are you feeling lucky? - rainfocus · 2019-06-27 · photoelectric effect quant-lab registerless...

© Copyright Azul Systems 2017


@azulsystems

Are you Feeling Lucky? Casino Gaming, Java, and IoT

Matt SchuetzeAzul Director of Product Management

10/8/20171

JavaOne 2017

San Francisco, California

mailto:@azulsystems

mailto:@azulsystems

http://www.azulsystems.com


About me: Matt Schuetze▪ Product Management Director

at Azul Systems

▪ Wrestle Zing and Zulu

requirements

▪ Push Azul product launches

▪ Azul alternate on JCP exec

committee

▪ Lead organizer of Detroit JUG

▪ Heroic Friend of Duke

▪ Stand on Shoulders of Giants

10/8/20172


Common Picture of IoT

10/8/20173

Sensor /

Actuator

Gateways /

Appliances

Backend

Services

Front Back|


Azul Work in IoT (all Java)

Smart

Sensor

IoT Comm.

Framework

Application

Framework

Sensor

IoT Comm.

Framework

Application

Framework

Gateways /

Appliances

IoT Comm.

Framework

Application

Framework

IoT Comm.

& Mgmt

Proxy

Comm. Mgmt

Protocol Handlers

Message Router

Message Cache

API Gateway

API & Web Services

Security

Netw

ork

Fir

ew

all

Intr

an

et

Fir

ew

all

Device Identity &

Access Mgmt

Identity Directory/Database

Device Access Management

Device Identity Management

Devices Mgmt

Resource Registry

Message Hub

Application Provisioning

Management Console

Data Routing &

Analysis

Distributed Data Grid

Complex Event Processing

Big Data

Big Data Store

Data Aggregator

Key Value DB

Cassandra

Database

RDBMS

Business

Intelligence

Performance

Management

Alerts, Dashboards

& Reports

Advanced Analysis

& Data Science

Tools

Data & Knowledge

Discovery Tools

Enterprise

IntegrationComplex applications

integration

Datacenter

ManagementServer Management

& Monitoring

Data

ba

se F

irew

all

Cap

illa

ry N

etw

ork

s

Zulu

Embedded

Zulu

Zing /

Zulu

Zing

Zulu / Zing

Zulu

Zing

Zulu / Zing

Zulu / Zing


Are You Feeling Lucky?

▪Casinos and Gaming

▪Luck vs Chance vs Fairness

▪Random Numbers in Java

▪Entropy: The Second Law

▪Role of Hardware

▪Real World Impact on IoT10/8/20175


Casino Games!

Excellent example of fun

software projects


Casinos

▪ Java footprint today

▪World wide business

▪Online casinos

▪Player vs Coder

▪Can (Does) the House cheat?

10/8/20177


Games in Code

▪Blackjack

▪Craps

▪Roulette

▪Slots

▪Poker

10/8/20178


Probabilities

▪1 in 52

▪1 in 38

▪1 in 6

▪1 in 6 x 1 in 6

▪Ever present house advantage

10/8/20179


Random Selection

▪ In card decks it is the shuffle

▪ In dice it is the roll

▪ In wheels is it the spin (+ marble)

▪All physical sources of

randomization (aka entropy)

▪Predictable outcomes aren’t “fair”10/8/201710


Wikipedia

▪ Unpredictable random numbers were first investigated in

the context of gambling, and many randomizing devices such

as dice, shuffling playing cards, and roulette wheels, were

first developed for such use.

▪ Fairly produced random numbers are vital to electronic

gambling and ways of creating them are sometimes

regulated by governmental gaming commissions.

10/8/201711

https://en.wikipedia.org/wiki/Gambling

https://en.wikipedia.org/wiki/Dice

https://en.wikipedia.org/wiki/Shuffling_playing_cards

https://en.wikipedia.org/wiki/Roulette


Java Code Examples

Closer look at shuffles, dice rolls


Card Shuffle

10/8/201713

public static void shuffle(int card[], int n)

{

Random rand = new Random();

for (int i = 0; i < n; i++)

{

// Random for remaining positions.

int r = i + rand.nextInt(52 - i);

//swapping the elements

int temp = card[r];

card[r] = card[i];

card[i] = temp;

}

}


Card Shuffle (via Collections)

10/8/201714

import java.util.ArrayList;

import java.util.Collections;

public class Test {

private static final int DECK_SIZE = 52;

public static void main(String args[]) {

ArrayList<Integer> deck = new ArrayList<Integer>();

for (int i = 0; i < DECK_SIZE; ++i) {

deck.add(i);

}

Collections.shuffle(deck);

System.out.println(deck);

}

}


Dice Roll

10/8/201715

import java.util.Random;

public class RollTheDice {

public static void main(String[] args) {

Random diceRoller = new Random();

int die1; // The number on the first die.

int die2; // The number on the second die.

int roll; // The total roll (sum of the two dice).

die1 = diceRoller.nextInt(6) + 1;


roll = die1 + die2;

System.out.println("The first die comes up " + die1);

System.out.println("The second die comes up " + die2);

System.out.println("Your total roll is " + roll);

} // end main()

} // end class


Quantify Randomness

And why software alone falls short


Random Behavior is Noisy

▪Highly disordered state == noisy

▪Analog circuits always have noise

▪Digital circuits always reject noise

▪All software rides digital circuits

▪Measure of disorder is entropy

(randomness) in units of bits10/8/201717


Entropy

Origin Story


On Shoulders of Giants

10/8/201719

Albert Einstein Sadi Carnot Ludwig Boltzmann Claude Shannon

Brownian Motion

Proves Temperature

Proves Losses

from Heat into Work

Loss Proven as

Randomness

Information “loss” is

Useful: Uncertainty


Second Law of Thermodynamics

▪ Entropy is always increasing

▪ Generally the whole universe tends

towards randomness

▪ Digital circuits (often) don’t have

enough randomness

▪ In software, it takes extra entropy to

widen random chances10/8/201720


Not just Games

▪High-quality random numbers, through entropy,

can be used with scientific, gambling and lottery

applications.

▪They can improve the performance, security and

reliability of servers.

▪ In Java, RNGs gird the Java Cryptography

Architecture, used in all secure communications.

▪Secure means: encrypted messages appear to be

indistinguishable from random characters.10/8/201721


Where to get Entropy?

Hint: Java gets it from the underlying OS.


Random Selection

▪ jre/lib/security/java.security

▪ securerandom.source=file:/dev/random

▪ /dev/random

▪ /dev/urandom

▪eg. You can plug in another RNG

10/8/201723


Software Entropy Sources

▪ How to get more entropy, sort of…

▪ XORShift generator

▪ Numerical Recipes random number

generator

▪ NetRandom Quantum Entropy-as-a-Service

10/8/201724

http://www.javamex.com/tutorials/random_numbers/xorshift.shtml

http://www.javamex.com/tutorials/random_numbers/numerical_recipes.shtml


Physical Entropy Source 1

10/8/201725

Lava LampEntropy via Thermal

Pros:

▪ Chaotic non-linear

process

▪

Cons:

▪ Prone to spills

▪ Hot to touch

▪ Bulky for IoT



10/8/201726

BananaEntropy by Radioactivity

Pros:

▪ Potassium K-40

▪ Average half life is

1.2B years

▪ Emits beta particles

Cons:

▪ Need a Geiger counter

▪ Peels are slippery



10/8/201727

Brazil NutEntropy by Radioactivity

Pros:

▪ Radium Ra-226

▪ Average half life is

1.6k years

▪ Emits alpha particles

Cons:

▪ Need a Geiger counter

▪ Vents Radon gas


Hardware Entropy Sources

10/8/201728

Operating principle ManufacturerAnalog-to-Digital converter noise Flying Stone TechnologyAtmospheric noise GenericAvalanche diode Moonbase OtagoBeam splitter ID Quantique SA, QuintessenceLabsJohnson–Nyquist noise Intel, LETech, WaywardGeek

Mix of Shot noise, Johnson–Nyquist noise, Flicker noise, and some Electromagnetic interference

BitBabbler

Photoelectric effect Quant-LabRegisterless Linear Feedback Shift Registers KidekinReverse biased semiconductor junction Araneus Information Systems Oy, Altus Metrum,

TectroLabs, ubld.it, Simtec Electronics

Shot noise Comscire, TRNG98Photon Bunching Whitewood

Eg. device uses typically a thermal- or quantum- realm

phenomenon, often housed in a portable USB stick. Perfect for IoT!


Java Code Refactored

Improving shuffles, dice rolls


Card Shuffle

10/8/201730

public static void shuffle(int card[], int n)

{

Random rand = new SecureRandom();

for (int i = 0; i < n; i++)

{

// Random for remaining positions.

int r = i + rand.nextInt(52 - i);

//swapping the elements

int temp = card[r];

card[r] = card[i];

card[i] = temp;

}

}


Card Shuffle (via Collections)

10/8/201731

import java.util.ArrayList;

import java.util.Collections;

public class Test {

private static final int DECK_SIZE = 52;

public static void main(String args[]) {

ArrayList<Integer> deck = new ArrayList<Integer>();

for (int i = 0; i < DECK_SIZE; ++i) {

deck.add(i);

}

Collections.shuffle(deck, new SecureRandom() );

System.out.println(deck);

}

}


Dice Roll

10/8/201732

import java.util.Random;

public class RollTheDice {

public static void main(String[] args) {

Random diceRoller = new SecureRandom();

int die1; // The number on the first die.

int die2; // The number on the second die.

int roll; // The total roll (sum of the two dice).



roll = die1 + die2;

System.out.println("The first die comes up " + die1);

System.out.println("The second die comes up " + die2);

System.out.println("Your total roll is " + roll);

} // end main()

} // end class


Probabilities cast as Entropy

▪1 in 6 2.58 bits entropy



▪You want more bits entropy (~2x)

than bits in your password cipher10/8/201733


Conclusion and Q&A

Parting thoughts.


Why I care about this: Java▪ WORA via Java is crucial for IoT

▪ I get asked about details on Java security in nearly every commercial procurement at Azul.

▪ Azul offers Zing, Zulu, and Zulu Embedded, all of which deliver the JCA cryptography provider implementations.

▪ I led the effort for Azul to provide its own Java Cryptography Extension policy JAR implementation called Zulu Cryptography Extension Kit (Zulu “CEK”)

▪ Thus, I sweat these details vocationally.

Another Giant


Why I care: IoT and Games▪ I built the Wheel of Java marketing

display to demonstrate Zulu Embedded.

▪ 1.0 version at Embedded World in

Germany criticized as “unfair”

▪ Wheel 1.0 was terribly imbalanced, thus

predictable!

▪ Visit booth #6213 to see the balanced,

fair, and unpredictable version 2.0.

▪ 3.58 bits of entropy per spin.


Why I care: Fairness▪ Are Online Casino Games

Rigged?

▪ As much as this question bothers numerous new and experienced players, online casinos are not rigged, or fixed. A casino being rigged means its operations are outside the laws of probability.

▪ It's actually near-impossible to rig online casino games because of the integrity of the software used. Reputable casinos use software integrated with Random Number Generator (RNG)technology and they are audited regularly.


Why I care: Casinos▪ I want their business! $51B in 2018

▪ Casino floor machines running Zulu Embedded a superior IoT use case.

▪ Online action and realtime gaming using Zing removes game lag.

▪ BestOnlineCasinos.com lists live Java-based sites plus the benefits of Java in gaming

▪ CasinoTopsOnline lists leading online gaming software developers: Microgaming, Playtech, NetEnt and Realtime Gaming.


Conclusion▪ IoT, cryptography, and game play all rely on entropy to

achieve security, unpredictability, and fairness.

▪ JCA cryptography providers use the underlying OS to gather entropy and provide stream of random numbers.

▪ SecureRandom() self-seeds computation of random distributions.

▪ You must add hardware random numbers generators for inexhaustible entropy pools.

with


Further Review

▪ RFC on Random tools.ietf.org/html/rfc4086Number Sources:

▪ Basics of Entropy: blogs.cisco.com/security

/on_information_entropy

▪ Azul: azul.com

▪ @schuetzematt

mailto:@azulsystems

are you feeling lucky? - rainfocus · 2019-06-27 · photoelectric effect quant-lab registerless...

Documents