The invention relates to providing isolated entropy elements for a virtual machine. More specifically, the invention relates to a method, entropy element generator, computing system, and computer program product for providing isolated entropy elements for the virtual machine.
In virtualized computing environments, there are only a few sources of entropy, i.e., random numbers, available because there are typically no real timer interrupts and no real devices, and there are isolated networks, which do not show any traffic in virtual machines. Only a few other sources of entropy may be present, if any at all. This may lead to software installation problems, e.g., when a security key has to be created during installation of a virtual machine, as the system may lack sufficient entropy, or the entropy between multiple virtualized operating system images might be too similar to suffice security standards. Sometimes, even installations of operating systems in virtual machines do not succeed since not enough entropy is available, and a necessary host security key cannot be generated. A typical example is a planned Linux operating system installation which requires, during installation, generating random security keys for usage with an ssh daemon, secure shell daemon, for the SSL communication protocol, where SSL is a secure socket layer. Such a protocol may be used for a log-in into a newly installed Linux operating system. However, the installation process may be stopped because the security key based on one or more random numbers cannot be generated.
Various approaches are known in the art to mitigate this problem, which may be a consequence of virtualization efficiency. One approach includes adding sources of pseudo entropy in the virtual machine, such as media access control numbers or available serial numbers. However, typically, this approach may not generate a sufficient amount of entropy, and may provide entropy with limited quality. Moreover, this approach targets embedded devices and may only partially apply to virtualized environments.
Another approach includes forwarding entropy sources from a host computer to a virtual server. This approach uses the entropy generated on the host computer. However, in doing so, this approach introduces additional vulnerabilities. Specifically, in a multi-tenancy environment, e.g., a cloud computing environment provided by an Infrastructure-as-a-Service (IaaS) provider, an attacker may influence the quality of entropy available in the hypervisor, for example, through regularly sending small message packets to influence the interrupts towards known time patterns, or similar attacks. A key generation process that relies on a timing of input/output interrupts may not be 100% predictable. That said, a brute force security attack to a virtual machine using security keys based on such entropy elements may lower the required effort to break into the attacked virtual machine.
A further approach includes using hardware random number generators. However, this approach may be expensive and may depend on availability of respective hardware.
The problem of entropy has been addressed in the art. For instance, U.S. Patent Application Publication No. 2001/0047545 A1 addresses entropy pools for virtual machines. In a host operating system of a computing device, entropy data is collected based at least in part on each of one or more hardware components of the computing device. An entropy pool is updated based at least in part on the collected entropy data, and data from the entropy pool is provided to a guest operating system running as a virtual machine of the computing device. However, this solution leaves vulnerabilities because I/O attacks to a series of already installed virtual machines may lead to a random number generation for an installation for a further virtual machine of another user.