Green Entropy
White Paper
international Think-tank Community (iTC)
April 1st, 2019
Green Entropy
Tasked with consideration of ways and means to reduce the carbon footprint of IT security; after a year of deliberation the iTC have produced the following summary of their report. The full report is available on request to itc@green-entropy.org
Research has shown that much effort has recently been expended on reducing the energy needs and increasing the efficiency of data centers [1]. Similarly, much work has been performed and reported in regard to reducing the carbon footprint of I.T. workers and developers [2].
Many customers of IT security testing laboratories encourage and even require demonstration of the measures employed by laboratories in support of this endeavor, and often cite ISO/IEC 14001 [3] as an appropriate standard supporting the management of such activities.
Accordingly, the iTC team decided to concentrate their work on other, more fundamental aspects of the problem. Starting with the technology underlying the operation and security of every technology from embedded systems, through to the towering cumulus nimbi of I.T., Big Data and cloud technologies.
Every computer system needs to provision random numbers. Random numbers are extensively used in cryptographic functions as well as in the gaming industry, the quality of the random numbers needs to be sufficient for the purpose; quality factors include having sufficient entropy, timeliness and an element of surprise.
In this paper the iTC provide the following recommendation for green entropy.
Many green entropy sources are available to technologists. These include the number of leaves on a tree (*), the quantity of fish passing a data-center window, the number of steps one walks in a day, temperature jitter, and the sun-rising/-setting time in nanoseconds.
These naturally existing but not easily predictable numbers in our environment can be represented in binary form and the few Least Significant Bits (LSBs) of their binary representations may be used as entropy sources.
The iTC has approached the leading IT security testing laboratory, atsec information security who have confirmed that they are eager to analyze the newly recommended green entropy sources for the compliance of NIST SP 800-90B [4].
_______________________________________________________
(*) For many trees this is applicable for only part of the year.
References
[1] Under the sea, Microsoft tests a datacenter that’s quick to deploy, could provide internet connectivity for years. June 5, 2018: Accessed March 24, 2019.
https://news.microsoft.com/features/under-the-sea-microsoft-tests-a-datacenter-thats-quick-to-deploy-could-provide-internet-connectivity-for-years/
https://news.microsoft.com/features/under-the-sea-microsoft-tests-a-datacenter-thats-quick-to-deploy-could-provide-internet-connectivity-for-years/
[2] Green Office, Ways to Reduce Carbon Footprint, Tony Ellison. February 22, 2017: Accessed March 24, 2019.
https://www.business.com/articles/green-office-ways-to-reduce-carbon-footprint/
https://www.business.com/articles/green-office-ways-to-reduce-carbon-footprint/
[3] ISO/IEC 14001:2015, ISO. Available from all good standard stores.
[4] SP 800-90B: Recommendation for the Entropy Sources Used for Random Bit Generation, NIST. January, 2018: Accessed March 24, 2019.
https://csrc.nist.gov/publications/detail/sp/800-90b/final
https://csrc.nist.gov/publications/detail/sp/800-90b/final
No comments:
Post a Comment
Comments are moderated with the goal of reducing spam. This means that there may be a delay before your comment shows up.