A TRNG Implemented Using a Soft-Data Based Sponge Function within a Unified Strong PUF Architecture

Hardware security primitives including True Random Number Generators TRNG and Physical Unclonable Functions PUFs are central components to establishing a root of trust in microelectronic systems. In this paper, we propose a unified PUF-TRNG architecture that leverages a combination of the static...

CVE-2024-22473

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...

CVE-2024-22473

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...

Design/Logic Flaw

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...

CVE-2024-22473

Gecko SDK vulnerability CVE-2024-22473 involves TRNG used before initialization by the ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. Affected software: Gecko SDK versions through 4.4.0 (and earlier per multiple sources). Impact: potential signature spoofing via ...

CVE-2024-22473 Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VSE devices

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...

CVE-2024-22473 Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VSE devices

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...

CVE-2019-15703

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual...

CVE-2019-15703

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual...