Stealth entropy collection

摘要

In a computing system environment, methods and apparatus include tapping a plurality of connected computing devices and distilling small amounts of entropy from each, concentrating the entropy so collected, and performing all in a stealth or surreptitious fashion relative to the providers of the entropy. In this manner: the potential supply of entropy on a networked computing device is greatly expanded; the potential for entropy-related denial-of-service attacks in Linux systems is reduced; no significant extra processing burden on participating computing devices is required; and enlisting entropy-providing computing devices (including or not naïve applications) in entropy exchanges occurs unobtrusively. Representative particular environments include web servers, including servlet filters, and clients engaged in http sessions; Java virtual machines; network interface cards in promiscuous mode analyzing packets; and other. Computer program products for devices to realize the foregoing are also intended.

主权项

1. In a computing system environment having more than one computing device arranged together for other than collection of entropy data, a method of surreptitiously gathering entropy data, comprising:
placing a network interface card (NIC) of one computing device of the more than one computing devices in a promiscuous mode; by the NIC, receiving any current packet coming to the NIC from another computing device of the more than one computing devices; by a logic component in the NIC, unbeknownst to the packet or a sender of the packet analyzing the current packets for entropy data regardless of whether the one or another computing devices ever earlier communicated while the one computing device provides an expected response to the another computing device of the more than one computing devices; and extracting and buffering said entropy data for entropy data use.