Adopting a reliable security standard is essential for most
enterprises - and a hardware data encryption system is more
reliable than a software-based one
As data traffic over public and private data networks increases,
it becomes increasingly important to protect the privacy of
information stored on and exchanged between personal computers.
One of these building blocks is a hardware RNG. This paper is an
introduction to fundamental security concepts of data encryption,
user authentication and digital signature usage, and points out the
importance of the hardware-based RNGs to these concepts. It also
describes why the hardware-based RNGs are superior to
software-based RNGs currently used in security programs.The
computer has become a ubiquitous information appliance touching
almost every aspect of life. Whether used to track personal
finances, send email to friends, design the next generation
aircraft, purchase a book over the Internet or maintain banking
records, computing systems play an increasing and significant role
in the modern world.One of the most significant advances in
computing this decade has been the development and advancement of
networked computing. Local Area Networks, Wide Area Networks, the
global Internet and even home networking have created an enormous
network of computing resources that provides a wealth of
information to anyone with a computer and modem or network
card.This pervasive and ever-expanding connectivity is, in most
respects, a tremendous asset. However, it also brings an increased
need for strong computer and communications security. Enhanced
platform security is needed to manage the increasingly open
connectivity the future holds and to ease the security concerns of
users, particularly new users that have been reluctant to get
connected in the past. Better PC security is fundamental to future
growth in the use of PCs for electronic business and electronic
commerce applications. Platform silicon is a key element to
achieving this level of security. By implementing key security
features at the silicon level in every PC platform, all systems
will develop a core foundation of security capabilities. Enhanced
security will become ubiquitous and synonymous with the Intel
architecture platform. A security solution implemented in hardware
is often more robust than a software solution, since hardware has
the unique ability to hide secrets. Better security solutions
implemented across all PC systems will pave the way towards
increased connectivity, access to new products and services and new
business models.The RNG is a fundamental building block for
strengthening and securing the confidentiality of electronic
communications. Random number generation is a key component of the
encryption processes that protect data. Most RNGs available today
are software-based which are not capable of generating truly random
data. Because software RNGs generates random data by means of a
fixed algorithm, their output can be predictable. This
predictability weakens software-only encryption schemes relative to
hardware-based systems.The silicon-based RNG generates true random
numbers (numbers which are unpredictable) which can increase the
strength of an encryption system. Some might argue that it is not
possible to generate a "true" random number. This paper assumes
Schneier's definition of true (or real) RNGs ( they generate
sequences that look random, are unpredictable and cannot be
reliably reproduced. Businesses and consumers rely on networks for
communication, using computers as their protected entry point. In a
world that increasingly depends on digital information, computer
users can now justifiably expect more security. The hardware RNG
provides a strong foundation for PC data security. ISVs
(Independent Software Vendors) demand a ubiquitous platform upon
which to deploy their enhanced solutions. The security building
blocks enable OEMs to deliver new security technology on broadly
deployed platforms and to enhance their product lines with a new
category of security-enabled systems.Cryptography is defined as
"the art and science of keeping messages secure." There are three
major elements to keeping messages secure:Authentication: Ensuring
that the person at the other end of the connection is who you think
they are (to eliminate fraud)Confidentiality: Ensuring that no
unauthorised person listening to the transaction is able to extract
meaningful informationIntegrity: Ensuring that there are no
undetected changes to the transaction as it travels from the sender
to the intended recipientRandom numbers are fundamental building
blocks of cryptographic systems and, as such, play a key role in
each of these elements. Random numbers are used to inject
unpredictable or non-deterministic data into cryptographic
algorithms and protocols to make the resulting data streams
unrepeatable and virtually unguessable.
AuthenticationRandom
numbers are used to authenticate systems with a "challenge" or a
piece of unrepeatable and virtually unguessable data to process and
return. For example, a simple challenge-response authentication
protocol is carried out as follows:A client requests access to
password protected information stored on a serverThe server
responds with a random challenge ( a random number, possibly
combined with other informationThe client encrypts the random
challenge using its password as a key and then returns the
encrypted challenge to the serverThe server encrypts the same
random challenge with the client's password (which the server gets
from its own password database)The server compares the two results.
If the results match, the server has authenticated the client
without the client ever sending its password over the
network
ConfidentialityConfidentiality is provided through
data encryption, which is the process of combining plain text input
(plain text) with a cryptographic key in a well-defined manner and
returning cipher text (encrypted data). In an ideal cryptosystem,
it is impossible for anyone to decrypt the cipher text without the
decryption key. There are two major types of cryptographic keys:
symmetric and asymmetric. Symmetric keys can be used for both
encrypting and decrypting data. Asymmetric keys are produced in
pairs, each pair consisting of a public key, generally used to
encrypt data and a private key, generally used to decrypt data.The
strength of a cryptosystem lies in the strength of the key, which
is a function of the key length (number of bits) and the randomness
of the number used to generate the key. Although it is true that a
weak algorithm can leak information that will make it possible to
decipher a message, ultimately it is the strength of the secret key
that makes an encrypted message impervious to discovery. It is for
this reason that sufficiently long, truly random numbers should be
used in key generation. "Sufficiently long" in this context means
that the number is large enough that it cannot be guessed in the
useful lifetime of the encrypted data it protects. For example,
some common key lengths in use today are 40 (RC4), 56 (DES), 128
(RC4), and 168 (3-DES) bits.
IntegrityThe integrity of a
message sent over a network can be guaranteed through digital
signatures and cryptographic hashes. A digital signature is a
fixed-length binary string unique to a given message, signed with a
private key. The unique string (known as a message digest or
cryptographic hash) is similar to a fingerprint ( although the
number of possible messages is enormous, the likelihood of any two
hashes being the same is miniscule. Because the hash is signed with
the originator's private key, anyone with the originator's public
key can decrypt the message certain in the knowledge that the owner
of the private key originated the message. By generating another
hash of the message using the same hashing algorithm as the
originator, and comparing the new hash with the signed hash, the
recipient can verify that the message did not change after leaving
the originator. Random numbers are used in some digital signature
generation algorithms to make it difficult for a malicious party to
forge the signature. The degree of randomness of the random number
has a direct impact on the strength of the signature.
Random
numbersRandom numbers are fundamental to all aspects of data
security. The strength of a security mechanism is directly
proportional to the randomness of the numbers it uses. As an
example, consider the process of encrypting data. Assume for a
moment that we are going to encrypt some data using the following
simple encryption algorithm: p k c wherec = the encrypted
ciphertextk = the encryption key (derived from a random number)p =
the original message (plaintext)If k = 2 and p = "DOGS HAVE FOUR
LEGS", then c = "FQIU JCXG HQWT NGIU"3 (each letter in the plain
text is incremented by 2 to generate the ciphertext, so A=C, B=D,
etc.). This message looks pretty mixed up, but given the algorithm
(most popular algorithms are widely published), it could be decoded
in a few seconds even without the use of a computer. Further, if
the value of k were fixed (i.e., if the same key were used each
time) it would take very little effort to decode subsequent
messages, which means that the encryption is compromised. Now
consider a slightly stronger algorithm. Assume that there is a
different key for each message. For the sake of simplicity, we'll
use the original algorithm, p k c. Having already intercepted one
message and learned that k (the secret key) = 2, it was easy to
decode this message.Now let's look at another message: WXVSRK OICW
WIGYVI HEXE. Most people would decipher this message using a "brute
force" attack. That is, they would guess a value for k and see if
the resulting message made sense. Then they would guess another
value, and so on. Here is a brute force attack using sequential
values of k , starting at 1:k = 1: VWURQJ NHBV VHFXUH GDWDk = 2:
UVTQPI MGAU UGEWTG FCVCk = 3: TUSPOH LFZT TFDVSF EBUBk = 4: STRONG
KEYS SECURE DATAYou have probably discovered that there is a
pattern to the keys. Each new key is equal to the previous key plus
two. If you had to decrypt a lot of these messages in your head, it
might take you a minute or two each time. A computer could do it
almost instantaneously. The encryption is weak because there is a
pattern to the keys ( they are not random. Now try decoding the
next three messages.HVS GIB WG O MSZZCK GHOFL UHDG D JUHDW ERRN
BHVWHUGDBOXKALJ KRJYBOP XOB FJMLOQXKQA trained cryptographer might
use linguistic analysis as a more efficient approach than brute
force, but that is beyond the scope of this paper.THE SUN IS A
YELLOW STAR (key = 14)I READ A GREAT BOOK YESTERDAY (key = 3)RANDOM
NUMBERS ARE IMPORTANT (key = 23)The reason it was harder was that
the keys were chosen at random. Unless you detected some pattern,
you probably had to use a brute force attack on all three messages.
As this example illustrates, using random keys makes decryption
much more difficult (unless you already know the key). In this
extremely simplistic example, the range of valid keys was 1 - 25.9.
In a realistic modern cryptosystem there are typically 2 40 (= 10
12 ) possible 40-bit keys or 2 128 (= 10 38 ) 128-bit keys. It
would take a lot of computing power to guess the correct key. If,
on the other hand, the keys are not generated at random and one can
find a pattern or narrow the range of possible values, finding the
real key becomes much easier. In fact, if just one bit of a key can
be predicted, the work required to determine the rest of the key is
cut in half.To illustrate, assume for a moment that a hypothetical
person named Alice is going to encrypt a message using a 4-digit 10
key (which has 10,000 possible values). Imagine that an unknown
eavesdropper, Eve, was able to watch Alice select a key. Eve
noticed that Alice looked at a digital clock to select the number.
Eve could immediately conclude that Alice's key was in the range 0
- 59, greatly simplifying her task of decrypting Alice's message.
In fact, if Eve knew what time it was when Alice selected her key,
she might be able to narrow the possible range of keys to just 3 or
4 (to account for possible discrepancies between her clock and
Alice's). Suddenly Alice's 4-digit key has been effectively reduced
to 1 digit and Eve could crack the encrypted message in just 3 or 4
attempts.Alice could strengthen her encryption system by using a
hardware RNG. By definition, a random number is unpredictable. It
is independent of all other numbers and therefore is not part of
any pattern. As a result, a truly random number can be discovered
only through a process of trial and error (a.k.a. "brute
force").Utilising a true random number to generate an
encryption/decryption key will yield the strongest possible
encryption for a given cryptosystem. If a true RNG were used to
generate the key in the example above, it would take Eve, on
average, 5,000 attempts (half of all possible values) to guess
Alice's decryption key. Most modern computer programs use
software-generated, pseudo random numbers rather than true random
numbers. Pseudo RNGs (PRNGs) require a "seed" which is used as an
operand in a mathematical computation to create the pseudo random
number. Typical seeds are bits of data collected from various
aspects of the computer's internals, including the clock, running
processes, status registers, key press timing and mouse
movements.Because PRNGs employ a mathematical algorithm for number
generation, all PRNGs possess the following properties:A seed value
is required to initialise the equationThe generated sequence of
numbers will eventually repeatApplication developers who require
non-deterministic output from a PRNG must take pains to provide an
unguessable seed value and an algorithm with a period that is
sufficiently long. The seed sources mentioned above can be used to
incorporate randomness into the seed. However, system interrupt and
event handling within different systems have been known to reduce
the effective randomness of these sources.In spite of the drawbacks
of PRNGs, they are widely used in computer applications. PRNGs are
readily available for all types of computer systems today. Because
they are implemented in software, PRNGs are easy to add to a
system. Most computer applications today use PRNGs to generate the
"random" data they require. Many of the better PRNGs produce
acceptable output for non-cryptographic applications (such as
modeling, gaming, etc.). However, as the power of computing systems
increases, cryptographic applications demand a higher degree of
randomness than can be provided by a PRNG. Because they are not
truly random, pseudo random numbers cannot give the level of
cryptographic protection that true random numbers can provide.A
hardware RNG is an electronic device that produces genuine random
numbers (as opposed to pseudo random numbers). Generally, these
devices operate by extracting data from a thermal noise source such
as a resistor or a semiconductor diode or from air turbulence
within a sealed, dedicated disk drive.Hardware RNGs are
non-deterministic by nature ( no algorithm can be used to
predetermine subsequent bits. Thus, hardware RNGs are not
susceptible to intrusion or exposure by algorithm disassembly or
disclosure. The property of non-determinism has been shown to be
especially important in specific RNG applications such as certain
scientific and financial modeling techniques, government-sponsored
lotteries and computer security technology such as cryptography and
digital signatures.Hardware RNGs do not require seeds because
hardware random numbers are not computed values. They are not
derived through a repeatable algorithm. Rather, hardware-generated
random numbers are digitised snapshots of naturally occurring
thermal noise.
Compiled by Ajith Ram( Intel 1999