Classification of attacks and cyber security requirements for the QRNG web resource

Authors

DOI:

https://doi.org/10.30837/rt.2025.1.220.04

Keywords:

attack, cybersecurity, extractor, quantum cryptography, AI monitoring system, Quantum Random Number Generator

Abstract

Web services of quantum random number generators (QRNG) open new opportunities for enhancing the resilience of cryptographic systems due to their ability to generate true random numbers based on quantum effects. Unlike pseudo-random number generators (PRNG), the QRNG ensures a high level of unpredictability in output data, making them critical components in modern security systems. However, their implementation is accompanied by significant challenges, particularly due to potential attacks at the software level and during integration with hardware infrastructure.

At the software level, major threats include attacks on cryptographic libraries, substitution or manipulation of runtime output data, and side-channel attacks exploiting information leaks from physical number generation processes. At the hardware level, risks arise from equipment defects, failures in integration processes, or improper operation of the QRNG in combination with other systems.

This study provides a classification of the main types of attacks on QRNG web services, presents an analysis of existing attacks, and introduces modern approaches to their prevention. Among the key solutions are the certification of the QRNG during development and deployment, multi-factor verification of output data to ensure unpredictability, and the use of monitoring systems with artificial intelligence algorithms for anomaly detection. Special attention is given to hybrid protection methods that combine the QRNG with quantum key distribution (QKD) and post-quantum cryptographic algorithms, allowing for the mitigation of risks from both classical and quantum attacks.

Thus, a comprehensive combination of software and hardware security methods will enhance the reliability of QRNG and their resilience to modern threats. Further research should focus on the implementation of unified standards for QRNG and the optimization of their integration into existing cryptographic systems.

References

Blanco-Romero J., Lorenzo V., & Almenares F. Evaluating integration methods of a quantum random number generator in OpenSSL for TLS // Computer Networks. 2024. Vol 255, article №110877. doi:10.1016/j.comnet.2024.110877

Henry Elizabeth. (2024). The Role of Quantum Random Number Generation in Enhancing Encryption Secu-rity. SSRN, doi:10.2139/ssrn.4966139

Regazzoni F., et al. (2021). A high speed integrated quantum random number generator with on-chip real-time randomness extraction. doi:10.48550/arXiv.2102.06238

Bishwas A. K., & Sen M. (2024). Strategic Roadmap for Quantum-Resistant Security: A Framework for Pre-paring Industries for the Quantum Threat. doi:10.48550/arXiv.2411.09995

Pedone I., et al. (2021). Toward a complete software stack to integrate quantum key distribution in a cloud en-vironment // IEEE Access. doi:10.1109/ACCESS.2021.3102313

Adetifa, O. E. Comparative Analysis and Applications of Quantum Random Number Generators: Evaluating Efficiency, Statistical Properties, and Real-world Use Cases // Morgan State University. ProQuest Dissertations & The-ses, 2024. 31141646. link https://www.proquest.com/openview/0e228ff803da898521302a83a2d3b7d4 preview lang Eng

Mehmood A., et al. (2024). Advances and vulnerabilities in modern cryptographic techniques // IEEE Access. doi:10.1109/ACCESS.2024.3367232

Huang L., et al. A practical hybrid quantum-safe cryptography scheme between data centers // Proceedings Volume 11540, Emerging Imaging and Sensing Technologies for Security and Defence V; and Advanced Manufactur-ing Technologies for Micro- and Nanosystems in Security and Defence III; 1154008. 2020. doi:10.1117/12.2573558

Cherbal S., Zier A., Hebal S. et al. Security in internet of things: a review on approaches based on blockchain, machine learning, cryptography, and quantum computing // J. Supercomput. 2024. Vol. 80. P. 3738–3816. doi:10.1007/s11227-023-05616-2

Downloads

Published

2025-04-10

How to Cite

Morhul, D., Nariezhnii, O., & Hrinenko, T. (2025). Classification of attacks and cyber security requirements for the QRNG web resource. Radiotekhnika, (220), 50–57. https://doi.org/10.30837/rt.2025.1.220.04

Issue

No. 220 (2025): Radiotekhnika

Section

Articles

License

Authors who publish with this journal agree to the following terms:

1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).