
Analysis of Random Number Generation in Virtual Environments [pdf] - yankcrime
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/ZufallinVMS/Randomness-in-VMs.pdf
======
warrenm
actual PDF link:
[https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikat...](https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/ZufallinVMS/Randomness-
in-
VMs.pdf;jsessionid=F8386938DF1AB69F0431E6D958A03569.1_cid369?__blob=publicationFile&v=3)

Abstract: >The evaluation of the suitability and quality of cryptographic
mechanisms is tasked to the Federal Office for Information Security (BSI –
Bundesamt für Sicherheit in der Informationstechnik) in Germany. The BSI
therefore initiated this study about the generation and collection of entropy
in virtual machines and virtual environments. Virtual machines are
increasingly used especially in Cloud-based solutions, covering sensitive
areas in enterprises as well as in government. Good random numbers require one
or more noise sources supplying entropy which implies that these noise sources
are a vital requirement for the security of electronically processed data.

>Operating systems use various noise sources which may exhibit properties and
behaviors which may deviate significantly when used on a bare metal system or
within a virtualized environment. This study analyzes the impact of virtual
environments on the presence of entropy for noise sources. The goal of this
study is to identify measures for using noise sources in virtual environments
in such a way that they collect sufficient entropy. Besides conducting an
analysis of the general impact of virtual environments on noise sources, this
study discusses the Linux random number generator of /dev/random and
/dev/urandom which includes several noise sources. Also, this study evaluates
possibilities of receiving entropy from the virtual machine monitor (VMM) as
well as noise sources which collect entropy independently from a virtual
environment. Again, the goal is to obtain sufficient entropy in virtual
environments. The quality of the Linux random number generator is assessed
when executing it in the VMMs of KVM, VirtualBox, Microsoft Hyper-V and VMWare
ESXi.

>As a summary, the major finding of this study is that all assessed VMMs
depending on their configuration, allow Linux to obtain sufficient entropy.
The different noise sources of the Linux random number generator, however,
operate with varying quality which implies that depending on the use case
issues may arise. For example, the quality of the generated random numbers
after system boot is questionable. With the provided questionnaire, users are
able to analyze whether they are affected by such issues and to what extent.
Software-based noise sources which require hardware support for obtaining
entropy are most likely to be adversely affected by a VMM operation. Such
noise sources should therefore be assessed in detail for its applicability to
a virtualized environment. Hardware noise sources are commonly unaffected by a
VMM. With an appropriate support mechanism, a VMM may even deliver entropy to
guest systems.

>The provided analysis starts with the assessment of the architecture of
various noise sources. This is followed by a study of the impact of
virtualization on the obtained Entropy and applies the findings to the Linux
random number generator.

