denisovd - Fotolia
Encryption keys too predictable, warn security researchers
Encryption keys are not as random as most people think, which means encrypting data is often not as secure as it could be, according to security researchers
Researchers at Los Alamos National Laboratory (LANL) have found that most random number generators used for encryption keys are not truly random.
They found that encryption keys are potentially predictable because software-based random number generators – typically part of the operating system – have a limited capacity.
This is because the software typically depends on capturing signals or events from the physical world, such as mouse movements, hard drive activity and network traffic, to increase the level of randomness.
But because these sources are finite, software-generated encryption keys are not truly random, and could be predicted by attackers. But few organisations are aware of these shortcomings because there is no mechanism for certifying the quality of random number generators.
To address this problem, the quantum security team at LANL spent a decade developing and perfecting the ability to deliver pure entropy – the foundation of randomness – using quantum technology.
Quantum random number generation is widely regarded as one of the most mature quantum technologies and the inherent randomness at the core of quantum mechanics makes quantum systems a perfect source of entropy. Therefore, only pure quantum entropy is considered to be capable of enabling the generation of truly random numbers for creating cryptographic keys that are impossible to predict.
This capability to generate truly random numbers has been made commercially available through a spin-off firm named Whitewood in reference to Thomas Jefferson’s wheel cipher, that was made using discs cut from a cylinder of white wood.
Whitewood is a subsidiary of Allied Minds, which licenses technology from universities and research labs and then sets up companies to commercialise those technologies and take them to market.
In June 2017, Whitewood made this capability available as a free cloud-based service for servers, desktops and laptops running on the Microsoft Windows operating system.
Whitewood Entropy Engine
The service is based on the Whitewood Entropy Engine, which uses the core technology developed by LANL and is designed to strengthen cryptographic security systems in traditional datacentres, virtual cloud environments and embedded systems, including internet of things (IoT) devices, where encryption is used increasingly for authentication and assurance of integrity and confidentiality.
The use of crypto tools such as encryption have become ubiquitous in modern IT environments and play a critical role in emerging technologies such as blockchain and bitcoin services and in helping organisations to comply with the EU’s General Data Protection Regulation (GDPR).
“Encryption is viewed by many organisations as a ‘get out jail card’ because if they can demonstrate that data was encrypted, they don’t have to disclose that they lost it,” said Richard Moulds, general manager of Whitewood.
“And in the payments world, there are some cost saving benefits because if you encrypt credit card numbers, that database is out of scope in terms of PCI DSS [payment card industry data security standard] assessments.”
According to Moulds, PCI DSS is ahead of the GDPR in terms of encryption requirements, so perfect random number generation is likely to become increasingly important for the retail industry, while it is already an area of great interest for banks, the financial services industry and the military.
Broader product portfolio
The free netRandom service for Windows is part of a broader product portfolio from Whitewood that includes support for Linux as well as on-premise entropy management systems with granular reporting functionality and quantum random number generators (QRNGs) for organisations that prefer to deploy their own dedicated or private security infrastructure.
The free service delivers on-demand, quantum entropy from a cloud-based server over standard IP networks to continuously re-seed existing random number generators to make them work properly. Just as the network time protocol drip-feeds time synchronisation to devices, the Whitewood drip-feeds entropy into devices as a background service.
“Random number generation is critical for security, but is often poorly understood and is a point of attack and vulnerability – highlighted by the SANS Institute as one of the seven most dangerous attacks for 2017,” said Moulds.
“The growing widespread use of cryptography raises the bar for randomness, making the current ‘best-effort’ approaches to random number generation no longer sufficient.
“In some ways, this is a dirty little secret in the crypto industry, and although it is a problem that is almost universal, almost nobody has thought about it. People tend to worry about where and how encryption keys are stored, who has access to the keys, and who is able to revoke a key, but few people think about where those keys come from or about how random they are.”
Underlining the problem, researchers at the University of Pennsylvania found in a 2012 study that 0.75% of TLS certificates shared keys because of insufficient entropy during key generation, and that they were able to obtain the private keys for 0.50% of TLS hosts and 0.03% of SSH hosts because their public keys shared non-trivial common factors due to poor randomness.
Raise the bar for randomness
According to Moulds, new data protection and privacy regulation such as GDPR raise the bar for randomness even further as organisations seek to use strong encryption, both to protect data from theft by making it unintelligible and to potentially avoid data breach disclosure obligations.
The rapid growth of the IoT is also focusing attention on crypto security as a means of ensuring correct operation and trustworthiness of safety-critical devices and systems such as drones, driverless cars and smart grid infrastructure, he said.
“Cryptographic keys can be compromised through theft or calculated guesswork,” said Moulds. “There is a constant race to keep ahead of the attackers who can exploit ever-faster processing resources to break traditional random number and key generation methods and crypto algorithms – a capability that will get a further boost with the availability of quantum computers.”
The trend towards virtualisation, containers and distributed environments compounds the problem by abstracting applications from the physical world and the entropy within it, he said.
“In the virtual world running on shared hardware with dynamic replication, there can be little or no real entropy, increasing the risk of entropy starvation and making it virtually impossible to guarantee the quality of key generation and system security without entropy from a trusted source,” said Moulds.
For this reason, Whitewood is able to deliver entropy not only to physical machines, but also to virtual machines, containers and IoT devices. Whatever random generators developers use, they will work correctly because they are being seeded or shuffled so frequently, said Moulds.
Whitewood has solved three problems, he said: “How to generate good entropy fast so there is enough to supply thousands of virtual machines; how to deliver it securely over a network; and we plugged it into the operating system so we are not forcing application developers to adopt a different random number generator because we are enabling existing random number generators in Windows and Linux to work better.”
