On Random Number Generation for Kernel Applications

Abstract

An operating system kernel uses cryptographically secure pseudorandom number generator (CSPRNG) for creating address space layout randomization (ASLR) offsets to protect memory addresses of processes from exploitation, storing users’ passwords securely and creating cryptographic keys. However, at present, popular kernel CSPRNGs such as Yarrow, Fortuna and /dev/(u)random which are used by MacOS/iOS/FreeBSD, Windows and Linux/Android kernels respectively lack the very crucial property of non-reproducibility of their generated bitstreams which is used to nullify the scope of predicting the bitstream. This paper proposes a CSPRNG called Cryptographically Secure Pseudorandom Number Generator for Kernel Applications (KCS-PRNG) which generates non-reproducible bitstreams. The proposed KCS-PRNG presents an efficient design uniquely configured with two new non-standard and verified elliptic curves and clock-controlled Linear Feedback Shift Registers (LFSRs) and a novel method to consistently generate non-reproducible random bitstreams of arbitrary lengths. The generated bitstreams are statistically indistinguishable from true random bitstreams and provably secure, resilient to important attacks, exhibits backward and forward secrecy, exhibits exponential linear complexity, large period and huge key space.