1. Pseudorandom Number Generators

2. Randomness and Security Many cryptographic protocols require the parties to generate random numbers. All the hashing algorithms that encrypt their inputs use a second random input known as a seed.

3. TRNG & PRNG We can distinguish two different kinds of random number generation: True random number generator (TRNG): A TRNG generates bits that are distributed uniformly at random, so that all outputs are equally likely, and with no patterns, correlations, etc. -Coin flip Cryptographically secure pseudorandom number generator (CS-PRNG): A CS-PRNG generates a sequence of bits that appear, as far as anyone can tell, to be indistinguishable from true random bits. – Use true-random seed, – CS-PRNGs use cryptographic techniques to achieve its task.

4. Random Number generation In most systems the random number generation process is structured as follow: 1. Generate a seed: We typically use a TRNG to generate a short seed that is truly random. The seed only needs to be long enough to prevent someone from guessing it (e.g. 128 bits). EX: A high-speed clock, A soundcard, Keyboard input, Disk timings 2. Generate pseudorandom output, using this seed: We then use a CS-PRNG to stretch the seed to a long pseudorandom output. Modern cryptographic CS-PRNGs allow to generate an essentially unlimited amount of output (billions of bits are no problem).

5. slide 5 LFSR: Linear Feedback Shift Register b0b0 Example: 4-bit LFSR b1b1 b2b2 b3b3  The seed is the initial state – For example, if the seed is 1001, the generated sequence is 1001101011110001001… Repeats after 15 bits (2 4 -1) add to pseudo-random sequence

6. Generation of Pseudorandom number Each call to rand () returns a pseudorandom value in the range 0 to RAND MAX, calculated as a deterministic function of the seed. Also, srand(s) sets the seed to s. v1 = rand() % 100; // v1 in the range 0 to 99 v2 = rand() % 100 + 1; // v2 in the range 1 to 100 v3 = rand() % 30 + 1985; // v3 in the range 1985-2014

7. Generation of Pseudorandom number what is wrong with the following code?

8. Answer

9. Generation of Pseudorandom number

10. Output: 5 7 7 3 7 3 5 6 4 2 8 2 3 1 0 8 4 4 6 0 0 6 3 9 5 9 8 0 1 8 1 5 3 8 5 7 6 1 6 8 7 4 5 8 5 0 2 7 2 5 3 6 4 8 4 2 0 6 8 5 7 2 1 9 2 8 7 3 8 7 5 5 3 8 1 9 2 6 1 7 9 1 3 5 7 6 6 1 8 8 4 7 2 8 0 8 1 1 4 0 Frequency of each symbols is almost the same- frequency of a pair of symbols is roughly the same

11. Is It Really Random? Statistical uniformity is not the same as unpredictability. In general it is hard to measure randomness. There are some tests. example is NIST test suit

12. Graphical password

13. The Brain Deals with Faces Differently than Any Other Image Face recognition is a dedicated process which is different from general object recognition. Source: Face Recognition: A Literature Survey. National Institute of Standards and Technology

14. Passface There is demo http://www.passfaces.com/demo/registered_p age.phphttp://www.passfaces.com/demo/registered_p age.php

15. slide 15 Empirical Results Experimental study of 154 computer science students at Johns Hopkins and Carnegie Mellon Conclusions: – “… faces chosen by users are highly affected by the face of the user… the gender and attractiveness of the faces bias password choice… In the case of male users, we found this bias so severe that we do not believe it possible to make this scheme secure against an online attack…” 2 guesses enough for 10% of male users 8 guesses enough for 25% of male users

16. slide 16 User Quotes “I chose the images of the ladies which appealed the most” “I simply picked the best lookin girl on each page” “In order to remember all the pictures for my login (after forgetting my ‘password’ 4 times in a row) I needed to pick pictures I could EASILY remember... So I chose beautiful women. The other option I would have chosen was handsome men, but the women are much more pleasing to look at”

17. WebScarab https://www.owasp.org/index.php/WebScara b_Getting_Started