Validation of Pseudo Random Numbers through Graphical Analysis
Validation of Pseudo Random Numbers through Graphical Analysis Andrew Cronwright Supervisor: Barry Irwin
Overview of this Presentation • • Randomness Defined PRNG’s Introduced Application of PRNG’s Focus of PRNG’s in this Project ISN’s Introduced Results Hardware RNG Conclusion
What is randomness? • A function or process not affected by any input or state • Independent of previous results • Example – Flipping an unbiased coin – Rolling die – Quantum effects
PRNG’s • • • Mathematical function Deterministic by nature Simulates true randomness Produces “random” like output Used in many application
Applications of PRNG’s • PRNG’s for different applications have different needs • • Cryptography TCP Initial Sequence Numbers Physical Simulations Games / Gambling (Lotto)
Cryptography • Secret key must be random • If not random, can be easily guessed • Made random by collecting entropy
Physical Simulations • Monte Carlo experiments require random numbers • Provided by PRNG
Initial Sequence Numbers • On the creation of a TCP connection • A unique sequence number is used • Used to identify packets belonging to a specific connection.
Initial Sequence Numbers, the problem • T, trusted host • C, client • X, nasty person 1. X can cause connections to be dropped 2. X can hijack connections and introduce malicious code
Initial Sequence Numbers, the solution • • RFC 793 proposed linear method for ISN New standards introduced after security issues ISN = M + F(localhost. IP + localport + remotehost + remoteport. IP) or ISN = M + R(t) or ISN = R(t)
The problem • Many computer systems need random numbers • Provided by a PRNG • PRNG’s can cause problems if not up to standard
Random Event Validation • Will use graphical methods to identify randomness • Use the NIST test suite to support findings • Investigate Initial Sequence Numbers (ISNs) • Build hardware RNG
A graphical view • Method of delayed coordinates plotted in a phase space • Convert 1 -D to 3 -D by: X[n] = s[n-2] – s[n-3] Y[n] = s[n-1] – s[n - 2] Z[n] = s[n] – s[n-1] • Higher dimensions are possible • Acts as a “comb”
Example
Lattice view X[n] = s[n] Y[n] = s[n-1] Z[n] = s[n-2] • This will highlight any lattice structure in the sequence
Example
Spherical view Θ[n] = 2 * PI * s[n-2] φ[n] = PI * s[n-1] r[n] = √( s[n] ) X[n] = r * Cos(θ) * Sin(φ) Y[n] = r * Sin(θ) * Sin(φ) Z[n] = r * Cos(φ) • Very similar to above method • Will also highlight dependencies in the data sequnce
Example
Colour – A higher dimension • Colour added using the HSV colour model • Assign first number in sequence a colour, and pass through the spectrum assigning colours to each element • Highlights whether sequence was created in a temporal manner
Results – Win XP
Win XP – SP 1
Win XP – SP 2
Cisco – IOS 12. 1
Fedora Core 3
Hardware RNG
Hardware RNG - Results
Conclusion • PRNG’s are important, and should be carefully selected for an application • ISN’s should be implemented using a good quality PRNG • A hardware RNG is easy to implement, can be easily incorperated in PC’s hardware
Conclusion cont. • Provided a graphical method for testing random numbers • Easier and faster than statistical testing • Will show / identify attractors in data quickly • Size of data set to test?
- Slides: 28