ebook img

Computer security PDF

168 Pages·2000·8.5 MB·English
by  RukhinAndrew
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Computer security

NATX INST. OF STAND & TECH RI.C, N!ST I PUBLICATIONS AlllQS fib5D23 A NIST Special Publication 800-22 Statistical Test Suite for Random and Pseudorandom Number Generators for Nisr Cryptographic Applications National Institute of Standards and Technology Technology Administration AndrewRukhin, Juan Soto, James Nechvatal, U.S. Department of Commerce Miles Smid, Elaine Barker, StefanLeigh, Mark Levenson, Mark Vangel, David Banks, Alan Heckert, James Dray, San Vo COMPUTER SECURITY rhe National Institute ofStandards and Technology was established in 1988 by Congress to "assist industry in thedevelopmentoftechnology . . .neededtoimproveproductquality,tomodernizemanufacturingprocesses, toensure product reliability . . . and to facilitate rapid commercialization ... ofproducts based on new scientific discoveries." NIST, originally founded as the National Bureau of Standards in 1901, works to strengthen U.S. industry's competitiveness; advance science and engineering; and improve public health, safety, and the environment. One of the agency's basic functions is to develop, maintain, and retain custody of the national standards of measurement, and provide the means and methods for comparing standards used in science, engineering, manufacturing, commerce, industry, and education with the standards adopted or recognized by the Federal Government. As an agency of the U.S. Commerce Department's Technology Administration, NIST conducts basic and applied research in the physical sciences and engineering, and develops measurement techniques, test methods, standards, and related services. The Institute does generic and precompetitive work on new and advanced technologies. NIST's research facilities are located at Gaithersburg, MD 20899, and at Boulder, CO 80303. Major technical operating units and their principal activities are listed below. For more information contact the Publications and Program Inquiries Desk, 301-975-3058. Office of the Director Chemical Science and Technology • National Quality Program Laboratory • International and Academic Affairs • Biotechnology • Physical and Chemical Properties^ Technology Services • Analytical Chemistry • Standards Services • Process Measurements • Technology Partnerships • Surface and Microanalysis Science • Measurement Services Physics Laboratory • Information Services • Electron and Optical Physics Advanced Technology Program • Atomic Physics • Economic Assessment • Optical Technology • Information Technology and Applications • Ionizing Radiation • Chemistry and Life Sciences • Time and Frequency' • Materials and Manufacturing Technology • Quantum Physics' • Electronics and Photonics Technology Manufacturing Engineering Laboratory Manufacturing Extension Partnership Program • Precision Engineering • Automated Production Technology • Regional Programs • Intelligent Systems • National Programs • Fabrication Technology • Program Development • Manufacturing Systems Integration Electronics and Electrical Engineering Building and Fire Research Laboratory Laboratory • Microelectronics • Applied Economics • Law Enforcement Standards • Structures • Electricity • Building Materials • SemiconductorElectronics • Building Environment • Radio-Frequency Technology' • Fire Safety Engineering • Electromagnetic Technology' • Fire Science • Optoelectronics' Information Technology Laboratory Materials Science and Engineering • Mathematical and Computational Sciences^ Laboratory • Advanced Network Technologies • Intelligent Processing ofMaterials • Computer Security • Ceramics • Information Access and User Interfaces • Materials Reliability' • High Performance Systems and Services • Polymers • Distributed Computing and Information Services • Metallurgy • Software Diagnostics and Conformance Testing • NIST Center for Neutron Research • Statistical Engineering 'At Boulder, CO 80303. ^Some elements at Boulder, CO. A NisT Special Publication 800-22 Statistical Tcst Suitc for Random and Pseudorandom Number Generators for Cryptographic Applications AndrewRukhin', Juan Soto^, James Nechvatal^, Miles Smid^, Elaine Barker^, Stefan Leigh', Mark Levenson', Mark Vangel', David Banks', Alan Heckert', James Dray^, San Vo^ COMPUTER SECURITY 'statistical Engineering Division ^Computer Security Division Information Technology Laboratory National Institute ofStandards and Technology MD Gaithersburg, 20899-8930 October 2000 U.S.DepartmentofCommerce Norman Y. Mineta, Secretary Technology Administration Dr. CherylL. Shavers, UnderSecretaryofCommerceforTechnology National InstituteofStandardsandTechnology RaymondG. Kammer, Director Reports on Computer Systems Technology The Information TechnologyLaboratory (ITL) at the National Institute ofStandards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership forthe Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL's research, guidance, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. National Institute ofStandards and Technology Special Publication 800-22 Natl. Inst. Stand. Technol. Spec. Publ. 800-22, 161 pages (Oct. 2000) CODEN: NSPUE2 GOVERNMENT PRINTING OFFICE U.S. WASHINGTON: 2000 For saleby the SuperintendentofDocuments, U.S. GovernmentPrinting Office, Washington, DC 20402-9325 I j ABSTRACT This paper discusses some aspects of selecting and testing random and pseudorandom number generators. The outputs of such generators may be used in many cryptographic apphcations, such as the generation of key material. Generators suitable for use in cryptographic applications may need to meet stronger requirements than for other applications. In particular, their outputs must be unpredictable in the absence of knowledge of the inputs. Some criteria for characterizing and selecting appropriate generators are discussed in this document. The subject of statistical testing and its relation to cryptanalysis is also discussed, and some recommended statistical tests are provided. These tests may be useful as a first step in determining whether or not a generator is suitable for a particular cryptographic application. However, no set of statistical tests can absolutely certify a generator as appropriate for usage in a particular application, i.e., statistical testing cannot serve as a substitute for cryptanalysis. The design and cryptanalysis ofgenerators is outside the scope ofthis paper. Key words: random number generator, hypothesis test, P-value Certain commercial equipment and materials were used in the development of this test suite. Such identification does not imply recommendation or endorsement by the National Institute of Standards and Technology, nor does it imply that the materials or equipment identified are necessarily the best available for the purpose. iv TABLE OF CONTENTS INTRODUCTION TO RANDOM NUMBER TESTING 1 1 1.1 GeneralDiscussion 1 1.1.1 Randomness 1 1.1.2 Unpredictability 2 1.1.3 RandomNumberGenerators (RNGs) 2 1.1.4 Pseudorandom NumberGenerators (PRNGs) 3 1.1.5 Testing 3 1.1.6 Considerations forRandomness, UnpredictabilityandTesting 6 1.2 Definitions and Abbreviations 6 1.3 Mathematical Symbols 11 2 RANDOM NUMBER GENERATION TESTS 13 2.1 Frequency (Monobit) Test 14 2.1.1 TestPurpose 14 2.1.2 Function Call 14 2.1.3 Test Statistic andReferenceDistribution 15 2.1.4 TestDescription 15 % 2.1.5 Decision Rule (atthe 1 Level) 15 2.1.6 ConclusionandInterpretationofTestResults 15 2.1.7 Input Size Recommendations 16 2.1.8 Example 16 2.2 Frequency Test within a Block 16 2.2.1 TestPurpose 16 2.2.2 Function Call 16 2.2.3 Test Statistic 17 2.2.4 Test Description 17 % 2.2.5 Decision Rule (atthe 1 Level) 18 2.2.6 Conclusion and Interpretation ofTestResults 18 2.2.7 Input Size Recommendations 18 2.2.8 Example 18 2.3 Runs Test 18 2.3.1 TestPurpose 18 2.3.2 Function Call 19 2.3.3 Test Statistic and Reference Distribution 19 2.3.4 TestDescription 19 2.3.5 Decision Rule (at the 1 %Level) 20 2.3.6 ConclusionandInterpretationofTestResults 20 2.3.7 Input Size Recommendations 20 2.3.8 Example 21 2.4 Testfor the LongestRun ofOnes in a Block 21 2.4.1 TestPurpose 21 2.4.2 Function Call 21 2.4.3 Test Statistic andReference Distribution 22 V 2.4.4 TestDescription 22 % 2.4.5 DecisionRule (at the 1 Level) 23 2.4.6 Conclusionand InterpretationofTestResults 23 2.4.7 Input Size Recommendations 23 2.4.8 Example 23 2.5 Binary MatrixRankTest 24 2.5.1 TestPurpose 24 2.5.2 Function Call 24 2.5.3 Test Statistic andReferenceDistribution 25 2.5.4 TestDescription 25 % 2.5.5 Decision Rule (atthe 1 Level) 26 2.5.6 ConclusionandInterpretationofTestResults 26 2.5.7 Input SizeRecommendations 26 2.5.8 Example 26 2.6 Discrete Fourier Transform (Spectral) Test 27 2.6.1 TestPurpose 27 2.6.2 FunctionCall 27 2.6.3 Test Statistic andReference Distribution 27 2.6.4 TestDescription 27 % 2.6.5 DecisionRule (atthe 1 Level) 28 2.6.6 ConclusionandInterpretationofTestResults 28 2.6.7 Input Size Recommendations 29 2.6.8 Example 29 2.7 Non-overlappingTemplateMatching Test 29 2.7.1 Test Purpose 29 2.7.2 FunctionCall 29 2.7.3 Test Statistic andReference Distribution 30 2.7.4 TestDescription 30 % 2.7.5 DecisionRule (atthe 1 Level) 31 2.7.6 Conclusionand Interpretation ofTestResults 31 2.7.7 Input Size Recommendations 32 2.7.8 Example 32 2.8 Overlapping TemplateMatching Test 32 2.8.1 TestPurpose 32 2.8.2 Function Call 33 2.8.3 Test Statistic andReference Distribution 33 2.8.4 TestDescription 33 % 2.8.5 DecisionRule (atthe 1 Level) 35 2.8.6 ConclusionandInterpretationofTestResults 35 2.8.7 Input Size Recommendations 35 2.8.8 Example 36 2.9 Maurer's "Universal Statistical" Test 36 2.9.1 TestPurpose 36 2.9.2 Function Call 36 2.9.3 Test Statistic andReferenceDistribution 36 2.9.4 TestDescription 37 % 2.9.5 DecisionRule (atthe 1 Level) 39 2.9.6 Conclusion andInterpretationofTestResults 40 2.9.7 Input Size Recommendations 40 2.9.8 Example 40 vi 2.10 Lempel-ZivCompression Test 41 2.10.1 TestPurpose 41 2.10.2 Function Call 41 2.10.3 Test Statistic andReferenceDistribution 41 2.10.4 TestDescription 41 % 2.10.5 Decision Rule(atthe 1 Level) 42 2.10.6 ConclusionandInterpretationofTestResults 42 2.10.7 Input Size Recommendations 43 2.10.8 Example 43 2.11 LinearComplexity Test 43 2.11.1 TestPurpose 43 2.11.2 Function Call 43 2.11.3 Test Statistic andReference Distribution 44 2.11.4 TestDescription 44 % 2.11.5 DecisionRule (atthe 1 Level) 45 2.11.6 ConclusionandInterpretationofTestResults 45 2.11.7 Input Sizerecommendations 46 2.11.8 Example 46 2.12 Serial Test 46 2.12.1 Test Purpose 46 2.12.2 FunctionCall 46 2.12.3 Test Statistics andReferenceDistribution 47 2.12.4 TestDescription % 47 2.12.5 Decision Rule (atthe 1 Level) 48 2.12.6 ConclusionandInterpretationofTestResults 48 2.12.7 Input Size Recommendations 48 2.12.8 Example 48 2.13 Approximate Entropy Test 49 2.13.1 TestPurpose 49 2.13.2 Function Call 49 2.13.3 Test Statistic andReferenceDistribution 49 2.13.4 TestDescription 50 % 2.13.5 Decision Rule (atthe 1 Level) 51 2.13.6 ConclusionandInterpretationofTestResults 51 2.13.7 Input Size Recommendations 51 2.13.8 Example 51 2.14 Cumulative Sums (Cusum) Test 52 2.14.1 TestPurpose 52 2.14.2 Function Call 52 2.14.3 Test Statistic andReferenceDistribution 52 2.14.4 TestDescription 52 % 2.14.5 Decision Rule (atthe 1 Level) 54 2.14.6 ConclusionandInterpretation ofTestResults 54 2.14.7 Input Size Recommendations 54 2.14.8 Example 54 2.15 Random Excursions Test 55 2.15.1 TestPurpose 55 2.15.2 Function Call 55 2.15.3 TestStatistic andReferenceDistribution 55 2.15.4 TestDescription 55 % 2.15.5 DecisionRule(atthe 1 Level) 59 vii 2.15.6 ConclusionandInterpretationofTestResults 59 2.15.7 Input Size Recommendations 59 2.15.8 Example 59 2.16 Random Excursions VariantTest 60 2.16.1 TestPurpose 60 2.16.2 FunctionCall 60 2.16.3 Test Statistic andReference Distribution 60 2.16.4 TestDescription 60 % 2.16.5 DecisionRule (atthe 1 Level) 62 2.16.6 Conclusion andInterpretation ofTestResults 62 2.16.7 Input Size Recommendations 62 2.16.8 Example 62 3 TECHNICAL DESCRIPTION OF TESTS 64 3.1 Frequency (Monobit) Test 64 3.2 Frequency Testwithin aBlock 65 3.3 Runs Test 66 3.4 Testfor theLongestRun ofOnes in aBlock 67 3.5 BinaryMatrix RankTest 69 3.6 Discrete Fourier Transform (Spectral) Test 71 3.7 Non-overlappingTemplate Matching Test 74 3.8 OverlappingTemplateMatchingTest 77 3.9 Maurer's "Universal Statistical" Test 78 3.10 Lempel-Ziv Compression Test 81 3.11 Linear Complexity Test 84 3.12 Serial Test 87 3.13 Approximate Entropy Test 89 3.14 Cumulative Sums (Cusum) Test 91 3.15 Random Excursions Test 93 3.16 Random Excursions VariantTest 96 4. TESTING STRATEGY AND RESULT INTERPRETATION 98 4.1 Strategies for the StatisticalAnalysis ofan RNG * 98 4.2 The Interpretation ofEmpirical Results 100 viii

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.