Documentation and Analysis of the Linux Random Number Generator

Documentation and Analysis of the Linux Random Number Generator

Documentation and Analysis of the Linux Random Number Generator Version: 3.6 Document history Version Date Editor Description 2.0 2018-03-21 Stephan Müller Covering kernel 4.15 Re-running all tests of chapters 6 and following on 4.15 2.1 2018-04-11 Stephan Müller Updating the test results for the reboot tests on bare metal with 50,000 reboot cycles 2.2 2018-04-11 Stephan Müller Covering kernel 4.16 2.3 2018-06-18 Stephan Müller Covering kernel 4.17 2.4 2018-08-24 Stephan Müller Covering kernel 4.18 2.5 2018-11-12 Stephan Müller Covering kernel 4.19 Updated seeding process ChaCha20 DRNG documented 2.6 2019-01-11 Stephan Müller Covering kernel 4.20 3.0 2019-04-05 Stephan Müller Covering kernel 5.0 Re-running all tests of chapters 6 and following on 5.0 3.1 2019-04-12 Stephan Müller Adding results of reboot-tests for 5.0 3.2 2019-05-17 Stephan Müller Addressing comments from BSI Covering kernel 5.1 3.3 2019-08-13 Stephan Müller Covering kernel 5.2 3.4 2019-09-26 Stephan Müller Covering kernel 5.3 3.5 2019-12-13 Stephan Müller Covering kernel 5.4 3.6 2020-04-07 Stephan Müller Covering kernel 5.5 Federal Office for Information Security Post Box 20 03 63 D-53133 Bonn Internet: https://www.bsi.bund.de © Federal Office for Information Security 2020 Document history This analysis was prepared for BSI by atsec information security GmbH. Federal Office for Information Security 3 Federal Office for Information Security 5 Table of Contents Table of Contents Document history.............................................................................................................................................................................. 2 1 Introduction....................................................................................................................................................................................... 13 1.1 Authors.......................................................................................................................................................................................... 14 1.2 Copyright...................................................................................................................................................................................... 14 1.3 BSI-Reference............................................................................................................................................................................. 14 2 Architecture of Non-Deterministic Random Number Generators (NDRNGs)..................................................15 2.1 Terminology................................................................................................................................................................................ 15 2.2 General Architecture............................................................................................................................................................... 17 3 Design of the Linux-RNG............................................................................................................................................................. 20 3.1 Historical Background............................................................................................................................................................ 20 3.2 Linux-RNG Architecture....................................................................................................................................................... 20 3.2.1 Linux-RNG Internal Design.......................................................................................................................................... 21 3.3 Deterministic Random Number Generators (DRNGs)............................................................................................23 3.3.1 Entropy Pools....................................................................................................................................................................... 23 3.3.2 ChaCha20 DRNG................................................................................................................................................................ 33 3.4 Interfaces to Linux-RNG....................................................................................................................................................... 37 3.4.1 Character Device Files...................................................................................................................................................... 37 3.4.2 System Call............................................................................................................................................................................ 41 3.4.3 In-Kernel Interfaces.......................................................................................................................................................... 41 3.4.4 /proc Files.............................................................................................................................................................................. 42 3.5 Entropy Sources......................................................................................................................................................................... 43 3.5.1 Timer State Maintenance for Entropy Sources....................................................................................................43 3.5.2 Entropy Collection............................................................................................................................................................ 45 3.6 Entropy Estimation.................................................................................................................................................................. 57 3.6.1 Storing of “Superfluous” Entropy...............................................................................................................................59 3.7 Generic Architecture and Linux-RNG............................................................................................................................60 3.8 Use of the Linux-RNG............................................................................................................................................................. 62 3.9 Hardware-based Random Number Generators..........................................................................................................63 3.9.1 CPU Hardware Random Number Generators......................................................................................................63 3.9.2 Hardware Random Number Generator Framework.........................................................................................65 3.10 Support Functions for Other Kernel Parts....................................................................................................................67 3.11 Time Line of Entropy Requirements...............................................................................................................................68 3.11.1 Installation Time................................................................................................................................................................ 68 3.11.2 First Reboot After Installation...................................................................................................................................... 69 3.11.3 Regular Usage....................................................................................................................................................................... 69 3.12 Security Domain Protecting the Linux-RNG...............................................................................................................70 4 Conducted Analyses of the Linux-RNG................................................................................................................................ 71 4.1 Attacks of Gutterman et al. And its Relevance............................................................................................................71 4.1.1 Denial of Service Attacks................................................................................................................................................ 71 4.1.2 Use of Diskless Systems................................................................................................................................................... 71 4.1.3 Enhanced Backward Secrecy........................................................................................................................................ 72 4.2 Lacharme’s Analysis................................................................................................................................................................. 72 4.2.1 Linux-RNG Without Input to the Entropy Pools................................................................................................72 4.2.2 Attacks on the Input......................................................................................................................................................... 72 Federal Office for Information Security 7 Table of Contents 4.2.3 Assessment of the Entropy Estimation....................................................................................................................72 4.3 Conclusions from [LRSV12] and [GPR06]......................................................................................................................72

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    193 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us