The Challenges of IoT, TLS, and Random Number Generators in the Real World-Reference-Cited by-同舟云学术

The Challenges of IoT, TLS, and Random Number Generators in the Real World

Published:2022-06-30 Issue:3 Volume:20 Page:18-40
ISSN:1542-7730
Container-title:Queue
language:en
Short-container-title:Queue

Author:

Hughes James P.,Diffie Whitfield

Abstract

Many in the cryptographic community scoff at the mistakes made in implementing RNGs. Many cryptographers and members of the IETF resist the call to make TLS more resilient to this class of failures. This article discusses the history, current state, and fragility of the TLS protocol, and it closes with an example of how to improve the protocol. The goal is not to suggest a solution but to start a dialog to make TLS more resilient by proving that the security of TLS without the assumption of perfect random numbers is possible.

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3546933

Reference19 articles.

1. Althouse J. 2019. TLS fingerprinting with JA3 and JA3S. Salesforce Engineering; https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967. Althouse J. 2019. TLS fingerprinting with JA3 and JA3S. Salesforce Engineering; https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967.

2. Barker , E.B. , Kelsey , J.M. , Recommendation for random number generation using deterministic random bit generators (revised). U.S. Department of Commerce , National Institute of Standards and Technology ; https://www.nist.gov/publications/recommendation-random-number-generation-using-deterministic-random-bit-generators-2. Barker, E.B., Kelsey, J.M., et al. 2007. Recommendation for random number generation using deterministic random bit generators (revised). U.S. Department of Commerce, National Institute of Standards and Technology; https://www.nist.gov/publications/recommendation-random-number-generation-using-deterministic-random-bit-generators-2.

3. Lecture Notes in Computer Science Essays, The New Codebreakers;Bernstein D.J.

4. Böck , H. , Zauner , A. , Devlin , S. , Somorovsky , J. , Jovanovic , P. 2016 . Nonce-disrespecting adversaries: practical forgery attacks on GCM in TLS . In 10th Usenix Workshop on Offensive Technologies; https://www.usenix.org/conference/woot16/workshop-program/presentation/bock. Böck, H., Zauner, A., Devlin, S., Somorovsky, J., Jovanovic, P. 2016. Nonce-disrespecting adversaries: practical forgery attacks on GCM in TLS. In 10th Usenix Workshop on Offensive Technologies; https://www.usenix.org/conference/woot16/workshop-program/presentation/bock.

5. Biased Nonce Sense: Lattice Attacks Against Weak ECDSA Signatures in Cryptocurrencies

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives;Proceedings of the IEEE/ACM 46th International Conference on Software Engineering;2024-04-12

2. Deterministic K-Identification for Future Communication Networks: The Binary Symmetric Channel Results;Future Internet;2024-02-26

3. Establishing Dynamic Secure Sessions for ECQV Implicit Certificates in Embedded Systems;2023 Design, Automation & Test in Europe Conference & Exhibition (DATE);2023-04