1. Validation of Pseudo Random Numbers through Graphical Analysis Andrew Cronwright Supervisor: Barry Irwin

2. Overview of this Presentation Randomness Defined PRNG’s Introduced Application of PRNG’s Focus of PRNG’s in this Project ISN’s Introduced Results Hardware RNG Conclusion

3. What is randomness? A function or process not affected by any input or state Independent of previous results Example –Flipping an unbiased coin –Rolling die –Quantum effects

4. PRNG’s Mathematical function Deterministic by nature Simulates true randomness Produces “random” like output Used in many application

5. Applications of PRNG’s PRNG’s for different applications have different needs Cryptography TCP Initial Sequence Numbers Physical Simulations Games / Gambling (Lotto)

6. Cryptography Secret key must be random If not random, can be easily guessed Made random by collecting entropy

7. Physical Simulations Monte Carlo experiments require random numbers Provided by PRNG

8. Initial Sequence Numbers On the creation of a TCP connection A unique sequence number is used Used to identify packets belonging to a specific connection.

9. Initial Sequence Numbers, the problem T, trusted host C, client X, nasty person 1.X can cause connections to be dropped 2.X can hijack connections and introduce malicious code

10. Initial Sequence Numbers, the solution RFC 793 proposed linear method for ISN New standards introduced after security issues ISN = M + F(localhostIP + localport + remotehost + remoteportIP) or ISN = M + R(t) or ISN = R(t)

11. The problem Many computer systems need random numbers Provided by a PRNG PRNG’s can cause problems if not up to standard

12. Random Event Validation Will use graphical methods to identify randomness Use the NIST test suite to support findings Investigate Initial Sequence Numbers (ISNs) Build hardware RNG

13. A graphical view Method of delayed coordinates plotted in a phase space Convert 1-D to 3-D by: X[n] = s[n-2] – s[n-3] Y[n] = s[n-1] – s[n - 2] Z[n] = s[n] – s[n-1] Higher dimensions are possible Acts as a “comb”

14. Example

15. Lattice view X[n] = s[n] Y[n] = s[n-1] Z[n] = s[n-2] This will highlight any lattice structure in the sequence

16. Example

17. Spherical view Θ[n] = 2 * PI * s[n-2] φ[n] = PI * s[n-1] r[n] = √( s[n] ) X[n] = r * Cos(θ) * Sin(φ) Y[n] = r * Sin(θ) * Sin(φ) Z[n] = r * Cos(φ) Very similar to above method Will also highlight dependencies in the data sequnce

18. Example

19. Colour – A higher dimension Colour added using the HSV colour model Assign first number in sequence a colour, and pass through the spectrum assigning colours to each element Highlights whether sequence was created in a temporal manner

20. Results – Win XP

21. Win XP – SP1

22. Win XP – SP2

23. Cisco – IOS 12.1

24. Fedora Core 3

25. Hardware RNG

26. Hardware RNG - Results

27. Conclusion PRNG’s are important, and should be carefully selected for an application ISN’s should be implemented using a good quality PRNG A hardware RNG is easy to implement, can be easily incorperated in PC’s hardware

28. Conclusion cont. Provided a graphical method for testing random numbers Easier and faster than statistical testing Will show / identify attractors in data quickly Size of data set to test?