In today's conditions of rapid technological development, information protection is becoming one of the priority tasks in cyber security. Most cryptographic systems for data encryption, key generation, and user authentication are based on the use of random numbers. The quality of the random numbers used in these systems directly affects their resistance to cryptographic attacks. However, many random number generators are susceptible to attacks that reduce entropy or make their sequences predictable, creating a vulnerability for the entire cryptographic system.
The introduction of a random number generation monitoring system becomes an important element of cyber protection, as it allows for real-time detection of anomalies in the generation process and response to them, minimizing the risk of data compromise. The use of such systems increases the overall reliability of cryptographic protocols, especially in the face of entropy attacks or sequence prediction attempts.
The main problem is that cryptographic systems may be exposed to vulnerabilities when random number generators produce weak or insufficiently unpredictable sequences. This creates an opportunity for attacks on pseudorandom number generators, which can lead to the disclosure of keys or other sensitive information. Traditional approaches to random number generation do not always provide reliable control over the quality and randomness of sequences in real-time, which increases the risk of system compromise.
The implementation of a random number generation monitoring system addresses this issue by continuously overseeing the generation process through statistical tests and anomaly detection mechanisms. Such a system can automatically signal random violations and propose measures to eliminate them, which significantly increases the resistance of cryptographic systems to attacks.
The purpose of the research is to develop and implement a monitoring system for the generation of random numbers, which will allow us to automatically evaluate the quality and compliance of the generation with the criteria of randomness. This entails employing statistical methods to identify deviations from expected outcomes and ensure the reliability of random number generators across various systems, particularly in security-critical sectors like cryptography and the IoT [1,2].
During the last decade, the issue of ensuring the security of cryptographic systems remains relevant, and many researchers pay attention to the generation of random numbers as one of the key aspects of this security. Random numbers are used to generate encryption keys, salt for hashing passwords, and other cryptographic processes. The poor quality of random numbers or their predictability can make cryptographic systems vulnerable to attack. One of the key areas of research is the study of attacks on Random Number Generators (RNGs) and their impact on the security of cryptographic systems. Various types of PRNGs and their vulnerabilities are considered in [3][4][5]. Research indicates that predictable or insufficiently random sequences can compromise cryptographic keys. Additionally, various attacks on cryptographic systems have highlighted the necessity of real-time monitoring of random number generation quality.
Recent research indicates that merely employing cryptographically secure random number generators (CSPRNGs) is not always adequate for ensuring a high level of security. The works [6,7] propose the development of a system for real-time monitoring of random number generation to identify anomalies and deviations from randomness. These systems use statistical tests to assess the level of entropy and the presence of correlations in sequences of random numbers. Some of the popular monitoring methods include the Chi-square test for distribution uniformity, Pearson's test for correlations, and entropy analysis for measuring unpredictability. Such systems allow the detection of anomalies before they lead to real problems in cryptographic processes.
With the development of the IoT, there is a need to use lightweight and energy-efficient random number generation methods. Publications [8,9] analyze the impact of insufficient entropy in IoT devices on the cryptographic stability of these systems. The researchers particularly highlight the significance of monitoring random number generators, especially given the limited resources of IoT devices. Insufficient entropy sources can lead to duplication of keys and other cryptographic data, which poses a security threat.
Recent studies, such as [10][11][12][13], have proposed the application of machine learning techniques for monitoring random number generation. Machine learning algorithms can analyze large volumes of data, and identify hidden patterns and anomalies that may go unnoticed using traditional statistical methods. These studies show that hybrid approaches combining statistical tests and machine learning can significantly improve the reliability of cryptographic systems.
With the development of cloud computing, cryptographic systems increasingly rely on random number generation in cloud environments. Research [14,15] emphasizes the need to monitor the generation of random numbers in the conditions of scalable cloud environments [16,17]. The publications describe the use of distributed monitoring systems that can monitor the performance of RNGs in different virtual environments and detect anomalies related to the computational load.
The literature review shows the importance of monitoring the generation of random numbers as a critical component of the security of cryptographic systems. Most modern studies point to the need to implement automated monitoring systems to detect anomalies and maintain a high level of entropy. This applies to both classic cryptographic systems and modern platforms such as IoT and cloud computing [18].
Employing advanced techniques, such as machine learning and statistical analysis, can significantly enhance the resilience of random number generators against attacks, thereby ensuring the reliability and unpredictability of cryptographic operations.
Analysis of the stability of pseudorandom number generators (PRNGs) in real conditions consists in determining how well they can withstand external factors that can affect the quality of random number generation (Table 1). Such factors include noise, limited computing resources, changes in the execution environment, and other technical or physical influences.
The research conducted yielded the following results: A decrease in the quality of random numbers can be observed in conditions of unstable power supply or increased loads on the system, which leads to a decrease in entropy or an increase in the predictability of sequences.
Reliable generators exhibit consistent random number generation even in the face of significant fluctuations in available resources or external conditions, ensuring high levels of randomness and speed. Noise attacks. Generators can be subject to noise attacks, where the input data is distorted by exposure to external noise. For example, for hardware generators, it could be electromagnetic radiation, while for software generators it could be a malfunction of the hardware or operating system.
During the testing, experiments are carried out with the addition of artificial noise to the system to check the resistance of the HPC to such influences. This can be done by emulating an unstable environment, such as generating random numbers under varying power levels or network failures. Testing in conditions of limited resources Limitation of computing resources. IoT devices and other low-power systems often have limits on computing power, RAM, and energy. Generators must remain reliable even with minimal resources.
Experiments are being carried out with the limitation of available resources during the execution of HPC. For example, artificially reducing the amount of available RAM or increasing delays in processor cycles allows you to assess how this will affect the performance and quality of random numbers. Resistance to entropy attacks Entropy reduction. One important factor is the level of entropy from which random numbers are generated. If entropy decreases due to external influences or a lack of sufficient sources of entropy, this can lead to predictable generation results.
Entropy sources are analyzed during testing. For example, there may be limited input data (noise from physical sensors or random sources from the OS) to test whether the HPC can generate sufficiently random numbers.
High load on the system. Real-world conditions often include HPC operation under high load, for example, when several processes simultaneously use generator resources.
Conducting stress tests, which include increasing the number of requests to the generator or performing other computational tasks at the same time, allows you to evaluate how this affects the speed and randomness of the generated numbers. The influence of the reliability of hardware components Hardware failures. Hardware oscillators can be susceptible to problems with the components themselves, such as aging or defects in the chips.
Simulating hardware component failures or conducting tests on various devices with differing levels of wear and tear enables the evaluation of their resistance to such factors. Analysis using statistical tests Some statistical tests (eg, Chi-squared test, Pearson test, autocorrelation analysis) are used to detect outliers or non-random patterns during testing.
Testing using multivariate statistical methods allows you to assess the quality of randomness under variable external conditions [19,20].
Testing pseudorandom number generators in real conditions allows you to determine their resistance to various external influences, such as noise, limited resources, and high loads. The analysis results contribute to enhancing generators for use in critical systems like IoT and cryptographic algorithms, thereby ensuring reliable random number generation even in challenging conditions.
Investigating the performance of PRNGs for IoT infrastructure applications is an important step in determining their suitability in terms of resources and performance. The primary criteria for assessing efficiency include computational complexity, speed, energy consumption, and memory utilization. Let's examine the key steps along with examples of research and evaluations regarding the effectiveness of various PRNGs. (Table 2). Performance evaluation criteria: Computational complexity. An estimate of the number of operations required to generate one random number. Algorithms of different complexity are studied (linear complexity O(n), logarithmic complexity O(log n), constant complexity O(1)).
Example: A simple algorithm of congruent HPC has linear complexity since at each step a simple operation of multiplication, addition, and subtraction is performed modulo.
Speed action. It quantifies the number of random numbers a generator can produce within a given time frame (such as numbers generated per second). Algorithms on different processor architectures are studied: ARM for IoT devices, which often have limited computing power.
Example: Comparing a classic LCG (Linear Congruent Generator) and a more complex algorithm such as Mersenne Twister can show that LCG has a speed advantage on simple IoT device processors.
Energy consumption. The total power consumption for random number generation over a certain time or number of operations is measured. Important for batterypowered IoT devices where energy savings are critical.
Example: Simple algorithms with minimal computing load will be less energy-consuming compared to more complex generators that require a lot of resources for their work.
Memory usage. The amount of RAM required for the operation of the generator is estimated. In many IoT devices, memory is limited, so memory efficiency is a key factor.
Example: Algorithms such as LCG require less memory compared to algorithms based on complex tables, such as the Mersenne Twister, which requires large buffers for its operation. For IoT devices, where speed and energy efficiency are crucial, simple generators such as LKG or XORShift demonstrate superior performance in both speed and power consumption. However, in cases where cryptographic robustness is required, CSPRNG, despite the higher resource costs, is a necessary choice.
A random number generation monitoring system should automate data collection, analysis, and visualization processes to ensure real-time control of generation quality and stability. This will effectively detect any deviations from randomness or other anomalies in the operation of PRNGs and hardware generators. Let's consider the main components of the monitoring system (Fig. 1): Generation quality analysis module. The analysis module assesses the quality of randomness in the collected numbers. It uses statistical methods to detect correlations, and predictable patterns and checks whether the generation meets the criteria of randomness. Methods that can be utilized in this module: Chi-square test and Pearson's test to test for uniform distribution; autocorrelation analysis to check dependencies between numerical sequences; multivariate tests for analyzing correlations between several parameters; Entropy test for evaluating the degree of unpredictability in numbers.
Visualization module and user interface design. Offers an interface for visualizing monitoring results. The graphical interface should show indicators such as entropy level, distribution uniformity, frequency deviations, and other quality metrics. Types of visualizations that can be implemented: Histograms and distribution graphs that show the distribution of numbers and reveal possible deviations from uniformity; heat maps of correlations that visualize dependencies between different random number generations; real-time monitoring shows current generation performance and quality metrics, allowing for immediate detection of deviations or anomalies.
Notification and logging module. This module is responsible for logging events and notifying about deviations in the generation. It provides logging of all generation processes and provides the ability to view historical data for in-depth analysis. If serious deviations are detected, the system sends a notification to the administrator or interested parties via email, mobile application, or other means of communication.
Configuration and settings module. This module enables the configuration of various parameters for the monitoring system, including data collection frequency, alert threshold values, selection of statistical tests for analysis, and user interface settings. The system should support flexible configuration for different types of generators and usage scenarios, allowing it to be adapted to specific needs.
Reporting system. Automatic generation of detailed reports on the quality of random number generation. These reports can be saved as PDF or other formats, allowing detailed analysis of the generation history and making it available to interested parties. Reports usually include the following factors: randomness metrics, detected deviations, and recommendations for improving the quality of generation.
The use of a monitoring system is particularly useful for the following industries:
Cryptographic systems where the reliability of random number generation is critical for security.
IoT devices, where constrained resources may impact the quality of generation.
Mobile applications that utilize random number generation for security purposes or gaming.
Here are the key advantages of the system. Increased reliability. Continuous monitoring ensures the stable operation of generators, helping to avoid failures and anomalies.
Instant reaction to deviations. Thanks to built-in notifications, the system allows you to quickly react to any failures in the generation process.
Real-time analysis. The system supports real-time data collection and analysis, which allows you to quickly obtain information about the quality of random numbers.
This system provides an opportunity to flexibly configure the generation of random numbers to ensure their high quality, convenient visualization, and timely detection of problems in real conditions of use.
random number generation monitoring system 6.1. Overview of the system's general algorithm
Let's examine the key stages of the random number generation monitoring system (Fig. 2). System initialization. The system is initiated and configured to monitor random number generation. The sources of random number generation, whether software or hardware generators, are identified. Data collection. The system collects numerical sequences from generators in real-time. Data collection is conducted based on pre-defined intervals or events. Data pre-processing. Collected data is sequenced for further analysis. The accuracy of the collected data is verified to ensure there are no omissions or errors.
Analysis of generation quality. Statistical tests are applied to the collected data to check for randomness:
Check for anomalies. The analysis results are compared against reference indicators. If deviations or anomalies are identified (indicating non-compliance with randomness criteria), the system triggers a response.
Decision on anomalies. If no anomalies are detected, the system continues to collect and log data. If anomalies are detected, the system initiates a response procedure.
Actions when anomalies are detected Logging and reporting. All monitoring actions and results are stored in logs. The system automatically generates reports on the status of random number generation (daily, weekly, etc.).
Completion of the cycle. The system ends the current monitoring cycle and starts a new one.
Periodic audit and optimization. Periodically, the system conducts an in-depth audit of the operation of generators for further improvement of settings or algorithms.
The algorithm is aimed at automatic quality control of random number generation with minimal user intervention. The system can quickly react to deviations, ensuring stability and reliability of generation in critical systems.
A mathematical model for a random number generation monitoring system can be constructed using several key components. This model should include a process of data collection, random analysis, anomaly detection, and response. Let:
𝑋(𝑡) -is a sequence of random numbers generated at time 𝑡. 𝑓(𝑋(𝑡)) -is a function describing the properties of the sequence 𝑋(𝑡), which is responsible for checking its randomness. 𝑇 -is a set of statistical tests for checking randomness (for example, Chi-square test, entropy test). 𝑃 -is the probability of an anomaly occurring in the generation process. 𝐷(𝑡)-is the deviation from the randomness reference values at time 𝑡.
The generation of random numbers in the system is described as a set of sequences of numbers: 𝑋(𝑡) = {𝑥 , 𝑥 , . . . , 𝑥 }, (1) where 𝑥 ∈ [𝑎, 𝑏] is a single random number within the interval [𝑎, 𝑏], generated at time 𝑡.
The randomness test function 𝑓(𝑋(𝑡)) applies statistical tests to the sequence 𝑋(𝑡). For example, for the Chi-square test:
where 𝑂 are the observed frequencies of random numbers, 𝐸 are the expected frequencies of random numbers. The test results are compared against critical values. If the result surpasses the 𝜒 threshold, this indicates a deviation from a uniform distribution, and an anomaly is recorded.
Other tests (for example, the entropy test 𝐻(𝑋)) can estimate the level of entropy:
where 𝑝(𝑥 ) is the probability of the number 𝑥 appearing.
A high entropy means a more random sequence.
The probability of an anomaly occurring, denoted as 𝑃 , is influenced by the extent to which the test results deviate from the reference values. If the deviation function 𝐷(𝑡)exceeds the permissible value 𝐷 , an anomaly is considered to have occurred: 𝑃 = 𝑃(𝐷(𝑡) > 𝐷 ).
(4) Here 𝐷(𝑡) = 𝑓(𝑋(𝑡)) − 𝑓 (𝑋) , where 𝑓 (𝑋)-the reference value of the randomness function.
If the probability of an anomaly exceeds the permissible 𝑃 > 𝑃 , the system goes into response:
The system generates a notification for the operator. Automatic intervention: It is possible to restart the generator or connect a backup source of random number generation.
Formally, the reaction process can be described as follows:
where 𝑅(𝑡) is the system response at time 𝑡 (0-normal operation, 1-intervention or notification).
To provide historical analytics, the system keeps a log of all data stored in the form: 𝐿(𝑡) = {𝑋(𝑡) , 𝑓(𝑋(𝑡)), 𝑃 , 𝑅(𝑡)}.
(6) This log allows you to track all events related to the generation of random numbers and generate reports to analyze the monitoring results.
Mathematically, the model of the random number generation monitoring system can be represented as a set of functions:
1. Generation of a sequence of random numbers 𝑋(𝑡) = {𝑥 , 𝑥 , . . . , 𝑥 }.
Evaluation of the quality of randomness using tests:
Probability of anomaly:
System reaction:
Logging and storage of results:
𝐿(𝑡) = {𝑋(𝑡) , 𝑓(𝑋(𝑡)), 𝑃 , 𝑅(𝑡)}.
(11) This mathematical model allows for building a system that automatically collects, analyzes, and controls the quality of random number generation in real-time, providing visualization and responding to anomalies.
The library of statistical tests is a component of the monitoring server but can be used as a separate product if necessary. The simplest method to utilize it is by adding a ".jar" file to the project during compilation. However, it is advisable to use tools like "Maven" or "Gradle" for automating tasks within Java projects. This avoids manually downloading and compiling the project with the library and is a safer approach.
In Maven, you need to define a new repository "jitpack.io" and add the library as a dependency (Fig. 3).
The process is almost identical for Gradle, but the repository should be slightly different. The library does not contain any configuration parameters or settings that must be made before use, so you can perform statistical tests (Fig. 3) simply by calling methods on the library classes.
The monitoring server can be used locally for testing, but it is likely to be more useful to deploy it in a cluster, cloud environment, or on local servers in a network where client applications are already deployed (or planned to be deployed in the future).
A simple and working solution would be to use a docker container to deploy the server.
Just like the integration library, the server has several environment variables used for mail and database connections. They must be specified for correct operation.
The web application does not contain a "Home Page" per se, so the user will be immediately redirected to the "Random Numbers" page (Fig. 4). This page can be conventionally divided into 2 parts-a random number filter and a table with random numbers. The panels under the heading "Graphs" contain 5 graphs. In Fig. 5 you can see two of them-the number of random numbers processed by the server and the distribution of random numbers by client programs. Additionally, the program features a graph that shows the distribution of random numbers by values for each label. This can help identify whether a generator has a flaw that causes it to produce an excess or deficiency of random numbers within a specific range.
Based on the monitoring and testing results, we will develop recommendations for enhancing random number generation algorithms, focusing on methods to improve their stability and performance in critical systems.
To boost the reliability of random number generators, the following recommendations can be made based on these findings.
Improvement of algorithmic stability of generators.
Use of cryptographically stable generators (CSPRNG). Utilizing generators based on cryptographic algorithms, such as AES or SHA, ensures reliable randomness, even in critical systems like secure communication or data protection. Update generation algorithms. Consistently update and optimize generators to address emerging attacks or vulnerabilities. This includes improvements to pseudo-random generators such as Xorshift, Mersenne Twister, or newer variants based on block ciphers.
Protection against the influence of external factors.
Addition of noise sources (entropy pool). It is important to supplement generators with external sources of randomness (for example, noise from sensors, and physical processes), which will increase the resistance of the generator to predictable attacks or distortions due to the reduction of internal entropy. Input quality monitoring. Automated control of input entropy level and periodic updating of noise sources can prevent generation randomness from decreasing.
Regular verification of correlation between generations: Applying statistical tests to verify the correlation between sequences of numbers will help to identify and eliminate patterns that reduce the reliability of the generator.
Increasing the number of random bits: To increase robustness, it is recommended to generate a larger number of random bits from different independent sources, which reduces the chances of correlation or predictability of the results.
High-load and stress-testing: It is important to regularly test generators under real-world operating conditions, particularly in high-load and resource-constrained (power, memory) situations, to verify their robustness.
Integration with monitoring systems: The creation of systems that automatically monitor the operation of generators in real time allows timely detection of possible failures or loss of randomness.
Backup and restoration of the generation system These guidelines will enhance the reliability of pseudorandom number generators, particularly in critical systems like cryptographic algorithms, IoT security, and other fields where the quality of randomness is essential for the security and stable operation of systems.
Random number generators are an important tool for solving a variety of simulation, numerical methods, cryptography, and programming problems. Generation facilities can adopt one of several available approaches, each with its strengths and weaknesses. Nevertheless, the most critical feature of generators is their capacity to produce truly random numbers, as the security of cryptographic applications and the efficiency and speed of numerical applications hinges on the randomness of these numbers.
Utilizing generation tools necessitates prior research through statistical tests and cryptographic attacks to ensure confidence in the quality of the generated numbers and the security of the tool. During operation, generators sometimes show worse performance than was obtained during initial tests. This may be due to problems in the entropy source, incorrect application, or software implementation. Depending on the generator's specific task, implementing a monitoring system is advisable to identify and address potential defects promptly. The created monitoring system provides the functions of monitoring the operation of generation means and alerting in case of exceptional situations. Programs or hardware devices connect to a centralized server and send random numbers generated by them for statistical testing and storage for future research. The monitoring system consists of the following components:
A library including 15 NIST tests and 8 multivariate statistics tests. The NIST statistical tests are a comprehensive approach to the verification of random numbers and means of their generation, while the methods of multivariate statistics complement them by providing the possibility to verify short sequences of bits.
An integration library designed to quickly connect a monitoring server and generators or applications containing random number generators. Application integration is done only with the use of metadata and configuration.
The monitoring server primarily functions to aggregate random numbers transmitted by client programs, along with their pre-processing and storage in the database. Additional features include various settings for tracking and notification processes, as well as detailed reports and realtime random number testing.
A web application that is completely based on the functions and application interface of the monitoring server and is designed to provide a convenient interface for users.
The monitoring system is recommended to be used in the case of operation or research of several generators of random numbers and sequences created by them at random. Practical application of the product is possible in:
Cryptography, development, and maintenance of software products and hardware-tracking the operation of autonomous random number generators and programs that use built-in generators;
Scientific research-simultaneous statistical testing of several random number generators, development and testing of new random number generators.