A proposal for: Functionality classes for random number generators 1

Transcription

1 Wolfgag Killma T-Systems GEI GmbH, Bo Werer Schidler Budesamt für Sicherheit i der Iformatiostechik (BSI), Bo A proposal for: Fuctioality classes for radom umber geerators Versio.0 8 September 0 The authors wish to express their thaks for the umerous commets, suggestios ad otes that have bee icorporated ito this documet. 8 September 0 AIS 0 / AIS 3 page

2 Table of cotets. Itroductio Motivatio Abbreviatios Commo Criteria (Abbreviatios) Termiology Symbols Basic Cocepts Radomess Cocept of Radomess ad Radom Experimets Radom umber geerators (RNGs) Radom Numbers i IT Security Usage of Radom Numbers i IT Security Basic cosideratios for RNG types Desig Descriptio of RNG Mathematical Backgroud Radom variables Etropy ad Guess Work Radom mappigs Stochastics ad Statistical Aalysis of Physical RNGs Stochastic model Overview of Statistical Tests Stadard Statistical Tests Test procedures Additioal Statistical Tests Security Fuctioal Requiremets - Family FCS_RNG Defiitio of FCS_RNG Security capabilities of RNG types Ratioale for defiitio of the exteded compoet Pre-defied RNG Classes Overview of pre-defied RNG classes Geeral Remarks (Exemplary applicatios, side-chael attacks, fault attacks) Class PTG Security fuctioal requiremets for the RNG class PTG September 0 AIS 0 / AIS 3 page

3 4.3.. Applicatio otes Class PTG Security fuctioal requiremets for the RNG class PTG Applicatio otes Further aspects Class PTG Security fuctioal requiremets for the RNG class PTG Applicatio otes Further aspects Class DRG Security fuctioal requiremets for the RNG class DRG Applicatio otes Further aspects Class DRG Security fuctioal requiremets for the RNG class DRG Applicatio otes Further aspects Class DRG Security fuctioal requiremets for the RNG class DRG Applicatio otes Further aspects Class DRG Security fuctioal requiremets for the RNG class DRG Applicatio otes Further aspects Class NTG Security fuctioal requiremets for the NPTRNG class NTG Applicatio otes Examples Guesswork for biomial distributed data Cotigecy tables Forward ad backward secrecy Examples of post-processig algorithms Vo Neuma ubiasig Xorig of o-overlappig segmets of idepedet bits September 0 AIS 0 / AIS 3 page 3

4 Two sources Uiformly distributed iput data for radom mappigs Examples of olie test, tot test, ad start-up test A olie test of the iteral radom umbers A straightforward olie test A more sophisticated olie test procedure Examples of RNG desigs PTRNG with two oisy diodes Examples of DRNGs NPTRNG Literature September 0 AIS 0 / AIS 3 page 4

5 Tables Table : Attack potetial, guessig probability ad security bits... Table : Attack potetial ad guessig passwords... Table 3: Statistics of radom mappigs Table 4: Statistics of radom permutatios Table 5: Brief overview of error types of statistical tests Table 6: Typical values of χ -distributio with degree of freedom Table 7: Typical values of χ -distributio with degree of freedom d Table 8: Typical values of χ -distributio for rus Table 9: Typical values of Normal (Gaussia) N(0,) for a two-sided test of autocorrelatio Table 0: Parameters for etropy test Table : Recommeded parameter settigs for the NIST test suite Table : Attack potetial, Mi-etropy, ad recommeded legth of the iteral state Table 3: Requiremets for the parameters i (DRG..3) depedig o claimed attack potetial Table 4: Work factor ad work factor defect for uiform mappigs with equidistributed iput... Table 5: Probability for a oise alarm withi a test suite ad the expected umber of oise alarms per year for differet distributios of the das-radom umbers September 0 AIS 0 / AIS 3 page 5

6 Figures Figure : Mi-etropy, collisio-etropy ad Shao-etropy for biary-valued radom variables Figure : Cotigecy table for couts of cosecutive bits strigs Figure 3: Example of PTRNGs that belog to the pre-defied classes PTG. ad PTG Figure 4: Example of a PTG.3 ad NTG. that belogs to the pre-defied class PTG.3 ad NTG Figure 5: Examples of DRNGs that belog to the pre-defied classes DRG. ad DRG Figure 6: Examples of DRNGs that belog to the pre-defied classes DRG.3 ad DRG Figure 7: Probabilities of vectors of legth = Figure 8: Success probability (p = 0.55, = 0) Figure 9: Basic desig of RNG with oisy diodes... 7 Figure 0: Variat of the basic desig of RNG with oisy diodes... 7 Figure : Examples of self-protectio i PTRNG based o oise diodes... 0 Figure : RGB Fuctioal model defied i [NIST800-90]... Figure 3: Fuctioal desig of the Liux NPTRNG September 0 AIS 0 / AIS 3 page 6

7 . Itroductio.. Motivatio Radom Number Geerators (RNG) are icorporated i may IT products ad play a importat role i umerous cryptographic applicatios. However, the Iformatio Techology Security Evaluatio Criteria (ITSEC) ad the Commo Criteria (CC) do ot specify ay uiform evaluatio criteria for RNG, or do their correspodig evaluatio methodologies (Iformatio Techology Security Evaluatio Maual [ITSEM]) ad Commo Evaluatio Methodology [CEM]) specify such criteria. The documet is iteded for use by developers, evaluators ad certifiers. 3 Chapter itroduces this field, addresses basic cocepts, ad explais foudatios that support the uderstadig of the remaiig parts of this documet. Chapter 3 defies a CC family FCS_RNG ad the exteded compoet FCS_RNG. for descriptio of security fuctioal requiremets i protectio profiles or security targets. Chapter 4 describes pre-defied classes for physical true, o-physical true, determiistic ad hybrid radom umber geerators. It sketches RNG specific iformatio ad evidece the developer is expected to provide for the assurace compoets selected i the ST. The basic cocepts ad evaluatio criteria are illustrated by additioal examples i chapter 5. 4 All software tools refereced i the followig paragraphs are freeware. The statistical calculatios may be performed usig: - The BSI test suite for statistical test procedures A ad B, which is available o the BSI website [AIS03Stat]. - The NIST test suite ad guidace documetatio [SP800-], which is available o the NIST RNG project website describig the implemeted tests - The statistics program R, which is available o the website There are several books (e.g., [SaHe06], [Prus06], [Ligg07]) describig statistical methods together with R scripts implemetig these methods. 5 This documet updates the previous documets [AIS0A] ad [AIS3A] used as the evaluatio methodology for RNG i the Germa CC scheme. The families described i parts ad 3 relate to the RNG classes described i [AIS0A] ad [AIS3A] as follows (coarse comparisos): RNG class PTG. Comparable to [AIS0] or [AIS3] class AIS3, P Commets Physical RNG with iteral tests that detect a total failure of the etropy source ad o-tolerable statistical defects of the iteral radom umbers PTG. AIS3, P PTG., additioally a stochastic model of the etropy source ad statistical tests of the radom raw 8 September 0 AIS 0 / AIS 3 page 7

8 RNG class PTG.3 DRG. DRG. Comparable to [AIS0] or [AIS3] class No couterpart AIS0, K, partly K3 AIS0, K3 Commets umbers (istead of the iteral radom umbers) PTG., additioally with cryptographic postprocessig (hybrid PTRNG) DRNG with forward secrecy accordig to [ISO803] DRG. with additioal backward secrecy accordig to [ISO803] DRG.3 AIS0, K4 DRG. with additioal ehaced backward secrecy DRG.4 No couterpart DRG.3 with additioal ehaced forward secrecy (hybrid DRNG) NTG. No couterpart No-physical true RNG with etropy estimatio.. Abbreviatios 6 I this documet we use the followig abbreviatios: RNG radom umber geerator DRNG determiistic RNG TRNG true RNG PTRNG physical true RNG (short: physical RNG) NPTRNG o-physical true RNG das digitized aalog oise sigal iid idepedet ad idetically distributed pp. pages iff if ad oly if {x,y, } A list x,y, of idices, e.g., ADV_FSP.{,} stads for ADV_FSP. ad ADV_FSP..3. Commo Criteria (Abbreviatios) PP ST EAL ADV TOE TSF SFR Protectio Profile Security Target Evaluatio Assurace Level Assurace Developmet Target of Evaluatio TOE Security Fuctioality Security Fuctioal Requiremet To avoid misuderstadig, we do ot apply the straightforward abbreviatio PRNG because this ofte stads for pseudoradom umber geerator. 8 September 0 AIS 0 / AIS 3 page 8

9 .4. Termiology 7 I this documet we use the followig termiology: 8 Backward secrecy The assurace that previous output values caot be determied (i.e., computed or guessed with o-egligible probability) from the curret or future output values. 9 Bit strig A fiite sequece of oes ad zeroes. 0 Biomial distributio Biomial distributio with parameters ad p, P X k p p k k { = } = ( ) k Black box A idealized mechaism that accepts iputs ad produces outputs, which is desiged such that a observer caot see iside the box or determie exactly what is happeig iside that box. Cotrast with a glass box. Cryptographic boudary A explicitly defied cotiuous perimeter that establishes the physical bouds of a cryptographic module ad cotais all the hardware, software ad/or firmware compoets of a cryptographic module. [ISO/IEC 9790] 3 Cryptographic post-processig A post-processig algorithm that geerates the iteral umbers of a TRNG by meas of a cryptographic mechaism 4 das-radom umber Bit strig that results directly from the digitizatio of aalogue oise sigals (das) i a physical RNG. Das-radom umbers costitute a special case of raw radom umbers. NOTE: Assume, for istace, that a PTRNG uses a Zeer diode. Regular comparisos of the (amplified) voltage (aalogue sigal) with a threshold value provide values 0 ad, which may be iterpreted as das-radom umbers. I cotrast, for rig oscillators o FPGAs it is ot obvious how to defie the aalogue sigal. At least i the true sese of the word it may be problematic to speak of das radom umber i this cotext. NOTE: I [AIS3A] for physical RNGs the term 'das-radom umber' was cosistetly used. Apart from cocrete examples i this documet we use the more geeral term 'raw radom umber' for both physical ad o-physical true RNGs. 5 Determiistic RNG 8 September 0 AIS 0 / AIS 3 page 9

10 A RNG that produces radom umbers by applyig a determiistic algorithm to a radomlyselected seed ad, possibly, o additioal exteral iputs. 6 Digitizatio Derivatio process of raw radom umbers from raw radom sigals, usually performed at discrete poits i time. 7 Edorsed algorithm Cryptographic algorithm edorsed by a certificatio body for certified products; that is, either a) specified i a edorsed stadard, b) adopted i a edorsed stadard ad specified either i a appedix of the edorsed stadard or i a documet refereced by the edorsed stadard, or c) specified i the list of Edorsed security fuctios. 8 Ehaced backward secrecy The assurace that previous output values of a DRNG caot be determied (i.e., computed or guessed with o-egligible probability) from the curret iteral state, or from curret or future output values. NOTE: The kowledge of the curret state of a pure DRNG (with o additioal iput or with publicly kow iput) implies kowledge of the curret ad future output. 9 Ehaced forward secrecy The assurace that subsequet (future) values of a DRNG caot be determied (i.e., computed or guessed with o-egligible probability) from the curret iteral state, or from curret or previous output values. NOTE: The ehaced forward secrecy may be esured by reseedig or refreshig the DRNG iteral state, which may be performed automatically or iitiated o user demad. 0 Etropy A measure of disorder, radomess or variability i a closed system. The etropy of a radom variable X is a mathematical measure of the amout of iformatio gaied by a observatio of X. Etropy source A compoet, device or evet that geerates upredictable output values which, whe captured ad processed i some way, yields discrete values (usually, a bit strig) cotaiig etropy (Examples: electroic circuits, radioactive decay, RAM data of a PC, API fuctios, user iteractios). Etropy sources provide radomess for true ad hybrid radom umber geerators. Exteral radom umbers 8 September 0 AIS 0 / AIS 3 page 0

11 Radom umbers used by a applicatio (usually the cocateatio of output radom umbers) 3. 3 Fiite state machie A mathematical model of a sequetial machie that comprises a fiite set of admissible states, a fiite set of admissible iputs (seed, ad possibly additioal iput or publicly kow iput), a fiite set of admissible outputs, a mappig from the set of iputs ad the sets of states to the set of state trasitios (i.e., state trasitio mappig), ad a mappig from the set of iputs ad the set of states to the set of outputs (i.e., output fuctio). 4 Forward secrecy The assurace that subsequet (future) values caot be determied (i.e., computed or guessed with o-egligible probability) from curret or previous output values. 5 Glass box A idealized mechaism that accepts iputs ad produces outputs. It is desiged such that a observer ca see iside ad determie exactly what is goig o. Cotrast with a black box. 6 Huma etropy source A etropy source that icludes a radom huma compoet (Examples: key strokes, mouse movemet). 7 Hybrid RNG A RNG that applies desig elemets from DRNGs ad PTRNGs; see also hybrid DRNG ad hybrid PTRNG. 8 Hybrid DRNG A DRNG acceptig exteral iput values besides the seed; i.e., a hybrid DRNG uses a additioal etropy source. Idetical output sequeces demad idetical seeds ad idetical exteral iput values. 9 Hybrid PTRNG A PTRNG with a (complex) post-processig algorithm. The goal of (sometimes additioal) cryptographic post-processig with memory is to icrease the computatioal complexity of the output sequece. NOTE: A complex algorithmic post-processig algorithm may be viewed as a additioal security achor for the case whe the etropy per output bit is smaller tha assumed. 30 Ideal RNG A mathematical costruct that geerates idepedet ad uiformly distributed radom umbers. A ideal RNG ca be described by a sequece of idepedet idetically distributed 3 Exteral radom umbers are outside the scope of this documet. 8 September 0 AIS 0 / AIS 3 page

12 radom variables X, t T, that are uiformly distributed o a fiite set Ω ; i our cotext, typically 0, or Ω = 0, c. 3 Iteral radom umbers For DRNGs: values of the output fuctio; for PTRNGs: radom umbers after post-processig. The iteral umbers are iteded to be output upo request by a user. 3 Kerckhoffs box A idealized cryptosystem where the desig ad public keys are kow to a adversary, but i which there are secret keys ad/or other private iformatio that is ot kow to a adversary. A Kerckhoffs box lies betwee a black box ad a glass box i terms of the kowledge of a adversary. 33 Kow-aswer test A method of testig the correctess of a determiistic mechaism by checkig whether for give iput, the mechaism outputs the correct (kow) value. 34 Noise alarm Cosequece of a applicatio of a olie test that suggests (e.g., due to a failure of a statistical test) that the quality of the geerated radom umbers is ot sufficietly good. 35 Noise source Special type of etropy source that cosists of dedicated hardware (e.g., a electroic circuit) used by PTRNGs. 36 No-physical true RNG A true RNG whose etropy source is ot dedicated hardware but e.g., provides system data (RAM data or system time of a PC, output of API fuctios etc.) or huma iteractio (key strokes, mouse movemet, etc.). 37 Normal (Gaussia) distributio Normal (Gaussia) distributio with mea µ ad variace σ, is defied by u X µ e P x = du. σ π 38 Oe-way fuctio A fuctio with the property that it is easy to compute the output for a give iput but it is computatioally ifeasible to fid for a give output a iput, which maps to this output. [ISO/IEC 770-3]. 39 Olie test t Ω = { } { } x / 8 September 0 AIS 0 / AIS 3 page

13 A quality check of the geerated radom umbers while a PTRNG is i operatio; usually realized by physical measuremets, by a statistical test, or by a test procedure that applies several statistical tests. 40 Pure DRNG A DRNG that does ot accept ay exteral iput apart from the seed. Idetical seed values result i idetical output sequeces (radom umbers). 4 Physical true RNG (PTRNG) A RNG where dedicated hardware serves as a etropy source. NOTE: we use the short term physical RNG for physical true RNG as well because all physical RNG are true RNG by defiitio. We use the abbreviatio PTRNG istead of PRNG to avoid cofusio with pseudoradom geerators. 4 Poisso distributio Poisso distributio, where λ is the mea umber of evets per time iterval e for k = 0,,, K P( X = k) = k! 0 else 43 Post-processig (algorithm) Trasformatio of raw radom umbers that have bee derived from the etropy source ito the iteral radom umbers 44 Pure PTRNG A PTRNG without (complex) post-processig. A total failure of a pure PTRNG etropy source typically results i costat output or periodic patters if o post-processig algorithm is implemeted, or i outputs of a weak DRNG if a simple mathematical (o-cryptographic) post-processig algorithm is implemeted. 45 P-value k λ λ The p-value quatifies the probability that the test values are at least as extreme as the particular value, which has just bee observed (tail probability) if the ull hypothesis is true. If this p- value is smaller tha a pre-defied boud, the statisticia rejects the ull hypothesis. NOTE: Alteratively, a particular sigificace level α may be defied before the sample is draw. 46 Radom umber geerator (RNG) A group of compoets or a algorithm that outputs sequeces of discrete values (usually represeted as bit strigs). 47 Radom variable 8 September 0 AIS 0 / AIS 3 page 3

14 Mathematical costructio that quatifies radomess. A real-valued radom variable is a fuctio that assigs to each outcome i the sample space Ω a value of R, i.e., X : Ω R. More precisely, there exist σ-algebras σ Ω of Ω ad σr of R for which X is a ( σ Ω, σ R ) - measurable fuctio, i.e., for each r σ R holds X ( r) σ. 48 Raw radom umber Raw radom umbers are derived at discrete poits i time from raw radom sigals that are geerated by the etropy source of a PTRNG or NPTRNG. Raw radom umbers have ot bee post-processed. Raw radom umbers assume discrete values. NOTE: For particular types of TRNGs it may ot be uique, which discrete values (ormally bits or bit strigs) are iterpreted as the raw radom umbers. The defiitio of the raw radom umbers may ifluece their distributio. Of course, for the chose defiitio the raw radom umbers must fulfil the requiremets that are specified i the respective fuctioality class. Ω NOTE: For may types of physical RNGs raw radom umbers are computed from aalogue sigals that are geerated by the etropy source, motivatig the otio of das ('digitized aalogue sigal') radom umbers. Examples are PTRNGs that are based o oisy diodes or oscillators. For PTRNGs that are based o rig oscillators o a FPGA, for istace, the term 'aalogue sigal' is less adequate (cf. the first ote to das radom umbers). 49 Raw radom umber sequece Sequece of discrete radom values that have directly bee derived by digitizatio from the output of the etropy source; sequece of raw radom umbers. 50 Raw radom sigal Radomly chagig sigal that is provided by a etropy source of a PTRNG, which is used to geerate raw radom umbers. NOTE: I physical experimets ad for electroic circuits raw radom sigals are ofte timecotiuous ad assume values i cotiuous rages. For a PTRNG o a FPGA that exploits a rig oscillator the curret state of the iverter chai with time jitter might be iterpreted as a raw radom sigal. 5 Realizatio (of a radom variable) Value assumed by a radom variable. 5 Refreshig Use of fresh etropy provided by a iteral or exteral source of radomess i the state trasitio fuctio of a hybrid RNG (covers both reseedig ad seed-update). 8 September 0 AIS 0 / AIS 3 page 4

15 53 Reseedig 54 Seed Re-iitializatio of the iteral state of a RNG (typically, a DRNG), depedig o exteral iput (ew seed value), but disregardig the curret value of the iteral state. Value used to iitialize the iteral state of a RNG. 55 Seedig procedure Procedure for iitializatio, re-iitializatio ad refreshig of the iteral state of a DRNG as described i the guidace documetatio. 56 Secret parameter A iput value (optioal) to the RNG durig iitializatio. 57 Seed life The period betwee the iitializatio of the iteral state of a RNG (typically, of a DRNG) with a seed value util reseedig / seed-updatig the iteral state with the ext seed value. 58 Seed-update Reewal of the iteral state of a RNG (typically, a DRNG) by cosiderig both the curret iteral state ad exteral iput data. 59 Sigal 60 State Physical carrier of iformatio. A state is defied as a istatiatio of a radom umber geerator or ay part thereof with respect to time ad circumstace. 6 Statioary process The sequece of radom variables X, X,... is called statioary if for all positive itegers ad t, ad arbitrary (measurable) sets A the followig equality holds Pr{ X A,..., X A } = Pr{ X A,..., X A }. 6 Stochastic model k k t+ t+ k k j A stochastic model is a mathematical descriptio (of relevat properties) of a TRNG usig radom variables, i.e., a model of the reality uder certai coditios ad limitatios. A stochastic model used for TRNG aalysis shall support the estimatio of the etropy of the raw radom umbers ad fially of the iteral radom umbers. Moreover, it should allow to uderstad the factors that may affect the etropy. 8 September 0 AIS 0 / AIS 3 page 5

16 63 Thermal oise Iheret productio of spurious electroic sigals (also kow as white oise) withi a electroic compoet (e.g., a operatioal amplifier, a reversed biased diode, or a resistor) 4, ot desirable for typical applicatios 64 Total breakdow of a etropy source The etropy of the future raw radom umbers equals 0. Note: Depedig o the cocrete RNG desig, a total breakdow of the etropy source may result i costat or short-period sequeces of raw radom umbers. 65 Total failure test of a oise source The total failure test of the radom oise source detects a total breakdow of radom oise source. 66 True RNG A device or mechaism for which the output values deped o some upredictable source (oise source, etropy source) that produces etropy. Note: The class of TRNGs splits ito two subclasses (PTRNGs ad NPTRNGs). 67 Uiform distributio A radom variable X that assumes values o a fiite set M is said to have uiform distributio (or equivaletly: X is uiformly distributed) o M if Pr X = m = M for each m M..5. Symbols 68 I this documet we use the followig symbols: { } A Pr{ X = x} Pr{ x} B (, p) B Oe-way fuctio of A to B Probability that the radom variable X assumes the value x Probability of the value x (short otatio if it is clear which radom variable is cocered) Biomial distributio with parameters ad p N ( µ, σ ) Normal (Gaussia) distributio with mea µ ad variace σ 4 Typically, i electroic circuits a cocetrated effort is exerted to miimize these pheomea. However, this exact pheomeo ca be take advatage of i the productio of radom bit streams as it results i some upredictable behaviour ad, therefore, may be used as a etropy source. 8 September 0 AIS 0 / AIS 3 page 6

17 P o ( λ ) Poisso distributio, where λ is the mea of evets per time iterval Additio i GF(), 0 0 = 0, 0 =, 0 =, = 0 X Cocateatio of two strigs X ad Y. The strigs X ad Y are either both bit strigs, or both byte strigs. Ceilig: the smallest iteger greater tha or equal to X, X = mi N X X Floor: the largest iteger less tha or equal to X, X = max{ N X} () () N Y X X π w ( x) { } For a fiite set X the otatio X deotes its cardiality. If X is a strig deotes its legth. Symmetric group over the set S, i.e., the group of all permutatios over S with compositio as group operatio. Symmetric semi-group over the set S, i.e., the semi-group of all ijective (ot ecessarily surjective) mappigs with compositio as semi-group operatio. The projectio of a vector x = ( x, x, K, x ) oto the coordiates { w } w = i, i, K, i,. That is, π ( x) = ( x, x, K, x ). Set of atural umbers 0 w i i i w X R Set of real umbers Set of itegers, {,..., } 8 September 0 AIS 0 / AIS 3 page 7

18 . Basic Cocepts 69 This chapter explais basic mathematical cocepts that are applied i the security aalysis of RNGs. At first, we describe the cocept of radomess, which is the core for ay RNG. For true radom sequeces, this refers to the etropy source; ad for pseudo-radom sequeces, to the seed. Probability theory describes ad aalyzes radomess by meas of abstract mathematical objects, modellig radomess by radom variables ad radom processes. Statistics liks these abstract mathematical models with real-world RNGs by experimets. These experimets may be used to estimate parameters that describe the models or to test hypotheses deduced from the models... Radomess 70 Subsectio.. provides a ituitive otio of radomess, which will be made precise i a mathematical sese i sectio Cocept of Radomess ad Radom Experimets 7 The core of ay o-determiistic (true) radom umber geerator (TRNG) is the etropy source that, loosely speakig, geerates radomess. 7 A experimet is called upredictable if the observable outcome of the experimet is (to a certai extet) ukow before it is coducted. After the experimet has bee performed, the degree of ucertaity depeds o the ability to observe the outcome. I this documet we deote the outcome of a experimet as radom if it is upredictable, i.e., if it caot be predicted with certaity. Etropy quatifies the amout of upredictability relative to the observer. 73 Experimets are called idepedet if the outcomes of previous experimets do ot ifluece the outcome of the curret experimet. 74 A radom experimet is called ubiased, if each admissible outcome has the same chace of occurrig. 75 Ideal radom experimets are upredictable, idepedet ad ubiased (ideal radomess). Ideal radomess excludes order ad regularity i the sequece of outcomes of repeated experimets uless these occur by chace. Ay deviatio from these properties, i.e., depedecy or bias, makes the experimet less radom. 76 The goal of ay true RNG is clearly to geerate ideal radom umbers. However, real-world RNGs ca oly achieve this goal approximately. The key poit of ay RNG evaluatio is to verify to what extet the TOE guaratees fulfillmet of this goal. 77 How ca we determie to what extet a experimet is radom (bias, depedecies)? Assume that a attacker kows the outcomes of may previous experimets. Why should he ot be able to guess future outcomes? It is meaigless to argue about radomess o the basis of a sigle ru of a experimet or o the basis of a small umber of experimets. The radomess of a experimet ca oly be observed asymptotically. A statistical test that applies a computable fuctio tests the hypothesis of whether the sequece of outcomes is typical i some sese. Ideal radom sequeces belog to ay (before the observatio of the experimets) reasoably defied majority of sequeces with overwhelmig probability, ot showig ay regularity 8 September 0 AIS 0 / AIS 3 page 8

19 patters that ca be detected by this statistical test 5. Ay fiite collectio of statistical tests ca oly check for fiitely may types of regularity. A statistical test may ot cotradict or it may reject the radomess hypothesis uder specific assumptios, but this caot serve as a proof for the radomess of a arbitrary experimet. Testig the radomess of RNG output sequeces is computatioally hard uder black box assumptios. Hece, it is importat to uderstad the ature of the radom source to rate the radomess of umber geeratio.... Radom umber geerators (RNGs) 78 Geerally, a RNG cosists of a o-determiistic part (etropy source) that geerates opredictable digital data, ad a determiistic part that geerates from this data the output sequece of the RNG (radom umbers). The o-determiistic part of the RNG exploits a physical etropy source or ay other kid of o-physical etropy source to geerate a raw radom umber sequece, which is determiistically post-processed. Either the determiistic part or the o-determiistic part may be omitted, givig a pure PTRNG or a pure DRNG, respectively. PTRNG 79 The core of ay physical RNG (PTRNG) is the etropy source, which is used to geerate the raw radom umbers. By exploitig a aalogue sigal, a digitizatio mechaism geerates a sequece of digital raw data (raw radom umbers; usually das-radom umbers). Additioally, the PTRNG may comprise a post-processig algorithm that trasforms the raw data to iteral radom umbers. Note that formally a missig post-processig algorithm ca be iterpreted as the idetity mappig. 80 Physical etropy sources are based o physical microscopic radom processes. Measuremets of these processes result i digital radom umbers. Examples of time-discrete physical etropy sources are: - Radioactive atomic disitegratio: The umber of decay evets (detected particles) per time iterval follows a Poisso distributio (cf. [Neue04], sectio 4.). - Shot etropy of a diode: The shot etropy of a parallel-plae temperature-limited diode is o-determiistic. The umber of electros emitted from the tube s cathode durig a time iterval follows a Poisso distributio (cf. [DaR087], sectio 7-). The Poisso distributio implies that the iter-occurrece waitig time betwee cosecutive evets is expoetially distributed. 8 A large umber of discrete radom evets like e.g. emitted electros may be observed as aalogue etropy sigal. Examples of aalogue physical etropy sources are (cf. [BuLu08] for examples): - Thermal resistive etropy: The voltage betwee resistors varies radomly due to vibratio of atoms. Ideally, the thermal etropy sigal has the same eergy i all 5 cf. to Chaiti s defiitio of radom strigs ad Marti-Löf tests i e.g. [Cal]. 8 September 0 AIS 0 / AIS 3 page 9

20 frequecy bads (so called white etropy ). Samplig a ideally-amplified white etropy sigal geerates a sequece of idepedet bits. - Diode breakdow etropy: The reverse curret through diodes varies radomly due to tuellig of electros. The power of the etropy sigal is iversely proportioal to the frequecy. - Free ruig oscillators geerate digital sigals with a edge-to-edge radom aalogue time drift (jitter). Samplig a fast oscillator by a lower frequecy oscillator geerates a radom bit sigal. If the stadard deviatio of the slow oscillator is cosiderably greater tha the fast period, the sampled bit sequece may be expected to be ucorrelated. 8 A typical goal of algorithmic post-processig may be to extract etropy from the das-radom umbers sequece i order to icrease the etropy per bit, e.g., to correct a give bias. Note that icreasig the etropy per bit demads data compressio, reducig the output rate. A cryptographic post-processig algorithm may be viewed as a additioal security achor. NPTRNG 83 A o-physical true RNG (NPTRNG) uses exteral sigals as etropy source to geerate radom umbers for output. 84 Examples of such exteral etropy sources are: - Processes as disk I/O operatios ad iterrupts (cf. e.g. Liux RNG /dev/radom [GuPR06]). - System data as tick couter sice system boot, process ad thread IDs, curret local time (cf. e. g., fuctio CryptGeRadom of Microsoft Widows CE Ehaced Cryptographic Provider [MSCE06]). - Huma iteractio as mouse movemet ad key strokes (cf. PGP key geeratio [PGP]). 85 The NPTRNG are based o the cocept of radomess as lack of iformatio about processes ad their outcomes. If a huge amout of data from differet sources are collected ad mapped oto a shorter sequece (e.g., by a hash fuctio), the output value will appear radom to a observer who either kows the source data or is able to cotrol them. DRNG 86 A determiistic RNG (DRNG) geerates radom umbers with a determiistic algorithm ad starts with a radomly selected seed. The output sequece depeds o the seed ad possibly also o additioal exteral iput values. 87 Examples: - Determiistic radom bit geerators based o hash fuctios, as described i [ISO803], Aex C. - NIST-recommeded DRNG based o hash fuctios or block ciphers [NIST800-90]. 8 September 0 AIS 0 / AIS 3 page 0

21 88 A DRNG may be viewed as a fiite automato that receives iput (seed ad possibly also additioal exteral iput). The DRNG updates the iteral state (possibly also cosiderig additioal iput) ad geerates output that depeds o the curret iteral state ad possibly o additioal iput. The DRNG (or more geerally, the determiistic part of a RNG) may gai etropy from the seed ad possibly from additioal iput durig the operatioal work (reseedig or refreshig). The seed ad the additioal iput may be provided by differet sources. 89 A DRNG may be based o the cocept of complexity-theoretic radomess (cf. e.g. [Calu0] for details). The sequeces geerated by a DRNG the shall be computatioally idistiguishable from radom sequeces geerated by computatioal power. Hybrid RNG 90 A hybrid RNG combies the desig priciples of true ad determiistic RNGs, i particular, it cosists of a etropy source ad a determiistic part. The etropy source of a hybrid PTRNG should provide at least as much etropy as the output radom umbers might at most cotai 6. Loosely speakig, this meas that the etropy source must geerate at least so much etropy that a perfect post-processig algorithm might geerate a ideal output sequece. A hybrid DRNG usually gets (cosiderably) less etropy from the etropy source by reseedig (or refreshig) tha the legth of its output measured i bits. Roughly speakig, the security of hybrid PTRNGs relies o both the etropy of the output sequeces ad the computatioal complexity, while the security of hybrid DRNGs essetially relies o computatioal complexity... Radom Numbers i IT Security... Usage of Radom Numbers i IT Security 9 May security mechaisms eed secrets, e.g., cryptographic keys or autheticatio data. Upredictable radom umbers are ideal secrets for IT security applicatios. The use of RNGs as a security mechaism results i requiremets o the radom umbers, or more specifically, o their geeratio. 9 I the termiology of the Commo Criteria, RNGs are probabilistic mechaisms. The vulerability aalysis assesses the stregth of permutatioal or probabilistic mechaisms ad other mechaisms to esure that they ca withstad direct attacks (cf. [CEM], sectio B...3, ad chapter 5.7 of this documet for details). 93 Guessig a secret by (i) selectig a admissible value; ad (ii) checkig whether it is correct, is typical for direct attacks. To icrease the success probability, it may be reasoable to formulate ad aalyze a stochastic model that cosiders how the secret has bee geerated, i.e., the probability distributio of the admissible values, e.g., a set of passwords or a key space. The ability to verify guesses depeds o the availability of suitable referece data ad o the workload of the checkig procedure. A cryptographic key may be guessed idepedet of the TOE. If the attacker kows the cryptographic algorithm ad sufficietly may plai text / cipher text pairs, the key ca be searched for by meas of massive parallel high-speed computatios without ay cryptaalysis. Passwords may be foud out by trial ad error, but the password mechaism may limit the umber of autheticatio attempts i time (e.g., if huma user iput is assumed) ad the total umber of guesses (e.g., by requiremet of the compoet FIA_AFL., cf. [CCV3_] for details). From the attacker s poit of view, the situatio is clearly much more 6 Cf. paragraph 9 o page 8 for details. 8 September 0 AIS 0 / AIS 3 page

22 comfortable if he kows some referece strig that has bee calculated from the correct password, which allows automatic search. 94 Table describes the lik betwee the maximum success probability of a sigle guess of a cryptographic key, the umber of security bits, ad the assumed attack potetial accordig to the CC. Table : Attack potetial, guessig probability ad security bits Compoet of the vulerability aalysis Commo Criteria Versio.3 Commo Criteria Versio 3. AVA_VAN.{, } (basic) Success probability of a sigle guess ε Security bits 0 40 security bits AVA_SOF., low AVA_VLA. (low) AVA_VAN.3 (ehaced basic) ε security bits AVA_SOF., medium AVA_VLA.3 (moderate) AVA_VAN.4 (moderate) ε security bits AVA_SOF., high AVA_VLA.4 (high) AVA_VAN.5 (high) ε security bits 95 As a geeral rule, the guessig probability for passwords must ot exceed the upper bouds give i Table, which deped o the assumed attack potetial that is claimed i the security target. If a probabilistic or permutatioal mechaism relies o etry of data by a huma user (e.g., the choice of a password), the worst case should be cosidered. 96 Table describes the lik betwee maximum guessig probability ε for passwords ad the assumed attack potetial accordig to the CC. Table : Attack potetial ad guessig passwords Compoet of the vulerability aalysis Commo Criteria Versio.3 Commo Criteria Versio 3. Success probability of a sigle guess Success probability with blockig after 3 failed attempts Recommeded AVA_VAN.{,} (basic) ε 0 4 ε ε 0 5 AVA_SOF., low AVA_VLA. (low) AVA_VAN.3 (ehaced basic) ε 0 4 ε ε September 0 AIS 0 / AIS 3 page

23 Compoet of the vulerability aalysis Commo Criteria Versio.3 Commo Criteria Versio 3. Success probability of a sigle guess Success probability with blockig after 3 failed attempts Recommeded AVA_VAN.{,} (basic) ε 0 4 ε ε 0 5 AVA_SOF., medium AVA_VLA.3 (moderate) AVA_VAN.4 (moderate) ε 0 5 ε ε 0 7 AVA_SOF., high AVA_VLA.4 (high) AVA_VAN.5 (high) ε 0 6 ε ε Basic cosideratios for RNG types 97 For a reasoably desiged RNG, the geerated radom umbers should be mutually distict if the radom umbers are sufficietly log. 98 R: (statistical ucospiciousess) The applicatio of statistical (stadard) black box tests or test suites does ot distiguish the geerated radom umbers from realizatios of uiformly distributed idepedet radom variables. A more challegig formulatio of this requiremet says that statistical tests caot distiguish betwee radom umbers ad realizatios of ideal sequeces. (Of course, ufair tests, e.g., referrig the actual seed value of a DRNG, have to be excluded ayway.) 99 R (backward ad forward security): It must (at least practically) be impossible to determie predecessors or successors of kow sub-sequeces of output radom umbers. The guessig probability shall be at most egligibly greater tha without the kowledge of the sub-sequece. 00 R3 (ehaced backward security): Eve if a adversary kows the curret iteral state of the RNG, the publicly kow iputs (if ay exist), ad the curret ad future radom umbers, she shall (at least practically) ot be able to determie precedig radom umbers; that is, she shall be able to guess these radom umbers oly with a egligibly greater probability tha without this kowledge. Note that the (weaker) backward security demads that previous radom umbers caot be determied from the curret ad future radom umbers. The kowledge of curret or future output radom umbers may be relevat for physical RNG with iteral memory (used for the post-processig algorithm). For a pure DRNG, the iteral state ad all the publicly kow iputs determie the curret ad the future radom umbers. 0 R4 (ehaced forward security): Eve if a adversary kows the iteral state of the RNG, all the publicly kow iputs ad a sequece of precedig radom umbers, she shall (at least practically) ot be able to determie the ext radom umber; that is, she shall ot be able to guess this radom umber with o-egligibly greater probability tha without this kowledge. 8 September 0 AIS 0 / AIS 3 page 3

24 Note that the (weaker) forward security requires that future radom umbers caot be determied from the curret ad previous output values. Pure DRNG may fulfil forward secrecy if the iteral state caot be determied from the kowledge of the curret ad the previous output values (radom umbers). Forward secrecy uder the additioal coditio that the curret iteral state is compromised (ehaced forward security) caot be achieved by pure DRNGs. Ehaced forward security may be achieved by hybrid DRNGs if the iteral state is permaetly reseeded (or is updated) with data that was geerated by a strog etropy source. 0 Requiremet R is usually verified by a fixed set of statistical black box tests ad possibly by some additioal statistical tests that are tailored to the cocrete RNG. For true RNGs without a history-depedet iteral state, Requiremet R is essetially equivalet to the combiatio of Requiremet R3 ad Requiremet R4. 03 Requiremet R4 caot be fulfilled by pure DRNGs, sice the iteral state clearly determies all subsequet radom umbers. Forward secrecy requires sufficiet refreshig or reseedig of the iteral state. 04 Requiremet R3 may be dropped for devices that are assumed to be secure agaist all kids of attacks that could discover (parts of) the iteral state or for devices that are operated i a secure eviromet. Requiremet R4 may be relevat if it caot be excluded that a adversary has uoticed access to the device ad is able to discover the iteral state of the device...3. Desig Descriptio of RNG Overview 05 The descriptio of the RNG desig i geeral comprises () the etropy source of the o-determiistic part, () the digitizatio of the raw radom sigal provided by the etropy source, (3) ay post-processig of the raw radom umber sequece producig the iteral radom umbers, (4) the determiistic part of the RNG i terms of the iteral state, the state trasitio fuctio ϕ, ad the output fuctio ψ, (5) the seedig, refreshig (or reseedig) mechaism of the determiistic part of the RNG, ad (6) ay secrets ad publicly kow iput of the determiistic part of the RNG (iclusively, the geeratio process ad how it is used). Depedig o the RNG desig, some of these desig elemets come from exteral sources or they may be trivial as discussed below. PTRNG 06 The PTRNG desig is i geeral described by () the iteral etropy source that geerates raw radom sigals, 8 September 0 AIS 0 / AIS 3 page 4

25 () the digitizatio mechaism of the raw radom sigal ito the raw radom umber sequece, (3) ay post-processig of the raw radom umber sequece geeratig the iteral radom umbers 7, secrets ad publicly kow values (if there are ay), ad (4) the olie test(s) (applied to the raw radom umbers or the iteral radom umbers), a tot test (shall detect a total failure of the etropy source), ad a start-up test. 07 The post-processig algorithm may comprise a cryptographic oe-way fuctio to prevet the aalysis of the raw radom umber sequece o the basis of kowledge of the RNG output. A hybrid PTRNG may cotai a DRNG for post-processig. NPTRNG 08 I geeral the desig of a NPTRNG is described by () the exteral etropy sources cotiuously providig digital raw radom sigals as iput to the NPTRNG, () ay secrets ad publicly kow iput values (icludig the geeratio process ad how it is used) if used by the NPTRNG, (3) the pre-processig of the raw radom umber sequece ad publicly kow iput, (4) the determiistic post-processig of the pre-processed iput i terms of the iteral state, the state trasitio fuctio ϕ, ad the output fuctio ψ, ad (5) the self-test, if implemeted. 09 Usually the etropy source of a NPTRNG provides low-etropy sequeces. If directly used for output these sequeces must be compressed. However, i may desigs these sequeces are used to update the iteral state of a DRNG. Usually, the core of the post-processig algorithm is a hash fuctio. For a o-physical true RNG, the average etropy of the raw data must at least equal the output legth of the iteral radom umbers i bits (cf. paragraph for details o hybrid RNG). DRNG 0 I geeral the desig of a DRNG is described by - the seedig procedure that geerates the first iteral state of the DRNG, - the geeratio of the output ad the ext iteral state of the DRNG, ad - the cotrol system for DRNG istatiatio, de-istatiatio, ad limitatio for the amout of radom umbers produced after seedig. The seedig procedure may distiguish betwee 7 Formally, a missig post-processig may be iterpreted as the idetity mappig. 8 September 0 AIS 0 / AIS 3 page 5

26 - the istatiatio of the DRNG geeratig the iitial iteral state usig a etropy iput strig, ad - the reseedig / refreshig of the DRNG geeratig the ext iteral state from the curret iteral state ad (possibly) a exteral iput strig. We describe the determiistic part of a RNG by a 6-tuple ( S, I, R, ϕ, ψ, pa), more precisely: S set of iteral states I iput alphabet R output alphabet s 0 iitial iteral state (derived from the seed) 8 ϕ : S I S (state trasitio fuctio), s : = ϕ( s, i ) () ψ : S I R (output fuctio), r = ψ ( s, i ) () probability distributio of the iitial iteral state s that is derived from the seed 9. For the descriptio of multistep-behaviour of the 6-tuple we derive the exteded trasitio fuctio ϕ * ad exteded output fuctio ψ * over S I *, i* = ( i, K, i ) I * ad k k R* =U R hold k = : ϕ *: S I* S ϕ *( s, i ) = ϕ( ϕ( Kϕ( ϕ( s, i, ), i ) K, ik ), ik ) (3) I* =U k = ψ *: S I* R *, ψ *( s, i*) = ( ψ ( s, i ), ψ ( ψ ( s, i ), i ), K, ψ ( ψ ( Kψ ( ψ ( s, i ), i ) K, ik ), ik ) (4) I k, where for s S ad 3 I some cases oe may require that ϕ or ψ * are oe-way fuctios (i a sese discussed below), i.e. that it is easy to compute the output for a give iput but it is computatioally ifeasible to fid for a give output a iput, which maps to this output. For ϕ directly follows that S I shall be sufficietly large prevetig exhaustive search of appropriate ( s, i ) such that ϕ ( s, i ) = s for a give s, s UU ϕ( s, i). For small R the set R * will cotai short s S i I + pa 0 I may cases, the seed equals the first iteral state. 8 September 0 AIS 0 / AIS 3 page 6

27 output sequeces allowig to guess a appropriate ( s, i*) such that ψ *( s, i*) = r * for a give r *, UU. If we require the exteded output fuctio * r* ϕ( s, i*) s S i* I* ψ beig a oeway fuctio it requires more precisely the oe-way feature for sufficietly log output sequeces r *, i.e. r * > l, where l is big eough that ( s, i*). l R prevets exhaustive search of 4 The 6-tuple is a semiformal 0 descriptio of the determiistic part of the RNG. It is ot ecessarily formal, because it may ot ecessarily allow formal proofs as demaded by formal descriptio laguages. For DRNGs, secrets metioed above may be viewed as part of the seed or the iteral state. 5 The 6-tuple may defie a MEALY machie, where the iitial (startig) iteral state is a radom value derived from a radom variable with distributio p A (this is a extesio of the defiitio e.g., i [HDCM00]). 6 Apart from the seed, a DRNG may get additioal iput data while it is i operatio. Without loss of geerality, we may assume that a exteral etropy source geerates data a,... A : = A { }, where A deotes a fiite set of admissible iput values, ad the a, 0 ο 0 value a = ο is logically equivalet to o iput from a exteral etropy source i step. Aalogously, we assume that b, b,... B : = B0 { ο} deotes a sequece of publicly kow data, where B0 deotes a fiite set of admissible iput values, ad b = ο is logically equivalet to o publicly kow exteral iput i Step. Note: the publicly kow iput does ot provide ay etropy to the RNG, but may affect the iteral state ad the output of the RNG. I particular, we have s : = ϕ ( s, a, b ) ad r = ψ ( s, a, b. We defie i + : ) : = ( a, b ) I : = A B for, where i is the iput to ϕ ad ψ i Step. 7 If a = ο for all, we may simplify the model by eglectig the set A, i.e., we may set I = B. Aalogously, we may set I = A if o publicly kow values are fed ito the DRNG durig its life cycle. 8 A pure DRNG rus without ay exteral iput after seedig, i.e., i = ( ο, ο) for all. The state fuctio ad the output fuctio of the MEALY machie may be simplified to ( S, R, ϕ, ψ, p A ) with ϕ : S S, s : = ϕ ( s ) ad ψ : S, r = ψ ( s ). (5) + R : 0 semiformal meas expressed i a restricted sytax laguage with defied sematics (cf. CC part paragraph 8). formal meas expressed i a restricted sytax laguage with defied sematics based o well-established mathematical cocepts (cf. CC part paragraph 5). 8 September 0 AIS 0 / AIS 3 page 7

28 Hybrid RNG 9 Whether a hybrid RNG is categorized as a hybrid DRNG (which meas that its security essetially is based o computatioal complexity) or as a hybrid PTRNG (which meas that its primary security achor is based o etropy) is ot always clear. It may be difficult or eve ot clear i cocrete cases. Roughly speakig, the classificatio essetially depeds o the relatio betwee the etropy of the seed-update material (that is, the etropy of the reseedig material), ad the maximum etropy the iteral radom umbers may attai, amely lg R, which is provided by ideal RNGs. Let us assume the followig: () The sequece of additioal iputs a, a K, is statioary (or more precisely, the sequece a, a K, is assumed to be geerated by statioary radom variables A, A K, ) ad has Mi-etropy h = H ( a i, K, a i + k ) ; () Withi k cycles, the state trasitio fuctio at most slightly reduces the etropy of the iteral state (If the mappig ϕ : S { i} S is a permutatio over S, for ay fixed i I The etropy of the iteral state is ot reduced, eve if a adversary kows all exteral iput values.); ad (3) ψ is surjective. If k lg R ε, for a small costat ε, the RNG may behave like a hybrid PTRNG sice the o-determiistic part of the RNG provides at least almost as much etropy as the output sequece may have i the best case. Note, however, that this does ot prove that the etropy of the output is ideed close to lg R or equivaletly, the iteral radom umbers are (at least almost) uiformly distributed ad idepedet. This clearly depeds o the cocrete RNG, i.e., o the state trasitio fuctio ad the output fuctio, ad demads a solid proof. I cotrast, if + H ( s ) << k lg R, the odetermiistic RNG part does ot provide sufficiet etropy to esure that the output sequece ca be truly radom: The RNG behaves as a hybrid DRNG..3. Mathematical Backgroud.3.. Radom variables h h i 0 A experimet is ay physically or metally coceivable udertakig that results i a measurable outcome. The sample space is the set Ω of possible outcomes of a experimet. Uless otherwise stated, i this documet we assume the sample space as fiite set. The sample size of a experimet is the umber of possible outcomes of the experimet (= cardiality of the sample space). A evet is a subset of Ω. A probability measure o a fiite sample space Ω is a fuctio Pr from the power set of Ω (= set of subsets of Ω ) ito the iterval [0,] satisfyig k P{ Ω } = (6) We follow the termiology i [HDCM], chapter 7 Discrete Probability. 8 September 0 AIS 0 / AIS 3 page 8