sp 800 90b overview
play

SP 800-90B Overview* John Kelsey, NIST, May 2016 * Revised to - PowerPoint PPT Presentation

Sep 16, 2023 •444 likes •893 views

SP 800-90B Overview* John Kelsey, NIST, May 2016 * Revised to correct some errors discovered after the presentation was given. Updated/new slides are starred. Preliminaries SP 800-90 Series, 90B, and RBGs Entropy Sources Min-Entropy

  1. SP 800-90B Overview* John Kelsey, NIST, May 2016 * Revised to correct some errors discovered after the presentation was given. Updated/new slides are starred.

  2. Preliminaries • SP 800-90 Series, 90B, and RBGs • Entropy Sources • Min-Entropy • History of the Document 2/40

  3. What’s SP 800 - 90? What’s 90B? An RBG is used as a source of random bits for cryptographic or other purposes. • The SP 800-90 series is about how to build random bit generators • SP 800-90A describes deterministic mechanisms, called DRBGs • SP 800-90B describes entropy sources • SP 800-90C describes how to put them together to get RBGs 90B is about how to build, test, and validate entropy sources.

  4. What is an Entropy Source? • SP 800-90B is about how to build an entropy source. • Entropy sources are used in SP 800-90 to provide seed material for DRBG mechanisms, among other things. • An entropy source provides: • Bits or bitstings of fixed length • with a guaranteed minimum entropy per output • with continuous health testing to ensure the source keeps working An entropy source is a black box that provides you entropy (unpredictable bits with a known amount of entropy) on demand.

  5. So, What’s Entropy Then? • Entropy (specifically, min-entropy) is how we quantify unpredictability. • If there’s no way to guess X with more than a 2 -h probability of being right, then X has h bits of entropy. • For a distribution with probabilities p 1 , p 2 , …, p k : h = -lg( max(p 1 , p 2 , …, p k ) ) • Sometimes, we use the word “entropy” to mean unpredictability. • Sometimes, we use it to mean the amount of unpredictability, in terms of min-entropy.

  6. SP800-90B History • Previous version published August 2012 • RNG workshop in 2012 • Snowden / Dual EC blowup • Big changes: • Reworked the IID tests • Sanity checks  Additional estimates • Big improvements of tests of non-iid data • Updated and improved health tests • Restart Tests • Post-processing • Vetted conditioning functions moved here from 90C

  7. Components of an Entropy Source  Noise Source  Where the entropy comes from  Post-processing  Optional minimal processing of noise source outputs before they are used.  Health tests  Verify the noise source is still working correctly  Conditioning  Optional processing of noise source outputs before output. 7/40

  8. Noise Source • A noise source provides bitstrings with some inherent unpredictability. • Nondeterministic mechanism + sampling + digitization = noise source. • Every entropy source must have a noise source. • Common examples: ring oscillators, interrupt timings. • The noise source is the core of an entropy source —it’s the thing that actually provides the unpredictability

  9. Post-Processing • Post-processing is minimal processing done to noise-source outputs before they are used or tested. • Post-processing is optional — not all entropy sources use it. • There are a small set of allowed post-processing algorithms: • Von Neumann Unbiasing • Linear Masking • Run Counting

  10. Health Tests • Health tests attempt to detect major failures in the noise source. • They are REQUIRED for all entropy sources. • Health testing splits into: • Startup testing = one-time test done before any outputs are used • Continuous testing = testing done in the background during normal operation • 90B defines two health tests • Designers may use those, or provide their own tests and demonstrate that their tests detect the same failures.

  11. Conditioning • Conditioning processes the noise source outputs to increase their entropy/bit before they are output from the entropy source. • Conditioning is optional — not all entropy sources incorporate a conditioning component. • 90B specifies a set of six “vetted” conditioning functions based on cryptographic mechanisms. • Vendors may also design or select their own conditioning functions. • 90B describes the entropy accounting used for conditioning functions.

  12. Components Wrapup  Noise Source  Where the entropy comes from  Post-processing  Optional minimal processing of noise source outputs before they are used.  Health tests  Verify the noise source is still working correctly  Conditioning  Optional processing of noise source outputs before output.

  13. The Validation Process • Documentation • Estimating entropy • Design requirements 13/40

  14. Documentation Requirements • Full description of how the source works • Justification for why noise source has entropy • Entropy estimate and whether source might be iid • Description of post-processing and conditioning, if used • Description of alternative health tests, if used • Description of how data collection was done

  15. 439 Entropy Estimation: Start validation Testing the Noise Source Data collection (Section 3.1.1) Non-IID track Determine the track • Data collection (Section 3.1.1) IID track Estimate entropy - IID track Estimate entropy - Non-IID (Section 6.1) track (Section 6.2) • IID vs non-IID Apply Restart Tests (Section 3.1.4) • Entropy estimation No Pass restart tests? Yes • Restart tests Update entropy estimate (Section 3.1.4) No Is conditioning used? Yes Update entropy estimate (Section 3.1.5) Validation at entropy Validation fails. No entropy estimate awarded. estimate. 440 15/40 Figure 2 Entropy Estimation Strategy 8

  16. Data Collection • Entropy estimation requires lots of data from raw noise source, and possibly some data from conditioned outputs. • Ideally, device has a defined way to get test access to raw noise source bits. • If not, submitter may need to do data collection. • Submitter must justify why his method for data collection won’t alter behavior of source. • Must also describe exactly how data collection was done.

  17. What Data is Collected? Two datasets from raw noise source samples — always required: • Sequential dataset: 1,000,000 successive samples from noise source • Restart dataset: 1,000 restarts, 1,000 samples from each restart • Restart = power cycle, hard reset, reboot One dataset from conditioned outputs — sometimes required • Conditioner dataset: 1,000,000 successive samples from conditioner • Only required if design uses a non-vetted conditioning function.

  18. 439 Entropy Estimation: Start validation Testing the Noise Source Data collection (Section 3.1.1) Non-IID track Determine the track • Data collection from noise source (Section 3.1.1) IID track (optionally with post-processing) Estimate entropy - IID track Estimate entropy - Non-IID (Section 6.1) track (Section 6.2) • IID vs non-IID Apply Restart Tests (Section 3.1.4) No Pass restart tests? • Entropy estimation Yes Update entropy estimate (Section 3.1.4) • Restart tests No Is conditioning used? Yes Update entropy estimate (Section 3.1.5) Validation at entropy Validation fails. No entropy estimate awarded. estimate. 440 Figure 2 Entropy Estimation Strategy 8

  19. Determining the Track (IID or Non-IID) IID = Independent and Identically Distributed • IID means each sample independent of all others, independent of position in sequence of samples How do we determine if source is iid? • If designer says source is NOT iid , then it’s NEVER evaluated as iid • Otherwise, run a bunch of statistical tests to try to prove that source is NOT iid • If we can’t disprove it, we assume source is iid for entropy estimation

  20. 439 Entropy Estimation: Start validation Testing the Noise Source Data collection (Section 3.1.1) Non-IID track Determine the track • Data collection from noise source (Section 3.1.1) IID track (optionally with post-processing) Estimate entropy - IID track Estimate entropy - Non-IID (Section 6.1) track (Section 6.2) • IID vs non-IID Apply Restart Tests (Section 3.1.4) No Pass restart tests? • Entropy estimation Yes Update entropy estimate (Section 3.1.4) • Restart tests No Is conditioning used? Yes Update entropy estimate (Section 3.1.5) Validation at entropy Validation fails. No entropy estimate awarded. estimate. 440 Figure 2 Entropy Estimation Strategy 8

  21. Entropy Estimation* IID Case: • Estimate entropy by counting most common value and doing some very simple statistics. • Presentation on this later today. Non-IID Case: • Apply many different entropy estimators against sequential dataset. • Take minimum of all resulting estimates. • Presentation on this later today. Sample implementations of entropy estimation can be found at: https://github.com/usnistgov/SP800-90B_EntropyAssessment

  22. Entropy Estimation — Combining Estimates*: • H[original] • We do entropy estimation (iid or noniid) on the sequential dataset. • H[binary] • If the sequential dataset is not binary, we convert it to binary and do a second estimate on the first 1,000,000 bits that result. • H[submitter] • The submitter had to estimate the entropy in his documentation package. • H[I] = min(H[original,H[binary],H[submitter]) • Just take the smallest estimate of the three (or two, if it’s binary data)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 SF park overview OVERVIEW PRESENTATION / 2

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 SF park overview OVERVIEW PRESENTATION / 2

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 SF park overview OVERVIEW PRESENTATION / 2 Coin and card meters OVERVIEW PRESENTATION / 3 Making garages work better OVERVIEW PRESENTATION / 4 User interface and customer experience OVERVIEW

1.3k views • 24 slides
OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 Acknowledgements OVERVIEW PRESENTATION / 2 SF

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 Acknowledgements OVERVIEW PRESENTATION / 2 SF

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 Acknowledgements OVERVIEW PRESENTATION / 2 SF park overview OVERVIEW PRESENTATION / 3 Coin and card meters OVERVIEW PRESENTATION / 4 Improving the customer experience at garages OVERVIEW

567 views • 25 slides
GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin

GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin

National Taiwan University Department of Computer Science and Information Engineering GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin Phone Lin Ph.D. Ph.D. Email: plin@csie.ntu.edu.tw Email:

686 views • 41 slides
i c r o g u a r d s OVERVIEW The m i c r o g u a r d BIOFUELS s OVERVIEW

i c r o g u a r d s OVERVIEW The m i c r o g u a r d BIOFUELS s OVERVIEW

LGE UNICAMP The m i c r o g u a r d s OVERVIEW The m i c r o g u a r d BIOFUELS s OVERVIEW The m i c r o g u a r d ETHANOL s OVERVIEW The m i c Ideal conditions r o g Costs-benefits u a r d

1.39k views • 59 slides
Football First Aid: Football First Aid: An Overview An Overview Steven Richmond 95#

Football First Aid: Football First Aid: An Overview An Overview Steven Richmond 95#

Football First Aid: Football First Aid: An Overview An Overview Steven Richmond 95# Commissioner --BRYC Firefighter II, EMT-B, HTR & HZMT Tech City of Alexandria Fire and EMS Overview Overview Hyperthermia (Heat Related Injuries)

2.61k views • 31 slides
1 Corporate Overview Transaction 1 Corporate Overview Overview of Libre Group Structure

1 Corporate Overview Transaction 1 Corporate Overview Overview of Libre Group Structure

1 Corporate Overview Transaction 1 Corporate Overview Overview of Libre Group Structure Industry Business Model Hotels Overview Disclaimer This presentation does not constitute, or form any part of any offer for sale or subscription

808 views • 32 slides
HabaPalooza T EA M HYPERION COM M 362 A PRIL 29 T H 201 2 Overview Team Overview

HabaPalooza T EA M HYPERION COM M 362 A PRIL 29 T H 201 2 Overview Team Overview

HabaPalooza T EA M HYPERION COM M 362 A PRIL 29 T H 201 2 Overview Team Overview Project Overview Analysis Active Experimentation Question & Answer Team Overview Our Logo Our Tagline Our Mission Statement

1.09k views • 15 slides
Outbound Logistics Overview 1 Outbound Logistics Overview Outbound Overview Four

Outbound Logistics Overview 1 Outbound Logistics Overview Outbound Overview Four

Outbound Logistics Overview 1 Outbound Logistics Overview Outbound Overview Four Dedicated Outbound Carriers MPF Meijer Private Fleet 111 stores serviced in Michigan, northern Ohio, and Indiana. NTB Nationwide Truck

865 views • 15 slides
HabaPalooza T E A M H Y P E R I O N C O M M 3 6 2 A P R I L 2 9 TH 2 0 1 2 Overview Team

HabaPalooza T E A M H Y P E R I O N C O M M 3 6 2 A P R I L 2 9 TH 2 0 1 2 Overview Team

HabaPalooza T E A M H Y P E R I O N C O M M 3 6 2 A P R I L 2 9 TH 2 0 1 2 Overview Team Overview Project Overview Analysis Active Experimentation Question & Answer Team Overview Our Logo Our Tagline Our

934 views • 15 slides
An overview to Maltese An overview to Maltese An overview to Maltese An overview to Maltese

An overview to Maltese An overview to Maltese An overview to Maltese An overview to Maltese

An overview to Maltese An overview to Maltese An overview to Maltese An overview to Maltese Agriculture Agriculture Agriculture characteristics S mall holdings L imited resources and L and Fragmentation. 2 Maltese agriculture in figures

1.04k views • 15 slides
Library Conversations: Talking with Users University of Rochester Overview Overview Used

Library Conversations: Talking with Users University of Rochester Overview Overview Used

Rebecca Bichel December 7, 2007 Library Conversations: Talking with Users University of Rochester Overview Overview Used anthropological & ethnographic Overview Overview methods Guiding research question: What do students

941 views • 44 slides
.NET Overview Objectives Introduce .NET overview languages libraries

.NET Overview Objectives Introduce .NET overview languages libraries

.NET Overview Objectives Introduce .NET overview languages libraries development and execution model Examine simple C# program 2 .NET Overview .NET is a sweeping marketing term for a family of products

388 views • 23 slides
1 Overview Overview Regional demographic overview Regional demographic overview Workforce

1 Overview Overview Regional demographic overview Regional demographic overview Workforce

1 Overview Overview Regional demographic overview Regional demographic overview Workforce supply analysis Regional demand for workers i l d d f k Balancing supply and demand Reviewing key cluster trends Key challenges

533 views • 39 slides
EZ Overview EZ Overview The Rapid Development Platform p p Muse EZ is a

EZ Overview EZ Overview The Rapid Development Platform p p Muse EZ is a

EZ Overview EZ Overview The Rapid Development Platform p p Muse EZ is a registered trademark of Future Designs, Inc . 1 Overview What is EZ? EZ RTOS Engine EZ Four Tier Hierarchy Reusable HAL and Device

600 views • 32 slides
Overview of the Reconstruction Overview of the Reconstruction Overview of Some Legal Issues

Overview of the Reconstruction Overview of the Reconstruction Overview of Some Legal Issues

Overview of the Reconstruction Overview of the Reconstruction Overview of Some Legal Issues Related to Puerto Ricos Debt Restructuring by Sergio M. Marxuach Center for a New Economy February 25, 2020 CNE Puerto Ricos Think Tank

347 views • 13 slides
Overview & Development Table of Contents 1 Simon Owen, CEO Business Overview

Overview & Development Table of Contents 1 Simon Owen, CEO Business Overview

2018 Investor Tour INGENIA COMMUNITIES GROUP Overview & Development Table of Contents 1 Simon Owen, CEO Business Overview Guidance Update Development Overview Latitude One Overview 2 Craig Shepherd, Project

247 views • 22 slides
The Integration of SMT Solvers into the RISCAL Model Checker Second Master Thesis Report Franz

The Integration of SMT Solvers into the RISCAL Model Checker Second Master Thesis Report Franz

The Integration of SMT Solvers into the RISCAL Model Checker Second Master Thesis Report Franz Reichl January 31, 2020 1 Recapitulation Check validity of RISCAL theorems with SMT-Solvers Translate RISCAL declarations into SMT-LIB

592 views • 30 slides
Hash function based on the SIS problem HEBANT Chlo e University of Limoges Summer 2016

Hash function based on the SIS problem HEBANT Chlo e University of Limoges Summer 2016

Hash function based on the SIS problem HEBANT Chlo e University of Limoges Summer 2016 HEBANT Chlo e Hash function based on the SIS problem Summer 2016 1 / 19 Introduction Hash function 1 One-way collision-resistant Ajtai function

458 views • 26 slides
and Elementary Data Structures Linear Sorting Algorithms Biostatistics 615/815 Lecture 6: . .

and Elementary Data Structures Linear Sorting Algorithms Biostatistics 615/815 Lecture 6: . .

. . Januray 25th, 2011 Biostatistics 615/815 - Lecture 6 Hyun Min Kang Januray 25th, 2011 Hyun Min Kang and Elementary Data Structures Linear Sorting Algorithms Biostatistics 615/815 Lecture 6: . . . . . . . Summary Array Radix

790 views • 42 slides
Technology for Video Translation Susanne Weber Language Technology Producer, BBC News Labs In

Technology for Video Translation Susanne Weber Language Technology Producer, BBC News Labs In

The BBCs Virtual Voice - over tool ALTO: Technology for Video Translation Susanne Weber Language Technology Producer, BBC News Labs In this presentation. - Overview over the ALTO Pilot project - Machine Translation and Computer

496 views • 28 slides
Human Pose Search using Deep Poselets Nataraj Jammalamadaka * Andrew Zisserman C. V. Jawahar *

Human Pose Search using Deep Poselets Nataraj Jammalamadaka * Andrew Zisserman C. V. Jawahar *

Human Pose Search using Deep Poselets Nataraj Jammalamadaka * Andrew Zisserman C. V. Jawahar * * CVIT, IIIT Hyderabad, India Visual Geometry Group, Department of Engineering, IIIT Hyderabad University of Oxford Human Pose: Gesture and

553 views • 33 slides
MATLAB crash course Cesar E. Tamayo Economics - Rutgers September 27th, 2013 1/27 MATLAB crash

MATLAB crash course Cesar E. Tamayo Economics - Rutgers September 27th, 2013 1/27 MATLAB crash

MATLAB crash course 1 / 27 MATLAB crash course Cesar E. Tamayo Economics - Rutgers September 27th, 2013 1/27 MATLAB crash course 2 / 27 Program Program I Interface: layout, menus, help, etc.. I Vectors and matrices I Graphics: I Plots,

2k views • 27 slides
The Swiss Army Knife SLTE Alice Shelton, Michele Barezzani Alcatel-Lucent Submarine

The Swiss Army Knife SLTE Alice Shelton, Michele Barezzani Alcatel-Lucent Submarine

conference & convention enabling the next generation of networks & services The Swiss Army Knife SLTE Alice Shelton, Michele Barezzani Alcatel-Lucent Submarine Networks conference & convention enabling the next generation of

402 views • 18 slides
Lecture 10: Lists and Sequences (Sections 10.0-10.2, 10.4-10.6, 10.8-10.13) CS 1110

Lecture 10: Lists and Sequences (Sections 10.0-10.2, 10.4-10.6, 10.8-10.13) CS 1110

http://www.cs.cornell.edu/courses/cs1110/2018sp Lecture 10: Lists and Sequences (Sections 10.0-10.2, 10.4-10.6, 10.8-10.13) CS 1110 Introduction to Computing Using Python [E. Andersen, A. Bracy, D. Gries, L. Lee, S. Marschner, C. Van Loan, W.

978 views • 33 slides

More recommend