Cryptographic system security approaches by monitoring the random numbers generation⋆ Svitlana Popereshnyak1,†, Yuriy Novikov2,† and Yuliia Zhdanova3,*,† 1 National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, 37 Beresteiskyi ave., 03056 Kyiv, Ukraine 2 Institute of Software Systems of the National Academy of Sciences of Ukraine, 40-5 Akademik Hlushkov ave., 03187 Kyiv, Ukraine 3 Borys Grinchenko Kyiv Metropolitan University, 18/2 Bulvarno-Kudryavska str., 04053 Kyiv, Ukraine Abstract The paper examines one of the approaches to ensuring the security of cryptographic systems by monitoring the generation of random numbers. Random numbers play a key role in cryptography, in particular for generating keys, initialization vectors, and other important cryptographic parameters. Unreliable or predictable random numbers can lead to successful attacks on cryptographic protocols, making generation monitoring critical to the security of systems. The paper proposes an automated monitoring system that utilizes statistical tests to check randomness, entropy level, and the presence of correlations between generated numbers. Particular attention is paid to researching methods of detecting anomalies and reacting to them in real-time. Furthermore, the paper examines the effect of limited entropy in resource-constrained devices like those used in the Internet of Things (IoT) and explores the application of machine learning to enhance the monitoring of random number generation. The results demonstrate that implementing the monitoring system significantly enhances the resilience of cryptographic systems against attacks targeting random number generation. Keywords cryptography, random number generation, monitoring, entropy, statistical tests, anomalies, internet of things, security 1 1. Introduction number generators, which can lead to the disclosure of keys or other sensitive information. Traditional approaches to In today’s conditions of rapid technological development, random number generation do not always provide reliable information protection is becoming one of the priority tasks control over the quality and randomness of sequences in in cyber security. Most cryptographic systems for data real-time, which increases the risk of system compromise. encryption, key generation, and user authentication are The implementation of a random number generation based on the use of random numbers. The quality of the monitoring system addresses this issue by continuously random numbers used in these systems directly affects their overseeing the generation process through statistical tests resistance to cryptographic attacks. However, many and anomaly detection mechanisms. Such a system can random number generators are susceptible to attacks that automatically signal random violations and propose reduce entropy or make their sequences predictable, measures to eliminate them, which significantly increases creating a vulnerability for the entire cryptographic system. the resistance of cryptographic systems to attacks. The introduction of a random number generation The purpose of the research is to develop and implement monitoring system becomes an important element of cyber a monitoring system for the generation of random numbers, protection, as it allows for real-time detection of anomalies which will allow us to automatically evaluate the quality in the generation process and response to them, minimizing and compliance of the generation with the criteria of the risk of data compromise. The use of such systems randomness. This entails employing statistical methods to increases the overall reliability of cryptographic protocols, identify deviations from expected outcomes and ensure the especially in the face of entropy attacks or sequence reliability of random number generators across various prediction attempts. systems, particularly in security-critical sectors like The main problem is that cryptographic systems may be cryptography and the IoT [1, 2]. exposed to vulnerabilities when random number generators produce weak or insufficiently unpredictable sequences. This creates an opportunity for attacks on pseudorandom CPITS-II 2024: Workshop on Cybersecurity Providing in Information 0000-0002-0531-9809 (S. Popereshnyak); and Telecommunication Systems II, October 26, 2024, Kyiv, Ukraine 0009-0006-9800-8765 (Y. Novikov); ∗ Corresponding author. 0000-0002-9277-4972 (Y. Zhdanova) † These authors contributed equally. © 2024 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). spopereshnyak@gmail.com (S. Popereshnyak); ynovikov@gmail.com (Y. Novikov); y.zhdanova@kubg.edu.ua (Y. Zhdanova) CEUR Workshop ceur-ws.org ISSN 1613-0073 301 Proceedings 2. Review of literature and scientific traditional statistical methods. These studies show that hybrid approaches combining statistical tests and machine publications learning can significantly improve the reliability of During the last decade, the issue of ensuring the security of cryptographic systems. cryptographic systems remains relevant, and many With the development of cloud computing, researchers pay attention to the generation of random cryptographic systems increasingly rely on random number numbers as one of the key aspects of this security. Random generation in cloud environments. Research [14, 15] numbers are used to generate encryption keys, salt for emphasizes the need to monitor the generation of random hashing passwords, and other cryptographic processes. The numbers in the conditions of scalable cloud environments poor quality of random numbers or their predictability can [16, 17]. The publications describe the use of distributed make cryptographic systems vulnerable to attack. monitoring systems that can monitor the performance of One of the key areas of research is the study of attacks RNGs in different virtual environments and detect on Random Number Generators (RNGs) and their impact on anomalies related to the computational load. the security of cryptographic systems. Various types of The literature review shows the importance of PRNGs and their vulnerabilities are considered in [3–5]. monitoring the generation of random numbers as a critical Research indicates that predictable or insufficiently random component of the security of cryptographic systems. Most sequences can compromise cryptographic keys. modern studies point to the need to implement automated Additionally, various attacks on cryptographic systems monitoring systems to detect anomalies and maintain a high have highlighted the necessity of real-time monitoring of level of entropy. This applies to both classic cryptographic random number generation quality. systems and modern platforms such as IoT and cloud Recent research indicates that merely employing computing [18]. cryptographically secure random number generators Employing advanced techniques, such as machine (CSPRNGs) is not always adequate for ensuring a high level learning and statistical analysis, can significantly enhance of security. The works [6, 7] propose the development of a the resilience of random number generators against attacks, system for real-time monitoring of random number thereby ensuring the reliability and unpredictability of generation to identify anomalies and deviations from cryptographic operations. randomness. These systems use statistical tests to assess the level of entropy and the presence of correlations in 3. Analysis of stability of generators sequences of random numbers. Analysis of the stability of pseudorandom number Some of the popular monitoring methods include the generators (PRNGs) in real conditions consists in Chi-square test for distribution uniformity, Pearson’s test determining how well they can withstand external factors for correlations, and entropy analysis for measuring that can affect the quality of random number generation unpredictability. Such systems allow the detection of (Table 1). Such factors include noise, limited computing anomalies before they lead to real problems in resources, changes in the execution environment, and other cryptographic processes. technical or physical influences. With the development of the IoT, there is a need to use The research conducted yielded the following results: lightweight and energy-efficient random number generation methods. Publications [8, 9] analyze the impact  A decrease in the quality of random numbers can of insufficient entropy in IoT devices on the cryptographic be observed in conditions of unstable power stability of these systems. The researchers particularly supply or increased loads on the system, which highlight the significance of monitoring random number leads to a decrease in entropy or an increase in the generators, especially given the limited resources of IoT predictability of sequences. devices. Insufficient entropy sources can lead to duplication  Reliable generators exhibit consistent random of keys and other cryptographic data, which poses a security number generation even in the face of significant threat. fluctuations in available resources or external Recent studies, such as [10–13], have proposed the conditions, ensuring high levels of randomness application of machine learning techniques for monitoring and speed. random number generation. Machine learning algorithms can analyze large volumes of data, and identify hidden patterns and anomalies that may go unnoticed using 302 Table 1 Types of generators testing for resistance to external factors Type Problem Testing Noise immunity Noise attacks. Generators can be subject to noise During the testing, experiments are carried out with the testingм attacks, where the input data is distorted by exposure addition of artificial noise to the system to check the to external noise. For example, for hardware resistance of the HPC to such influences. This can be done generators, it could be electromagnetic radiation, by emulating an unstable environment, such as generating while for software generators it could be a random numbers under varying power levels or network malfunction of the hardware or operating system. failures. Testing in Limitation of computing resources. IoT devices and Experiments are being carried out with the limitation of conditions of other low-power systems often have limits on available resources during the execution of HPC. For limited computing power, RAM, and energy. Generators example, artificially reducing the amount of available RAM resources must remain reliable even with minimal resources. or increasing delays in processor cycles allows you to assess how this will affect the performance and quality of random numbers. Resistance to Entropy reduction. One important factor is the level Entropy sources are analyzed during testing. For example, entropy attacks of entropy from which random numbers are there may be limited input data (noise from physical sensors generated. If entropy decreases due to external or random sources from the OS) to test whether the HPC influences or a lack of sufficient sources of entropy, can generate sufficiently random numbers. this can lead to predictable generation results. Analysis under High load on the system. Real-world conditions often Conducting stress tests, which include increasing the number of conditions of include HPC operation under high load, for example, requests to the generator or performing other computational high loads when several processes simultaneously use generator tasks at the same time, allows you to evaluate how this affects resources. the speed and randomness of the generated numbers. The influence Hardware failures. Hardware oscillators can be Simulating hardware component failures or conducting of the reliability susceptible to problems with the components tests on various devices with differing levels of wear and of hardware themselves, such as aging or defects in the chips. tear enables the evaluation of their resistance to such components factors. Analysis using Some statistical tests (eg, Chi-squared test, Pearson test, Testing using multivariate statistical methods allows you to statistical tests autocorrelation analysis) are used to detect outliers or assess the quality of randomness under variable external non-random patterns during testing. conditions [19, 20]. Testing pseudorandom number generators in real Example: Comparing a classic LCG (Linear Congruent conditions allows you to determine their resistance to Generator) and a more complex algorithm such as Mersenne various external influences, such as noise, limited resources, Twister can show that LCG has a speed advantage on simple and high loads. The analysis results contribute to enhancing IoT device processors. generators for use in critical systems like IoT and Energy consumption. The total power consumption cryptographic algorithms, thereby ensuring reliable random for random number generation over a certain time or number generation even in challenging conditions. number of operations is measured. Important for battery- powered IoT devices where energy savings are critical. 4. Study of the effectiveness of Example: Simple algorithms with minimal computing load will be less energy-consuming compared to more complex PRNGs generators that require a lot of resources for their work. Investigating the performance of PRNGs for IoT Memory usage. The amount of RAM required for the infrastructure applications is an important step in operation of the generator is estimated. In many IoT devices, determining their suitability in terms of resources and memory is limited, so memory efficiency is a key factor. performance. The primary criteria for assessing efficiency Example: Algorithms such as LCG require less memory include computational complexity, speed, energy compared to algorithms based on complex tables, such as consumption, and memory utilization. Let’s examine the the Mersenne Twister, which requires large buffers for its key steps along with examples of research and evaluations operation. regarding the effectiveness of various PRNGs. (Table 2). Performance evaluation criteria: Table 2 Computational complexity. An estimate of the Evaluating the effectiveness of various PRNGs number of operations required to generate one random Energy Speed Memory number. Algorithms of different complexity are studied PRNG Complexity (numb./sec) consumption usage (kB) (linear complexity O(n), logarithmic complexity O(log n), (mW) constant complexity O(1)). LCG 𝑂(1) 10^6 50 2 Example: A simple algorithm of congruent HPC has Mersenne 𝑂(𝑛) 10^4 150 10 Twister linear complexity since at each step a simple operation of XORShift 𝑂(1) 10^5 70 3 multiplication, addition, and subtraction is performed CSPRNG 𝑂(𝑛 ) 10^3 200 20 modulo. Speed action. It quantifies the number of random For IoT devices, where speed and energy efficiency are numbers a generator can produce within a given time frame crucial, simple generators such as LKG or XORShift (such as numbers generated per second). Algorithms on demonstrate superior performance in both speed and power different processor architectures are studied: ARM for IoT consumption. However, in cases where cryptographic devices, which often have limited computing power. 303 robustness is required, CSPRNG, despite the higher resource Notification and logging module. This module is costs, is a necessary choice. responsible for logging events and notifying about deviations in the generation. It provides logging of all 5. Description of the random generation processes and provides the ability to view historical data for in-depth analysis. If serious deviations are number generation monitoring detected, the system sends a notification to the system administrator or interested parties via email, mobile A random number generation monitoring system should application, or other means of communication. automate data collection, analysis, and visualization Configuration and settings module. This module processes to ensure real-time control of generation quality enables the configuration of various parameters for the and stability. This will effectively detect any deviations from monitoring system, including data collection frequency, randomness or other anomalies in the operation of PRNGs alert threshold values, selection of statistical tests for and hardware generators. analysis, and user interface settings. The system should Let’s consider the main components of the monitoring support flexible configuration for different types of system (Fig. 1): generators and usage scenarios, allowing it to be adapted to specific needs. Reporting system. Automatic generation of detailed reports on the quality of random number generation. These reports can be saved as PDF or other formats, allowing detailed analysis of the generation history and making it available to interested parties. Reports usually include the following factors: randomness metrics, detected deviations, and recommendations for improving the quality of generation. The use of a monitoring system is particularly useful for the following industries:  Cryptographic systems where the reliability of Figure 1: The main components of the monitoring system random number generation is critical for security.  IoT devices, where constrained resources may Data collection module. This module gathers data from impact the quality of generation. various random number generation sources, including both  Mobile applications that utilize random number PRNGs and hardware generators. Data can be collected from generation for security purposes or gaming. local or remote generating systems. The module facilitates real-time data collection, in addition to storing historical Here are the key advantages of the system. data for subsequent analysis. Data sources can be generators Increased reliability. Continuous monitoring ensures in cryptographic systems, IoT devices, mobile applications, the stable operation of generators, helping to avoid failures or other systems that rely on PRNG. and anomalies. Generation quality analysis module. The analysis Instant reaction to deviations. Thanks to built-in module assesses the quality of randomness in the collected notifications, the system allows you to quickly react to any numbers. It uses statistical methods to detect correlations, failures in the generation process. and predictable patterns and checks whether the generation Real-time analysis. The system supports real-time meets the criteria of randomness. Methods that can be data collection and analysis, which allows you to quickly utilized in this module: Chi-square test and Pearson’s test to obtain information about the quality of random numbers. test for uniform distribution; autocorrelation analysis to This system provides an opportunity to flexibly check dependencies between numerical sequences; configure the generation of random numbers to ensure their multivariate tests for analyzing correlations between high quality, convenient visualization, and timely detection several parameters; Entropy test for evaluating the degree of problems in real conditions of use. of unpredictability in numbers. Visualization module and user interface design. 6. Modeling the operation of the Offers an interface for visualizing monitoring results. The graphical interface should show indicators such as entropy random number generation level, distribution uniformity, frequency deviations, and monitoring system other quality metrics. Types of visualizations that can be 6.1. Overview of the system’s general implemented: Histograms and distribution graphs that show the distribution of numbers and reveal possible algorithm deviations from uniformity; heat maps of correlations that Let’s examine the key stages of the random number visualize dependencies between different random number generation monitoring system (Fig. 2). generations; real-time monitoring shows current generation System initialization. The system is initiated and performance and quality metrics, allowing for immediate configured to monitor random number generation. The detection of deviations or anomalies. sources of random number generation, whether software or hardware generators, are identified. 304 Data collection. The system collects numerical reports on the status of random number generation (daily, sequences from generators in real-time. Data collection is weekly, etc.). conducted based on pre-defined intervals or events. Completion of the cycle. The system ends the current Data pre-processing. Collected data is sequenced for monitoring cycle and starts a new one. further analysis. The accuracy of the collected data is Periodic audit and optimization. Periodically, the verified to ensure there are no omissions or errors. system conducts an in-depth audit of the operation of Analysis of generation quality. Statistical tests are generators for further improvement of settings or applied to the collected data to check for randomness: algorithms. Check for anomalies. The analysis results are The algorithm is aimed at automatic quality control of compared against reference indicators. If deviations or random number generation with minimal user intervention. anomalies are identified (indicating non-compliance with The system can quickly react to deviations, ensuring randomness criteria), the system triggers a response. stability and reliability of generation in critical systems. Decision on anomalies. If no anomalies are detected, the system continues to collect and log data. If anomalies 6.2. Mathematical model of the system for are detected, the system initiates a response procedure. monitoring the generation of random Actions when anomalies are detected numbers  Notification: the system alerts the administrator A mathematical model for a random number generation or the individual responsible for security systems monitoring system can be constructed using several key about any identified issues. components. This model should include a process of data  Automatic actions: an adjustment attempt is collection, random analysis, anomaly detection, and possible (restarting the generator or changing the response. entropy source). Let:  Problem logging: details of the anomaly are captured for further analysis.  𝑋(𝑡) —is a sequence of random numbers generated at time 𝑡. System initialization  𝑓(𝑋(𝑡)) —is a function describing the properties of the sequence 𝑋(𝑡), which is responsible for Data collection checking its randomness.  𝑇 —is a set of statistical tests for checking Data pre-processing randomness (for example, Chi-square test, entropy test). Analysis of generation quality If No anomalies detected  𝑃 —is the probability of an anomaly occurring Apply Statistical Tests in the generation process.  𝐷(𝑡)—is the deviation from the randomness Check for anomalies reference values at time 𝑡. Compare Results Decision on anomalies 6.2.1. Modeling the generation of random numbers If anomalies detected Start new monitoring cycle The generation of random numbers in the system is described as a set of sequences of numbers: Actions when anomalies (1) 𝑋(𝑡) = {𝑥 , 𝑥 , . . . , 𝑥 }, detected System alerts issues where 𝑥 ∈ [𝑎, 𝑏] is a single random number within the interval [𝑎, 𝑏], generated at time 𝑡. Automatic actions 6.2.2. Modeling the quality of randomness Automatic actions The randomness test function 𝑓(𝑋(𝑡)) applies statistical Logging and reporting tests to the sequence 𝑋(𝑡). For example, for the Chi-square test: Store Logs & generate reports (𝑂 − 𝐸 ) (2) Completion of the cycle 𝑓 (𝑋(𝑡)) = , 𝐸 End current cycle where 𝑂 are the observed frequencies of random numbers, Periodic audit and optimization 𝐸 are the expected frequencies of random numbers. Figure 2: The main stages of the general scheme of the The test results are compared against critical values. If random number generation monitoring system the result surpasses the 𝜒 threshold, this indicates a deviation from a uniform distribution, and an anomaly is Logging and reporting. All monitoring actions and results recorded. are stored in logs. The system automatically generates Other tests (for example, the entropy test 𝐻(𝑋)) can estimate the level of entropy: 305 (3) 4. System reaction: 𝐻(𝑋) = 𝑝(𝑥 ) log 𝑝(𝑥 ), 0, 𝑃 ≤𝑃 (10) 𝑅(𝑡) = . where 𝑝(𝑥 ) is the probability of the number 𝑥 appearing. 1, 𝑃 >𝑃 A high entropy means a more random sequence. 5. Logging and storage of results: 𝐿(𝑡) = {𝑋(𝑡) , 𝑓(𝑋(𝑡)), 𝑃 , 𝑅(𝑡)}. (11) 6.2.3. Modeling the probability of occurrence of anomalies This mathematical model allows for building a system that automatically collects, analyzes, and controls the The probability of an anomaly occurring, denoted as 𝑃 , quality of random number generation in real-time, is influenced by the extent to which the test results deviate providing visualization and responding to anomalies. from the reference values. If the deviation function 𝐷(𝑡)exceeds the permissible value 𝐷 , an anomaly is 7. Overview of the software considered to have occurred: 𝑃 = 𝑃(𝐷(𝑡) > 𝐷 ). (4) 7.1. Library of statistical tests Here 𝐷(𝑡) = 𝑓(𝑋(𝑡)) − 𝑓 (𝑋) , where The library of statistical tests is a component of the 𝑓 (𝑋)—the reference value of the randomness function. monitoring server but can be used as a separate product if necessary. The simplest method to utilize it is by adding a 6.2.4. Modeling the response of the system “.jar” file to the project during compilation. However, it is If the probability of an anomaly exceeds the permissible advisable to use tools like “Maven” or “Gradle” for 𝑃 >𝑃 , the system goes into response: automating tasks within Java projects. This avoids manually downloading and compiling the project with the library and  Notification: The system generates a notification is a safer approach. for the operator. In Maven, you need to define a new repository  Automatic intervention: It is possible to restart “jitpack.io” and add the library as a dependency (Fig. 3). the generator or connect a backup source of random number generation. Formally, the reaction process can be described as follows: 0, 𝑃 ≤𝑃 (5) 𝑅(𝑡) = , 1, 𝑃 >𝑃 where 𝑅(𝑡) is the system response at time 𝑡 (0—normal operation, 1—intervention or notification). 6.2.5. Modeling the logging and reporting process To provide historical analytics, the system keeps a log of all data stored in the form: 𝐿(𝑡) = {𝑋(𝑡) , 𝑓(𝑋(𝑡)), 𝑃 , 𝑅(𝑡)}. (6) Figure 3: Import the library using Maven This log allows you to track all events related to the The process is almost identical for Gradle, but the repository generation of random numbers and generate reports to should be slightly different. The library does not contain analyze the monitoring results. any configuration parameters or settings that must be made before use, so you can perform statistical tests (Fig. 3) 6.2.6. General mathematical model simply by calling methods on the library classes. Mathematically, the model of the random number generation monitoring system can be represented as a set of 7.2. Monitoring server functions: The monitoring server can be used locally for testing, but it 1. Generation of a sequence of random numbers is likely to be more useful to deploy it in a cluster, cloud 𝑋(𝑡) = {𝑥 , 𝑥 , . . . , 𝑥 }. (7) environment, or on local servers in a network where client 2. Evaluation of the quality of randomness using applications are already deployed (or planned to be tests: deployed in the future). A simple and working solution would be to use a docker 𝑓 (𝑋(𝑡)) = ∑ ( ) , container to deploy the server. Just like the integration library, the server has several (8) 𝐻(𝑋) = 𝑝(𝑥 ) log 𝑝(𝑥 ). environment variables used for mail and database connections. They must be specified for correct operation. 3. Probability of anomaly: 𝑃 = 𝑃(𝐷(𝑡) > 𝐷 ). (9) 306 7.3. Web application  Use of cryptographically stable generators (CSPRNG). Utilizing generators based on The web application does not contain a “Home Page” per se, cryptographic algorithms, such as AES or SHA, so the user will be immediately redirected to the “Random ensures reliable randomness, even in critical Numbers” page (Fig. 4). This page can be conventionally systems like secure communication or data divided into 2 parts—a random number filter and a table protection. with random numbers.  Update generation algorithms. Consistently update and optimize generators to address emerging attacks or vulnerabilities. This includes improvements to pseudo-random generators such as Xorshift, Mersenne Twister, or newer variants based on block ciphers. Protection against the influence of external factors. Figure 4: Graph of the number of random numbers processed by the server  Addition of noise sources (entropy pool). It is important to supplement generators with external In the upper right corner of the screen, there is a form that sources of randomness (for example, noise from enables you to adjust the time parameters of the graphs and sensors, and physical processes), which will display values for the past hour, day, week, or month, as increase the resistance of the generator to well as select grouping by labels or programs. predictable attacks or distortions due to the reduction of internal entropy.  Input quality monitoring. Automated control of input entropy level and periodic updating of noise sources can prevent generation randomness from decreasing. Minimization of correlations and predictability  Regular verification of correlation between generations: Applying statistical tests to verify the correlation between sequences of numbers will help to identify and eliminate patterns that reduce the reliability of the generator.  Increasing the number of random bits: To increase robustness, it is recommended to generate a larger number of random bits from different Figure 5: The graph illustrating the distribution of random independent sources, which reduces the chances of numbers by client programs correlation or predictability of the results. The panels under the heading “Graphs” contain 5 graphs. In Durability testing in real conditions Fig. 5 you can see two of them—the number of random numbers processed by the server and the distribution of  High-load and stress-testing: It is important to random numbers by client programs. Additionally, the regularly test generators under real-world program features a graph that shows the distribution of operating conditions, particularly in high-load and random numbers by values for each label. This can help resource-constrained (power, memory) situations, identify whether a generator has a flaw that causes it to to verify their robustness. produce an excess or deficiency of random numbers within  Integration with monitoring systems: The a specific range. creation of systems that automatically monitor the operation of generators in real time allows timely 8. Recommendations for improving detection of possible failures or loss of the reliability of generators randomness. Based on the monitoring and testing results, we will develop Backup and restoration of the generation system recommendations for enhancing random number generation algorithms, focusing on methods to improve  Use of multiple sources of generation: their stability and performance in critical systems. Creating redundancy systems where generators To boost the reliability of random number generators, work in parallel reduces the risks associated with the following recommendations can be made based on these failure of one generator or loss of entropy. findings.  Automated switching to other generators in Improvement of algorithmic stability of case of failures: In case of generation problems, generators. 307 the system should automatically switch to another of multivariate statistics complement them by providing the random number generator or source. possibility to verify short sequences of bits. An integration library designed to quickly connect a Optimization of computational efficiency monitoring server and generators or applications containing random number generators. Application  Optimization of resource usage: It is important integration is done only with the use of metadata and to configure generators to consume minimum configuration. power and memory, which is critical in resource- The monitoring server primarily functions to aggregate constrained environments such as IoT. This can be random numbers transmitted by client programs, along achieved by simplifying or adapting existing with their pre-processing and storage in the database. algorithms. Additional features include various settings for tracking and  Development of lightweight algorithms: notification processes, as well as detailed reports and real- Using lightweight algorithms specially optimized time random number testing. for resource-constrained devices will help improve A web application that is completely based on the performance and reliability in such systems. functions and application interface of the monitoring server and is designed to provide a convenient interface for users. Periodic update and audit of generators The monitoring system is recommended to be used in  Scheduled updates and retesting: Continuous the case of operation or research of several generators of testing and auditing of generators, including the random numbers and sequences created by them at random. use of new statistical tests, will help maintain a Practical application of the product is possible in: high level of reliability and identify vulnerabilities Cryptography, development, and maintenance of to new types of attacks. software products and hardware—tracking the operation of autonomous random number generators and programs that These guidelines will enhance the reliability of use built-in generators; pseudorandom number generators, particularly in critical Scientific research—simultaneous statistical testing of systems like cryptographic algorithms, IoT security, and several random number generators, development and other fields where the quality of randomness is essential for testing of new random number generators. the security and stable operation of systems. References 9. Conclusions [1] O. Shevchenko, et al., Methods of the Objects Random number generators are an important tool for Identification and Recognition Research in the solving a variety of simulation, numerical methods, Networks with the IoT Concept Support, in: cryptography, and programming problems. Generation Cybersecurity Providing in Information and facilities can adopt one of several available approaches, each Telecommunication Systems, vol. 2923 (2021) 277– with its strengths and weaknesses. Nevertheless, the most 282. critical feature of generators is their capacity to produce [2] V. Dudykevych, et al., Platform for the Security of truly random numbers, as the security of cryptographic Cyber-Physical Systems and the IoT in the applications and the efficiency and speed of numerical Intellectualization of Society, in: Workshop on applications hinges on the randomness of these numbers. Cybersecurity Providing in Information and Utilizing generation tools necessitates prior research Telecommunication Systems, CPITS, vol. 3654 (2024) through statistical tests and cryptographic attacks to ensure 449–457. confidence in the quality of the generated numbers and the [3] C. Camara, et al., A True Random Number Generator security of the tool. During operation, generators sometimes Based on Gait Data for the Internet of You, IEEE show worse performance than was obtained during initial Access, 8 (2020) 71642–71651. doi: tests. This may be due to problems in the entropy source, 10.1109/ACCESS.2020.2986822. incorrect application, or software implementation. [4] T. Zanotti, Guidelines for the Design of Random Depending on the generator’s specific task, implementing a Telegraph Noise-based True Random Number monitoring system is advisable to identify and address Generators, IEEE Transactions on Device and potential defects promptly. Materials Reliability, 24(2) (2024) 184–193. doi: The created monitoring system provides the functions 10.1109/TDMR.2024.3394576. of monitoring the operation of generation means and [5] A. Kumar, A. Mishra, Evaluation of Cryptographically alerting in case of exceptional situations. Programs or Secure Pseudo Random Number Generators for Post hardware devices connect to a centralized server and send Quantum Era, in: IEEE 7th International Conference random numbers generated by them for statistical testing for Convergence in Technology (I2CT) (2022) 1–5. doi: and storage for future research. The monitoring system 10.1109/I2CT54291.2022.9824543. consists of the following components: [6] K. Banerjee, P. Dasgupta, Acceptance and Random A library including 15 NIST tests and 8 multivariate Generation of Event Sequences under Real Time statistics tests. The NIST statistical tests are a Calculus Constraints, Design, Automation & Test in comprehensive approach to the verification of random Europe Conference & Exhibition (DATE) (2014) 1–6. numbers and means of their generation, while the methods doi: 10.7873/DATE.2014.267. 308 [7] D. Novazrianto, et al., Design Automation of Single [19] V. Masol, S. Popereshnyak, Joint Distribution of Some Photon Counting Method for Quantum Random Statistics of Random Bit Sequences, Cybernetics and Number Generation, in: 9th International Conference Systems Analysis, 57(1) (2021) 139–145. on Information and Communication Technology [20] V. Masol, S. Popereshnyak, Checking the Randomness (ICoICT) (2021) 411–416, doi: 10.1109/ICoICT52021. of Bits Disposition in Local Segments of the (0, 1)- 2021.9527529. Sequence, Cybernetics and Systems Analysis, 56(3) [8] L. Carreira, et al., Low-Latency Reconfigurable (2020) 513–520. Entropy Digital True Random Number Generator with Bias Detection and Correction, IEEE Transactions on Circuits and Systems I: Regular Papers, 67(5) (2020) 1562–1575. doi: 10.1109/TCSI. 2019.2960694. [9] D. Origines, A. Sison, R. Medina, A Novel Pseudo- Random Number Generator Algorithm based on Entropy Source Epoch Timestamp, International Conference on Information and Communications Technology (ICOIACT) (2019) 50–55. doi: 10.1109/ICOIACT46704.2019.8938509. [10] B. Schneier, NIST’s Post-Quantum Cryptography Standards Competition, IEEE Security & Privacy, 20(5) (2022) 107–108. doi: 10.1109/MSEC.2022.3184235. [11] М. Herrero-Collantes, J. C. Garcia-Escartin, Quantum random number generators, Reviews of Modern Physics, 89 (2016). [12] B. Perach, S. Kvatinsky, An Asynchronous and Low- Power True Random Number Generator using STT- MTJ, IEEE International Symposium on Circuits and Systems (ISCAS) (2020) 1–11. doi: 10.1109/ISCAS45731.2020.9181042. [13] B. Narayanapuram, J. Panda, A New Side Channel Resistant Hybrid PUF Based Light Weight True Random Number Generator, in: IEEE 3rd International Conference on Technology, Engineering, Management for Societal Impact using Marketing, Entrepreneurship and Talent (TEMSMET) (2023) 1–6. doi: 10.1109/TEMSMET56707.2023.10150018. [14] L. Huang, H. Zhou, K. Feng, Quantum Random Number Cloud Platform, NPJ Quantum Information 7(107) (2021). doi: 10.1038/ s41534-021-00442-x. [15] M. Sharma, et al., Security on Cloud Computing Using Pseudo-random Number Generator Along with Steganography, Artificial Intelligence and Applied Mathematics in Engineering Problems, 43 (2020) 654– 665. doi: 10.1007/978-3-030-36178-5_54. [16] V. Shapoval, et al., Automation of Data Management Processes in Cloud Storage, in: Workshop on Cybersecurity Providing in Information and Telecommunication Systems, CPITS, vol. 3654 (2024) 410–418. [17] Y. Martseniuk, et al., Automated Conformity Verification Concept for Cloud Security, in: Workshop on Cybersecurity Providing in Information and Telecommunication Systems, CPITS, vol. 3654 (2024) 25–37. [18] Z. Hu, et al., Bandwidth Research of Wireless IoT Switches, in: IEEE 15th International Conference on Advanced Trends in Radioelectronics, Telecommunications and Computer Engineering (2020) 546–550. doi: 10.1109/tcset49122.2020.2354922. 309