Analysis of Linux Random Number Generator in Virtualized Environment

Files
ucalgary_2015_kumari_rashmi.pdf(4.35 MB)
Date
2015-05-27
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
With the growing influence of virtualization technologies in modern computing environments, the importance of random number generation in virtualized platforms cannot be ignored. Virtualization offers many advantages like flexibility, cost effectiveness and scalability. Isolation between the host and the guest is one of the main characteristics of virtualization and helps in mitigating attacks on the host through the guest. In this thesis we did a formal study of isolation between the host and the guest in terms of random number generation process. We first did a performance analysis of random number generation system in virtual environment by measuring the rate of random numbers generated from /dev/random interface of Linux RNG. Rate of random number generation refers to the number of random bits generated per unit time. Our measurements showed that emulated softwares do not act as a good source of entropy. We also showed that there is a significant amount of entropy flow from the guest to the host. Our measurements also show that the rate of random number generation of the underlying host is always greater than the guests. Secondly, we formalized the isolation between the guest and the host and developed a jiffy model of Linux RNG analogous to the original Linux RNG. We designed a high disk activity experiment and formulated a prediction strategy, which is used to guess the inputs to the host entropy pool based on the information obtained from the guest. We show that the isolation between the host and the guest does not exist for the jiffy model and an attacker can guess the host input sequences with a better success probability than what is estimated by the Linux entropy estimator. Our study also shows that CPU cycles add a significant amount of entropy to Linux RNG, but is not estimated anywhere.
Description
Keywords
Computer Science
Citation
Kumari, R. (2015). Analysis of Linux Random Number Generator in Virtualized Environment (Master's thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca. doi:10.11575/PRISM/24819
URI
http://hdl.handle.net/11023/2273
Collections
Open Theses and Dissertations