Information Technology Reference
In-Depth Information
Table 3. Results from running the Diehard battery of tests after contamination of the entropy pool
File#
bday
operm
binrnk6x8
cnt1s
parkinglot
mindist
sphere
squeeze
osum
craps
1
0.765454
0.497607
0.197306
0.000000
0.159241
0.000000
0.893287
0.423572
0.641313
0.147407
2
0.044118
0.180747
0.143452
0.000000
0.012559
0.000000
0.055361
0.769919
0.002603
0.066102
3
0.079672
0.999996
0.467953
0.000000
0.132155
0.000000
0.001550
0.190808
0.032007
0.468605
4
0.009391
0.000334
0.010857
0.000000
0.400118
0.000000
0.000258
0.573443
0.051299
0.057709
5
0.059726
0.996908
0.754544
0.000000
0.065416
0.000000
0.212797
0.276961
0.009343
0.389614
6
0.384023
0.975071
0.003450
0.000000
0.004431
0.000000
0.021339
0.047575
0.139662
0.082087
7
0.002450
0.458676
0.014060
0.000000
0.002061
0.000000
0.000010
0.044232
0.068223
0.836221
8
0.001195
0.840548
0.115478
0.000000
0.192544
0.000000
0.001535
0.024058
0.000078
0.214631
9
0.427721
0.553566
0.138635
0.000000
0.311526
0.000000
0.071177
0.296367
0.003107
0.679244
10
0.654884
0.106287
0.212463
0.000000
0.072483
0.000000
0.212785
0.338967
0.122016
0.710536
miserably in two of the tests: cnt1s and mindist
and partially in the others. A failure in any one
of the tests means that the PRNG is no longer
cryptographically secure.
Impact: After the attack, the generated pseudo
random numbers are of poor quality, leaving the
system and applications vulnerable to crypta-
nalysis attacks.
provided by a layer called the virtual file system
(VFS) layer. A new file system or a device pro-
vides a set of hooks when registering with the
VFS layer. Figure 6 depicts two file systems ext3
and MS-DOS and one device /dev/random that are
registered with the VFS layer. This enables user
applications to access files residing on both file
systems and the access to the device file with a
common set of system calls. The system call is
first handled by the VFS code. Depending on
where the file resides, the VFS layer invokes the
appropriate function registered by the file system
or device during registration. Some system calls
such as the close system call are directly handled
by the VFS layer, which simply requires release
of resources.
Attack Description: The kernel provides func-
tions for reading and writing to the /dev/random
and /dev/urandom devices. The data structures
used to register the device functions are called
random_state_ops and urandom_state_ops for
the devices /dev/random and /dev/urandom re-
spectively. These symbols are exported by the
2.4 kernel but are not exported by the 2.6 kernel.
We could find this data structure by first scanning
for function opcodes of functions present within
random_state_ops and urandom_state_ops . We
then used the function addresses in the correct
order to find the data structure in memory. Once
disable pseudo-random
number generator
This attack overwrites the addresses of the de-
vice functions registered by the Pseudo-Random
Number Generator (PRNG) with the function
addresses of the attack code. The original func-
tions are never invoked. These functions always
return a zero when random bytes are requested
from the /dev/random or /dev/urandom devices.
Note that though this appears similar to the attack
by traditional rootkits that hook into function
pointers, there is a subtle difference. Since this
particular device does not affect user-level view
of objects, this is not a target for achieving hid-
ing behavior and hence, not monitored by kernel
integrity monitors.
Background: Linux provides a flexible archi-
tecture where different file systems and devices
can use a common interface. This interface is
 
Search WWH ::




Custom Search