Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/association-for-computing-machinery/the-challenges-of-iot-tls-and-random-number-generators-in-the-real-g48As7UQcQ
References (31)
-
N. Heninger, Z. Durumeric, Eric Wustrow, Alex Halderman (2012)
Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices -
Breitner, J., Heninger, N. (2019)
Biased nonce sense: lattice attacks against weak ECDSA signatures in cryptocurrencies23rd International Conference on Financial Cryptography and Data Security
-
(2021)
Deprecate CyaSSL library #151 -
Bernstein, D.J., Lange, T., Niederhagen, R. (2016)
Dual EC: a standardized back doorLecture Notes in Computer Science Essays
-
A. Lenstra, James Hughes, Maxime Augier, Joppe Bos, T. Kleinjung, Christophe Wachter (2012)
Public Keys -
(2012)
Flaw found in an online encryption method -
Barker, E.B., Kelsey, J.M. (2007)
Recommendation for random number generation using deterministic random bit generators (revised)U.S. Department of Commerce
-
(2021)
The scandalous history of the last rotor cipher machine -
N. Courtois, Daniel Hulme, K. Hussain, J. Gawinecki, M. Grajek (2013)
On Bad Randomness and Cloning of Contactless Payment and Building Smart Cards2013 IEEE Security and Privacy Workshops
-
P. Flajolet, A. Odlyzko (1990)
Random Mapping Statistics -
D. Bernstein, T. Lange, R. Niederhagen (2015)
Dual EC: A Standardized Back DoorIACR Cryptol. ePrint Arch., 2015
-
F. Brooks (1974)
The mythical man-month" essays on software engineering, addison-wesley -
(2019)
TLS fingerprinting with JA3 and JA3S. Salesforce Engineering; https://engineering. salesforce.com/ tls-fingerprinting-with-ja3-andja3s-247362855967 -
L. Owens (1996)
The mythical man-month: Essays on software engineeringIEEE Annals of the History of Computing, 18
-
(2007)
TLS fingerprinting with JA 3 and JA 3 S -
Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C. (2012)
Public keysProceedings of the 32nd Annual Conference on Advances in Cryptology
-
Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic (2016)
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLSIACR Cryptol. ePrint Arch., 2016
-
Joachim Breitner, N. Heninger (2019)
Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in CryptocurrenciesIACR Cryptol. ePrint Arch., 2019
-
Jonathan Kilgallin, Ross Vasko (2019)
Factoring RSA Keys in the IoT Era2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)
-
Brian LaMacchia, K. Lauter, Anton Mityagin (2006)
Stronger Security of Authenticated Key ExchangeIACR Cryptol. ePrint Arch., 2006
-
W. Diffie, M. Hellman (1976)
New Directions in CryptographyDemocratizing Cryptography
-
W. Diffie, P. Oorschot, M. Wiener (1992)
Authentication and authenticated key exchangesDesigns, Codes and Cryptography, 2
-
Diffie, W., Van Oorschot, P.C. Wiener, M.J. (1992)
Authentication and authenticated key exchangesDesigns, 2
-
Flajolet, P., Odlyzko, A.M. (1989)
Random mapping statisticsProceedings of the Workshop on the Theory and Application of Cryptographic Techniques
-
James Hughes (2021)
BadRandom: The effect and mitigations for low entropy random numbers in TLS -
Böck, H., Zauner, A., Devlin, S., Somorovsky, J., Jovanovic, P. (2016)
Nonce-disrespecting adversaries: practical forgery attacks on GCM in TLS10th Usenix Workshop on Offensive Technologies; https://www.usenix.org/conference/woot16/workshop-program/presentation/bock.
-
LaMacchia, B., Lauter, K., Mityagin, A. (2007)
Stronger security of authenticated key exchangeInternational Conference on Provable Security
-
Meltem Turan, Elaine Barker, J. Kelsey, K. McKay, Mary Baish, Mike Boyle (2018)
Recommendation for the Entropy Sources Used for Random Bit Generation -
Marcella Hastings, Joshua Fried, N. Heninger (2016)
Weak Keys Remain Widespread in Network DevicesProceedings of the 2016 Internet Measurement Conference
-
Courtois, N.T., Hulme, D., Hussain, K., Gawinecki, J.A., Grajek, M. (2013)
On bad randomness and cloning of contactless payment and building smart cardsProceedings of the IEEE Security and Privacy Workshops. IEEE
-
Hastings, M., Fried, J., Heninger, N. (2016)
Weak keys remain widespread in network devicesProceedings of the Internet Measurement Conference
- Publisher
- Association for Computing Machinery
- Copyright
- Copyright © 2022 Owner/Author
- ISSN
- 1542-7730
- eISSN
- 1542-7749
- DOI
- 10.1145/3546933
- Publisher site
- See Article on Publisher Site
Abstract
Many in the cryptographic community scoff at the mistakes made in implementing RNGs. Many cryptographers and members of the IETF resist the call to make TLS more resilient to this class of failures. This article discusses the history, current state, and fragility of the TLS protocol, and it closes with an example of how to improve the protocol. The goal is not to suggest a solution but to start a dialog to make TLS more resilient by proving that the security of TLS without the assumption of perfect random numbers is possible.
Journal
Queue – Association for Computing Machinery
Published: Jun 30, 2022