=Paper=
{{Paper
|id=Vol-3826/short21
|storemode=property
|title=Cryptographic system security approaches by monitoring the random numbers generation (short paper)
|pdfUrl=https://ceur-ws.org/Vol-3826/short21.pdf
|volume=Vol-3826
|authors=Svitlana Popereshnyak,Yuriy Novikov,Yuliia Zhdanova
|dblpUrl=https://dblp.org/rec/conf/cpits/PopereshnyakNZ24
}}
==Cryptographic system security approaches by monitoring the random numbers generation (short paper)==
https://ceur-ws.org/Vol-3826/short21.pdf
Cryptographic system security approaches
by monitoring the random numbers generation⋆
Svitlana Popereshnyak1,†, Yuriy Novikov2,† and Yuliia Zhdanova3,*,†
1
National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, 37 Beresteiskyi ave., 03056 Kyiv,
Ukraine
2
Institute of Software Systems of the National Academy of Sciences of Ukraine, 40-5 Akademik Hlushkov ave., 03187 Kyiv,
Ukraine
3
Borys Grinchenko Kyiv Metropolitan University, 18/2 Bulvarno-Kudryavska str., 04053 Kyiv, Ukraine
Abstract
The paper examines one of the approaches to ensuring the security of cryptographic systems by monitoring
the generation of random numbers. Random numbers play a key role in cryptography, in particular for
generating keys, initialization vectors, and other important cryptographic parameters. Unreliable or
predictable random numbers can lead to successful attacks on cryptographic protocols, making generation
monitoring critical to the security of systems. The paper proposes an automated monitoring system that
utilizes statistical tests to check randomness, entropy level, and the presence of correlations between
generated numbers. Particular attention is paid to researching methods of detecting anomalies and reacting
to them in real-time. Furthermore, the paper examines the effect of limited entropy in resource-constrained
devices like those used in the Internet of Things (IoT) and explores the application of machine learning to
enhance the monitoring of random number generation. The results demonstrate that implementing the
monitoring system significantly enhances the resilience of cryptographic systems against attacks targeting
random number generation.
Keywords
cryptography, random number generation, monitoring, entropy, statistical tests, anomalies, internet of
things, security 1
1. Introduction number generators, which can lead to the disclosure of keys
or other sensitive information. Traditional approaches to
In today’s conditions of rapid technological development, random number generation do not always provide reliable
information protection is becoming one of the priority tasks control over the quality and randomness of sequences in
in cyber security. Most cryptographic systems for data real-time, which increases the risk of system compromise.
encryption, key generation, and user authentication are The implementation of a random number generation
based on the use of random numbers. The quality of the monitoring system addresses this issue by continuously
random numbers used in these systems directly affects their overseeing the generation process through statistical tests
resistance to cryptographic attacks. However, many and anomaly detection mechanisms. Such a system can
random number generators are susceptible to attacks that automatically signal random violations and propose
reduce entropy or make their sequences predictable, measures to eliminate them, which significantly increases
creating a vulnerability for the entire cryptographic system. the resistance of cryptographic systems to attacks.
The introduction of a random number generation The purpose of the research is to develop and implement
monitoring system becomes an important element of cyber a monitoring system for the generation of random numbers,
protection, as it allows for real-time detection of anomalies which will allow us to automatically evaluate the quality
in the generation process and response to them, minimizing and compliance of the generation with the criteria of
the risk of data compromise. The use of such systems randomness. This entails employing statistical methods to
increases the overall reliability of cryptographic protocols, identify deviations from expected outcomes and ensure the
especially in the face of entropy attacks or sequence reliability of random number generators across various
prediction attempts. systems, particularly in security-critical sectors like
The main problem is that cryptographic systems may be cryptography and the IoT [1, 2].
exposed to vulnerabilities when random number generators
produce weak or insufficiently unpredictable sequences.
This creates an opportunity for attacks on pseudorandom
CPITS-II 2024: Workshop on Cybersecurity Providing in Information 0000-0002-0531-9809 (S. Popereshnyak);
and Telecommunication Systems II, October 26, 2024, Kyiv, Ukraine 0009-0006-9800-8765 (Y. Novikov);
∗
Corresponding author. 0000-0002-9277-4972 (Y. Zhdanova)
†
These authors contributed equally. © 2024 Copyright for this paper by its authors. Use permitted under
Creative Commons License Attribution 4.0 International (CC BY 4.0).
spopereshnyak@gmail.com (S. Popereshnyak);
ynovikov@gmail.com (Y. Novikov);
y.zhdanova@kubg.edu.ua (Y. Zhdanova)
CEUR
Workshop
ceur-ws.org
ISSN 1613-0073
301
Proceedings
�2. Review of literature and scientific traditional statistical methods. These studies show that
hybrid approaches combining statistical tests and machine
publications learning can significantly improve the reliability of
During the last decade, the issue of ensuring the security of cryptographic systems.
cryptographic systems remains relevant, and many With the development of cloud computing,
researchers pay attention to the generation of random cryptographic systems increasingly rely on random number
numbers as one of the key aspects of this security. Random generation in cloud environments. Research [14, 15]
numbers are used to generate encryption keys, salt for emphasizes the need to monitor the generation of random
hashing passwords, and other cryptographic processes. The numbers in the conditions of scalable cloud environments
poor quality of random numbers or their predictability can [16, 17]. The publications describe the use of distributed
make cryptographic systems vulnerable to attack. monitoring systems that can monitor the performance of
One of the key areas of research is the study of attacks RNGs in different virtual environments and detect
on Random Number Generators (RNGs) and their impact on anomalies related to the computational load.
the security of cryptographic systems. Various types of The literature review shows the importance of
PRNGs and their vulnerabilities are considered in [3–5]. monitoring the generation of random numbers as a critical
Research indicates that predictable or insufficiently random component of the security of cryptographic systems. Most
sequences can compromise cryptographic keys. modern studies point to the need to implement automated
Additionally, various attacks on cryptographic systems monitoring systems to detect anomalies and maintain a high
have highlighted the necessity of real-time monitoring of level of entropy. This applies to both classic cryptographic
random number generation quality. systems and modern platforms such as IoT and cloud
Recent research indicates that merely employing computing [18].
cryptographically secure random number generators Employing advanced techniques, such as machine
(CSPRNGs) is not always adequate for ensuring a high level learning and statistical analysis, can significantly enhance
of security. The works [6, 7] propose the development of a the resilience of random number generators against attacks,
system for real-time monitoring of random number thereby ensuring the reliability and unpredictability of
generation to identify anomalies and deviations from cryptographic operations.
randomness. These systems use statistical tests to assess the
level of entropy and the presence of correlations in 3. Analysis of stability of generators
sequences of random numbers.
Analysis of the stability of pseudorandom number
Some of the popular monitoring methods include the
generators (PRNGs) in real conditions consists in
Chi-square test for distribution uniformity, Pearson’s test
determining how well they can withstand external factors
for correlations, and entropy analysis for measuring
that can affect the quality of random number generation
unpredictability. Such systems allow the detection of
(Table 1). Such factors include noise, limited computing
anomalies before they lead to real problems in
resources, changes in the execution environment, and other
cryptographic processes.
technical or physical influences.
With the development of the IoT, there is a need to use
The research conducted yielded the following results:
lightweight and energy-efficient random number
generation methods. Publications [8, 9] analyze the impact A decrease in the quality of random numbers can
of insufficient entropy in IoT devices on the cryptographic be observed in conditions of unstable power
stability of these systems. The researchers particularly supply or increased loads on the system, which
highlight the significance of monitoring random number leads to a decrease in entropy or an increase in the
generators, especially given the limited resources of IoT predictability of sequences.
devices. Insufficient entropy sources can lead to duplication
Reliable generators exhibit consistent random
of keys and other cryptographic data, which poses a security
number generation even in the face of significant
threat.
fluctuations in available resources or external
Recent studies, such as [10–13], have proposed the
conditions, ensuring high levels of randomness
application of machine learning techniques for monitoring
and speed.
random number generation. Machine learning algorithms
can analyze large volumes of data, and identify hidden
patterns and anomalies that may go unnoticed using
302
�Table 1
Types of generators testing for resistance to external factors
Type Problem Testing
Noise immunity Noise attacks. Generators can be subject to noise During the testing, experiments are carried out with the
testingм attacks, where the input data is distorted by exposure addition of artificial noise to the system to check the
to external noise. For example, for hardware resistance of the HPC to such influences. This can be done
generators, it could be electromagnetic radiation, by emulating an unstable environment, such as generating
while for software generators it could be a random numbers under varying power levels or network
malfunction of the hardware or operating system. failures.
Testing in Limitation of computing resources. IoT devices and Experiments are being carried out with the limitation of
conditions of other low-power systems often have limits on available resources during the execution of HPC. For
limited computing power, RAM, and energy. Generators example, artificially reducing the amount of available RAM
resources must remain reliable even with minimal resources. or increasing delays in processor cycles allows you to assess
how this will affect the performance and quality of random
numbers.
Resistance to Entropy reduction. One important factor is the level Entropy sources are analyzed during testing. For example,
entropy attacks of entropy from which random numbers are there may be limited input data (noise from physical sensors
generated. If entropy decreases due to external or random sources from the OS) to test whether the HPC
influences or a lack of sufficient sources of entropy, can generate sufficiently random numbers.
this can lead to predictable generation results.
Analysis under High load on the system. Real-world conditions often Conducting stress tests, which include increasing the number of
conditions of include HPC operation under high load, for example, requests to the generator or performing other computational
high loads when several processes simultaneously use generator tasks at the same time, allows you to evaluate how this affects
resources. the speed and randomness of the generated numbers.
The influence Hardware failures. Hardware oscillators can be Simulating hardware component failures or conducting
of the reliability susceptible to problems with the components tests on various devices with differing levels of wear and
of hardware themselves, such as aging or defects in the chips. tear enables the evaluation of their resistance to such
components factors.
Analysis using Some statistical tests (eg, Chi-squared test, Pearson test, Testing using multivariate statistical methods allows you to
statistical tests autocorrelation analysis) are used to detect outliers or assess the quality of randomness under variable external
non-random patterns during testing. conditions [19, 20].
Testing pseudorandom number generators in real Example: Comparing a classic LCG (Linear Congruent
conditions allows you to determine their resistance to Generator) and a more complex algorithm such as Mersenne
various external influences, such as noise, limited resources, Twister can show that LCG has a speed advantage on simple
and high loads. The analysis results contribute to enhancing IoT device processors.
generators for use in critical systems like IoT and Energy consumption. The total power consumption
cryptographic algorithms, thereby ensuring reliable random for random number generation over a certain time or
number generation even in challenging conditions. number of operations is measured. Important for battery-
powered IoT devices where energy savings are critical.
4. Study of the effectiveness of Example: Simple algorithms with minimal computing load
will be less energy-consuming compared to more complex
PRNGs generators that require a lot of resources for their work.
Investigating the performance of PRNGs for IoT Memory usage. The amount of RAM required for the
infrastructure applications is an important step in operation of the generator is estimated. In many IoT devices,
determining their suitability in terms of resources and memory is limited, so memory efficiency is a key factor.
performance. The primary criteria for assessing efficiency Example: Algorithms such as LCG require less memory
include computational complexity, speed, energy compared to algorithms based on complex tables, such as
consumption, and memory utilization. Let’s examine the the Mersenne Twister, which requires large buffers for its
key steps along with examples of research and evaluations operation.
regarding the effectiveness of various PRNGs. (Table 2).
Performance evaluation criteria: Table 2
Computational complexity. An estimate of the Evaluating the effectiveness of various PRNGs
number of operations required to generate one random Energy
Speed Memory
number. Algorithms of different complexity are studied PRNG Complexity
(numb./sec)
consumption
usage (kB)
(linear complexity O(n), logarithmic complexity O(log n), (mW)
constant complexity O(1)). LCG 𝑂(1) 10^6 50 2
Example: A simple algorithm of congruent HPC has Mersenne
𝑂(𝑛) 10^4 150 10
Twister
linear complexity since at each step a simple operation of
XORShift 𝑂(1) 10^5 70 3
multiplication, addition, and subtraction is performed CSPRNG 𝑂(𝑛 ) 10^3 200 20
modulo.
Speed action. It quantifies the number of random For IoT devices, where speed and energy efficiency are
numbers a generator can produce within a given time frame crucial, simple generators such as LKG or XORShift
(such as numbers generated per second). Algorithms on demonstrate superior performance in both speed and power
different processor architectures are studied: ARM for IoT consumption. However, in cases where cryptographic
devices, which often have limited computing power.
303
�robustness is required, CSPRNG, despite the higher resource Notification and logging module. This module is
costs, is a necessary choice. responsible for logging events and notifying about
deviations in the generation. It provides logging of all
5. Description of the random generation processes and provides the ability to view
historical data for in-depth analysis. If serious deviations are
number generation monitoring detected, the system sends a notification to the
system administrator or interested parties via email, mobile
A random number generation monitoring system should application, or other means of communication.
automate data collection, analysis, and visualization Configuration and settings module. This module
processes to ensure real-time control of generation quality enables the configuration of various parameters for the
and stability. This will effectively detect any deviations from monitoring system, including data collection frequency,
randomness or other anomalies in the operation of PRNGs alert threshold values, selection of statistical tests for
and hardware generators. analysis, and user interface settings. The system should
Let’s consider the main components of the monitoring support flexible configuration for different types of
system (Fig. 1): generators and usage scenarios, allowing it to be adapted to
specific needs.
Reporting system. Automatic generation of detailed
reports on the quality of random number generation. These
reports can be saved as PDF or other formats, allowing
detailed analysis of the generation history and making it
available to interested parties. Reports usually include the
following factors: randomness metrics, detected deviations,
and recommendations for improving the quality of
generation.
The use of a monitoring system is particularly useful for
the following industries:
Cryptographic systems where the reliability of
Figure 1: The main components of the monitoring system random number generation is critical for security.
IoT devices, where constrained resources may
Data collection module. This module gathers data from impact the quality of generation.
various random number generation sources, including both Mobile applications that utilize random number
PRNGs and hardware generators. Data can be collected from generation for security purposes or gaming.
local or remote generating systems. The module facilitates
real-time data collection, in addition to storing historical Here are the key advantages of the system.
data for subsequent analysis. Data sources can be generators Increased reliability. Continuous monitoring ensures
in cryptographic systems, IoT devices, mobile applications, the stable operation of generators, helping to avoid failures
or other systems that rely on PRNG. and anomalies.
Generation quality analysis module. The analysis Instant reaction to deviations. Thanks to built-in
module assesses the quality of randomness in the collected notifications, the system allows you to quickly react to any
numbers. It uses statistical methods to detect correlations, failures in the generation process.
and predictable patterns and checks whether the generation Real-time analysis. The system supports real-time
meets the criteria of randomness. Methods that can be data collection and analysis, which allows you to quickly
utilized in this module: Chi-square test and Pearson’s test to obtain information about the quality of random numbers.
test for uniform distribution; autocorrelation analysis to This system provides an opportunity to flexibly
check dependencies between numerical sequences; configure the generation of random numbers to ensure their
multivariate tests for analyzing correlations between high quality, convenient visualization, and timely detection
several parameters; Entropy test for evaluating the degree of problems in real conditions of use.
of unpredictability in numbers.
Visualization module and user interface design. 6. Modeling the operation of the
Offers an interface for visualizing monitoring results. The
graphical interface should show indicators such as entropy
random number generation
level, distribution uniformity, frequency deviations, and monitoring system
other quality metrics. Types of visualizations that can be
6.1. Overview of the system’s general
implemented: Histograms and distribution graphs that
show the distribution of numbers and reveal possible
algorithm
deviations from uniformity; heat maps of correlations that Let’s examine the key stages of the random number
visualize dependencies between different random number generation monitoring system (Fig. 2).
generations; real-time monitoring shows current generation System initialization. The system is initiated and
performance and quality metrics, allowing for immediate configured to monitor random number generation. The
detection of deviations or anomalies. sources of random number generation, whether software or
hardware generators, are identified.
304
� Data collection. The system collects numerical reports on the status of random number generation (daily,
sequences from generators in real-time. Data collection is weekly, etc.).
conducted based on pre-defined intervals or events. Completion of the cycle. The system ends the current
Data pre-processing. Collected data is sequenced for monitoring cycle and starts a new one.
further analysis. The accuracy of the collected data is Periodic audit and optimization. Periodically, the
verified to ensure there are no omissions or errors. system conducts an in-depth audit of the operation of
Analysis of generation quality. Statistical tests are generators for further improvement of settings or
applied to the collected data to check for randomness: algorithms.
Check for anomalies. The analysis results are The algorithm is aimed at automatic quality control of
compared against reference indicators. If deviations or random number generation with minimal user intervention.
anomalies are identified (indicating non-compliance with The system can quickly react to deviations, ensuring
randomness criteria), the system triggers a response. stability and reliability of generation in critical systems.
Decision on anomalies. If no anomalies are detected,
the system continues to collect and log data. If anomalies 6.2. Mathematical model of the system for
are detected, the system initiates a response procedure. monitoring the generation of random
Actions when anomalies are detected numbers
Notification: the system alerts the administrator A mathematical model for a random number generation
or the individual responsible for security systems monitoring system can be constructed using several key
about any identified issues. components. This model should include a process of data
Automatic actions: an adjustment attempt is collection, random analysis, anomaly detection, and
possible (restarting the generator or changing the response.
entropy source). Let:
Problem logging: details of the anomaly are
captured for further analysis. 𝑋(𝑡) —is a sequence of random numbers generated
at time 𝑡.
System initialization 𝑓(𝑋(𝑡)) —is a function describing the properties of
the sequence 𝑋(𝑡), which is responsible for
Data collection checking its randomness.
𝑇 —is a set of statistical tests for checking
Data pre-processing
randomness (for example, Chi-square test, entropy
test).
Analysis of generation quality
If No anomalies detected 𝑃 —is the probability of an anomaly occurring
Apply Statistical Tests in the generation process.
𝐷(𝑡)—is the deviation from the randomness
Check for anomalies
reference values at time 𝑡.
Compare Results
Decision on anomalies 6.2.1. Modeling the generation of random
numbers
If anomalies detected
Start new monitoring cycle The generation of random numbers in the system is
described as a set of sequences of numbers:
Actions when anomalies (1)
𝑋(𝑡) = {𝑥 , 𝑥 , . . . , 𝑥 },
detected
System alerts issues
where 𝑥 ∈ [𝑎, 𝑏] is a single random number within the
interval [𝑎, 𝑏], generated at time 𝑡.
Automatic actions
6.2.2. Modeling the quality of randomness
Automatic actions
The randomness test function 𝑓(𝑋(𝑡)) applies statistical
Logging and reporting tests to the sequence 𝑋(𝑡). For example, for the Chi-square
test:
Store Logs & generate reports
(𝑂 − 𝐸 ) (2)
Completion of the cycle 𝑓 (𝑋(𝑡)) = ,
𝐸
End current cycle
where 𝑂 are the observed frequencies of random numbers,
Periodic audit and optimization 𝐸 are the expected frequencies of random numbers.
Figure 2: The main stages of the general scheme of the The test results are compared against critical values. If
random number generation monitoring system the result surpasses the 𝜒 threshold, this indicates a
deviation from a uniform distribution, and an anomaly is
Logging and reporting. All monitoring actions and results recorded.
are stored in logs. The system automatically generates Other tests (for example, the entropy test 𝐻(𝑋)) can
estimate the level of entropy:
305
� (3) 4. System reaction:
𝐻(𝑋) = 𝑝(𝑥 ) log 𝑝(𝑥 ),
0, 𝑃 ≤𝑃 (10)
𝑅(𝑡) = .
where 𝑝(𝑥 ) is the probability of the number 𝑥 appearing. 1, 𝑃 >𝑃
A high entropy means a more random sequence. 5. Logging and storage of results:
𝐿(𝑡) = {𝑋(𝑡) , 𝑓(𝑋(𝑡)), 𝑃 , 𝑅(𝑡)}. (11)
6.2.3. Modeling the probability of occurrence of
anomalies This mathematical model allows for building a system
that automatically collects, analyzes, and controls the
The probability of an anomaly occurring, denoted as 𝑃 , quality of random number generation in real-time,
is influenced by the extent to which the test results deviate providing visualization and responding to anomalies.
from the reference values. If the deviation function
𝐷(𝑡)exceeds the permissible value 𝐷 , an anomaly is 7. Overview of the software
considered to have occurred:
𝑃 = 𝑃(𝐷(𝑡) > 𝐷 ). (4) 7.1. Library of statistical tests
Here 𝐷(𝑡) = 𝑓(𝑋(𝑡)) − 𝑓 (𝑋) , where The library of statistical tests is a component of the
𝑓 (𝑋)—the reference value of the randomness function. monitoring server but can be used as a separate product if
necessary. The simplest method to utilize it is by adding a
6.2.4. Modeling the response of the system “.jar” file to the project during compilation. However, it is
If the probability of an anomaly exceeds the permissible advisable to use tools like “Maven” or “Gradle” for
𝑃 >𝑃 , the system goes into response: automating tasks within Java projects. This avoids manually
downloading and compiling the project with the library and
Notification: The system generates a notification is a safer approach.
for the operator. In Maven, you need to define a new repository
Automatic intervention: It is possible to restart “jitpack.io” and add the library as a dependency (Fig. 3).
the generator or connect a backup source of
random number generation.
Formally, the reaction process can be described as
follows:
0, 𝑃 ≤𝑃 (5)
𝑅(𝑡) = ,
1, 𝑃 >𝑃
where 𝑅(𝑡) is the system response at time 𝑡 (0—normal
operation, 1—intervention or notification).
6.2.5. Modeling the logging and reporting
process
To provide historical analytics, the system keeps a log of all
data stored in the form:
𝐿(𝑡) = {𝑋(𝑡) , 𝑓(𝑋(𝑡)), 𝑃 , 𝑅(𝑡)}. (6) Figure 3: Import the library using Maven
This log allows you to track all events related to the
The process is almost identical for Gradle, but the repository
generation of random numbers and generate reports to
should be slightly different. The library does not contain
analyze the monitoring results.
any configuration parameters or settings that must be made
before use, so you can perform statistical tests (Fig. 3)
6.2.6. General mathematical model
simply by calling methods on the library classes.
Mathematically, the model of the random number
generation monitoring system can be represented as a set of 7.2. Monitoring server
functions:
The monitoring server can be used locally for testing, but it
1. Generation of a sequence of random numbers
is likely to be more useful to deploy it in a cluster, cloud
𝑋(𝑡) = {𝑥 , 𝑥 , . . . , 𝑥 }. (7) environment, or on local servers in a network where client
2. Evaluation of the quality of randomness using applications are already deployed (or planned to be
tests: deployed in the future).
A simple and working solution would be to use a docker
𝑓 (𝑋(𝑡)) = ∑
( )
, container to deploy the server.
Just like the integration library, the server has several
(8)
𝐻(𝑋) = 𝑝(𝑥 ) log 𝑝(𝑥 ). environment variables used for mail and database
connections. They must be specified for correct operation.
3. Probability of anomaly:
𝑃 = 𝑃(𝐷(𝑡) > 𝐷 ). (9)
306
�7.3. Web application Use of cryptographically stable generators
(CSPRNG). Utilizing generators based on
The web application does not contain a “Home Page” per se,
cryptographic algorithms, such as AES or SHA,
so the user will be immediately redirected to the “Random
ensures reliable randomness, even in critical
Numbers” page (Fig. 4). This page can be conventionally
systems like secure communication or data
divided into 2 parts—a random number filter and a table
protection.
with random numbers.
Update generation algorithms. Consistently
update and optimize generators to address
emerging attacks or vulnerabilities. This includes
improvements to pseudo-random generators such
as Xorshift, Mersenne Twister, or newer variants
based on block ciphers.
Protection against the influence of external
factors.
Figure 4: Graph of the number of random numbers
processed by the server Addition of noise sources (entropy pool). It is
important to supplement generators with external
In the upper right corner of the screen, there is a form that sources of randomness (for example, noise from
enables you to adjust the time parameters of the graphs and sensors, and physical processes), which will
display values for the past hour, day, week, or month, as increase the resistance of the generator to
well as select grouping by labels or programs. predictable attacks or distortions due to the
reduction of internal entropy.
Input quality monitoring. Automated control of
input entropy level and periodic updating of noise
sources can prevent generation randomness from
decreasing.
Minimization of correlations and predictability
Regular verification of correlation between
generations: Applying statistical tests to verify
the correlation between sequences of numbers will
help to identify and eliminate patterns that reduce
the reliability of the generator.
Increasing the number of random bits: To
increase robustness, it is recommended to generate
a larger number of random bits from different
Figure 5: The graph illustrating the distribution of random
independent sources, which reduces the chances of
numbers by client programs
correlation or predictability of the results.
The panels under the heading “Graphs” contain 5 graphs. In
Durability testing in real conditions
Fig. 5 you can see two of them—the number of random
numbers processed by the server and the distribution of High-load and stress-testing: It is important to
random numbers by client programs. Additionally, the regularly test generators under real-world
program features a graph that shows the distribution of operating conditions, particularly in high-load and
random numbers by values for each label. This can help resource-constrained (power, memory) situations,
identify whether a generator has a flaw that causes it to to verify their robustness.
produce an excess or deficiency of random numbers within
Integration with monitoring systems: The
a specific range.
creation of systems that automatically monitor the
operation of generators in real time allows timely
8. Recommendations for improving detection of possible failures or loss of
the reliability of generators randomness.
Based on the monitoring and testing results, we will develop Backup and restoration of the generation system
recommendations for enhancing random number
generation algorithms, focusing on methods to improve Use of multiple sources of generation:
their stability and performance in critical systems. Creating redundancy systems where generators
To boost the reliability of random number generators, work in parallel reduces the risks associated with
the following recommendations can be made based on these failure of one generator or loss of entropy.
findings. Automated switching to other generators in
Improvement of algorithmic stability of case of failures: In case of generation problems,
generators.
307
� the system should automatically switch to another of multivariate statistics complement them by providing the
random number generator or source. possibility to verify short sequences of bits.
An integration library designed to quickly connect a
Optimization of computational efficiency monitoring server and generators or applications
containing random number generators. Application
Optimization of resource usage: It is important
integration is done only with the use of metadata and
to configure generators to consume minimum
configuration.
power and memory, which is critical in resource-
The monitoring server primarily functions to aggregate
constrained environments such as IoT. This can be
random numbers transmitted by client programs, along
achieved by simplifying or adapting existing
with their pre-processing and storage in the database.
algorithms.
Additional features include various settings for tracking and
Development of lightweight algorithms: notification processes, as well as detailed reports and real-
Using lightweight algorithms specially optimized time random number testing.
for resource-constrained devices will help improve A web application that is completely based on the
performance and reliability in such systems. functions and application interface of the monitoring server
and is designed to provide a convenient interface for users.
Periodic update and audit of generators
The monitoring system is recommended to be used in
Scheduled updates and retesting: Continuous the case of operation or research of several generators of
testing and auditing of generators, including the random numbers and sequences created by them at random.
use of new statistical tests, will help maintain a Practical application of the product is possible in:
high level of reliability and identify vulnerabilities Cryptography, development, and maintenance of
to new types of attacks. software products and hardware—tracking the operation of
autonomous random number generators and programs that
These guidelines will enhance the reliability of use built-in generators;
pseudorandom number generators, particularly in critical Scientific research—simultaneous statistical testing of
systems like cryptographic algorithms, IoT security, and several random number generators, development and
other fields where the quality of randomness is essential for testing of new random number generators.
the security and stable operation of systems.
References
9. Conclusions [1] O. Shevchenko, et al., Methods of the Objects
Random number generators are an important tool for Identification and Recognition Research in the
solving a variety of simulation, numerical methods, Networks with the IoT Concept Support, in:
cryptography, and programming problems. Generation Cybersecurity Providing in Information and
facilities can adopt one of several available approaches, each Telecommunication Systems, vol. 2923 (2021) 277–
with its strengths and weaknesses. Nevertheless, the most 282.
critical feature of generators is their capacity to produce [2] V. Dudykevych, et al., Platform for the Security of
truly random numbers, as the security of cryptographic Cyber-Physical Systems and the IoT in the
applications and the efficiency and speed of numerical Intellectualization of Society, in: Workshop on
applications hinges on the randomness of these numbers. Cybersecurity Providing in Information and
Utilizing generation tools necessitates prior research Telecommunication Systems, CPITS, vol. 3654 (2024)
through statistical tests and cryptographic attacks to ensure 449–457.
confidence in the quality of the generated numbers and the [3] C. Camara, et al., A True Random Number Generator
security of the tool. During operation, generators sometimes Based on Gait Data for the Internet of You, IEEE
show worse performance than was obtained during initial Access, 8 (2020) 71642–71651. doi:
tests. This may be due to problems in the entropy source, 10.1109/ACCESS.2020.2986822.
incorrect application, or software implementation. [4] T. Zanotti, Guidelines for the Design of Random
Depending on the generator’s specific task, implementing a Telegraph Noise-based True Random Number
monitoring system is advisable to identify and address Generators, IEEE Transactions on Device and
potential defects promptly. Materials Reliability, 24(2) (2024) 184–193. doi:
The created monitoring system provides the functions 10.1109/TDMR.2024.3394576.
of monitoring the operation of generation means and [5] A. Kumar, A. Mishra, Evaluation of Cryptographically
alerting in case of exceptional situations. Programs or Secure Pseudo Random Number Generators for Post
hardware devices connect to a centralized server and send Quantum Era, in: IEEE 7th International Conference
random numbers generated by them for statistical testing for Convergence in Technology (I2CT) (2022) 1–5. doi:
and storage for future research. The monitoring system 10.1109/I2CT54291.2022.9824543.
consists of the following components: [6] K. Banerjee, P. Dasgupta, Acceptance and Random
A library including 15 NIST tests and 8 multivariate Generation of Event Sequences under Real Time
statistics tests. The NIST statistical tests are a Calculus Constraints, Design, Automation & Test in
comprehensive approach to the verification of random Europe Conference & Exhibition (DATE) (2014) 1–6.
numbers and means of their generation, while the methods doi: 10.7873/DATE.2014.267.
308
�[7] D. Novazrianto, et al., Design Automation of Single [19] V. Masol, S. Popereshnyak, Joint Distribution of Some
Photon Counting Method for Quantum Random Statistics of Random Bit Sequences, Cybernetics and
Number Generation, in: 9th International Conference Systems Analysis, 57(1) (2021) 139–145.
on Information and Communication Technology [20] V. Masol, S. Popereshnyak, Checking the Randomness
(ICoICT) (2021) 411–416, doi: 10.1109/ICoICT52021. of Bits Disposition in Local Segments of the (0, 1)-
2021.9527529. Sequence, Cybernetics and Systems Analysis, 56(3)
[8] L. Carreira, et al., Low-Latency Reconfigurable (2020) 513–520.
Entropy Digital True Random Number Generator
with Bias Detection and Correction, IEEE
Transactions on Circuits and Systems I: Regular
Papers, 67(5) (2020) 1562–1575. doi: 10.1109/TCSI.
2019.2960694.
[9] D. Origines, A. Sison, R. Medina, A Novel Pseudo-
Random Number Generator Algorithm based on
Entropy Source Epoch Timestamp, International
Conference on Information and Communications
Technology (ICOIACT) (2019) 50–55. doi:
10.1109/ICOIACT46704.2019.8938509.
[10] B. Schneier, NIST’s Post-Quantum Cryptography
Standards Competition, IEEE Security & Privacy, 20(5)
(2022) 107–108. doi: 10.1109/MSEC.2022.3184235.
[11] М. Herrero-Collantes, J. C. Garcia-Escartin, Quantum
random number generators, Reviews of Modern
Physics, 89 (2016).
[12] B. Perach, S. Kvatinsky, An Asynchronous and Low-
Power True Random Number Generator using STT-
MTJ, IEEE International Symposium on Circuits and
Systems (ISCAS) (2020) 1–11. doi:
10.1109/ISCAS45731.2020.9181042.
[13] B. Narayanapuram, J. Panda, A New Side Channel
Resistant Hybrid PUF Based Light Weight True
Random Number Generator, in: IEEE 3rd International
Conference on Technology, Engineering,
Management for Societal Impact using Marketing,
Entrepreneurship and Talent (TEMSMET) (2023) 1–6.
doi: 10.1109/TEMSMET56707.2023.10150018.
[14] L. Huang, H. Zhou, K. Feng, Quantum Random
Number Cloud Platform, NPJ Quantum Information
7(107) (2021). doi: 10.1038/ s41534-021-00442-x.
[15] M. Sharma, et al., Security on Cloud Computing Using
Pseudo-random Number Generator Along with
Steganography, Artificial Intelligence and Applied
Mathematics in Engineering Problems, 43 (2020) 654–
665. doi: 10.1007/978-3-030-36178-5_54.
[16] V. Shapoval, et al., Automation of Data Management
Processes in Cloud Storage, in: Workshop on
Cybersecurity Providing in Information and
Telecommunication Systems, CPITS, vol. 3654 (2024)
410–418.
[17] Y. Martseniuk, et al., Automated Conformity
Verification Concept for Cloud Security, in:
Workshop on Cybersecurity Providing in Information
and Telecommunication Systems, CPITS, vol. 3654
(2024) 25–37.
[18] Z. Hu, et al., Bandwidth Research of Wireless IoT
Switches, in: IEEE 15th International Conference on
Advanced Trends in Radioelectronics,
Telecommunications and Computer Engineering
(2020) 546–550. doi: 10.1109/tcset49122.2020.2354922.
309
�