ANALYSIS OF THREATS TO GENERATORS OF PSEUDO-RANDOM NUMBERS AND PSEUDO-RANDOM SEQUENCES AND PROTECTION MEASURES
DOI:
https://doi.org/10.18372/2410-7840.25.18222Keywords:
generators of pseudo-random numbers, generators of pseudo-random sequences, cyber security, generation, vulnerabilities, attacks, quality assessmentAbstract
In the modern digital world with diverse applications, including cryptography, cybersecurity, and data protection, the issue of building reliable and secure pseudorandom number and sequence generators has become particularly significant. These generators create numerical sequences that appear random but are, in fact, deterministic and possess a certain structure, making them valuable in various fields. They are used for generating secret keys, ensuring confidentiality, data integrity, and transaction security, so their security is critical for applications that employ such generators. However, as the popularity and scope of pseudorandom number generators and pseudorandom sequence generators grow, so does their vulnerability to different types of attacks. Attacks on these generators can lead to the exposure of secret parameters and the compromise of security systems. Malicious actors and hackers seek various vulnerabilities in the methods and algorithms used to construct such generators to partially or fully disclose their operational principles. In this work, based on a thorough analysis of scientific publications by experts involved in the development, research, evaluation of quality, and application of pseudorandom number and sequence generators, the main vulnerabilities of these generators have been identified and described. Different types of attacks have been classified and described, and their impact on these generators has been determined. Security recommendations have been provided, and standards and testing methods have been identified to enhance the reliability, protection, and mitigation of vulnerabilities of such generators.
References
Shujun, L., Xuanqin, M., Yuanlong, C. (2001). Pseu¬do-random Bit Generator Based on Couple Chaotic Systems and Its Applications in Stream-Cipher Cryptography. In: Rangan, C.P., Ding, C. (eds) Progress in Cryptology, INDOCRYPT 2001. Lecture Notes in Computer Science, vol 2247. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45311-3_30.
Гарасимчук, О. І., Максимович, В. М. Генератори псевдовипадкових чисел, їх застосування, класифікація, основні методи побудови і оцінка якості. Захист інформації, 5(3 (16)), 2002. С. 29-36.
Хомік М.А., Гарасимчук О.І., Застосування генераторів псевдовипадкових чисел та послідовностей в кібербезпеці, методи їх побудови та оцінки якості. Захист інформації, том 25, № 3, липень-вересень 2023, С 147-159.
Поперешняк С.В. Застосування генератора псевдовипадкових чисел для підвищення ефективності технології smart dust в управлінні розумним будинком. Телекомунікаційні та інформаційні технології. 2022. № 4 (77).
A Comparative Study on Pseudo Random Number Generators in IoT devices. Efe Alkan. Delft University of Technology, Bachelor Seminar of Computer Science and Engineering, July, 2021.
Melosik, M., Galan, M., Naumowicz, M., Tylczyński, P., & Koziol, S. (2023). Cryptographically Secure PseudoRandom Bit Generator for Wearable Technology. Entropy, 25(7), p. 976.
Maldonado, M. J., & Maldonado, J. L. (2023). A novel hybrid mechanism for generation of pseudo-random sequences for data protection purposes. International Journal of Computers, 17, pp. 1-7.
Hameedi, B. A., Hattab, A. A., & Laftah, M. M. (2022). A Pseudo-Random Number Generator Based on New Hybrid LFSR and LCG Algorithm. Iraqi Journal of Science, pp. 2230-2242.
Ambili, K. N., & Jose, J. (2022). Reinforcing Lightweight Authenticated Encryption Schemes against Statistical Ineffective Fault Attack. Cryptology ePrint Archive.
Zhang, X., Qin, Z., & Zhang, Q. (2023, June). Research on the pseudorandom sequence generator based on compertz map and piecewise map. In International Conference on Cyber Security, Artificial Intelligence, and Digital Economy (CSAIDE 2023) (Vol. 12718, pp. 71-76). SPIE.
AL-khatib, M. A. S., & Lone, A. H. (2018). Acoustic lightweight pseudo random number generator based on cryptographically secure LFSR. International Journal of Computer Network and Information Security, 12(2), p. 38.
Ripley, B. D. (1990). Thoughts on pseudorandom number generators. Journal of Computational and Applied Mathematics, 31(1), pp. 153-163.
Peach, P. (1961). Bias in pseudo-random numbers. Journal of the American Statistical Association, 56 (295), pp. 610-618.
Barker, E. B., & Kelsey, J. M. (2007). Recommendation for random number generation using deterministic random bit generators (revised) (pp. 800-900). Washington, DC, USA: US Department of Commerce, Technology Administration, National Institute of Standards and Technology, Computer Security Division, Information Technology Laboratory.
Ruhault, S. (2017). SoK: Security models for pseudo-random number generators. IACR Transactions on Symmetric Cryptology, pp. 506-544.
Almaraz Luengo, E. (2022). A brief and understandable guide to pseudo-random number generators and specific models for security. Statistic Surveys, 16, pp. 137-181.
Kelsey, J., Schneier, B., Wagner, D., & Hall, C. (1998, March). Cryptanalytic attacks on pseudorandom number generators. In International workshop on fast software encryption (pp. 168-188). Berlin, Heidelberg: Springer Berlin Heidelberg.
Sidorenko, A., & Schoenmakers, B. (2005). State recovery attacks on pseudorandom generators. In WEWoRC 2005, Western European Workshop on Research in Cryptology. Gesellschaft für Informatik eV.
Röck, A., 2005. Pseudorandom number generators for cryptographic applications, p. 131.
Zenner, E. (2004). On cryptographic properties of LFSR-based pseudorandom generators.
Мандрона М.М., Гарасимчук О.І. Атаки на генератори псевдовипадкових чисел. // Вісник НУ “Львівська політехніка” – “Автоматика, вимірювання та керування”, №741. 2012, С. 251-256.
Desai, A., Hevia, A., & Yin, Y. L. (2002, April). A practice-oriented treatment of pseudorandom number generators. In International Conference on the Theory and Applications of Cryptographic Techniques (pp. 368-383). Berlin, Heidelberg: Springer Berlin Heidelberg.
Couteau, G., Dupin, A., Méaux, P., Rossi, M., & Rotella, Y. (2018, October). On the concrete security of Goldreich’s pseudorandom generator. In International Conference on the Theory and Application of Cryptology and Information Security (pp. 96-124). Cham: Springer International Publishing.
Johansson, T., & Jönsson, F. (2000). Fast correlation attacks through reconstruction of linear polynomials. In Advances in Cryptology—CRYPTO 2000: 20th Annual International Cryptology Conference Santa Barbara, California, USA, August 20-24, 2000 Proceedings 20 (pp. 300-315). Springer Berlin Heidelberg.
Гулак, Г. М., Мухачов, В. А., Хорошко, В. О., & Яремчук, Ю. Є. (2011). Основи криптографічного захисту інформації: підручник. Вінниця: ВНТУ, С. 72-79.
Johansson, T., & Jönsson, F. (1999). Fast correlation attacks based on turbo code techniques. In Advances in Cryptology—CRYPTO’99: 19th Annual International Cryptology Conference Santa Barbara, California, USA, August 15–19, 1999 Proceedings 19 (pp. 181-197). Springer Berlin Heidelberg.
Горбенко, С. І., Шапочка, Н. В., Гріненко, Т. О., Нейванов, А. В., & Мордвінов, Р. І. (2011). Методи та засоби генерування псевдовипадкових послідовностей.
Chose, P., Joux, A., & Mitton, M. (2002). Fast correlation attacks: An algorithmic point of view. In Advances in Cryptology – EUROCRYPT 2002: International Conference on the Theory and Applications of Cryptographic Techniques Amsterdam, The Netherlands, April 28-May 2, 2002 Proceedings 21 (pp. 209-221). Springer Berlin Heidelberg.
ISO/IEC 18031:2011 Information technology – Security techniques – Random bit generation URL: https://www.iso.org/standard/54945.html.
ISO/IEC 18032:2020 Information security – Prime number generation. URL: https://www.iso.org/stan-dard/72009.html.
ДСТУ ISO/IEC 19790:2015 Інформаційні технології. Методи захисту. Вимоги безпеки до криптографічних модулів (ISO/IEC 19790:2012, IDT). URL: http://shop.uas.org.ua/ua/informacijni-tehno¬logii-metodi-zahistu-vimogi-bezpeki-do-kriptografi¬chnih-moduliv.html.
NIST SP 800-22 Version 1a. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications; NIST: Gaithersburg, MD, USA, (2010); p. 131. Available online: https:// nvlpubs.nist.gov / nistpubs / Legacy/SP/ nistspecialpublication800-22r1a.pdf (accessed on 20 April 2023).
Min, Lequan et al. “Analysis of FIPS 140-2 Test and Chaos-Based Pseudorandom Number Generator.” (2013).
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).