Whitewood entropy and random numbers - owasp - austin - jan 2017

Random Number Generation – Lava Lamps, Clouds and the IoT

January 31st 2017Richard Moulds - Vice President Strategy, Whitewood

OWASP Meetup

©2016 WHITEWOOD® - ALL RIGHTS RESERVED

Cryptography – the basis of digital security

Digital Certificates(authentication)

Encryption(data confidentiality)

Digital signatures(integrity and

non-repudiation)

Protect data at rest

Strong authentication

Code signing

Secure time

Secure communications

Mobile paymentsSecure

archives


Outsider the ‘Perimeter’Inside the ‘Perimeter’ Inside the ‘Perimeter’

keys

Crypto is all about secrets

MathDataEncrypted Data

Encryption

Math

keys

Decryption

Data

Network traffic

Backup media

Forensic requests

Portable media

Cloud storage

File shares

Outsiders can only try to guess the keys

Insiders focus on stealing the keys


Security assumptions rely on keys being truly random - when patterns emerge (or are engineered), keys get predictable and

crypto is weakened

All crypto security starts with random numbers


Hidden vulnerabilities and backdoors of choice


Testing for randomness

1.0

Single die Two dice Loaded dice

Probabilities of outcomes

Measuring uniformity and lack of bias is a good start…


Proving unpredictability is more tricky

What data looks the most unpredictable?

73141592653589793238462643383279502884197169399375896473

3.141592653589793238462643383279502884197169399375896473𝜋

For crypto we also need unpredictability, imperturbability, secrecy and reliability all of which requires knowledge of the

source of randomness, not just statistical analysis of the output


Finally we have a standard (nearly)

Source – Recommendation for the Entropy Sources Used for Random Bit Generation (SP800-90B 2nd draft) – NIST January 2016

“Specifying an entropy source is a complicated matter. This is partly due to confusion in the meaning of entropy, and partly due to the fact that, while other parts of an RBG design are strictly algorithmic, entropy sources depend on physical processes that may vary from one instance of a source to another”.


Most random numbers

come from the Operating

System

RANDOM NUMBER

GENERATOR

But software doesn’t

act randomly

Why so complicated?


Entropy - a long standing issue

“Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin.” (J. von Neumann, 1951)


Pseudo-random numbers – an oxymoron?

Crypto Application

Operating System Random

NumbersRandom SeedsEntropy

Source

Shuffling the deck Dealing the deck

Pseudo-random number

generator


Where does entropy come from?

App1 App2 App3

Operating System

Host System

Random Numbers

Pseudo-random number generator

HardwareCPU

TimingNetwork Timing

Hard Drive Timing

Entropy

Mouse Clicks

Camera

Antenna

Local Environment

Microphone

Keyboards

Entropy


But in a virtual world…

App1 App2 App3

HardwareCPU

TimingNetwork Timing

Mouse Clicks

Camera

Antenna

Local Environment

Microphone

Keyboards

Host System

Hard Drive Timing

Random Numbers

Hypervisor

Operating System Pseudo-random number generator


Random number generators in Linux

Delivers random numbers irrespective of how much

entropy has been captured

Delivers random numbers only if sufficient entropy has been

captured - otherwise it stops


Entropy sources in Linux

InterruptEntropy

Pool(1024 bits)

Main Entropy

Pool(4096 bits)

/dev/urandomPRNG

/dev/randomPRNG

Interruptevents

Disk events,keyboard clicks

and mouse movements


Interrupts (add_interrupt_randomness) Kernel IRQ handler adds data from each interrupt into the

Interrupt Pool One Interrupt pool per CPU to eliminate contention

− Cycle counter XOR kernel timer− IRQ number− Instruction pointer at the time the interrupt is received

Instruction PointerIRQ

4 bytes 4 bytes 8 bytes

Cycle Count & Kernel Timer


Interrupts (add_interrupt_randomness) Kernel IRQ handler adds data from each interrupt into the

Interrupt Pool One Interrupt pool per CPU to eliminate contention

Cycles Kernel IRQ Instruction Pointer123975895488 4294893898 14 18446744071578900000123977123888 4294893898 14 18446744071578900000123979445304 4294893898 14 18446744071578900000123983781984 4294893899 14 18446744071578900000123985083096 4294893899 14 18446744071578900000123986825584 4294893899 14 18446744071578900000123987250920 4294893899 14 18446744071578900000


Instruction PointerIRQCycle Count & Kernel Timer


Disk (add_timer_randomness) Disk events are funneled through timer randomness One Interrupt pool per CPU to eliminate contention

Kernel Timer

Cycle Counter

Device id (disk_devt)

Kernel Timer Cycles Device ID4294893055 114984099168 83888644294893055 114984867024 83888644294893055 114985479992 83888644294893055 114985942112 83888644294893060 115031476128 83888644294893060 115031907648 83888644294893060 115032263720 83888644294893060 115032643792 8388864



Enhancing system entropy

Operating System

PRNGe.g. /dev/random

Existing system entropy

Supplementary entropy

source(s)

Existing applications

‘True’ random numbers

Entropy is always additive

Goal: generate true random numbers from a PRNG


Supplementary sources of entropy

4 general ways to improve entropy beyond the basic kernel: Software daemons to extract better timing related entropy:

− HAVEGED – (www.issihosts.com/haveged/)− CPU Jitter RNG (www.chronox.de/jent.html)

Entropy extraction from peripheral devices (mics and cameras)− audio-entropyd & video-entropyd - (www.vanheusden.com/aed/)

Local hardware based entropy sources− Embedded CPU feature (RDRAND), USB devices, PCI cards, etc.− Wide range of noise sources – electrical, meta-stable circuits, quantum− Wiki search - “comparison of hardware random number generators”

Network based sources – “Entropy as a Service”− www.random.org (random numbers rather than entropy)− NIST (coming soon?)− Whitewood (www.getnetrandom.com)

http://www.issihosts.com/haveged/

http://www.chronox.de/jent.html

http://www.vanheusden.com/aed/

http://www.random.org/


Comparison of supplementary entropy sources

Jitter Daemons

Noisy sensors

Hardware RNGs

Entropy as a Service

Primary focus

Application specific

Individual machine

Individual machine

Distributed systems

Scalability Medium Poor Low - High High

Maturity Open source Niche Mature Emerging

Assurance Low Low High* High*

Visibility Low Low Low High

Control Medium Low Medium (black-box)

High (private service)

Cost Free Sensor? $0 - $10k Amortized

In a Nutshell Band Aid For the Hobbyists

“No one likes hardware”

Infrastructure of the future?

* - when new NIST standard is finalized


Whitewood Entropy Engine

Generates random numbers using the quantum properties of light

Quantum noise source is 100% unpredictable - independent of all external factors

Delivers extremely high performance− Output data rate of 350Mbit/s

Deployed as local source or network service

Designed to comply with NIST 800-90B/C Based on 20 years research at Los Alamos

Entropy Engine PCIe card

Quantum Random Number Generator (QRNG)


Summary Encryption and cryptography are the basis of trust and security

in the digital world Random numbers are critical for security but are often poorly

understood and managed Random number generators are a point of attack and

vulnerability – potentially an invisible one Modern application environments present entropy challenges

– cloud, appliance, mobile, browser, IoT Proving the operation and quality of entropy sources and

random number generators is difficult New standards such as NIST 800-90 will help Random number generation should be a critical component of

your key management strategy and datacenter infrastructure


Thank you

[email protected]

Demo at www.whitewoodencryption.com/netrandom-demo

mailto:[email protected]

mailto:[email protected]

http://www.whitewoodencryption.com/netrandom-demo

Technology

Whitewood entropy and random numbers - owasp - austin - jan 2017