Adopting a reliable security standard is essential for most enterprises - and a hardware data encryption system is more reliable than a software-based one
As data traffic over public and private data networks increases, it becomes increasingly important to protect the privacy of information stored on and exchanged between personal computers.
One of these building blocks is a hardware RNG. This paper is an introduction to fundamental security concepts of data encryption, user authentication and digital signature usage, and points out the importance of the hardware-based RNGs to these concepts. It also describes why the hardware-based RNGs are superior to software-based RNGs currently used in security programs.
The computer has become a ubiquitous information appliance touching almost every aspect of life. Whether used to track personal finances, send email to friends, design the next generation aircraft, purchase a book over the Internet or maintain banking records, computing systems play an increasing and significant role in the modern world.
One of the most significant advances in computing this decade has been the development and advancement of networked computing. Local Area Networks, Wide Area Networks, the global Internet and even home networking have created an enormous network of computing resources that provides a wealth of information to anyone with a computer and modem or network card.
This pervasive and ever-expanding connectivity is, in most respects, a tremendous asset. However, it also brings an increased need for strong computer and communications security. Enhanced platform security is needed to manage the increasingly open connectivity the future holds and to ease the security concerns of users, particularly new users that have been reluctant to get connected in the past. Better PC security is fundamental to future growth in the use of PCs for electronic business and electronic commerce applications.
Platform silicon is a key element to achieving this level of security. By implementing key security features at the silicon level in every PC platform, all systems will develop a core foundation of security capabilities. Enhanced security will become ubiquitous and synonymous with the Intel architecture platform. A security solution implemented in hardware is often more robust than a software solution, since hardware has the unique ability to hide secrets. Better security solutions implemented across all PC systems will pave the way towards increased connectivity, access to new products and services and new business models.
The RNG is a fundamental building block for strengthening and securing the confidentiality of electronic communications. Random number generation is a key component of the encryption processes that protect data. Most RNGs available today are software-based which are not capable of generating truly random data. Because software RNGs generates random data by means of a fixed algorithm, their output can be predictable. This predictability weakens software-only encryption schemes relative to hardware-based systems.
The silicon-based RNG generates true random numbers (numbers which are unpredictable) which can increase the strength of an encryption system. Some might argue that it is not possible to generate a "true" random number. This paper assumes Schneier's definition of true (or real) RNGs ( they generate sequences that look random, are unpredictable and cannot be reliably reproduced.
Businesses and consumers rely on networks for communication, using computers as their protected entry point. In a world that increasingly depends on digital information, computer users can now justifiably expect more security. The hardware RNG provides a strong foundation for PC data security. ISVs (Independent Software Vendors) demand a ubiquitous platform upon which to deploy their enhanced solutions. The security building blocks enable OEMs to deliver new security technology on broadly deployed platforms and to enhance their product lines with a new category of security-enabled systems.
Cryptography is defined as "the art and science of keeping messages secure." There are three major elements to keeping messages secure:
Authentication: Ensuring that the person at the other end of the connection is who you think they are (to eliminate fraud)
Confidentiality: Ensuring that no unauthorised person listening to the transaction is able to extract meaningful information
Integrity: Ensuring that there are no undetected changes to the transaction as it travels from the sender to the intended recipient
Random numbers are fundamental building blocks of cryptographic systems and, as such, play a key role in each of these elements. Random numbers are used to inject unpredictable or non-deterministic data into cryptographic algorithms and protocols to make the resulting data streams unrepeatable and virtually unguessable.
Random numbers are used to authenticate systems with a "challenge" or a piece of unrepeatable and virtually unguessable data to process and return. For example, a simple challenge-response authentication protocol is carried out as follows:
A client requests access to password protected information stored on a server
The server responds with a random challenge ( a random number, possibly combined with other information
The client encrypts the random challenge using its password as a key and then returns the encrypted challenge to the server
The server encrypts the same random challenge with the client's password (which the server gets from its own password database)
The server compares the two results. If the results match, the server has authenticated the client without the client ever sending its password over the network
Confidentiality is provided through data encryption, which is the process of combining plain text input (plain text) with a cryptographic key in a well-defined manner and returning cipher text (encrypted data). In an ideal cryptosystem, it is impossible for anyone to decrypt the cipher text without the decryption key.
There are two major types of cryptographic keys: symmetric and asymmetric. Symmetric keys can be used for both encrypting and decrypting data. Asymmetric keys are produced in pairs, each pair consisting of a public key, generally used to encrypt data and a private key, generally used to decrypt data.
The strength of a cryptosystem lies in the strength of the key, which is a function of the key length (number of bits) and the randomness of the number used to generate the key. Although it is true that a weak algorithm can leak information that will make it possible to decipher a message, ultimately it is the strength of the secret key that makes an encrypted message impervious to discovery. It is for this reason that sufficiently long, truly random numbers should be used in key generation. "Sufficiently long" in this context means that the number is large enough that it cannot be guessed in the useful lifetime of the encrypted data it protects. For example, some common key lengths in use today are 40 (RC4), 56 (DES), 128 (RC4), and 168 (3-DES) bits.
The integrity of a message sent over a network can be guaranteed through digital signatures and cryptographic hashes. A digital signature is a fixed-length binary string unique to a given message, signed with a private key. The unique string (known as a message digest or cryptographic hash) is similar to a fingerprint ( although the number of possible messages is enormous, the likelihood of any two hashes being the same is miniscule. Because the hash is signed with the originator's private key, anyone with the originator's public key can decrypt the message certain in the knowledge that the owner of the private key originated the message. By generating another hash of the message using the same hashing algorithm as the originator, and comparing the new hash with the signed hash, the recipient can verify that the message did not change after leaving the originator.
Random numbers are used in some digital signature generation algorithms to make it difficult for a malicious party to forge the signature. The degree of randomness of the random number has a direct impact on the strength of the signature.
Random numbers are fundamental to all aspects of data security. The strength of a security mechanism is directly proportional to the randomness of the numbers it uses. As an example, consider the process of encrypting data. Assume for a moment that we are going to encrypt some data using the following simple encryption algorithm: p k c where
c = the encrypted ciphertext
k = the encryption key (derived from a random number)
p = the original message (plaintext)
If k = 2 and p = "DOGS HAVE FOUR LEGS", then c = "FQIU JCXG HQWT NGIU"3 (each letter in the plain text is incremented by 2 to generate the ciphertext, so A=C, B=D, etc.). This message looks pretty mixed up, but given the algorithm (most popular algorithms are widely published), it could be decoded in a few seconds even without the use of a computer. Further, if the value of k were fixed (i.e., if the same key were used each time) it would take very little effort to decode subsequent messages, which means that the encryption is compromised. Now consider a slightly stronger algorithm. Assume that there is a different key for each message. For the sake of simplicity, we'll use the original algorithm, p k c. Having already intercepted one message and learned that k (the secret key) = 2, it was easy to decode this message.
Now let's look at another message: WXVSRK OICW WIGYVI HEXE. Most people would decipher this message using a "brute force" attack. That is, they would guess a value for k and see if the resulting message made sense. Then they would guess another value, and so on. Here is a brute force attack using sequential values of k , starting at 1:
k = 1: VWURQJ NHBV VHFXUH GDWD
k = 2: UVTQPI MGAU UGEWTG FCVC
k = 3: TUSPOH LFZT TFDVSF EBUB
k = 4: STRONG KEYS SECURE DATA
You have probably discovered that there is a pattern to the keys. Each new key is equal to the previous key plus two. If you had to decrypt a lot of these messages in your head, it might take you a minute or two each time. A computer could do it almost instantaneously. The encryption is weak because there is a pattern to the keys ( they are not random. Now try decoding the next three messages.
HVS GIB WG O MSZZCK GHOF
L UHDG D JUHDW ERRN BHVWHUGDB
OXKALJ KRJYBOP XOB FJMLOQXKQ
A trained cryptographer might use linguistic analysis as a more efficient approach than brute force, but that is beyond the scope of this paper.
THE SUN IS A YELLOW STAR (key = 14)
I READ A GREAT BOOK YESTERDAY (key = 3)
RANDOM NUMBERS ARE IMPORTANT (key = 23)
The reason it was harder was that the keys were chosen at random. Unless you detected some pattern, you probably had to use a brute force attack on all three messages. As this example illustrates, using random keys makes decryption much more difficult (unless you already know the key). In this extremely simplistic example, the range of valid keys was 1 - 25.9. In a realistic modern cryptosystem there are typically 2 40 (= 10 12 ) possible 40-bit keys or 2 128 (= 10 38 ) 128-bit keys. It would take a lot of computing power to guess the correct key. If, on the other hand, the keys are not generated at random and one can find a pattern or narrow the range of possible values, finding the real key becomes much easier. In fact, if just one bit of a key can be predicted, the work required to determine the rest of the key is cut in half.
To illustrate, assume for a moment that a hypothetical person named Alice is going to encrypt a message using a 4-digit 10 key (which has 10,000 possible values). Imagine that an unknown eavesdropper, Eve, was able to watch Alice select a key. Eve noticed that Alice looked at a digital clock to select the number. Eve could immediately conclude that Alice's key was in the range 0 - 59, greatly simplifying her task of decrypting Alice's message. In fact, if Eve knew what time it was when Alice selected her key, she might be able to narrow the possible range of keys to just 3 or 4 (to account for possible discrepancies between her clock and Alice's). Suddenly Alice's 4-digit key has been effectively reduced to 1 digit and Eve could crack the encrypted message in just 3 or 4 attempts.
Alice could strengthen her encryption system by using a hardware RNG. By definition, a random number is unpredictable. It is independent of all other numbers and therefore is not part of any pattern. As a result, a truly random number can be discovered only through a process of trial and error (a.k.a. "brute force").
Utilising a true random number to generate an encryption/decryption key will yield the strongest possible encryption for a given cryptosystem. If a true RNG were used to generate the key in the example above, it would take Eve, on average, 5,000 attempts (half of all possible values) to guess Alice's decryption key.
Most modern computer programs use software-generated, pseudo random numbers rather than true random numbers. Pseudo RNGs (PRNGs) require a "seed" which is used as an operand in a mathematical computation to create the pseudo random number. Typical seeds are bits of data collected from various aspects of the computer's internals, including the clock, running processes, status registers, key press timing and mouse movements.
Because PRNGs employ a mathematical algorithm for number generation, all PRNGs possess the following properties:
A seed value is required to initialise the equation
The generated sequence of numbers will eventually repeat
Application developers who require non-deterministic output from a PRNG must take pains to provide an unguessable seed value and an algorithm with a period that is sufficiently long. The seed sources mentioned above can be used to incorporate randomness into the seed. However, system interrupt and event handling within different systems have been known to reduce the effective randomness of these sources.
In spite of the drawbacks of PRNGs, they are widely used in computer applications. PRNGs are readily available for all types of computer systems today. Because they are implemented in software, PRNGs are easy to add to a system.
Most computer applications today use PRNGs to generate the "random" data they require. Many of the better PRNGs produce acceptable output for non-cryptographic applications (such as modeling, gaming, etc.). However, as the power of computing systems increases, cryptographic applications demand a higher degree of randomness than can be provided by a PRNG. Because they are not truly random, pseudo random numbers cannot give the level of cryptographic protection that true random numbers can provide.
A hardware RNG is an electronic device that produces genuine random numbers (as opposed to pseudo random numbers). Generally, these devices operate by extracting data from a thermal noise source such as a resistor or a semiconductor diode or from air turbulence within a sealed, dedicated disk drive.
Hardware RNGs are non-deterministic by nature ( no algorithm can be used to predetermine subsequent bits. Thus, hardware RNGs are not susceptible to intrusion or exposure by algorithm disassembly or disclosure. The property of non-determinism has been shown to be especially important in specific RNG applications such as certain scientific and financial modeling techniques, government-sponsored lotteries and computer security technology such as cryptography and digital signatures.
Hardware RNGs do not require seeds because hardware random numbers are not computed values. They are not derived through a repeatable algorithm. Rather, hardware-generated random numbers are digitised snapshots of naturally occurring thermal noise.
Compiled by Ajith Ram
( Intel 1999