skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Practical State Recovery Attacks against Legacy RNG Implementations
The ANSI X9.17/X9.31 pseudorandom number generator design was first standardized in 1985, with variants incorporated into numerous cryptographic standards over the next three decades. The design uses timestamps together with a statically keyed block cipher to produce pseudo-random output. It has been known since 1998 that the key must remain secret in order for the output to be secure. However, neither the FIPS 140-2 standardization process nor NIST's later descriptions of the algorithm specified any process for key generation. We performed a systematic study of publicly available FIPS 140- 2 certifications for hundreds of products that implemented the ANSI X9.31 random number generator, and found twelve whose certification documents use of static, hard-coded keys in source code, leaving the implementation vulnerable to an attacker who can learn this key from the source code or binary. In order to demonstrate the practicality of such an attack, we develop a full passive decryption attack against FortiGate VPN gateway products using FortiOS v4 that recovers the private key in seconds. We measure the prevalence of this vulnerability on the visible Internet using active scans, and demonstrate state recovery and full private key recovery in the wild. Our work highlights the extent to which the validation and certification process has failed to provide even modest security guarantees.  more » « less
Award ID(s):
1651344 1801479
PAR ID:
10097174
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
CCS '18 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
Volume:
2018
Page Range / eLocation ID:
265 to 280
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; ; (, Sissa Medialab)
    Hardware random number generators (HRNG) are widely used in the computer world for security purposes as well as in the science world as a source of the high-quality randomness for the models and simulations. Currently existing HRNG are either costly or very slow and of questionable quality. This work proposes a simple design of the HRNG based on the low-number photon absorption by a detector (a photo-multiplier tube of a silicon-based one i.e. SiPM, MPPC, etc.) that can provide a large volume of high-quality random numbers. The prototype design, different options of processing and the testing of quality of the generator output are presented. 
    more » « less
  2. ; (, Public-Key Cryptography – PKC 2023)
    Boldyreva, A.; Kolesnikov, V. (Ed.)
    In recent work, Backendal, Haller, and Paterson identified several exploitable vulnerabilities in the cloud storage provider MEGA. They demonstrated an RSA key recovery attack in which a malicious server could recover a client’s private RSA key after 512 client login attempts. We show how to exploit additional information revealed by MEGA’s protocol vulnerabilities to give an attack that requires only six client logins to recover the secret key. Our optimized attack combines several cryptanalytic techniques. In particular, we formulate and give a solution to a variant of the hidden number problem with small unknown multipliers, which may be of independent interest. We show that our lattice construction for this problem can be used to give improved results for the implicit factorization problem of May and Ritzenhofen. 
    more » « less
  3. (, IEEE communications letters)
    The main design criteria for space-time block codes (STBCs) are the code rate, diversity order, coding gain, and low decoder complexity. In this letter, we propose a full-rate full-diversity STBC for 2 × 2 multiple-input multiple-output (MIMO) systems with a substantially lower maximum likelihood (ML) detection complexity than that of existing schemes. This makes the implementation of high-performance full-rate codes feasible for practical systems. Our numerical evaluation shows that the proposed code achieves significantly lower decoding complexity while maintaining a similar performance compared to that of existing rate-2 STBCs. 
    more » « less
  4. ; ; (, 2nd Conference on Information-Theoretic Cryptography (ITC 2021))
    null (Ed.)
    Fuzzy extractors derive stable keys from noisy sources. They are a fundamental tool for key derivation from biometric sources. This work introduces a new construction, code offset in the exponent. This construction is the first reusable fuzzy extractor that simultaneously supports structured, low entropy distributions with correlated symbols and confidence information. These properties are specifically motivated by the most pertinent applications – key derivation from biometrics and physical unclonable functions – which typically demonstrate low entropy with additional statistical correlations and benefit from extractors that can leverage confidence information for efficiency. Code offset in the exponent is a group encoding of the code offset construction (Juels and Wattenberg, CCS 1999). A random codeword of a linear error-correcting code is used as a one-time pad for a sampled value from the noisy source. Rather than encoding this directly, code offset in the exponent encodes by exponentiation of a generator in a cryptographically strong group. We introduce and characterize a condition on noisy sources that directly translates to security of our construction in the generic group model. Our condition requires the inner product between the source distribution and all vectors in the null space of the code to be unpredictable. 
    more » « less
  5. ; ; (, IEEE Asian Hardware Oriented Security and Trust Symposium)
    The development of hardware intellectual properties (IPs) has faced many challenges due to malicious modifications and piracy. One potential solution to protect IPs against these attacks is to perform a key-based logic locking process that disables the functionality and corrupts the output of the IP when the incorrect key value is applied. However, many attacks on logic locking have been introduced to break the locking mechanism and obtain the key. In this paper, we present SWEEP, a constant propagation attack that exploits the change in characteristics of the IP when a single key-bit value is hard-coded. The attack process starts with analyzing design features that are generated from the synthesis tool and establishes a correlation between these features and the correct key values. In order to perform the attack, the logic locking tool needs to be available. The level of accuracy of the extracted key mainly depends on the type of logic locking approach used to obfuscate the IP. Our attack was applied to ISCAS85, and MCNC benchmarks obfuscated using various logic locking techniques and has obtained an average accuracy of 92.09%. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email