Efficient and portable combined random number generators
Communications of the ACM
Random number generators: good ones are hard to find
Communications of the ACM
Proceedings of the seventeenth ACM symposium on Operating systems principles
SAC '99 Proceedings of the 6th Annual International Workshop on Selected Areas in Cryptography
Cryptanalytic Attacks on Pseudorandom Number Generators
FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
Practical Cryptography
Analysis of the Linux Random Number Generator
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Randomness in Virtual Machines
UCC '13 Proceedings of the 2013 IEEE/ACM 6th International Conference on Utility and Cloud Computing
Hi-index | 0.00 |
Cloud computing hosts require a good source of cryptographically strong random numbers. Most of the standard security practices are based on assumptions that hold true for physical machines, but don't translate immediately into the domain of virtualized machines. It is imperative to reconsider the well accepted security practices that were built around physical machines, and whether blind application of such practices results in the possibility of a data breach, machine control, or other vulnerabilities. Because of Cloud computers reliance on virtualization, access to the hardware based random number generator is restricted, and virtualization can have unforeseen effects on the operating system based random number generator. In this paper, the entropy pool poisoning attack is introduced and studied and a Cloud Entropy Management System is proposed. Extensive experimental study verified that there are measurable problems with entropy in Cloud instances, and the management system effectively solves them.