© Copyright Azul Systems 2017 © Copyright Azul Systems 2017 @azulsystems Are you Feeling Lucky? Casino Gaming, Java, and IoT Matt Schuetze Azul Director of Product Management 10/9/2017 1 JavaOne 2017 San Francisco, California
© Copyright Azul Systems 2017
© Copyright Azul Systems 2017
@azulsystems
Are you Feeling Lucky? Casino Gaming, Java, and IoT
Matt SchuetzeAzul Director of Product Management
10/9/20171
JavaOne 2017
San Francisco, California
© Copyright Azul Systems 2017
About me: Matt Schuetze▪ Product Management Director
at Azul Systems
▪ Wrestle Zing and Zulu
requirements
▪ Push Azul product launches
▪ Azul alternate on JCP exec committee
▪ Lead organizer of Detroit JUG
▪ Heroic Friend of Duke
▪ Stand on Shoulders of Giants
10/9/20172
© Copyright Azul Systems 2017
Common Picture of IoT
10/9/20173
Sensor / Actuator
Gateways /Appliances
BackendServices
Front Back|
© Copyright Azul Systems 2017
Azul Work in IoT (all Java)
Smart
Sensor
IoT Comm.
Framework
Application
Framework
Sensor
IoT Comm.
Framework
Application
Framework
Gateways /
Appliances
IoT Comm.
Framework
Application
Framework
IoT Comm.
& Mgmt
Proxy
Comm. Mgmt
Protocol Handlers
Message Router
Message Cache
API Gateway
API & Web Services
Security
Netw
ork
Fir
ew
all
Intr
an
et
Fir
ew
all
Device Identity &
Access Mgmt
Identity Directory/Database
Device Access Management
Device Identity Management
Devices Mgmt
Resource Registry
Message Hub
Application Provisioning
Management Console
Data Routing &
Analysis
Distributed Data Grid
Complex Event Processing
Big Data
Big Data Store
Data Aggregator
Key Value DB
Cassandra
Database
RDBMS
Business
Intelligence
Performance
Management
Alerts, Dashboards
& Reports
Advanced Analysis
& Data Science
Tools
Data & Knowledge
Discovery Tools
Enterprise
IntegrationComplex applications
integration
Datacenter
ManagementServer Management
& Monitoring
Data
ba
se F
irew
all
Cap
illa
ry N
etw
ork
s
Zulu
Embedded
Zulu
Zing / Zulu
Zing
Zulu / Zing
Zulu
Zing
Zulu / Zing
Zulu / Zing
© Copyright Azul Systems 2017
Are You Feeling Lucky?
▪Casinos and Gaming
▪Luck vs Chance vs Fairness
▪Random Numbers in Java
▪Entropy: The Second Law
▪Role of Hardware
▪Real World Impact on IoT10/9/20175
© Copyright Azul Systems 2017
Casino Games!
Excellent example of fun software projects
© Copyright Azul Systems 2017
Casinos
▪ Java footprint today
▪World wide business
▪Online casinos
▪Player vs Coder
▪Can (Does) the House cheat?
10/9/20177
© Copyright Azul Systems 2017
Games in Code
▪Blackjack
▪Craps
▪Roulette
▪Slots
▪Poker
10/9/20178
© Copyright Azul Systems 2017
Probabilities
▪1 in 52
▪1 in 38
▪1 in 6
▪1 in 6 x 1 in 6
▪Ever present house advantage
10/9/20179
© Copyright Azul Systems 2017
Random Selection
▪ In card decks it is the shuffle
▪ In dice it is the roll
▪ In wheels is it the spin (+ marble)
▪All physical sources of
randomization (aka entropy)
▪Predictable outcomes aren’t “fair”10/9/201710
© Copyright Azul Systems 2017
Wikipedia▪ Unpredictable random numbers were first investigated in the context of gambling, and many randomizing devices such as dice, shuffling playing cards, and roulette wheels, were
first developed for such use.
▪ Fairly produced random numbers are vital to electronic
gambling and ways of creating them are sometimes regulated by governmental gaming commissions.
10/9/201711
© Copyright Azul Systems 2017
Java Code Examples
Closer look at shuffles, dice rolls
© Copyright Azul Systems 2017
Card Shuffle
10/9/201713
public static void shuffle(int card[], int n)
{
Random rand = new Random();
for (int i = 0; i < n; i++)
{
// Random for remaining positions.
int r = i + rand.nextInt(52 - i);
//swapping the elements
int temp = card[r];
card[r] = card[i];
card[i] = temp;
}
}
© Copyright Azul Systems 2017
Card Shuffle (via Collections)
10/9/201714
import java.util.ArrayList;
import java.util.Collections;
public class Test {
private static final int DECK_SIZE = 52;
public static void main(String args[]) {
ArrayList<Integer> deck = new ArrayList<Integer>();
for (int i = 0; i < DECK_SIZE; ++i) {
deck.add(i);
}
Collections.shuffle(deck);
System.out.println(deck);
}
}
© Copyright Azul Systems 2017
Dice Roll
10/9/201715
import java.util.Random;
public class RollTheDice {
public static void main(String[] args) {
Random diceRoller = new Random();
int die1; // The number on the first die.
int die2; // The number on the second die.
int roll; // The total roll (sum of the two dice).
die1 = diceRoller.nextInt(6) + 1;
die2 = diceRoller.nextInt(6) + 1;
roll = die1 + die2;
System.out.println("The first die comes up " + die1);
System.out.println("The second die comes up " + die2);
System.out.println("Your total roll is " + roll);
} // end main()
} // end class
© Copyright Azul Systems 2017
Quantify Randomness
And why software alone falls short
© Copyright Azul Systems 2017
Random Behavior is Noisy
▪Highly disordered state == noisy
▪Analog circuits always have noise
▪Digital circuits always reject noise
▪All software rides digital circuits
▪Measure of disorder is entropy
(randomness) in units of bits10/9/201717
© Copyright Azul Systems 2017
Entropy
Origin Story
© Copyright Azul Systems 2017
On Shoulders of Giants
10/9/201719
Albert Einstein Sadi Carnot Ludwig Boltzmann Claude Shannon
Brownian Motion
Proves Temperature
Proves Losses
from Heat into Work
Loss Proven as
Randomness
Information “loss” isUseful: Uncertainty
© Copyright Azul Systems 2017
Second Law of Thermodynamics
▪ Entropy is always increasing
▪ Generally the whole universe tends
towards randomness
▪ Digital circuits (often) don’t have enough randomness
▪ In software, it takes extra entropy to widen random chances
10/9/201720
© Copyright Azul Systems 2017
Not just Games
▪High-quality random numbers, through entropy,
can be used with scientific, gambling and lottery
applications.
▪They can improve the performance, security and
reliability of servers.
▪ In Java, RNGs gird the Java Cryptography
Architecture, used in all secure communications.
▪Secure means: encrypted messages appear to be
indistinguishable from random characters.10/9/201721
© Copyright Azul Systems 2017
Where to get Entropy?
Hint: Java gets it from the underlying OS.
© Copyright Azul Systems 2017
Random Selection
▪ jre/lib/security/java.security
▪ securerandom.source=file:/dev/random
▪ /dev/random
▪ /dev/urandom
▪eg. You can plug in another RNG
10/9/201723
© Copyright Azul Systems 2017
Software Entropy Sources
▪ How to get more entropy, sort of…▪ XORShift generator
▪ Numerical Recipes random number generator
▪ NetRandom Quantum Entropy-as-a-Service
10/9/201724
© Copyright Azul Systems 2017
Physical Entropy Source 1
10/9/201725
Lava LampEntropy via Thermal
Pros:
▪ Chaotic non-linear
process
▪Cons:
▪ Prone to spills
▪ Hot to touch
▪ Bulky for IoT
© Copyright Azul Systems 2017
Physical Entropy Source 2
10/9/201726
BananaEntropy by Radioactivity
Pros:
▪ Potassium K-40
▪ Average half life is
1.2B years
▪ Emits beta particles
Cons:
▪ Need a Geiger counter
▪ Peels are slippery
© Copyright Azul Systems 2017
Physical Entropy Source 3
10/9/201727
Brazil NutEntropy by Radioactivity
Pros:
▪ Radium Ra-226
▪ Average half life is
1.6k years
▪ Emits alpha particles
Cons:
▪ Need a Geiger counter
▪ Vents Radon gas
© Copyright Azul Systems 2017
Hardware Entropy Sources
10/9/201728
Operating principle ManufacturerAnalog-to-Digital converter noise Flying Stone Technology
Atmospheric noise Generic
Avalanche diode Moonbase Otago
Beam splitter ID Quantique SA, QuintessenceLabs
Johnson–Nyquist noise Intel, LETech, WaywardGeek
Mix of Shot noise, Johnson–Nyquist noise, Flicker noise,
and some Electromagnetic interference
BitBabbler
Photoelectric effect Quant-Lab
Registerless Linear Feedback Shift Registers Kidekin
Reverse biased semiconductor junction Araneus Information Systems Oy, Altus Metrum,
TectroLabs, ubld.it, Simtec Electronics
Shot noise Comscire, TRNG98
Photon Bunching Whitewood
Eg. device uses typically a thermal- or quantum- realm phenomenon, often housed in a portable USB stick. Perfect for IoT!
© Copyright Azul Systems 2017
Java Code Refactored
Improving shuffles, dice rolls
© Copyright Azul Systems 2017
Card Shuffle
10/9/201730
public static void shuffle(int card[], int n)
{
Random rand = new SecureRandom();
for (int i = 0; i < n; i++)
{
// Random for remaining positions.
int r = i + rand.nextInt(52 - i);
//swapping the elements
int temp = card[r];
card[r] = card[i];
card[i] = temp;
}
}
© Copyright Azul Systems 2017
Card Shuffle (via Collections)
10/9/201731
import java.util.ArrayList;
import java.util.Collections;
public class Test {
private static final int DECK_SIZE = 52;
public static void main(String args[]) {
ArrayList<Integer> deck = new ArrayList<Integer>();
for (int i = 0; i < DECK_SIZE; ++i) {
deck.add(i);
}
Collections.shuffle(deck, new SecureRandom() );
System.out.println(deck);
}
}
© Copyright Azul Systems 2017
Dice Roll
10/9/201732
import java.util.Random;
public class RollTheDice {
public static void main(String[] args) {
Random diceRoller = new SecureRandom();
int die1; // The number on the first die.
int die2; // The number on the second die.
int roll; // The total roll (sum of the two dice).
die1 = diceRoller.nextInt(6) + 1;
die2 = diceRoller.nextInt(6) + 1;
roll = die1 + die2;
System.out.println("The first die comes up " + die1);
System.out.println("The second die comes up " + die2);
System.out.println("Your total roll is " + roll);
} // end main()
} // end class
© Copyright Azul Systems 2017
Probabilities cast as Entropy
▪1 in 6 2.58 bits entropy
▪1 in 38 5.25 bits entropy
▪1 in 52 5.70 bits entropy
▪You want more bits entropy (~2x)
than bits in your password cipher10/9/201733
© Copyright Azul Systems 2017
Conclusion and Q&AParting thoughts.
© Copyright Azul Systems 2017
Why I care about this: Java▪ WORA via Java is crucial for IoT
▪ I get asked about details on Java security in nearly every commercial procurement at Azul.
▪ Azul offers Zing, Zulu, and Zulu Embedded, all of which deliver the JCA cryptography provider implementations.
▪ I led the effort for Azul to provide its own Java Cryptography Extension policy JAR implementation called Zulu Cryptography Extension Kit (Zulu “CEK”)
▪ Thus, I sweat these details vocationally.
Another Giant
© Copyright Azul Systems 2017
Why I care: IoT and Games▪ I built the Wheel of Java marketing
display to demonstrate Zulu Embedded.
▪ 1.0 version at Embedded World in
Germany criticized as “unfair”▪ Wheel 1.0 was terribly imbalanced, thus
predictable!
▪ Visit booth #6213 to see the balanced,
fair, and unpredictable version 2.0.
▪ 3.58 bits of entropy per spin.
© Copyright Azul Systems 2017
Why I care: Fairness▪ Are Online Casino Games
Rigged?▪ As much as this question bothers
numerous new and experienced players, online casinos are not rigged, or fixed. A casino being rigged means its operations are outside the laws of probability.
▪ It's actually near-impossible to rig online casino games because of the integrity of the software used. Reputable casinos use software integrated with Random Number Generator (RNG)technology and they are audited regularly.
© Copyright Azul Systems 2017
Why I care: Casinos▪ I want their business! $51B in 2018
▪ Casino floor machines running Zulu Embedded a superior IoT use case.
▪ Online action and realtime gaming using Zing removes game lag.
▪ BestOnlineCasinos.com lists live Java-based sites plus the benefits of Java in gaming
▪ CasinoTopsOnline lists leading online gaming software developers: Microgaming, Playtech, NetEnt and Realtime Gaming.
© Copyright Azul Systems 2017
Conclusion▪ IoT, cryptography, and game play all rely on entropy to
achieve security, unpredictability, and fairness.
▪ JCA cryptography providers use the underlying OS to gather entropy and provide stream of random numbers.
▪ SecureRandom() self-seeds computation of random distributions.
▪ You must add hardware random numbers generators for inexhaustible entropy pools.
with
© Copyright Azul Systems 2017
Further Review
▪ RFC on Random tools.ietf.org/html/rfc4086Number Sources:
▪ Basics of Entropy: blogs.cisco.com/security/on_information_entropy
▪ Azul: azul.com
▪ @schuetzematt