From owner-freebsd-security@FreeBSD.ORG Tue Sep 25 20:05:51 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 689F0106566C; Tue, 25 Sep 2012 20:05:51 +0000 (UTC) (envelope-from mariusz.gromada@gmail.com) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 6C2508FC0A; Tue, 25 Sep 2012 20:05:50 +0000 (UTC) Received: by eekc50 with SMTP id c50so1043929eek.13 for ; Tue, 25 Sep 2012 13:05:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=NwNnfeCUO1SWxiZsXBg+2wIFgZN0UFUTMtMp5KQt7Yg=; b=EtXNvPQYVxYAm4oldlVre9hCiXb0OikhiSIDW1BsMvaW3baTaCx1akvx61rm/WWp1h NDuq3+YCyQqETMhbAHGhDtS5tDBIbrAhQELA1t9yAsOTLJ4WdYmWdH6lg771ehK3/P98 PiaD4WekDWTWHJMQwCEz4r0iOyiRRt0lhD+Gbqx/M72wnovsfk9zvrHsttiw+MkQUn4D Is6vUvjDI578xGA+rCrWYOYzbDp96kMnJXD30yuKCNFwRr1s79UNO62wHyGe+3Bvq0c8 t/vM6zKxamaY6lmgLRaCyZhHWV4iycWGazneNDsCZXbIs21n2W0ICLABBgt6MjLqY/jF prIA== Received: by 10.14.179.136 with SMTP id h8mr22154169eem.6.1348603549296; Tue, 25 Sep 2012 13:05:49 -0700 (PDT) Received: from [192.168.1.100] (89-76-147-86.dynamic.chello.pl. [89.76.147.86]) by mx.google.com with ESMTPS id k49sm3651570een.4.2012.09.25.13.05.46 (version=SSLv3 cipher=OTHER); Tue, 25 Sep 2012 13:05:47 -0700 (PDT) Message-ID: <50620E8E.9020501@gmail.com> Date: Tue, 25 Sep 2012 22:05:34 +0200 From: Mariusz Gromada User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120907 Thunderbird/15.0.1 MIME-Version: 1.0 To: Ben Laurie References: <20120918211422.GA1400@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl> <201209200758.51924.jhb@freebsd.org> <20120922080323.GA1454@garage.freebsd.pl> <20120922195325.GH1454@garage.freebsd.pl> <505E59DC.7090505@gmail.com> <20120923151706.GN1454@garage.freebsd.pl> <5060D723.6020305@gmail.com> <5060DA45.30808@gmail.com> <20120925053246.GI1413@garage.freebsd.pl> In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Tue, 25 Sep 2012 21:32:45 +0000 Cc: freebsd-security@freebsd.org, RW , Jonathan Anderson , Pawel Jakub Dawidek , John Baldwin Subject: Re: Collecting entropy from device_attach() times. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Sep 2012 20:05:51 -0000 W dniu 2012-09-25 11:05, Ben Laurie pisze: >> I created dummy driver which was registering three dummy drivers, so it >> was provoking three device_attach() calls on every kldload. Mariusz >> verified the observations and there was no correlation between the >> times. > > Sorry to those that are bored, but ... what was the methodology? > Ok, finally I had enough time to write something more. Try not to think about this data as a sequence of numbers a1, a2, ..., an, but rather as a sequence of random variables X(w,1), X(w,2), ...,X(w,n) – in general X(w,t) where 'w' is something similar to random event (something unpredictable) and 't' is time. In mathematics X(w,t) is called a stochastic process (or random process / time series). In our case 'w' may be interpreted as a particular machine, 't' will simply identify the sequence number of each device attach, then X(w,t) will be entropy suspected part of the final device attach time (measured in some units). Our task is to check if there are any autocorrelations in the X(w,t) process, which means checking if there are any dependencies between random variables X(w,t1) and X(w,t2) where t1 < t2. It is possible to do this using some formal statistical test (i.e.: Durbin–Watson test, Autocorrelation Random Number Test). I received form Pawel one portion of real data - 2081 observations coming from just one realization of the process. Checking autocorrelations requires data from many realizations of the process: in this case Nx2081, where each realization from 1 to N should start from the same beginning. But for dummy data we did something (With Pawel) for X(w,1), X(w,2), X(w,3) - there were generated many realizations. Finally no autocorrelations were observed. Summarizing: 1. We proved that data comes from uniform distribution (KS test) 2. We proved that there was no autocorrelation in the stochastic process consisted of 3 subsequent device attaches 3. We did graphical analysis, where typical noise was identified for much more than 3 device attaches. What else could be done: 1. Proving that there is no autocorrelations between X(w,t1) and X(w,t2) where t1 < t2. 2. Confirming results for some other architectures and devices, which means confirming results for X(w1,t), X(w2, t), ... Regards, Mariusz