Analysis of android random number generator
Author
Sarıtaş, Serkan
Advisor
Selçuk, A. Aydın
Date
2013Publisher
Bilkent University
Language
English
Type
ThesisItem Usage Stats
127
views
views
37
downloads
downloads
Abstract
Randomness is a crucial resource for cryptography, and random number generators
are critical building blocks of almost all cryptographic systems. Therefore,
random number generation is one of the key parts of secure communication. Random
number generation does not guarantee security. Problematic random number
generation process may result in breaking the encrypted communication channel,
because encryption keys are obtained by using random numbers. For computers
and smart devices, generation of random numbers is done by operating systems.
Applications which need random numbers for their operation request them from
the operating system they are working on.
Due to the importance of random number generation, this process should be
analyzed deeply and cryptographically for different operating systems. From this
perspective, we studied Android random number generation process by looking at
the source codes and found that security of random number generation done by
Android relies on the security of random number generation of Linux. Then we
analyzed Android random number generator by modifying the kernel source code
and applying some tests on its entropy estimator. Finally, we looked for possible
weaknesses of random number generator during startup of Android devices.