Weak Keys Remain Widespread in Network Devices

Hastings, Marcella; Fried, Joshua; Heninger, Nadia

doi:10.1145/2987443.2987486

Cited by 37 publications

(30 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On the other hand, the guessing probability P g emerges naturally as the figure of merit by defining randomness as the unpredictability of a given distribution on a single use. This quantity tells us what is the best chance we have in predicting the outcome of a random (1), are followed by a LSTM layer, marked by (2), and two fully-connected layers, marked by (3). As a single input into RCNN, N (100) 13-bit integers are firstly encoded into one-hot vectors.…”

Section: F System Evaluationmentioning

confidence: 99%

Machine Learning Cryptanalysis of a Quantum Random Number Generator

Truong

Haw

Assad

et al. 2019

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Random number generators (RNGs) that are crucial for cryptographic applications have been the subject of adversarial attacks. These attacks exploit environmental information to predict generated random numbers that are supposed to be truly random and unpredictable. Though quantum random number generators (QRNGs) are based on intrinsic indeterministic nature of quantum properties, the presence of classical noise in the measurement process compromises the integrity of a QRNG. In this paper, we develop a predictive machine learning analysis to investigate the impact of deterministic classical noise in different stages of an optical continuous variable QRNG. Our machine learning (ML) model successfully detects inherent correlations when the deterministic noise sources are prominent. After appropriate filtering and randomness extraction processes are introduced, our QRNG system, in turn, demonstrates its robustness against ML. We further demonstrate the robustness of our machine learning approach by applying it to uniformly distributed random numbers from the QRNG and a congruential RNG. Hence, our result shows that machine learning has potentials in benchmarking the quality of RNG devices.

show abstract

Section: F System Evaluationmentioning

confidence: 99%

Machine Learning Cryptanalysis of a Quantum Random Number Generator

Truong

Haw

Assad

et al. 2019

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

show abstract

“…Reporting vulnerabilities through Computer Emergency Response Team (CERT) organizations appeared to be of limited utility. Hastings et al found even more disappointing results in their study of the response to disclosure of an RSA private key compromise for 0.5% of HTTPS-enabled Internet hosts [20]. In a different study on remediation of hijacked websites, Li et al reported that browser interstitials and search engine warnings correlated with faster remediation compared to private notification via WHOIS contact alone [29].…”

Section: Related Workmentioning

confidence: 99%

Network Hygiene, Incentives, and Regulation

Luckie

Beverly

Koga

et al. 2019

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

The Spoofer project has collected data on the deployment and characteristics of IP source address validation on the Internet since 2005. Data from the project comes from participants who install an active probing client that runs in the background. The client automatically runs tests both periodically and when it detects a new network attachment point. We analyze the rich dataset of Spoofer tests in multiple dimensions: across time, networks, autonomous systems, countries, and by Internet protocol version. In our data for the year ending August 2019, at least a quarter of tested ASes did not filter packets with spoofed source addresses leaving their networks. We show that routers performing Network Address Translation do not always filter spoofed packets, as 6.4% of IPv4/24 tested in the year ending August 2019 did not filter. Worse, at least two thirds of tested ASes did not filter packets entering their networks with source addresses claiming to be from within their network that arrived from outside their network. We explore several approaches to encouraging remediation and the challenges of evaluating their impact. While we have been able to remediate 352 IPv4/24, we have found an order of magnitude more IPv4/24 that remains unremediated, despite myriad remediation strategies, with 21% unremediated for more than six months. Our analysis provides the most complete and confident picture of the Internet's susceptibility to date of this long-standing vulnerability. Although there is no simple solution to address the remaining long-tail of unremediated networks, we conclude with a discussion of possible non-technical interventions, and demonstrate how the platform can support evaluation of the impact of such interventions over time. CCS CONCEPTS• Networks → Network security.

show abstract

“…The output sequence of a DRNG is generated with a deterministic algorithm and a provided seed. Despite its good statistical characteristic, the DRNG is not suitable for information security applications, because the deterministic pattern of the DRNG may be identified by adversaries, which incurs malicious attacks and causes the destruction of security system, as in [ 2 , 3 , 4 , 5 ]. On the contrary, a NRNG produces the random sequence by using physical entropy sources, such as electrical noise [ 6 , 7 , 8 ], quantum fluctuations [ 9 , 10 , 11 , 12 ] and chaotic semiconductor lasers [ 13 , 14 , 15 ].…”

Section: Introductionmentioning

confidence: 99%

Deep Learning-Based Security Verification for a Random Number Generator Using White Chaos

Zhang

Sang

et al. 2020

Entropy

View full text Add to dashboard Cite

In this paper, a deep learning (DL)-based predictive analysis is proposed to analyze the security of a non-deterministic random number generator (NRNG) using white chaos. In particular, the temporal pattern attention (TPA)-based DL model is employed to learn and analyze the data from both stages of the NRNG: the output data of a chaotic external-cavity semiconductor laser (ECL) and the final output data of the NRNG. For the ECL stage, the results show that the model successfully detects inherent correlations caused by the time-delay signature. After optical heterodyning of two chaotic ECLs and minimal post-processing are introduced, the model detects no patterns among corresponding data. It demonstrates that the NRNG has the strong resistance against the predictive model. Prior to these works, the powerful predictive capability of the model is investigated and demonstrated by applying it to a random number generator (RNG) using linear congruential algorithm. Our research shows that the DL-based predictive model is expected to provide an efficient supplement for evaluating the security and quality of RNGs.

show abstract

Weak Keys Remain Widespread in Network Devices

Cited by 37 publications

References 16 publications

Machine Learning Cryptanalysis of a Quantum Random Number Generator

Machine Learning Cryptanalysis of a Quantum Random Number Generator

Network Hygiene, Incentives, and Regulation

Deep Learning-Based Security Verification for a Random Number Generator Using White Chaos

Contact Info

Product

Resources

About