Too important to leave to chance : pseudorandom number generator standardization & security / Shaanan Natanel Cohney.

Format:

Book

Thesis/Dissertation

Author/Creator:

Cohney, Shaanan Natanel, author.

Contributor:

University of Pennsylvania. Department of Computer and Information Science, degree granting institution.

Blaze, Matthew A., degree supervisor.

Heninger, Nadia A., degree supervisor.

Language:

English

Subjects (All):

Computer science.

Mathematics.

Computer and Information Science--Penn dissertations.

Penn dissertations--Computer and Information Science.

Local Subjects:

Computer science.

Mathematics.

Computer and Information Science--Penn dissertations.

Penn dissertations--Computer and Information Science.

Genre:

Academic theses.

Physical Description:

1 online resource (190 pages)

Contained In:

Dissertations Abstracts International 81-10B.

Place of Publication:

[Philadelphia, Pennsylvania] : University of Pennsylvania ; Ann Arbor : ProQuest Dissertations & Theses, 2019.

Language Note:

English

System Details:

Mode of access: World Wide Web.

text file

Summary:

This dissertation addresses the security of pseudorandom number generators (PRGs), illustrating that flaws persist within key standards despite the purported effectiveness of standardization and certification processes. By evaluating three standardized designs and developing real-world attacks against each, I show how an adversary who is able to introduce flaws into a standard can compromise real implementations. Such 'pre-supply chain operations' (PSYCHOs) are within the capabilities of state actors who, as I evidence, may have already incorporated similar attacks into their strategic portfolios. My first case study is an attack on the ANSI X9.31 PRG highlighting the vulnerability of standards in the absence of correct advice concerning keying and key rotation. The analysis illustrates how a known flaw in a design can persist through multiple rounds of review, and ultimately impact certified devices. I demonstrate that the presence of this flaw in one particular manufacturer's devices enables a passive traffic decryption exploit against the IKEv2 virtual private network (VPN) protocol.The next case study examines the Dual_EC PRG design which contains a potential backdoor, contingent on how certain parameters in the standard were chosen.Unlike the flaw in X9.31, credible reporting indicates that the flaw was an intentional design outcome and the result of intervention by U.S. intelligence agencies. I build a reconstructed timeline of how the flaw impacted the Juniper ScreenOS line of devices, along with a demonstration of how it can be used to achieve passive VPN decryption.The final study develops attacks on the CTR_DRBG design, which rely on the absence of clear guidance on reseeding and exclusion of side channel attacks from the corresponding standard's threat model. Using these attacks I show how an adversary can compromise long term TLS authentication keys belonging to a client using the design. I conclude by drawing together these threads to taxonomize different PSYCHO attack vectors which are potentially attractive for highly sophisticated adversaries with long time horizons and institutional influence.

Notes:

Source: Dissertations Abstracts International, Volume: 81-10, Section: B.

Advisors: Blaze, Matthew A.; Heninger, Nadia A.; Committee members: Jonathan Smith; Christopher Yoo; Matthew Green; Boon Thau Loo.

Department: Computer and Information Science.

Ph.D. University of Pennsylvania 2019.

Local Notes:

School code: 0175

ISBN:

9798607316464

Access Restriction:

Restricted for use by site license.

This item must not be sold to any third party vendors.