Analysis of android random number generator

Abstract

Randomness is a crucial resource for cryptography, and random number generators are critical building blocks of almost all cryptographic systems. Therefore, random number generation is one of the key parts of secure communication. Random number generation does not guarantee security. Problematic random number generation process may result in breaking the encrypted communication channel, because encryption keys are obtained by using random numbers. For computers and smart devices, generation of random numbers is done by operating systems. Applications which need random numbers for their operation request them from the operating system they are working on. Due to the importance of random number generation, this process should be analyzed deeply and cryptographically for different operating systems. From this perspective, we studied Android random number generation process by looking at the source codes and found that security of random number generation done by Android relies on the security of random number generation of Linux. Then we analyzed Android random number generator by modifying the kernel source code and applying some tests on its entropy estimator. Finally, we looked for possible weaknesses of random number generator during startup of Android devices.