Advertisement

A Study of Entropy Sources in Cloud Computers: Random Number Generation on Cloud Hosts

  • Brendan Kerrigan
  • Yu Chen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7531)

Abstract

Cloud computing hosts require a good source of cryptographically strong random numbers. Most of the standard security practices are based on assumptions that hold true for physical machines, but don’t translate immediately into the domain of virtualized machines. It is imperative to reconsider the well accepted security practices that were built around physical machines, and whether blind application of such practices results in the possibility of a data breach, machine control, or other vulnerabilities. Because of Cloud computers reliance on virtualization, access to the hardware based random number generator is restricted, and virtualization can have unforeseen effects on the operating system based random number generator. In this paper, the entropy pool poisoning attack is introduced and studied and a Cloud Entropy Management System is proposed. Extensive experimental study verified that there are measurable problems with entropy in Cloud instances, and the management system effectively solves them.

Keywords

Virtual Machine Entropy Generation Random Number Generator Public Cloud Private Cloud 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Jun, B., Kocher, P.: The Intel Random Number Generator, Cryptography Research Inc., white paper prepared for Inter Corp., (April 1999), http://www.cryptography.com/resources/whitepapers/IntelRNG.pdf
  2. 2.
    Taylor, G., Cox, G.: Digital randomness. IEEE Spectrum 48 (September 2011)Google Scholar
  3. 3.
    Lian, G.: Testing Primitive Polynomials for Generalized Feedback Shift Register Random Number Generators, http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.89.318&rep=rep1&type=pdf
  4. 4.
    Kelsey, J., Schneier, B., Ferguson, N.: Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 13–33. Springer, Heidelberg (2000), http://www.schneier.com/paper-yarrow.ps.gz CrossRefGoogle Scholar
  5. 5.
    Ferguson, N., Schneier, B.: Practical Cryptography, pp. 161–182. John Wiley & Sons (2003)Google Scholar
  6. 6.
    Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Cryptanalytic Attacks on Pseudorandom Number Generators. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 168–188. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  7. 7.
    Gutterman, Z., Pinkas, B., Reinman, T.: Analysis of the linux random number generator. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy. IEEE Computer Society (2006)Google Scholar
  8. 8.
    Mackall, M.: Linux Kernel Source 2.6.32.8 Random Character Driver, (/linux2.6.32.8/drivers/char/random.c in kernel source tree)Google Scholar
  9. 9.
    Beige, T.: Analysis of a strong Pseudo Random Number Generator by anatomizing Linux Random Number Device (November 2006), http://www.suse.de/~thomas/papers/random-analysis.pdf
  10. 10.
    Duda, K., Cheriton, D.: Borrowed-Virtual-Time (BVT) scheduling: supporting latency-sensitive threads in a general-purpose scheduler. In: Proceedings of the 17th ACM Symposium on Operating Systems Principles, SOSP 1999 (December 1999)Google Scholar
  11. 11.
    “Earliest deadline first scheduling” Internet: http://en.wikipedia.org/wiki/Earliest_deadline_first_scheduling (December 4, 2010) [April 26, 2011]
  12. 12.
    Mathai, J.: ”Scheduling - Xen Wiki” Internet: http://wiki.xensource.com/xenwiki/Scheduling (June 09, 2007) [ May 7, 2011]
  13. 13.
    Park, S., Miller, K.: Random Number Generators: Good Ones Are Hard to Find. Communications of ACM 21(10) (October 1988)Google Scholar
  14. 14.
    LÈcuyer, P.: Efficient and Portable Combined Random Number Generators. Communications of the ACM 31(6), 742–774 (1988)CrossRefGoogle Scholar
  15. 15.
    Carstensen, C., Fine, B., Rosenberger, G.: Abstract Algebra - Applications to Galois Theory, Algebraic Geometry and Cryptography. Heldermann Verlag (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Brendan Kerrigan
    • 1
  • Yu Chen
    • 1
  1. 1.Dept. of Electrical and Computer EngineeringSUNY - BinghamtonUSA

Personalised recommendations