A Study of Entropy Sources in Cloud Computers: Random Number Generation on Cloud Hosts

Kerrigan, Brendan; Chen, Yu

doi:10.1007/978-3-642-33704-8_24

Brendan Kerrigan¹⁸ &
Yu Chen¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 7531))

Included in the following conference series:

International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security

2128 Accesses
12 Citations

Abstract

Cloud computing hosts require a good source of cryptographically strong random numbers. Most of the standard security practices are based on assumptions that hold true for physical machines, but don’t translate immediately into the domain of virtualized machines. It is imperative to reconsider the well accepted security practices that were built around physical machines, and whether blind application of such practices results in the possibility of a data breach, machine control, or other vulnerabilities. Because of Cloud computers reliance on virtualization, access to the hardware based random number generator is restricted, and virtualization can have unforeseen effects on the operating system based random number generator. In this paper, the entropy pool poisoning attack is introduced and studied and a Cloud Entropy Management System is proposed. Extensive experimental study verified that there are measurable problems with entropy in Cloud instances, and the management system effectively solves them.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Jun, B., Kocher, P.: The Intel Random Number Generator, Cryptography Research Inc., white paper prepared for Inter Corp., (April 1999), http://www.cryptography.com/resources/whitepapers/IntelRNG.pdf
Taylor, G., Cox, G.: Digital randomness. IEEE Spectrum 48 (September 2011)
Google Scholar
Lian, G.: Testing Primitive Polynomials for Generalized Feedback Shift Register Random Number Generators, http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.89.318&rep=rep1&type=pdf
Kelsey, J., Schneier, B., Ferguson, N.: Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 13–33. Springer, Heidelberg (2000), http://www.schneier.com/paper-yarrow.ps.gz
Chapter Google Scholar
Ferguson, N., Schneier, B.: Practical Cryptography, pp. 161–182. John Wiley & Sons (2003)
Google Scholar
Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Cryptanalytic Attacks on Pseudorandom Number Generators. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 168–188. Springer, Heidelberg (1998)
Chapter Google Scholar
Gutterman, Z., Pinkas, B., Reinman, T.: Analysis of the linux random number generator. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy. IEEE Computer Society (2006)
Google Scholar
Mackall, M.: Linux Kernel Source 2.6.32.8 Random Character Driver, (/linux2.6.32.8/drivers/char/random.c in kernel source tree)
Google Scholar
Beige, T.: Analysis of a strong Pseudo Random Number Generator by anatomizing Linux Random Number Device (November 2006), http://www.suse.de/~thomas/papers/random-analysis.pdf
Duda, K., Cheriton, D.: Borrowed-Virtual-Time (BVT) scheduling: supporting latency-sensitive threads in a general-purpose scheduler. In: Proceedings of the 17th ACM Symposium on Operating Systems Principles, SOSP 1999 (December 1999)
Google Scholar
“Earliest deadline first scheduling” Internet: http://en.wikipedia.org/wiki/Earliest_deadline_first_scheduling (December 4, 2010) [April 26, 2011]
Mathai, J.: ”Scheduling - Xen Wiki” Internet: http://wiki.xensource.com/xenwiki/Scheduling (June 09, 2007) [ May 7, 2011]
Park, S., Miller, K.: Random Number Generators: Good Ones Are Hard to Find. Communications of ACM 21(10) (October 1988)
Google Scholar
LÈcuyer, P.: Efficient and Portable Combined Random Number Generators. Communications of the ACM 31(6), 742–774 (1988)
Article Google Scholar
Carstensen, C., Fine, B., Rosenberger, G.: Abstract Algebra - Applications to Galois Theory, Algebraic Geometry and Cryptography. Heldermann Verlag (2011)
Google Scholar

Download references

Author information

Authors and Affiliations

Dept. of Electrical and Computer Engineering, SUNY - Binghamton, USA
Brendan Kerrigan & Yu Chen

Authors

Brendan Kerrigan
View author publications
You can also search for this author in PubMed Google Scholar
Yu Chen
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

St. Petersburg Institute for Informatics and Automation, Russian Academy of Science, 39, 14th Liniya, 199178, St.-Petersburg, Russia
Igor Kotenko
Binghamton University (SUNYI), 13902, Binghamton, NY, USA
Victor Skormin

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kerrigan, B., Chen, Y. (2012). A Study of Entropy Sources in Cloud Computers: Random Number Generation on Cloud Hosts. In: Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2012. Lecture Notes in Computer Science, vol 7531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33704-8_24

Download citation

DOI: https://doi.org/10.1007/978-3-642-33704-8_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33703-1
Online ISBN: 978-3-642-33704-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics