authors of firmware for ZigBee Smart Energy devices that have used this code should patch their source code and issue firmware upgrades as quickly as possible. Those with independent crypto implementations should check to ensure that they have not made similar mistakes. Programmers should also note that

Electric utilities with equipment using the MSP430 or Chipcon CC2530 should contact their vendors for such updates. Unlike Windows and Linux, there's no easy way to perform an upgrade of a fragment of microcontroller firmware to which you haven't got the source.

This fix only applies to the remote recovery of keys by PRNG attacks; local key extraction is still possible by the methods that I outlined in Extracting Keys from Second Generation ZigBee Chips.


DoubleO said...

In a future release, the cert and root key will be stored in flash and only accessed from the created partitions. The debug lock bit will then protect any access through the debug interface.

John Barness said...

As we I can see, cyber-crime became more spreader by day. Data security developers’ next challenge is to renew methods of data encryption in order to restrict cyber-criminals from stealing important information. The solution may be found in collaboration with the virtual data room providers.

Blogger said...

If you want your ex-girlfriend or ex-boyfriend to come crawling back to you on their knees (no matter why you broke up) you gotta watch this video
right away...

(VIDEO) Get your ex CRAWLING back to you...?

gunmetal jeans said...

Interference Analysis
Interference Analysis in USA

You truly helped me understand this topic with your well researched post, thanks for all the good work.

Entertaining Game Channel said...

This is Very very nice article. Everyone should read. Thanks for sharing. Don't miss WORLD'S BEST TrainDrivingSimulatorFreeGames