Random numbers are vital for encryption in network security
Use of Random Numbers:
Several cryptographic-based security algorithms require random numbers, including:
- Generating keys for RSA and other public-key systems.
- Creating stream keys for symmetric ciphers.
- Producing symmetric keys for temporary session keys, used in applications like TLS, Wi-Fi, email security, and IP security.
- Using random numbers in key distribution methods like Kerberos to prevent replay attacks.
Random numbers need to be both random and unpredictable:
RANDOMNESS:
A sequence of random numbers should follow statistical consistency, including:
- Uniform distribution: Ones and zeros should occur at similar frequencies.
- Independence: No subsequence can be predicted from others.
While uniform distribution can be tested, proving independence is complex and relies on multiple tests, especially in cryptographic designs like RSA, which uses random numbers to determine prime numbers—a process made feasible by randomization.
UNPREDICTABILITY:
For tasks like mutual authentication and session key generation, numbers must not only be random but unpredictable. True random sequences are statistically independent. Often, algorithms that simulate randomness, known as pseudorandom numbers, are used.
TRNGs, PRNGs, and PRFs:
Cryptographic processes often employ algorithmic random number generation, which yields pseudorandom sequences. These sequences seem random statistically, despite being deterministic.
Experts acknowledge pseudorandom numbers for practical use despite philosophical hesitations. True random number generators (TRNGs) use natural entropy sources like system clock values, while pseudorandom number generators (PRNGs) rely on a seed and a deterministic algorithm.
PRNGs produce extensive bit streams, serving applications like symmetric ciphers, whereas pseudorandom functions (PRFs) generate fixed-length strings for keys and nonces. Both must ensure randomness and unpredictability, with PRNGs also potentially using context-specific input.
Algorithm Design:
Cryptographic PRNGs can derive from two main strategies:
- Purpose-built algorithms specifically designed for pseudorandom bit stream generation. Some are general-purpose, while others, like RC4, support stream ciphers.
- Algorithms based on existing cryptographic algorithms that inherently randomize inputs, utilized in PRNGs via symmetric block ciphers, asymmetric ciphers, and hash functions.
Both approaches yield secure PRNGs, with operating systems potentially offering built-in algorithms. Where encryption or authentication is already in use, reusing cryptographic code for PRNGs is efficient and common practice.
0 Comments