The investigation object of this paper is a random numbers sequence (RNS) obtained from a frame of a webcam, which can be practically used as a source of chaos for a hardware RNS generator. The problem under consideration was to estimate the primary crypto-resistance characteristics of the RNS obtained from a webcam frame.
Modern crypto-algorithm produces cipher texts that should not statistically differ from random sequence so that for the generation of random sequences you can take a source of chaos that provides sufficient uniqueness and unpredictability of values in long ranges.
Pseudo random generation algorithm sequence is in public access, for example, for the Java language [1,2], which makes it theoretically possible to attack the encryption algorithm. And at work [3] the author analyzes the hacking technology in detail, although with the involvement of the big ones computing power.
The sequence of numbers obtained from the webcam frame can be considered completely random due to the randomness of the image frame itself. However, the small volume of the sequence - 1.5 Mbytes for SVGA mode (800x600) - makes it unsatisfactory for most modern needs: 1 Gbit/s.
The use of consecutive frames of the webcam must satisfy one of the primary rules of crypto-resistance, which are put forward to the sequence of random numbers - a long loop period. It is not possible to check such a sequence for compliance with NIST requirements [4] - the minimum volume for checking is at least 100 Mbit.
The concatenation of several sequences obtained from consecutive frames of the webcam requires the study of the similarity of the constituent parts. A comparison method is proposed for the study of inter-frame correlation (similarity).
Two consecutive frames are transformed into two one-dimensional byte arrays corresponding to the pixel values of the photo-diode matrix image.
In Java it looks like this:
BufferedImage image = webcam.getImage();
ByteArrayOutputStream stream = new ByteArrayOutputStream();
ImageIO.write(image, "tiff", stream);
byte[] bytes = stream.toByteArray();
By comparing these arrays of numbers, you can determine the rate (percentage) of pixels that have changed their value. To ensure the condition of sensitivity to an avalanche effect sufficient for crypto resistance, this value must be at least 50%. This means that the minimum period of time (for a standard webcam it is 40 milliseconds) 50% of the pixels have changed their value.
This value is different for various conditions - the image itself, lighting, day-night, camera model, etc.. However, under the most unfavorable conditions, due to noise arising from the stochastic nature of the interaction of photons of light with the atoms of the material of the photodiodes of the sensor, this value is not zero. At least the fluorescent lamp provides 50 Hz of flicker, while the camera frame rate is 25 Hz, which introduces additional chaos into inter-frame correlation.
If, after all, the chaos level of two consecutive frames does not exceed 50%, it is necessary to experimentally find a duty cycle that satisfies this condition of 50%, for example, take not the next frame but the fourth one from the camera although this will significantly reduce the generation productivity.
Conclusion: sensitivity to the avalanche effect is decisive when designing a crypto-resistant high-speed random sequence generator. This parameter is tunable and quite simply determined by a simple software experiment. Finally the randomness of the sequences generated must be tested using standard statistical tests for randomness, such as the NIST suite [4], to verify their compliance with cryptographic standards.
References:
1. Class SecureRandom. All Implemented Interfaces. URL: https://docs.oracle.com/javase/8/docs/api/java/security/SecureRandom.html
2. M. Cornejo, S. Ruhault, “(In)Security of Java SecureRandom Implementations”, Journées Codage et Cryptographie, 2014. https://www-fourier.ujf-grenoble.fr/JC2/exposes/ruhault.pdf
3. Martinez, F. (2022). Attacks on Pseudo Random Number Generators Hiding a Linear Structure. In: Galbraith, S.D. (eds) Topics in Cryptology – CT-RSA 2022. CT-RSA 2022. Lecture Notes in Computer Science, vol 13161. Springer, Cham. https://doi.org/10.1007/978-3-030-95312-6_7
4. National Institute of Standards and Technology (NIST), “Recommendation for the Entropy Sources Used for Random Bit Generation”, SP 800-90C, August 2022, https://doi.org/10.6028/NIST.SP.800-90C.
|
Голосування 
Ця робота ліцензується відповідно до Creative Commons Attribution 4.0 International License
Знайшли помилку? Виділіть помилковий текст мишкою і натисніть Ctrl + Enter