Randomly Failed! The State of Randomness in Current Java Implementations

Michaelis, Kai; Meyer, Christopher; Schwenk, Jörg

doi:10.1007/978-3-642-36095-4_9

Cited by 33 publications

(17 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Thousands of these weak keys are still being used in the Internet [2]. Another example is a recent major flaw in the random number generator of Android devices [3], resulted in considerable insecurities such as a private-key disclosure vulnerability in Bitcoin clients [4].…”

Section: Introductionmentioning

confidence: 99%

Random data and key generation evaluation of some commercial tokens and smart cards

Boorghany

Sarmadi

Yousefi

et al. 2014

2014 11th International ISC Conference on Information Security and Cryptology

View full text Add to dashboard Cite

In this paper, we report our evaluation of the strength of random number generator and RSA key-pair generator of some commercially available 1 constrained hardware modules, i.e., tokens and smart cards. That was motivated after recent related attacks to RSA public keys, which are generated by constrained network devices and smart cards, and turned out to be insecure due to low-quality randomness. Those attacks are mostly computing pair-wise GCD between the moduli in public keys, and resulted in breaking several thousands of these keys. Our results show that most of the tested hardware modules behave well. However, some have abnormal or weak random generators which seem to be unsuitable for cryptographic purposes. Moreover, another hardware module, in some rare circumstances, unexpectedly generates moduli which are divisible by very small prime factors.

show abstract

Section: Introductionmentioning

confidence: 99%

Random data and key generation evaluation of some commercial tokens and smart cards

Boorghany

Sarmadi

Yousefi

et al. 2014

2014 11th International ISC Conference on Information Security and Cryptology

View full text Add to dashboard Cite

show abstract

“…In addition, the Bitcoin wallet was attacked in the elliptic curve digital signature algorithm (ECDSA) process because the Java-based RNG (SecureRandom class) is vulnerable [9]. Recoverable random numbers were also leveraged in a backdoor in the international standard of the dual elliptic curve deterministic random bit generator (Dual EC DRBG) [10].…”

Section: Introductionmentioning

confidence: 99%

Recoverable Random Numbers in an Internet of Things Operating System

Yoo

Kang

Yeom

2017

Entropy

View full text Add to dashboard Cite

Over the past decade, several security issues with Linux Random Number Generator (LRNG) on PCs and Androids have emerged. The main problem involves the process of entropy harvesting, particularly at boot time. An entropy source in the input pool of LRNG is not transferred into the non-blocking output pool if the entropy counter of the input pool is less than 192 bits out of 4098 bits. Because the entropy estimation of LRNG is highly conservative, the process may require more than one minute for starting the transfer. Furthermore, the design principle of the estimation algorithm is not only heuristic but also unclear. Recently, Google released an Internet of Things (IoT) operating system called Brillo based on the Linux kernel. We analyze the behavior of the random number generator in Brillo, which inherits that of LRNG. In the results, we identify two features that enable recovery of random numbers. With these features, we demonstrate that random numbers of 700 bytes at boot time can be recovered with the success probability of 90% by using time complexity for 5.20 × 2 40 trials. Therefore, the entropy of random numbers of 700 bytes is merely about 43 bits. Since the initial random numbers are supposed to be used for sensitive security parameters, such as stack canary and key derivation, our observation can be applied to practical attacks against cryptosystem.

show abstract

“…Unfortunately, random number generators (RNGs) used to provide this randomness often fail in practice [17,19,21,22,13,1,16,27]. This is due to issues including poor algorithmic design, software bugs, insufficient or poor estimation of system entropy, and the handling of randomness across virtual machine resets [29].…”

Section: Introductionmentioning

confidence: 99%

Related Randomness Attacks for Public Key Encryption

Paterson

Schuldt

Sibborn

2014

Public-Key Cryptography – PKC 2014

View full text Add to dashboard Cite

Abstract. Several recent and high-profile incidents give cause to believe that randomness failures of various kinds are endemic in deployed cryptographic systems. In the face of this, it behoves cryptographic researchers to develop methods to immunise -to the extent that it is possible -cryptographic schemes against such failures. This paper considers the practically-motivated situation where an adversary is able to force a public key encryption scheme to reuse random values, and functions of those values, in encryption computations involving adversarially chosen public keys and messages. It presents a security model appropriate to this situation, along with variants of this model. It also provides necessary conditions on the set of functions used in order to attain this security notation, and demonstrates that these conditions are also sufficient in the Random Oracle Model. Further standard model constructions achieving weaker security notions are also given, with these constructions having interesting connections to other primitives including: pseudo-random functions that are secure in the related key attack setting; Correlated Input Secure hash functions; and public key encryption schemes that are secure in the auxiliary input setting (this being a special type of leakage resilience).

show abstract

Randomly Failed! The State of Randomness in Current Java Implementations

Cited by 33 publications

References 7 publications

Random data and key generation evaluation of some commercial tokens and smart cards

Random data and key generation evaluation of some commercial tokens and smart cards

Recoverable Random Numbers in an Internet of Things Operating System

Related Randomness Attacks for Public Key Encryption

Contact Info

Product

Resources

About