At its headquarters in San Francisco, technology firm Cloudflare chose to assign a different function to lava lamps. This modern Internet giant is a DNS provider that works to manage and secure millions of domain names of websites. Based on information provided by the site analysis W3Tech, an estimated 6 to 10% of global HTTP and HTTPS requests pass through the secure channel technology company, a huge data flows that should definitely be protected, especially against denial of service attacks (DDoS) like the one that knocked down the DNS provider Dyn in 2016.
Cloudflare has, therefore, opted for a proven data security technique: encryption. And that’s where the famous lava lamps in the lobby of his office come in. In a recent blog post, the company has detailed the importance of these lamps in the data protection system. Contrary to appearances, its wall of lava lamps is an integral part of an elaborate encryption system that ensures the protection of a significant part of global Internet traffic.
Cryptography techniques are used to generate random and secret series of numbers so that an opponent can never guess them. But according to Cloudflare, the random generation of these numbers would not be enough to guarantee optimal data security. From the point of view of society, what cryptographers would need most is a factor of “unpredictability,” which alone can ensure an optimal level of security encryption.
For unpredictable sequels, computer security firms typically have two options. The first is to use completely unpredictable physical processes that take a long time to measure, for example, accurately measuring the temperature of a processor at a specific time. The second is through the use of pseudorandom number generation algorithms (CSPRNGs). They can generate large numbers of random numbers very quickly if they are “connected” to a truly unpredictable source.
The ideal would seem to be to set up a system that combines the speed of the second solution with the best security guarantees provided by the first solution. Better still, a system could be created that would provide a CSPRNG with a variety of unpredictable sources.
The system called LavaRand operated by CloudFlare was designed by Silicon Graphics and patented in 1996. The lamps unpredictably produce wax bubbles. In parallel, a camera installed in the corner of the room records the scene, and the images are transformed into “a stream of random and unpredictable bits,” which are then provided to the pseudo-random generator. The latter in turn generates large numbers of numbers to encrypt the data traffic eventually.
CloudFlare has a variety of physical systems to produce tamper-proof keys in offices around the world. Its office in London has a “chaotic clock,” and the Singapore office bases its encryption on a radioactive source. For simplicity, we can say that the company uses in its premises in San Francisco an algorithm, a camera, and a hundred lava lamps to generate random encryption keys.
LavaRand and other Cloudflare DIY systems (Do It Yourself) are currently only used as a last resort, in case, for example, the company’s main server-based encryption system, based on Linux, would be compromised. This initiative at least has the merit of reminding us that it is important to maintain innovation in encryption systems at a time when algorithms alone no longer seem to be sufficient. “Hopefully we’ll never need it,” the company said in its blog post.