Presentation is loading. Please wait.

Presentation is loading. Please wait.

Random Number Generation – Lava Lamps, Clouds and the IoT

Published byPatricia Caldwell Modified over 6 years ago

Similar presentations

Presentation on theme: "Random Number Generation – Lava Lamps, Clouds and the IoT"— Presentation transcript:

1 Random Number Generation – Lava Lamps, Clouds and the IoT
OWASP Meetup Richard Moulds - Vice President Strategy, Whitewood January 31st 2017

2 Cryptography – the basis of digital security
Digital Certificates (authentication) Encryption (data confidentiality) Digital signatures (integrity and non-repudiation) Protect data at rest Strong authentication Code signing Secure time Secure communications Mobile payments Secure archives

3 Crypto is all about secrets
Outsider the ‘Perimeter’ Inside the ‘Perimeter’ Encryption Decryption Encrypted Data Data Math Math Data Network traffic Backup media Forensic requests Portable media Cloud storage File shares keys keys Outsiders can only try to guess the keys Insiders focus on stealing the keys Two issues First - more and more stuff is outside the perimeter Second (next side) – keys are getting easier to guess

4 All crypto security starts with random numbers
What if there was a threat that was almost impossible to detect, is barely addressed by any security product and is getting worse every day? Security assumptions rely on keys being truly random - when patterns emerge (or are engineered), keys get predictable and crypto is weakened

5 Hidden vulnerabilities and backdoors of choice

6 Testing for randomness
1.0 Single die Two dice Loaded dice Probabilities of outcomes Measuring uniformity and lack of bias is a good start… It’s easy when you know where the numbers come from – but what if you don’t

7 Proving unpredictability is more tricky
What data looks the most unpredictable? 7 𝜋 For crypto we also need unpredictability, imperturbability, secrecy and reliability all of which requires knowledge of the source of randomness, not just statistical analysis of the output It’s easy when you know where the numbers come from – but what if you don’t

8 Finally we have a standard (nearly)
“Specifying an entropy source is a complicated matter. This is partly due to confusion in the meaning of entropy, and partly due to the fact that, while other parts of an RBG design are strictly algorithmic, entropy sources depend on physical processes that may vary from one instance of a source to another”. Pick up on the second quote Source – Recommendation for the Entropy Sources Used for Random Bit Generation (SP800-90B 2nd draft) – NIST January 2016

9 RANDOM NUMBER GENERATOR
Why so complicated? RANDOM NUMBER GENERATOR Most random numbers come from the Operating System But software doesn’t act randomly

10 Entropy - a long standing issue
“Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin.” (J. von Neumann, 1951)

11 Pseudo-random numbers – an oxymoron?
Operating System Random Numbers Random Seeds Entropy Source Pseudo-random number generator Crypto Application Shuffling the deck Dealing the deck

12 Where does entropy come from?
App1 App2 App3 Operating System Host System Random Numbers Pseudo-random number generator Hardware CPU Timing Network Timing Hard Drive Timing Entropy Mouse Clicks Camera Antenna Local Environment Microphone Keyboards

13 Pseudo-random number generator
But in a virtual world… App1 App2 App3 Hardware CPU Timing Network Timing Mouse Clicks Camera Antenna Local Environment Microphone Keyboards Host System Hard Drive Timing Random Numbers Hypervisor Operating System Pseudo-random number generator

14 Random number generators in Linux
dev/urandom dev/random Delivers random numbers only if sufficient entropy has been captured - otherwise it stops Delivers random numbers irrespective of how much entropy has been captured

15 Entropy sources in Linux
Interrupt Entropy Pool (1024 bits) Main Entropy Pool (4096 bits) Interrupt events /dev/urandom PRNG Disk events, keyboard clicks and mouse movements /dev/random PRNG

16 Interrupts (add_interrupt_randomness)
Kernel IRQ handler adds data from each interrupt into the Interrupt Pool One Interrupt pool per CPU to eliminate contention Cycle counter XOR kernel timer IRQ number Instruction pointer at the time the interrupt is received Cycle Count & Kernel Timer IRQ Instruction Pointer 4 bytes 4 bytes 8 bytes

17 Interrupts (add_interrupt_randomness)
Kernel IRQ handler adds data from each interrupt into the Interrupt Pool One Interrupt pool per CPU to eliminate contention Cycle Count & Kernel Timer IRQ Instruction Pointer 4 bytes 4 bytes 8 bytes Cycles Kernel IRQ Instruction Pointer 14

18 Disk (add_timer_randomness)
Disk events are funneled through timer randomness One Interrupt pool per CPU to eliminate contention Kernel Timer Cycle Counter Device id (disk_devt) 4 bytes 4 bytes 8 bytes Kernel Timer Cycles Device ID

19 Enhancing system entropy
Goal: generate true random numbers from a PRNG Existing applications Entropy is always additive ‘True’ random numbers Supplementary entropy source(s) Operating System PRNG e.g. /dev/random Existing system entropy

20 Supplementary sources of entropy
4 general ways to improve entropy beyond the basic kernel: Software daemons to extract better timing related entropy: HAVEGED – ( CPU Jitter RNG ( Entropy extraction from peripheral devices (mics and cameras) audio-entropyd & video-entropyd - ( Local hardware based entropy sources Embedded CPU feature (RDRAND), USB devices, PCI cards, etc. Wide range of noise sources – electrical, meta-stable circuits, quantum Wiki search - “comparison of hardware random number generators” Network based sources – “Entropy as a Service” (random numbers rather than entropy) NIST (coming soon?) Whitewood (

21 Comparison of supplementary entropy sources
Jitter Daemons Noisy sensors Hardware RNGs Entropy as a Service Primary focus Application specific Individual machine Distributed systems Scalability Medium Poor Low - High High Maturity Open source Niche Mature Emerging Assurance Low High* Visibility Control Medium (black-box) High (private service) Cost Free Sensor? $0 - $10k Amortized In a Nutshell Band Aid For the Hobbyists “No one likes hardware” Infrastructure of the future? * - when new NIST standard is finalized

22 Whitewood Entropy Engine
Quantum Random Number Generator (QRNG) Generates random numbers using the quantum properties of light Quantum noise source is 100% unpredictable - independent of all external factors Delivers extremely high performance Output data rate of 350Mbit/s Deployed as local source or network service Designed to comply with NIST B/C Based on 20 years research at Los Alamos Entropy Engine PCIe card

23 Summary Encryption and cryptography are the basis of trust and security in the digital world Random numbers are critical for security but are often poorly understood and managed Random number generators are a point of attack and vulnerability – potentially an invisible one Modern application environments present entropy challenges – cloud, appliance, mobile, browser, IoT Proving the operation and quality of entropy sources and random number generators is difficult New standards such as NIST will help Random number generation should be a critical component of your key management strategy and datacenter infrastructure

24 Demo at www.whitewoodencryption.com/netrandom-demo
Thank you Demo at

Download ppt "Random Number Generation – Lava Lamps, Clouds and the IoT"

Similar presentations

1 The Fortuna PRNG Niels Ferguson. 2 The problem We need to make “random” choices in cryptographic protocols. Computers are deterministic. Standard “random”

1 The Fortuna PRNG Niels Ferguson. 2 The problem We need to make “random” choices in cryptographic protocols. Computers are deterministic. Standard “random”
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 15 Implementation Flaws Part 3: Randomness and Timing Issues.

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 15 Implementation Flaws Part 3: Randomness and Timing Issues.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
1 Analysis of the Linux Random Number Generator Zvi Gutterman, Benny Pinkas, and Tzachy Reinman.

1 Analysis of the Linux Random Number Generator Zvi Gutterman, Benny Pinkas, and Tzachy Reinman.
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
Motherboard (Main board)

Motherboard (Main board)
Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.

Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Based on Bruce Schneier Chapter 8: Key Management Dulal C Kar.

Based on Bruce Schneier Chapter 8: Key Management Dulal C Kar.
Attacks on PRNGs - By Nupura Neurgaonkar CS-265 (Prof. Mark Stamp)

Attacks on PRNGs - By Nupura Neurgaonkar CS-265 (Prof. Mark Stamp)
Computer Programming (1) Code & No.: CS 102 CREDIT HOURS: 5 UNIT Lecture 3.0 hours/week Lab: 2.0 hour/on every week a. This course introduces the students.

Computer Programming (1) Code & No.: CS 102 CREDIT HOURS: 5 UNIT Lecture 3.0 hours/week Lab: 2.0 hour/on every week a. This course introduces the students.
By Tom and James. Hardware is a physical part of the system that you can pick up and move. There are two types of hardware, external and internal. External.

By Tom and James. Hardware is a physical part of the system that you can pick up and move. There are two types of hardware, external and internal. External.
Real-life cryptography Pfeiffer Alain.  Types of PRNG‘s  History  General Structure  User space  Entropy types  Initialization process  Building.

Real-life cryptography Pfeiffer Alain.  Types of PRNG‘s  History  General Structure  User space  Entropy types  Initialization process  Building.
Key Wrap Algorithm.

Key Wrap Algorithm.
Introduction to Computing Systems

Introduction to Computing Systems
Key management issues in PGP

Key management issues in PGP
Web Applications Security Cryptography 1

Web Applications Security Cryptography 1
BASIC PROGRAMMING C SCP1103 (02)

BASIC PROGRAMMING C SCP1103 (02)
Computer Information Systems

Computer Information Systems

Similar presentations

Ads by Google