An entropy harvester digitizes analog signals received from hardware sources such as disk input/output (I/O) events, thermal noise, diode resistance, etc. and produces binary values called the digitized analog signals (das) numbers. These das numbers are considered as good entropy bits which are used by /dev/random to produce true random bits of arbitrary length in Linux-based operating systems. However, due to hardware limitations, regular emittance of digitized analog signals is not possible by the entropy harvesters, and a zero-entropy state is created where /dev/random suffers significant delay to produce true random bitstreams of reasonably large lengths. Though Linux uses a cryptographically secure pseudo-random number generator (CSPRNG) called /dev/urandom to immediately overcome the zero-entropy state, it significantly reduces the entropy of the generated bitstreams. We propose a novel entropy refilling architecture to allow /dev/random to consistently generate true random bitstreams without the need of /dev/urandom anymore in Linux-based operating systems. Our proposal is backed up with rigorous evaluation of entropy generation and management processes along with experimentation and benchmarking reports which make custom entropy harvester a viable candidate for Linux-based operating systems. Our contributions also help other operating systems to maintain consistent entropy supply using the proposed custom entropy harvester.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Custom Entropy Harvester for Consistent Entropy Supply to the /dev/random

  • Kunal Abhishek,
  • Anuyog Chauhan

摘要

An entropy harvester digitizes analog signals received from hardware sources such as disk input/output (I/O) events, thermal noise, diode resistance, etc. and produces binary values called the digitized analog signals (das) numbers. These das numbers are considered as good entropy bits which are used by /dev/random to produce true random bits of arbitrary length in Linux-based operating systems. However, due to hardware limitations, regular emittance of digitized analog signals is not possible by the entropy harvesters, and a zero-entropy state is created where /dev/random suffers significant delay to produce true random bitstreams of reasonably large lengths. Though Linux uses a cryptographically secure pseudo-random number generator (CSPRNG) called /dev/urandom to immediately overcome the zero-entropy state, it significantly reduces the entropy of the generated bitstreams. We propose a novel entropy refilling architecture to allow /dev/random to consistently generate true random bitstreams without the need of /dev/urandom anymore in Linux-based operating systems. Our proposal is backed up with rigorous evaluation of entropy generation and management processes along with experimentation and benchmarking reports which make custom entropy harvester a viable candidate for Linux-based operating systems. Our contributions also help other operating systems to maintain consistent entropy supply using the proposed custom entropy harvester.