Lab 1 Random number generator

Eng. Stefanie Castillo

stefaniecg@ieee.org

April 4, 2011

Abstract
The generation of truly random numbers in many applications is vital. Therefore its generation cant be overlooked. The generation of random numbers and mechanisms for verifying their quality are studied from an electronics point of view.

2 Cryptool
CrypTool is a free, open-source e-learning application, used worldwide in the implementation and analysis of cryptographic algorithm. [3] Analysis where applied upon ve les. Three of them acquired as part of the laboratory practice, generated with a python random function, and the other two les where externally acquired. The ones acquired from the laboratory practice where: Random 0-128: Randomly generated numbers, range 0-128. Random 0-255 par: Randomly generated even numbers, range 0-255. Random normal: Randomly generated numbers, normal distribution (gaussian). The ones from external source where: Plain text: Welcome text from cryptool software. Audio le: RequiemMozart.mp3

1 Introduction
The generation of truly random numbers plays a critical role in a number of important applications now a days. Cryptography, numerical simulations and in the gaming industry are examples of applications, just to name a few. A random number is a number generated by a process, whose outcome is unpredictable, and which cannot be sub sequentially reliably reproduced. [1] Existing randomness sources can be grouped in two classes: software solutions and physical sources (implemented in hardware solutions). Software solutions can only generate pseudo-random bit streams. Physical sources can be treated by classical physics or by quantum physics. When using physical sources as a source of randomness, most random generators rely on classical physics to produce what looks like a random stream of bits. In reality, determinism is hidden behind complexity. [1] A classical physics hardware random number generator uses as a source a physical phenomenon such as electrical noise from a resistor or semiconductor diode or the decay of a radioactive material. The electronic circuitry of the generator converts this noise to bits and then assembles these into bytes for digital use. [2] Contrary to classical physics, quantum physics is fundamentally random. It is the only theory within the fabric of modern physics that integrates randomness. Formally, quantum random number generators are the only true random number generators. [1]

2.1 Tests analysis

The entropy of a set of data is an index of its information content. The entropy is measured in bits per character. The information content depends exclusively on the probability distribution with which the source generates the messages. As the information content of an unusual message is higher than that of a common message, the inverse value of the probability is used in the denition. The entropy of a source thus indicates its characteristic distribution. It measures the average amount of information which one can obtain through observation of the source or, conversely, the indeterminacy which prevails over the generated messages when one cannot observe the source. [3]

The oating frequency of a set of data is a characteristic of its local information content at individual points in the document. The oating frequency species how many different characters are to be found in any given 64-character long segment of the document. The function considers sequences of text in the active window that are 64 characters long and counts how many different characters are to be found in this window. The window is then shifted one character to the right and the calculation is repeated. This procedure results in a summary of the document in which it is possible to identify the places with high and low information density. Compressed les, encrypted data and keys themselves have values just below the maximum value of 64. In cryptography, the mechanism is mainly used to locate keys amongst large quantities of data. [3] The histogram of a set of data expresses the frequency distribution of the characters of this document in graphical form in a plot type graphical. The frequency of each character is shown as a percentage. [3] The FIPS-PUB-140-1 test battery is a standardized random number test, which consists of 4 single tests. FIPSPUB-140-1 examines exactly 2500 bytes. FIPS PUB 1401 species security requirements for the design and implementation of cryptographic modules, including for pseudorandom number generators. Four statistical test procedures are proposed for pseudorandom number generators, by means of which the output of a pseudorandom number generator can be tested for randomness. A single bit stream of 20000 consecutive bits are subjected to the following tests. The sequence just has to fail one of the tests in order to fail the test overall. The Monobit test the number of ones contained in s should lie between 9654 and 10346. Poker test divides the 20k bit stream into 5k 4 bit segments, then counts and stores the number of occurrences of each of the 16 possible 4 bit values. Passed if 1.03 X 57.4. A Run test is dened as a maximal sequence of consecutive bits of either all ones or all zeros, which is part of the 20k bit sample strea. The Long Run test is passed if there are no run tests of length 34 or more.

The tests applied to the data, where: Entropy Floating frequency Histogram FIPS-PUB-140-1 Table 1: Results of cryptool test applied to provided les. Entropy Float Freq. Histogram FIPS-PUB-140-1 - Mono bit - Poker - Run - Long run Rand 0-128 6.95/8.00 Figure 1 Figure 6 X X X X OK Rand 0-255 6.96/8.00 Figure 2 Figure 7 X X X X OK Rand norm 7.08/8.00 Figure 3 Figure 8 X OK X X OK

Table 2: Results of cryptool test applied to external les. Entropy Float Freq. Histogram FIPS-PUB-140-1 - Mono bit - Poker - Run - Long run
1

Plain text 4.06/4.70 Figure 4 Figure 9 -

Audio le 7.95/8.00 Figure 5 Figure 10 X X X OK X

2.2 Results
Tests where applied to the above mentioned les in order to analyze the randomness of its content. The tests used are analysis provided by the software Cryptool. 2 Figure 1: Floating frequency Random 0-128 le
1 FIPS test wasnt posible to apply to Plain text le, as it is smaller than 20k bytes

Figure 2: Floating frequency Random 0-255 par le

Figure 5: Floating frequency Audio le

Figure 3: Floating frequency Random norm le

Figure 6: Histogram Random 0-128 le

Figure 4: Floating frequency Plain text le

Figure 7: Histogram Random 0-255 par le

Figure 8: Histogram Random norm le

from the point of view or pure randomness in an 8 bit number range, it could be said that it is a bad random number data. Nevertheless is consistent with the way it was generated. The generating function specically limited the random numbers to be acquired from a reduce range of numbers: 0-128 in an 8 bit number range, therefore the other possible numbers (129-255) where never part of the source. File Random 0-255 par has entropy of 6.96/8.00 Table 1 and once again its consistent with the generating function, as it requires for the number to be even, therefore, the range of possible source numbers is once again reduced. File Random norm has a little better entropy than previous les, but once again the gauss distribution reduces the possibilities of source numbers. Once again, the generating function is biased with a gauss distribution. The Plain text le has an expected entropy as in a text all almost all letters from the alphabet are used, in this case 25 out of 26 letters where present in the le. Also, the maximum entropy value is reduced as the alphabet only has 26 possible values in difference to the others that could have 256 different values. The Audio le had the best entropy in between all the les, a 7.95/8.00. It was expected as it is a sampling of music and all the 256 possible values are present. In regards to the Floating frequency of the data source les, all of them are acceptable, meaning no recognition of hi random data is identied. I would like to emphasize on the oating frequency distribution of the Audio le in comparison to the rest of them. The Audio le has high and very dense oating frequency distribution, which means that all data in the le is equally random, data. Meaning that no extra effort was made on a specic part of the data in order to make it superiorly random than the rest of them. This was brought to my attention through an example used in the cryptool help explanation of this function. [3] The example is to run this test to a windows dll le, the advapi32.dll. The result of this analysis is shown in Figure 11.

Figure 9: Histogram Plain text le

Figure 10: Histogram Audio le

2.3 Discussion
The entropy of each data source le is congruent with how each of them where generated. The data in the Random 0-128 le has entropy of 6.95/8.00 Table 1. If analyzed 4

Figure 11: Floating frequency advapi32.dll le In Figure 11 it is recognizable that le contains probably two cryptographic keys, whose position can be easily

pinned down by locating the areas with high Floating frequency density. Finally, the Histogram shows the data accordingly to how it was generated. File Random 0-128 shows data only on the rst 128 possible values. File Random 0-255 par zero frequency value for odd numbers as only even numbers where possible to been generated. File Random norm shows as expected a normal distribution (gaussian distribution). All les failed the FIPS-PUB-140-1 test, meaning none of them are suitable generated random numbers.

the mistake of Netscapes developers was due to not having published their algorithms and security protocol, therefore they were not reviewed by the cryptographic community. Additionally its interesting that the article mentions that U.S. laws prohibit the export of products incorporating strong encryption algorithms, and therefore Netscape had to cut the key size to publish an international version. However, the article notes that both versions, both domestically and internationally are vulnerable.

4 Random number in electronic PCB

tor using as a source of randomness a physical environmental/ambient phenomenon such as ambient light, sound, temperature or humidity. All these solutions require a microcontrollers in order to use an A/D converter to transform the sensed analog phenomena into digital data. Nevertheless, the problem with most environmental/ambient data is the values dont change that much over time: temperature, humidity, light and sound. An ambient light y sound source might have high variability if placed in an high-density urban space, but again there would be a lot of repetition. An accelerometer used to measure motion, could be a good source of randomness if mounted on a person, but signal processing of the signal is necessary to remove the normal modes of oscillation that are present in humans movements. Using classical physics concepts the best source of entropy would be going down towards fundamental physical properties of electronic materials. Electrical noise from a resistor or semiconductor diode is a physical property of the material. [2] Geiger tubes are the sensing elements of Geiger counters, which are used to measure ionizing radiation. These can be easily integrated into a PCB. [5] On the other hand Ive found other IC solutions, such as FDK true random number generation IC [6] wich use natural phenomenon in CMOS, to generate true random numbers. This requires no external components. If wireless communications is used, WiFis background noise noise can be used to generate random numbers [7].

3 Randomness and the Netscape browser Ive found solutions for hardware random number generaThe paper about the breaking of Netscapes implementation of SSL [4] is summarized and commented. The Web browser: Netscape, supports Secure Sockets Layer as the security layer for the internet protocol. This layer encrypts the message using a key generated from a the seed. The the seed must be provided by a truly random source. It is therefore vital that the seeds value is not predictable. or may not be possible to reduce the range of possible values, otherwise it would make feasible a brute force attack 2 to the protocol. In the Netscapes algorithm for UNIX OS, the generated seed is dependent on three values: time (seconds, microseconds), the process pid and ppid (parent process pid). The failure of Netscapes security protocol is the means by which the seed is generated. Two ways of attacking this protocol are identied. The case in which the attacker has access to the machine and when not. In either of them the attack is feasible. Therefore, the protocol is vulnerable. If the attacker has access to the machine running the algorithm, he can easily discover the pid and ppid, running the ps command in the console. Thereby leaving only the time value unknown. The later can be easily identied by relating it to the time that the package was sent by the browser or by a brute force attack. If the attacker has no access to the machine running the algorithm, properties concerning the relation between pid and ppid, combined with the possibility of knowing the time value, allows narrowing down the number of bits that are actually random in the key, making it vulnerable to a brute force attack. In addition many software programs dont consider that the pid value is a secret value, so many of them send on their frames. The security of Netscape version (1.1), is clearly vulnerable. The way the seed is generated is predictable and therefore the security protocol is vulnerable. I believe that
2 Brute

5 Conclusions
Most random numbers used in computer programs are pseudorandom, which means they are a generated in a predictable fashion using a mathematical formula. This is ne for many purposes, but it is not good enough for applications like

force attack is one where all the possible keys are tested.

lottery drawings or cryptography, to name a few. Random number generation cant be left to chance. In this laboratory Ive discovered that the generation of random numbers cant be overlooked and a source of true randomness is not simple to nd. The quantum theory community claims that the only truly random number generators use quantum physics fundamental principles, claiming that classical physics cant generate true randomness. The breaking of Netscape SSL security layer is a historical event that emphasize the fact that random number generation cant be overlooked and security protocol should be made public in order for the cryptographic community to test its hardness. FIPS-PUB-140-1 its a standarized procedure for validating a random generated number, thus validating or invalidating the method through which it was generated.

References
[1] Random number generator using quantum physics. White paper Rev.3.0, ID Quantique, Geneve, Switzerland, Apr 2010. [2] R. Davies. Hardware random number generators. In 15th Australian Statistics Conference, 2000. [3] Deutsche Bank. CrypTool. http://www.cryptool.org/, 2011. [4] I. Goldberg and D. Wagner. Randomness and the netscape browser. Dr. Dobbs Journal, 21(1):6670, 1996. [5] Spark Fun. Geiger http://www.sparkfun.com, 2009. Counter.

[6] True Random Number Generation IC RPG100 / RPG100B. Data sheet Rev.1.0, FDK, Japan, May 2009. [7] P. Mutaf. True random numbers from wi- background noise. http://www.freewebs.com/pmutaf/iwrandom.html, February 2006.