Random number generators are a key element for various applications, such as computer simulation, statistical sampling, and cryptography. They are used to generate/derive cryptographic keys and non-repeating values, e.g., for symmetric or public key cyphers. The strength of a data protection system against cyber attacks corresponds to the strength of the weakest point in the security chain. Therefore, from a mathematical point of view, the security chain can be compromised even if the strongest algorithm is implemented. In fact, if the system requires keys or other random values and the generation process shows a certain vulnerability, the security of the system itself can be compromised. In this article, we present the most reliable tools and methodologies and the main standardisation efforts in the field of computer security to assess the quality of random number generators and ensure that they can be applied to computer security applications by offering adequate security strength. We offer a comprehensive guide that can be used as a quick and practical reference by developers of random number generators of any type to evaluate the random bit streams generated by implemented modules and determine whether or not they can be used in cybersecurity applications. Finally, we also present some use cases to which we applied the presented approach.

Review of Methodologies and Metrics for Assessing the Quality of Random Number Generators

Crocetti, L
;
Nannipieri, P
;
Di Matteo, S;Fanucci, L;Saponara, S
2023-01-01

Abstract

Random number generators are a key element for various applications, such as computer simulation, statistical sampling, and cryptography. They are used to generate/derive cryptographic keys and non-repeating values, e.g., for symmetric or public key cyphers. The strength of a data protection system against cyber attacks corresponds to the strength of the weakest point in the security chain. Therefore, from a mathematical point of view, the security chain can be compromised even if the strongest algorithm is implemented. In fact, if the system requires keys or other random values and the generation process shows a certain vulnerability, the security of the system itself can be compromised. In this article, we present the most reliable tools and methodologies and the main standardisation efforts in the field of computer security to assess the quality of random number generators and ensure that they can be applied to computer security applications by offering adequate security strength. We offer a comprehensive guide that can be used as a quick and practical reference by developers of random number generators of any type to evaluate the random bit streams generated by implemented modules and determine whether or not they can be used in cybersecurity applications. Finally, we also present some use cases to which we applied the presented approach.
2023
Crocetti, L; Nannipieri, P; Di Matteo, S; Fanucci, L; Saponara, S
File in questo prodotto:
File Dimensione Formato  
electronics-12-00723.pdf

accesso aperto

Tipologia: Versione finale editoriale
Licenza: Creative commons
Dimensione 7.4 MB
Formato Adobe PDF
7.4 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/1176809
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 8
  • ???jsp.display-item.citation.isi??? 3
social impact