how Cloudflare uses lava lamps, pendulums and uranium decay to encrypt traffic

The trajectory of the movement of the elements of a chaotic pendulum – no repetitions

Random numbers play a crucial role in cryptography. For example, algorithms for generating digital signatures use random numbers to generate keys. And the requirements for these numbers are very strict, since the reliability of the data encryption system directly depends on them. Unfortunately, it is difficult to get really random numbers, although it is possible, therefore pseudo-random number generators are usually used to solve this problem. This is the name of an algorithm that generates a sequence of numbers whose elements are independent of each other and obey a given distribution.

But there are companies that solve the problem differently – they use true-random number generators. These are not computer programs at all, but unusual devices or even the so-called lava lamps. Cloudflare has been using them since about 2017. For five years, the encryption of traffic that passes through the company’s infrastructure has depended on lamps, as well as pendulums and the process of radioactive decay of uranium. Details are under the cut.



Pseudo-random numbers are not very reliable


That is, how – reliable, of course, but still this is not a complete accident. And a computer, by definition, cannot generate completely random numbers, since the number of system states is limited. It is very large, but not infinite, respectively, sooner or later a pattern is formed, a periodicity, which is a weak point of a cryptographic system based on pseudo-random numbers. Of course, it is extremely difficult, almost impossible, to “catch” and analyze such a pattern, especially if the pseudo-random number generator is good. But theoretically, such a possibility exists, which means that a cryptographic system based on pseudo-random numbers is vulnerable.

When generating pseudo-random numbers, the key plays the main role. The structure of such a generator can be represented as a finite automaton, the memory of which consists of three main blocks:

• Memory, which stores information about the state of the generator.
• An output function that generates a key sequence bit depending on the state.
• A transition function that defines the new state that the generator transitions to in the next step.

There are many pseudo-random number generators, only a few thousand are more or less known. Many companies use their own crypto-resistant algorithms for generating pseudo-random numbers to encrypt data. But no matter how reliable they are, these algorithms, in theory, an attacker can find out the sequence of generated numbers and gain access to the data.

Some companies, like Cloudflare, cannot afford to even theoretically allow encrypted data to be hacked, so they have to look for other options, alternatives to pseudo-random number generators. A good source of true-random numbers are physical phenomena. These can be the noise of the detector of decay events of radioactive elements, cosmic radiation, or visual images. For example, recognizing the shape of “lava” in a lava lamp. These lamps are an endless source of random numbers, so encryption based on them is theoretically safe.

Multiple sources of randomness


Before moving on to the lamps themselves, I will mention one more important point – even the source of random numbers is not a 100% guarantee of the security of encrypted data. The fact is that an attacker can somehow gain access to the source or sources, and, accordingly, get the key to decrypt the encoded data. In addition, imagine that an attacker gets the opportunity to modify the sources of true randomness, thus influencing the generation of numbers for their own purposes.

In order to solve this problem, several sources of randomness are used. For example, there are three. If even two of them can be used by an attacker in some way for their own purposes, then the third one, which remains independent of this factor, will continue to generate truly random numbers. Accordingly, a good solution is to mix several streams of incoming data from random number sources. You can also use a mix of pseudo-random number generators with true random number sources.

And now, finally, we turn to the lamps.

What kind of lamps are there?


As mentioned above, these are lava lamps that are known to many of us. This is a transparent glass container with a clear liquid and translucent colored paraffin. Below is a source of light and heat, usually an incandescent lamp, which heats the liquid, paraffin, which causes the substance to rise and fall. Anyone who has seen such a lamp knows how unusual it looks.

One of the features of the lamp is that due to the huge number of external factors and their interaction, the forms of paraffin “drops” never repeat. It’s like snowflakes, which are supposed to be always unique, no matter how many of them form in a cloud.

Well, recognition of images, videos or photos of such lamps, respectively, is an ideal source of truly random numbers. Information from image recognition systems is fed into a cryptographically strong pseudo-random number generator that the company uses, thanks to which traffic is encrypted very securely.

Cloudflare’s office has a separate wall with 128 lava lamps. This wall is called the “entropy wall” in the company, and, probably, rightly so. This is just the source of entropy. A camera lens is pointed at the wall, which takes photos at a certain interval. The pixels in the photo are assigned a numerical value, as a result of which random numerical sequences are generated. 128 lamps make it possible to get absolutely random 128-bit numbers. The generated numbers are influenced by a huge number of factors, including a shadow, a visitor passing by the wall (if anyone was there, you can be proud of yourself – you became part of a data encryption tool).

The diagram shows the system of sources of random numbers in the company and encryption based on all this. In addition to such a source as lamps, there is another one – at the server, which is installed in the company’s office. In one of the data centers there is another source of entropy, so Cloudflare has three sources of random numbers in total (as far as we know, pseudo-random number generators are also used).

Lamps play a very important role in all this – they are a guarantee that the data will continue to be encrypted and remain inaccessible to an attacker even if the servers are compromised.

But what if somehow influence the lamps?


In fact, the possibilities of influence are not so few:
• An attacker can point the camera at a wall of lamps, trying to achieve an identical “picture” with the one that forms the camera in the company’s office.
• An intruder could turn off the lamps or block the camera lens.
• An attacker can change the video stream.
• An attacker can break into an office server by changing the output of the server’s entropy tape.

In fact, since there are other sources of entropy, there is no problem – the data is still encrypted. Well, imagine an attacker who could simultaneously affect lamps, servers, etc. – extremely difficult. The company says it’s impossible. The only problem is if an attacker manages to run malicious code that will affect the service that produces the final “entropy stream”.

Well, yes, Cloudflare also has an office in London, where the camera captures the movements of three chaotic pendulums at once, and in Singapore, a Geiger counter serves as a source of random numbers, which measures the radioactive decay of a tiny sample of uranium. The ways of processing primary data change, but the principle remains the same.

In general, the company’s solution, although not unique, is very successful. After all, besides the fact that she received reliable protection for traffic passing through Cloudflare servers, she also attracts attention to herself. Visitors to the company’s office with lamps have been delighted for several years now. Well done, what can I say.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *