validation of pseudo random numbers through graphical analysis andrew cronwright supervisor: barry...
Post on 21-Jan-2016
218 Views
Preview:
TRANSCRIPT
Validation of Pseudo Random Numbers through Graphical Analysis
Andrew CronwrightSupervisor: Barry Irwin
Overview of this Presentation
• Randomness Defined• PRNG’s Introduced• Application of PRNG’s• Focus of PRNG’s in this Project• ISN’s Introduced• Results• Hardware RNG• Conclusion
What is randomness?
• A function or process not affected by any input or state
• Independent of previous results• Example
– Flipping an unbiased coin– Rolling die– Quantum effects
PRNG’s
• Mathematical function
• Deterministic by nature
• Simulates true randomness
• Produces “random” like output
• Used in many application
Applications of PRNG’s
• PRNG’s for different applications have different needs
• Cryptography
• TCP Initial Sequence Numbers
• Physical Simulations
• Games / Gambling (Lotto)
Cryptography
• Secret key must be random
• If not random, can be easily guessed
• Made random by collecting entropy
Physical Simulations
• Monte Carlo experiments require random numbers
• Provided by PRNG
Initial Sequence Numbers
• On the creation of a TCP connection
• A unique sequence number is used
• Used to identify packets belonging to a specific connection.
Initial Sequence Numbers, the problem
• T, trusted host
• C, client
• X, nasty person
1. X can cause connections to be dropped2. X can hijack connections and introduce
malicious code
Initial Sequence Numbers, the solution
• RFC 793 proposed linear method for ISN• New standards introduced after security issues
ISN = M + F(localhostIP + localport + remotehost + remoteportIP)
or
ISN = M + R(t)
or
ISN = R(t)
The problem
• Many computer systems need random numbers
• Provided by a PRNG
• PRNG’s can cause problems if not up to standard
Random Event Validation• Will use graphical methods to
identify randomness• Use the NIST test suite to support
findings• Investigate Initial Sequence
Numbers (ISNs)• Build hardware RNG
A graphical view• Method of delayed coordinates plotted in a
phase space
• Convert 1-D to 3-D by:X[n] = s[n-2] – s[n-3]
Y[n] = s[n-1] – s[n - 2]
Z[n] = s[n] – s[n-1]
• Higher dimensions are possible
• Acts as a “comb”
Example
Lattice view
X[n] = s[n]
Y[n] = s[n-1]
Z[n] = s[n-2]• This will highlight any lattice structure in
the sequence
Example
Spherical view
Θ[n] = 2 * PI * s[n-2]
φ[n] = PI * s[n-1]
r[n] = √( s[n] )
X[n] = r * Cos(θ) * Sin(φ)
Y[n] = r * Sin(θ) * Sin(φ)
Z[n] = r * Cos(φ)• Very similar to above method• Will also highlight dependencies in the data
sequnce
Example
Colour – A higher dimension
• Colour added using the HSV colour model
• Assign first number in sequence a colour, and pass through the spectrum assigning colours to each element
• Highlights whether sequence was created in a temporal manner
Results – Win XP
Win XP – SP1
Win XP – SP2
Cisco – IOS 12.1
Fedora Core 3
Hardware RNG
Hardware RNG - Results
Conclusion• PRNG’s are important, and should be
carefully selected for an application• ISN’s should be implemented using a
good quality PRNG• A hardware RNG is easy to implement,
can be easily incorperated in PC’s hardware
Conclusion cont.• Provided a graphical method for testing
random numbers• Easier and faster than statistical testing• Will show / identify attractors in data
quickly• Size of data set to test?
top related