R ANDOM NUMBER GENERATION ( SOFTWARE ) Two kind of software random - PowerPoint PPT Presentation

A C OMPARISON OF P SEUDORANDOM N UMBER G ENERATORS Riivo Talviste 3 rd Conference on Advanced Topics in Telecommunication Aug 14 – 15, 2009

I NTRODUCTION  Cryptography in everyday life  E-banking  Estonian ID-card 2

I SSUES  Security  Good algotithms  Weak random number generators (RNGs)  Performance  RNG has to be fast enough  Embedded systems  Non-specialized hardware 3

C ONTRIBUTION  Analyse pseudorandom number generator libraries  Security  Performance 4

R ANDOM NUMBER GENERATION  Measure physical phenomena  Radioactive decay  Radio waves from space  Special hardware needed  With non-specialized hardware  Require low-level access to device drivers  Operating systems provide these RNGs  /dev/random and /dev/urandom in Linux  CryptoAPI in Windows 5

R ANDOM NUMBER GENERATION ( SOFTWARE )  Two kind of software random number generators:  Deterministic random bit generators aka pseudorandom number generators (PRNGs)  Non- deterministic random bit generators aka “true” random number generators  National Institute of Standards and Technology:  Several approved PRNGs  No approved “true” RNGs 6

P SEUDORANDOM NUMBER GENERATOR SEED  Security depends on seed – piece of data with enough entropy  Seed is initial value that is used to calculate all subsequent values  Seed has to chosen carefully 7

T ESTING ENVIRONMENT  Tests for each PRNG  Written in C++  Generate 1 MB of random  Run 100 times, calculate average  Environment  Intel Core Duo CPU @ 1.83 GHz  2 GB RAM  32-bit Windows 7 RC  Cygwin 1.7  With GCC 4.3.2 8

C++ BUILT - IN RANDOM  rand() declared in stdlib.h  Returns integer between 0 and RAND_MAX ≥ 32767  srand() used to seed PRNG  Not cryptograhically secure   Generates 1 MB of random in 2.77 ms 9

C RYPTO ++ LIBRARY  Open source C++ class library  Includes several PRNGs  Version 5.6.0  Compiled under Cygwin with GCC 4.3.2 10

C RYPTO ++ LC_RNG  Linear congruential generator  Not usable for cryptographic purposes   Generates 1 MB of random in 31.58 ms 11

C RYPTO ++ R ANDOM P OOL  Does not usually produce secure random numbers  After calling IncorporateEntropy() generates cryptographically secure random data   Method not available in every environment  Generates 1 MB of random in 2 437.57 ms 12

C RYPTO ++ A UTO S EEDED R ANDOM P OOL  Seeds itself with operating system provided RNG  Can use both blocking and non-blocking RNGs  Generates cryptographically secure random values   Generates 1 MB of random in 2 408.62 ms 13

C RYPTO ++ A UTO S EEDED X917RNG  PRNG from ANSI X9.17 Appendix C  Seeded with operating system provided PRNG  Suitable for cryptographic use   Can use different block ciphers  Generates 1 MB of random in  3 724.85 ms with DES cipher  2 386.19 ms with Rijndael (AES) cipher 14

O PEN SSL LIBRARY  Open source toolkit  Implements Secure Socket Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols  Version 0.9.8k, precompiled for Cygwin 15

O PEN SSL RAND_ BYTES  RAND_pseudorandom_bytes() → not for cryptographic use  RAND_bytes() → for cryptographic use   Entropy level can be increased by  Mixing memory into entropy pool  Collecting entropy from Windows events or screen contents  Generates 1 MB of random in 2 929.63 ms 16

SNOW 2  Stream cipher  Cryptographically secure   In theory not as secure as block ciphers  Generates 1 MB of random in 6.64 ms 17

PRNG PERFORMANCE TEST RESULTS PRNG name Avg. time (ms) C++ rand() 2.77 Crypto++ LC_RNG 31.58 Crypto++ RandomPool 2 437.57 Crypto++ AutoSeededRandomPool 2 408.62 Crypto++ AutoSeededX917RNG with DES 3 724.85 Crypto++ AutoSeededX917RNG with Rijndael 2 386.19 OpenSSL RAND_bytes() 2 929.63 SNOW 2 6.64 18

T HE S HAREMIND FRAMEWORK  Distributed virtual machine  Allows to perform multiparty computation on secret shared data.  Three independent data-miners  Communicate over the netwotk, using special protocol  Almost all messages are encrypted 19

M ULTIPLICATION (X9.17 RNG) 900 800 700 600 Time (ms) 500 Other Random 400 Waiting InQueue 300 OutQueue 200 100 0 10000 20000 30000 40000 50000 60000 70000 80000 90000 100000 20 Vector size

M ULTIPLICATION (SNOW 2) 900 800 700 600 Time (ms) 500 Other Random 400 Waiting InQueue 300 OutQueue 200 100 0 10000 20000 30000 40000 50000 60000 70000 80000 90000 100000 21 Vector size

C OMPARISON OF AES AND SNOW 2 900 800 700 600 Time (ms) 500 AES 400 SNOW 2 300 200 100 0 10000 20000 30000 40000 50000 60000 70000 80000 90000 100000 22 Vector size

C ONCLUSION  Cryptography is used in our everyday life  More secure PRNGs take more time  Applications that make intensive use of random number generators should use hardware security modules 23