Embedded Files
Randomization : we are in the digital world each action is triggered based on an event and all these actions is based on Software commands interpreter through your CPU so as we discussed before we need to keep the confidentiality but if the hacker can predict your Private key or even your public key of your Symmetric encryption here we will be in a big problem.
Randomness is the foundation of the cyber Security
Randomness is the foundation of the cyber Security
Let's see the first Encryption and Decryption tool we found it from the late 1600s
As you see in this picture this is the first tool founded used to encrypt messages
But the way of the working is only we need to agreed with random seed ( seed here it the number of shift positions ) so we mentioned the word random here so if the hacker can predict this seed so The whole Security protectionprotection will broken.
So randomness is the critical role in Cyber Security. Without it our System will become Vulnerable. The attacker no need to break the algorithm it self instead he need to break the system through the random component if it is implemented poorly
Ok now we know the importance of cyber Security we need to know where we need this randomness
Key Generation - Initialization vectors - Digital signature
Key Generation: here we need to ensure we are create a unique number each time even through billion of devices
IVs : used in CBC and GCM as we mentioned before predict the IVs lead the security failure
Digital signature : Algo like RSA / ECDSA use internal random values
The only Two ways to generate random numbers PRNG -TRNG
The only Two ways to generate random numbers PRNG -TRNG
For each Way I will mention the weakness of it and where we can use it and where not to use it
first what is the meaning of Random number : a sequence of symbols that are unpredictable.
When we speak about totally randomness here we can not relay on any software to generate this randomness as any Software is a predefined sequence of commands we then can not relay on it to get the a fully randomization but instead we simulate that we are generating a random numbers.
the series of values generated by such algorithms is generally determined by a fixed number called a seed. One of the most common PRNG is the linear congruential generator, which uses the recurrence the new output will be an input parameter to the same generation function Xn+1=(aXn+b)mod m
so the attacker need only to predict the seed to break your Cyber Security.
PRGN - Pseudo Random number Generation
PRGN - Pseudo Random number Generation
Here as you see we try to use PRNG to generate a random number of 2 numbers but as you see there is a pattern in the generated numbers ( one number Even and the next on is odd ) also the sequence is started with 90 repeated
But we can control the generated sequencesequence through the Seed
But we can control the generated sequencesequence through the Seed
So the idea here is the seed we got it we need random Seed to generate random number
So TRNG come to give us another level of randomness if we used it we now depend on unpredicted environment quantity as the noise or temperature
So we got the idea PRNG need a way to generate random seed so we can use PRNG to create this leave of randomness in most cases PRNG is limited in the number of bits as it depend on HW modules like ADC to convert for example the current temperature (physical quantity ) into a random number so we can use it as seed to generate what is the number of bits using PRNG
Now as we talk about the number of bits for each Type we need to mention important topic it is entropy
Entropy : the quality of the unpredictability or the measurements of the randomness
Entropy : the quality of the unpredictability or the measurements of the randomness
We can imagine it as we need to create a password of 10 characters length if each character is equally likely so the attacker need to try every and each character value but if we requested to change this password and create a new password and we for any reason we try to change in the last to characters only then the entropy will be 2^2 instead of 2^10 so we can map this idea over the key generation process
increasing the entropy with randomization this will make our security is stack in difficult to compromised and the only way to attacker to play on the misconfigurations or untrained stuff.
Page updated
Google Sites
Report abuse