“Lava Lamps”
Photo Courtesy of CloudFlare showing an image of their lava lamp wall.
By Scott Hamilton
Do you know that there are several ancient technologies still in use today? This week I came across a strange one. It’s not really that ancient, but in terms of computer science it definitively falls within the category of antique. The really interesting part to me is that this particular antique is in use at one of the world’s leading providers of Internet services. Cloudflare runs a very high percentage of domain name services and website encryption services on a global scale and has taken a very unique approach to cryptography. They are using lava lamps to generate the random number sequences needed for strong cryptography.
First I think you need to understand a little bit about how cryptographic services work on the Internet to protect your data. Most services, including those provided by Cloudflare, utilize public key-based encryption. This works by utilizing a lot of random number sequences along with timestamps.
The first place a random number generator comes into play is in the generation of the private/public key pairs. Each unique entity on the internet requires both a private and public key in order to share encrypted and secure data. When you request a private key there is a server somewhere that takes a set of information from you and a random seed value to generate a random sequence of numbers that is guaranteed unique by the embedded personal data. This is your private key, which only you get to keep; the server deletes this key immediately. Your computer then uses this secret private key to generate a unique public key.
When you want to share private information with another user or computer on the web you each trade public keys. Once you have the other person’s public key you each send a message encrypted using both your key and theirs which contains a random encryption sequence only good for this message session. It can only be decrypted by using your private key in combination with their public key, meaning only the two people involved can read the handshake message sharing the session encryption method.
You see, now there are five places where this random number is needed. Once for making a private key, once for making a public key, twice during the handshake process and a final time in generating the session encryption keys. The more entropy in the random number generator, the more secure the encryption becomes. Entropy is defined as the lack of order or predictability. Unfortunately most computer-based random number generators do not have enough entropy and a majority of recent security related issues online are a result of predictability in the encryption algorithms. Cloudflare hopes to increase the entropy of their random number generator by utilizing a natural random system.
How they use lava lamps to achieve their goal is really quite simple. They point a very high resolution camera at a wall of lava lamps and use the image as the input seed for the random number generator. Most random number generators use things like the current time on the system and the value of various temperature sensors on the computer, which can become fairly predictable over time. If you have ever watched a lava lamp, you never know what is going to happen and scientists have attempted to simulate them for years in computer-based models in hopes of improving fluid mechanics simulations. They have yet to be successful because digital electronics lack the entropy to simulate even a single lava lamp, and Cloudflare uses a few hundred of them in their data center random number wall.
In order to increase the entropy even more, Cloudflare invites visitors to come and observe the wall, which impacts environmental conditions in the room, changing the behavior of the lamps. I personally find this to be both a fascinating use of lava lamps and an ingenious way of generating random numbers. Kudos to the engineers at Cloudflare. Until next week, stay safe and learn something new.
Scott Hamilton is an Expert in Emerging Technologies at ATOS and can be reached with questions and comments via email to shamilton@techshepherd.org or through his website at https://www.techshepherd.org.
