7.4. Random Number Generation
Random numbers play an important role in the use of encryption
for various network security applications. In this section, we provide a brief
overview of the use of random numbers in network security and then look at some
approaches to generating random numbers.
The Use of Random Numbers
A number of
network security algorithms based on cryptography make use of random numbers.
For example,
-
Reciprocal authentication schemes, such as illustrated in Figures 7.9 and 7.11. In both of these key distribution scenarios, nonces are used for handshaking to prevent replay attacks. The use of random numbers for the nonces frustrates opponents' efforts to determine or guess the nonce.
-
Session key generation, whether done by a key distribution center or by one of the principals.
-
Generation of keys for the RSA public-key encryption algorithm (described in Chapter 9).
These applications give rise to two distinct and not
necessarily compatible requirements for a sequence of random numbers: randomness
and unpredictability.
Randomness
Traditionally, the concern in the generation of a sequence of
allegedly random numbers has been that the sequence of numbers be random in some
well-defined statistical sense. The following two criteria are used to validate
that a sequence of numbers is random:
-
Uniform distribution: The distribution of numbers in the sequence should be uniform; that is, the frequency of occurrence of each of the numbers should be approximately the same.
-
Independence: No one value in the sequence can be inferred from the others.
Although there are well-defined tests for determining that a
sequence of numbers matches a particular distribution, such as the uniform
distribution, there is no such test to "prove" independence. Rather, a number of
tests can be applied to demonstrate if a sequence does not exhibit independence.
The general strategy is to apply a number of such tests until the confidence
that independence exists is sufficiently strong.
In the context of our discussion, the use of a sequence of
numbers that appear statistically random often occurs in the design of
algorithms related to cryptography. For example, a fundamental requirement of
the RSA public-key encryption scheme discussed in Chapter 9 is the ability to generate prime numbers. In
general, it is difficult to determine if a given large number N is prime. A brute-force approach would be to divide
N by every odd integer less than ![]()
. If N is on the order, say, of 10150, a not
uncommon occurrence in public-key cryptography, such a brute-force approach is
beyond the reach of human analysts and their computers. However, a number of
effective algorithms exist that test the primality of a number by using a
sequence of randomly chosen integers as input to relatively simple computations.
If the sequence is sufficiently long (but far, far less than ![]()
), the primality of a number
can be determined with near certainty. This type of approach, known as
randomization, crops up frequently in the design of algorithms. In essence, if a
problem is too hard or time-consuming to solve exactly, a simpler, shorter
approach based on randomization is used to provide an answer with any desired
level of confidence.
No comments:
Post a Comment