Jan Krhovják

Towards True Random Number Generation in Mobile Environments

In our paper, we analyze possibilities to generate true random data in mobile devices such as mobile phones or pocket computers. We show how to extract arguably true random data with a probability distribution *** = 2*** 64 close to the uniform distribution in the trace distance. To postprocess the random data acquired from the camera we use a randomness extractor based on the Carter-Wegman universal2 families of hashing functions. We generate the data at the bit rate approximatively 36 bits per second --- we used such a low bit rate only to allow statistical testing at a reasonable level of confidence.

Generating Random and Pseudorandom Sequences in Mobile Devices

In our paper we study practical aspects of random and pseudorandom number generation in mobile environments. We examine and analyze several sources of randomness available in current mobile phones and other mobile devices at the application level. We identify good physical sources of randomness that are capable of generating data with high entropy in reasonable time and we investigate some relevant aspects (such as security, energy requirements, performance) of integrating selected pseudorandom number generators in the Symbian OS environment. The main contribution of this paper is the identification and analysis of randomness sources in mobile devices and a practical proposal for their post-processing, including a prototype implementation.

PIN (and chip) or signature: beating the cheating?

Our paper first reviews some of the most critical issues related to the introduction of Chip & PIN card payment authorisation, and then outlines one part of our experiment1 that we decided to undertake to validate some of our views and ideas. Our experiment examines, in two phases, whether introduction of this authorisation method is advantageous for an opportunistic thief and whether the customer truly benefits from the Chip & PIN technology with respect to this opportunistic thief.

Authorizing Card Payments with PINs

Chip and PIN technology was introduced as a means of decreasing payment-card fraud. However, according to results of a two-phase experiment, the technology makes it easier for thieves to obtain PINs and more difficult for customers to defend against counterfeiting.

Generating random numbers in hostile environments (transcript of discussion)

Tuomas Aura: In what kind of situations would you request random data from other devices, or what devices have core operations on random numbers?

Generating random numbers in hostile environments

This paper discusses basic security aspects of distributed random number generation in potentially hostile environments. The goal is to outline and discuss a distributed approach, which comes to question in the case of attacker being able to target one or several mobile devices. We define communication paths and attacker models instead of providing technical details of local generation. This paper also includes a discussion of several issues of such distributed approach.