Article

A study of entropy sources in cloud computers: random number generation on cloud hosts

Authors:

Brendan Kerrigan,

Yu ChenAuthors Info & Claims

MMM-ACNS'12: Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security

Pages 286 - 298

https://doi.org/10.1007/978-3-642-33704-8_24

Published: 17 October 2012 Publication History

Abstract

Cloud computing hosts require a good source of cryptographically strong random numbers. Most of the standard security practices are based on assumptions that hold true for physical machines, but don't translate immediately into the domain of virtualized machines. It is imperative to reconsider the well accepted security practices that were built around physical machines, and whether blind application of such practices results in the possibility of a data breach, machine control, or other vulnerabilities. Because of Cloud computers reliance on virtualization, access to the hardware based random number generator is restricted, and virtualization can have unforeseen effects on the operating system based random number generator. In this paper, the entropy pool poisoning attack is introduced and studied and a Cloud Entropy Management System is proposed. Extensive experimental study verified that there are measurable problems with entropy in Cloud instances, and the management system effectively solves them.

References

[1]

Jun, B., Kocher, P.: The Intel Random Number Generator, Cryptography Research Inc., white paper prepared for Inter Corp., (April 1999), http://www.cryptography.com/resources/whitepapers/IntelRNG.pdf

[2]

Taylor, G., Cox, G.: Digital randomness. IEEE Spectrum 48 (September 2011).

[3]

Lian, G.: Testing Primitive Polynomials for Generalized Feedback Shift Register Random Number Generators, http://citeseerx.ist.psu.edu/viewdoc/ download?doi=10.1.1.89.318&rep=rep1&type=pdf

[4]

Kelsey, J., Schneier, B., Ferguson, N.: Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 13-33. Springer, Heidelberg (2000), http://www.schneier.com/paper-yarrow.ps.gz

[5]

Ferguson, N., Schneier, B.: Practical Cryptography, pp. 161-182. John Wiley & Sons (2003).

[6]

Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Cryptanalytic Attacks on Pseudo-random Number Generators. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 168-188. Springer, Heidelberg (1998).

[7]

Gutterman, Z., Pinkas, B., Reinman, T.: Analysis of the linux random number generator. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy. IEEE Computer Society (2006).

[8]

Mackall, M.: Linux Kernel Source 2.6.32.8 Random Character Driver, (/linux2.6.32.8/drivers/char/random.c in kernel source tree).

[9]

Beige, T.: Analysis of a strong Pseudo Random Number Generator by anatomizing Linux Random Number Device (November 2006), http://www.suse.de/~thomas/papers/random-analysis.pdf

[10]

Duda, K., Cheriton, D.: Borrowed-Virtual-Time (BVT) scheduling: supporting latency-sensitive threads in a general-purpose scheduler. In: Proceedings of the 17th ACM Symposium on Operating Systems Principles, SOSP 1999 (December 1999).

[11]

"Earliest deadline first scheduling" Internet: http://en.wikipedia.org/wiki/ Earliest_deadline_first_scheduling (December 4, 2010) {April 26, 2011}.

[12]

Mathai, J.: "Scheduling - Xen Wiki" Internet: http://wiki.xensource.com/ xenwiki/Scheduling (June 09, 2007) {May 7, 2011}.

[13]

Park, S., Miller, K.: Random Number Generators: Good Ones Are Hard to Find. Communications of ACM 21(10) (October 1988).

[14]

LÈcuyer, P.: Efficient and Portable Combined Random Number Generators. Communications of the ACM 31(6), 742-774 (1988).

[15]

Carstensen, C., Fine, B., Rosenberger, G.: Abstract Algebra - Applications to Galois Theory, Algebraic Geometry and Cryptography. Heldermann Verlag (2011).

Cited By

Garillot FKondi YMohassel PNikolaenko V(2021)Threshold Schnorr with Stateless Deterministic Signing from Standard AssumptionsAdvances in Cryptology – CRYPTO 202110.1007/978-3-030-84242-0_6(127-156)Online publication date: 16-Aug-2021
https://dl.acm.org/doi/10.1007/978-3-030-84242-0_6
Chalkias KGarillot FKondi YNikolaenko V(2021)Non-interactive Half-Aggregation of EdDSA and Variants of Schnorr SignaturesTopics in Cryptology – CT-RSA 202110.1007/978-3-030-75539-3_24(577-608)Online publication date: 17-May-2021
https://dl.acm.org/doi/10.1007/978-3-030-75539-3_24
Sedighi AJacobson D(2019)Computational Challenges and Opportunities in Financial ServicesSmart Computing and Communication10.1007/978-3-030-34139-8_31(310-319)Online publication date: 11-Oct-2019
https://dl.acm.org/doi/10.1007/978-3-030-34139-8_31
Show More Cited By

Recommendations

Cloud in cloud: approaches and implementations
SIGITE '10: Proceedings of the 2010 ACM conference on Information technology education

Facilitated by the development of virtual machine (VM) technology, distributed computing and high-speed internet, cloud computing has been gradually adopted in industry and in education to deliver on-demand services and applications remotely. In this ...
A Study on Security Vulnerability on Cloud Platforms

Cloud computing provides an in-built platform to the users with easy and on-demand access to different system level services for creating virtual machines (VM) with efficient utilization of hardware, computing and network resources. This allows users to ...
Adaptive Virtual Machine Management in the Cloud: A Performance-Counter-Driven Approach

The success of cloud computing technologies heavily depends on both the underlying hardware and system software support for virtualization. In this study, we propose to elevate the capability of the hypervisor to monitor and manage co-running virtual ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

MMM-ACNS'12: Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security

October 2012

319 pages

ISBN:9783642337031

Editors:
Igor Kotenko
St. Petersburg Institute for Informatics and Automation, Russian Academy of Science, 39, 14th Liniya, St.-Petersburg, Russia
,
Victor Skormin
Binghamton University (SUNYI), 39, 14th Liniya, Binghamton, NY, Russia

Sponsors

European Office of Aerospace Research and Development of the USAF
ONRGlobal: U.S. Office of Naval Research Global
US Air Force: US Air Force

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 17 October 2012

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Garillot FKondi YMohassel PNikolaenko V(2021)Threshold Schnorr with Stateless Deterministic Signing from Standard AssumptionsAdvances in Cryptology – CRYPTO 202110.1007/978-3-030-84242-0_6(127-156)Online publication date: 16-Aug-2021
https://dl.acm.org/doi/10.1007/978-3-030-84242-0_6
Chalkias KGarillot FKondi YNikolaenko V(2021)Non-interactive Half-Aggregation of EdDSA and Variants of Schnorr SignaturesTopics in Cryptology – CT-RSA 202110.1007/978-3-030-75539-3_24(577-608)Online publication date: 17-May-2021
https://dl.acm.org/doi/10.1007/978-3-030-75539-3_24
Sedighi AJacobson D(2019)Computational Challenges and Opportunities in Financial ServicesSmart Computing and Communication10.1007/978-3-030-34139-8_31(310-319)Online publication date: 11-Oct-2019
https://dl.acm.org/doi/10.1007/978-3-030-34139-8_31
Brandt MShulman HWaidner M(2018)Internet As a Source of RandomnessProceedings of the 17th ACM Workshop on Hot Topics in Networks10.1145/3286062.3286072(64-70)Online publication date: 15-Nov-2018
https://dl.acm.org/doi/10.1145/3286062.3286072
Shor RYadgar GHuang WYaakobi EBruck JBreitgand DYadgar GPorter DEyal I(2018)How to Best Share a Big SecretProceedings of the 11th ACM International Systems and Storage Conference10.1145/3211890.3211896(76-88)Online publication date: 4-Jun-2018
https://dl.acm.org/doi/10.1145/3211890.3211896
Kumari RAlimomeni MSafavi-Naini RRay IKerschbaum FNita-Rotaru CWang XRen K(2015)Performance Analysis of Linux RNG in Virtualized EnvironmentsProceedings of the 2015 ACM Workshop on Cloud Computing Security Workshop10.1145/2808425.2808434(29-39)Online publication date: 16-Oct-2015
https://dl.acm.org/doi/10.1145/2808425.2808434
Fernandes DSoares LFreire MInácio P(2013)Randomness in Virtual MachinesProceedings of the 2013 IEEE/ACM 6th International Conference on Utility and Cloud Computing10.1109/UCC.2013.57(282-286)Online publication date: 9-Dec-2013
https://dl.acm.org/doi/10.1109/UCC.2013.57

View Options

View options

Media

Figures

Other

Tables

View Table of Contents