APPLICATION OF GENERATORS OF PSEUDO-RANDOM NUMBERS AND SEQUENCES IN CYBER SECURITY, METHODS OF THEIR CONSTRUCTION AND QUALITY ASSESSMENT
DOI:
https://doi.org/10.18372/2410-7840.25.17940Keywords:
pseudorandom number generators, pseudorandom sequence generators, cyber security, generation, testing, quality assessmentAbstract
Due to the rapid development of computing and measurement technology, as well as the implementation of advanced technologies, the scope of application for pseudo-random number generators and pseudo-random sequences has significantly expanded, placing new demands on their design and quality evaluation methods. Quality pseudo-random sequences, although essentially deterministic, possess nearly all the properties of true random processes and successfully replace them, as the generation of random sequences is extremely complex. Due to the diversity and wide range of tasks that require the use of pseudo-random numerical sequences, new algorithms, methods, and tools for obtaining such sequences are constantly being developed and improved. Using pseudo-random sequence generators, one can obtain sequences of numbers where each element is practically independent of others and follows a specific prescribed distribution law, with the uniform distribution being the most common. Thanks to their statistical properties and generation speed, pseudo-random number and sequence generators are essential tools in various fields, including simulation modeling (economic, mathematical, physical, medical research, military applications), computer game development (generation of 3D models, textures, and worlds, as well as creating diversity and randomness in the behavior of characters and events), and measurement technology. Overall, it's important to note that developers of pseudo-random sequence generators face a set of stringent requirements regarding specific characteristics of the results they create using these generators. These requirements can vary depending on the generator's intended purpose and can be particularly high and demanding when pseudo-random sequences are used in cybersecurity and information protection. For example, for cryptographic applications, the requirements are extremely rigorous and may sometimes even contradict each other. To verify whether the generated sequence meets the specified criteria and requirements, it is necessary to evaluate its quality, which involves assessing various features and parameters. Since the development of pseudo-random sequence generators aims to make them resemble sequences of truly random numbers, the basis for any evaluation of generators lies in comparing the statistical characteristics of the generated sequence with the characteristics of truly random sequences. For this purpose, various tests are used, which allow the detection of existing statistical regularities and, thus, the identification of low-quality pseudo-random sequences.
References
Gnatyuk, S., Y. Burmak, R. Berdibayev, M. Alek-sander, D. Ospanova. «Метод побудови генераторів псевдовипадкових послідовностей для криптографічних застосувань у 5G мережах». Електронне фахове наукове видання «Кібербезпека: освіта, наука, техніка», вип. 4, вип. 12, Червень 2021, С. 151-162.
Горбенко, І. Д., Н. В. Шапочка, and О. О. Козулін. "Обґрунтування вимог до генераторів випадкових бітів згідно ISO/IEC 18031." Радіоелектронні і комп’ютерні системи 6. 2009. С. 94-97.
Горбенко І.Д. Прикладна криптологія: Теорія. Практика. Застосування: монографія / І.Д. Гор-бенко, Ю.І. Горбенко. Харків.: Вид-во «Форт», 2012. 880 с.
Євсеєв С.П., Корольов Р.В., Краснянська М.В.. Аналіз сучасних методів формування псевдовипадкових послідовностей. Восточно-Европейский журнал передовых технологий №3(45), 2010. С.11-15.
Гарасимчук, О. І., Максимович, В. М. Генератори псевдовипадкових чисел, їх застосування, класифікація, основні методи побудови і оцінка якості. Захист інформації, 5(3 (16)), 2002. С. 29-36.
Mandrona, M.; Maksymovych, V.; Harasymchuk, O.; Kostiv, Y. Generator of pseudorandom bit sequence with increased cryptographic immunity. Metall. Min. Ind. 2014. pp. 24-28.
Barker, E. , Feldman, L. and Witte, G. Recommenda-tion for Random Number Generation Using Deter-ministic Random Bit Generators, ITL Bulletin, Na-tional Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/ publication/get_pdf.cfm?pub_id=919165 (Accessed November 20, 2022).
L’Ecuyer, Pierre & Simard, Richard. TestU01: A C library for empirical testing of random number generators. ACM Transactions on Mathematical Software 33(4, article 22). 2007.
Baldanzi, L.; Crocetti, L.; Falaschi, F.; Bertolucci, M.; Belli, J.; Fanucci, L.; Saponara, S. Cryptographically Secure Pseudo-Random Number Generator IP-Core Based on SHA2 Algorithm. Sensors 2020, 20, 1869. https://doi.org/10.3390/s20071869.
Orúe, A.B., Hernández Encinas, L., Fernández, V., Montoya, F. (2018). A Review of Cryptographically Secure PRNGs in Constrained Devices for the IoT. In: Pérez García, H., Alfonso-Cendón, J., Sánchez González, L., Quintián, H., Corchado, E. (eds) International Joint Conference SOCO’17-CISIS’17-ICEUTE’17 León, Spain, September 6-8, 2017. Pro-ceeding. SOCO ICEUTE CISIS 2017 2017 2017. Advances in Intelligent Systems and Computing, vol 649. Springer, Cham. https://doi.org/10.1007/978-3-319-67180-2_65.
Maksymovych, V.; Shabatura, M.; Harasymchuk, O.; Shevchuk, R.; Sawicki, P.; Zajac, T. Combined Pseudo-Random Sequence Generator for Cyberse-curity. Sensors (Basel) 2022, 22, 9700, doi:10.3390/ s22249700.
Maksymovych, V.; Nyemkova, E.; Justice, C.; Shabatura, M.; Harasymchuk, O.; Lakh, Y.; Rusynko, M. Simulation of Authentication in Information-Processing Electronic Devices Based on Poisson Pulse Sequence Generators. Electronics (Basel) 2022, 11, 2039, doi:10.3390/electronics11132039.
Maksymovych, V.; Shabatura, M.; Harasymchuk, O.; Karpinski, M.; Jancarczyk, D.; Sawicki, P. Development of Additive Fibonacci Generators with Improved Characteristics for Cybersecurity Needs. Appl. Sci. (Basel) 2022, 12, 1519, doi:10.3390 / app 1203¬1519.
Almaraz Luengo, E. A brief and understandable guide to pseudo-random number generators and specific models for security. Statistic Surveys, 2022. pp. 137-181.
Поперешняк С.В.. Тестування генератора псевдо-випадкових чисел як складова безпеки інтернету речей. «Наукоємні технології», № 2(46), 2020.
Kietzmann, T. C. Schmidt, and M. Wählisch, A Guideline on Pseudorandom Number Generation (PRNG) in the IoT. ACM Comput. Surv. 2022, 54, 1–38. https://doi.org/10.1145/3453159.
Orúe, A.B.; Hernández Encinas, L.; Fernández, V.; Montoya, F. A Review of Cryptographically Secure PRNGs in Constrained Devices for the IoT. In Pro-ceedings of the SOCO 2017, ICEUTE 2017, CISIS 2017: International Joint Conference SOCO’17-CISIS’17-ICEUTE’17 León, Spain, 6–8 September 2017; Pérez García, H., Alfonso-Cendón, J., Sánchez González, L., Quintián, H., Corchado, E., Eds.; (Ad-vances in Intelligent Systems and Computing Book Series); Springer: Cham, Switzerland, 2018; Volume 649. https://doi.org/10. 1007/ 978-3-319-67180-2_65.
A Comparative Study on Pseudo Random Number Generators in IoT devices. Efe Alkan. Delft Univer-sity of Technology, Bachelor Seminar of Computer Science and Engineering, July, 2021.
Lew, Chee Hon and Chaw-Seng Woo. “Design and Implementation of -Text based Watermarking com-bined with Pseudo-Random Number Generator (PRNG) for Cryptography Application.”, 2013.
Chen, J., Miyaji, A., Su, C. (2014). Distributed Pseudo-Random Number Generation and Its Application to Cloud Database. In: Huang, X., Zhou, J. (eds) In-formation Security Practice and Experience. ISPEC 2014. Lecture Notes in Computer Science, vol 8434. Springer, Cham. https://doi.org/10.1007/978-3-319-06320-1_28.
De Bernardi, M., Khouzani, M.H.R., Malacaria, P. (2019). Pseudo-Random Number Generation Using Generative Adversarial Networks. In: et al. ECML PKDD 2018 Workshops. ECML PKDD 2018. Lec-ture Notes in Computer Science, vol 11329. Springer, Cham. https: // doi.org / 10.1007 /978-3-030-13453-2_15.
A Statistical Test Suite for Random and Pseudoran-dom Number Generators for Cryptographic Applica-tions. Andrew Rukhin, Juan Soto, James Nechvatal, Miles Smid, Elaine Barker, Stefan Leigh, Mark Levenson, Mark Vangel, David Banks, Alan Heckert, James Dray, San Vo. NIST Special Publication 800-22, Revision 1a, April, 2010.
PAROL M., DĄBAL P, SZPLET R. Pseudo-random bit generators based on linear-feedbackshift registers in a programmable device. Measurement Automation Monitoring, Jun. 2016, no. 06, vol. 62, ISSN 2450-2855.
R. S. Durga, C. K. Rashmika, O. N. V. Madhumitha, D. G. Suvetha, B. Tanmai and N. Mohankumar, "Design and Synthesis of LFSR based Random Number Generator," 2020 Third International Con-ference on Smart Systems and Inventive Technology (ICSSIT), Tirunelveli, India, 2020, pp. 438-442, doi: 10.1109/ ICSSIT48917.2020.9214240.
Гарасимчук О.І., Максимович В.М., Генератори пуассонівського імпульсного потоку на основі ге-нераторів М-послідовностей // Вісник Націона-льного університету “Львівська політехніка” “Комп'ютерні науки та інформаційні технології”, №521, 2004. С. 17-23.
Cryptography and Network Security: Principles and Practice, 7th edition. William Stallings.767 p.
Sovyn Ya., Nakonechny Yu., Opirskyy I., Stakhiv M. Analysis of hardware support of cryptography in Internet of Things-devices // Ukrainian Scientific Journal of Information Security, 2018, vol. 24, issue 1, pp. 36-48.
Н.А. Кошева, Н.І. Мазниченко. Ідентифікація користувачів інформаційно-комп’ютерних систем: аналіз і прогнозування підходів. «Системи обробки інформації», №6(113), 2013.
A Systematic Analysis of the Juniper Dual EC Incident. Stephen Checkoway, Jacob Maskiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Mat-thew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla, Hovav Shacham. October, 2016.
Добрєцова О.А., Руснак М.А.. Генератор одноразових захищених чатів. Чернівецький національний університет імені Юрія Федьковича. 2022.
Деркач Д.О. Обгрунтування методики захисту інформації на основі використання технології блокчейн у фінансово-технологічних застосунках. Дніпро, 2020.
Крюков К.Є.. Порівняльний аналіз криптографічно стійких генераторів псевдовипадкових чисел. VІ Міжнародна науково-практична конференція "Інформаційна безпека та комп’ютерні технології", 2023.
Соколовська, Г. В. Статистичний аналіз генераторів псевдовипадкової послідовності у програмних середовищах Matlab та Mathcad [Текст] / Г. В. Соколовська // Моделювання та інформаційні тех-нології: зб. наукових праць. 2013. Вип. 66. С. 26-30.
Поперешняк С.В. Методика статистичного аналізу випадковості послідовностей, що породжуються генераторами випадкових та псевдовипадкових чисел. Телекомунікаційні та інформаційні технології. 2022. № 3 (76).
Lorek P.; Łoś G.; Gotfryd K.; Zagórski F. On testing pseudorandom generators via statistical tests based on the arcsine law. Journal of Computational and Ap-plied Mathematics 2020, 380, 112968, doi:10.1016/ j.cam.2020.112968.
Sýs, M.; Říha, Z. Faster Randomness Testing with the NIST Statistical Test Suite. In Security, Privacy, and Applied Cryptography Engineering; Springer In-ternational Publishing: Cham, 2014; pp. 272-284 ISBN 9783319120591.
Knuth, Donald E. The Art of Computer Programming. 3rd ed., Addison Wesley, 1997.
Alani, M.M. (2010). Testing randomness in ciphertext of block-ciphers using DieHard tests. International Journal of Computer Science and Network Security (IJCSNS), 10(4). pp. 53-57.
NIST SP 800-22 Version 1a. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications; NIST: Gaithersburg, MD, USA, (2010); p. 131. Available online: https:// nvlpubs.nist.gov / nistpubs / Legacy/SP/ nistspe-cialpublication800-22r1a.pdf (accessed on 20 April 2023).
Min, Lequan et al. “Analysis of FIPS 140-2 Test and Chaos-Based Pseudorandom Number Generator.”, 2013.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).