Internet As a Source of Randomness

Pseudorandom Generators (PRGs) play an important role in security of systems and cryptographic mechanisms. Yet, there is a long history of vulnerabilities in practical PRGs. Significant efforts in the theoretical and practical research communities are invested to improve the security of PRGs, to identify faults in entropy sources, and to detect vulnerabilities allowing attacks against the PRGs. In this work we take an alternative approach at the pseudorandomness generation problem. We design and implement Network Pseudorandomness Collector (NPC) which collects pseudorandom strings from servers in the Internet. NPC does not require cooperation nor synchronisation of those servers. NPC is easy to use and integrate into the existing systems. We analyse the security of NPC and show how it addresses the main factors behind the vulnerabilities in current PRGs. Further, we perform extensive simulations on empirically derived datasets that validate the security of NPC against attacks by realistic Man-in-the-Middle (MitM) attackers.