When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography

Proceedings of the Symposium on Network and Distributed System Security, NDSS 2010

Volumn , Issue , 2010, Pages

  Ristenpart, Thomas ^a   Yilek, Scott ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY; NETWORK SECURITY; NUMBER THEORY; RANDOM NUMBER GENERATION; RANDOM PROCESSES;

BACKWARD COMPATIBLE; CRYPTOGRAPHIC OPERATIONS; ENTROPY SOURCES; KEY MATERIALS; LOW ENTROPY; RANDOM NUMBER GENERATORS; REUSE; SIGNING KEY; WEAKEST LINKS;

VIRTUAL MACHINE;

EID: 85175129914     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (53)

1. http://www.rackspacecloud.com/.
2. http://csrc.nist.gov/groups/ST/hash/sha-3/index.html.
3. Amazon EC2. http://aws.amazon.com/ec2/.
4. Autobench. http://www.xenoclast.org/autobench/.
5. CLOC. http://cloc.sourceforge.net/.
6. httperf. http://www.hpl.hp.com/research/linux/httperf/.
7. Microsoft azue. http://www.microsoft.com/azure/.
8. The TLS Protocol, Version 1.0. http://www.ietf.org/rfc/rfc2246.txt.
9. The TLS Protocol, Version 1.2. http://tools.ietf.org/html/rfc5246.
10. VirtualBox. http://www.virtualbox.org/.
11. VirtualPC. http://www.microsoft.com/windows/virtual-pc/.
12. VMWare. http://www.vmware.com.
13. Vulnerability note vu925211: Debian and ubuntu openssl packages contain a predictable random number generator. https://www.kb.cert.org/vuls/id/925211.
14. FIPS PUB 186-3. Digital signature standard (DSS). http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf, 2009.
15. ISO/IEC 9797. Data cryptographic techniques – data integrity mechanism using a cryptographic check function employing a block cipher algorithm, 1989.
16. Paolo Abeni, Luciano Bello, and Maximiliano Bertacchini. Exploiting DSA-1571: How to break PFS in SSL with EDH, July 2008. http://www.lucianobello.com.ar/exploiting_DSA-1571/index.html.
17. Andrew Becherer, Alex Stamos, and Nathan Wilcox. Cloud computer security: Raining on the trendy new parade. BlackHat USA 2009, Slides available from http://www.slideshare.net/astamos/ cloud-computing-security.
18. Mihir Bellare. New proofs for nmac and hmac: Security without collision-resistance. In CRYPTO 2006. Springer, 2006.
19. Mihir Bellare, Zvika Brakerski, Moni Naor, Thomas Ristenpart, Gil Segev, Hovav Shacham, and Scott Yilek. Hedge public-key encryption: How to protect against bad randomness. In ASIACRYPT 2009. Springer, 2009. To Appear.
20. Mihir Bellare, Ran Canetti, and Hugo Krawczyk. Keying hash functions for message authentication. In CRYPTO 1996, pages 1–15. Springer, 1996.
21. Mihir Bellare, Shafi Goldwasser, and Daniele Micciancio. “pseudo-random” number generation within cryptographic algorithms: The dss case. In CRYPTO 1997. Springer, 1997.
22. Mihir Bellare and Tadayoshi Kohno. A theoretical treatment of related-key attacks: Rka-prps, rka-prfs, and applications. In EUROCRYPT 2003, pages 491–506. Springer, 2003.
23. Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In ACM Conference on Computer and Communications Security – CCS 1993, pages 62–73. ACM, 1993.
24. Mihir Bellare and Phillip Rogaway. Entity authentication and key distribution. In CRYPTO 1993, pages 232–249. Springer, 1994.
25. Mihir Bellare and Phillip Rogaway. Code-based game-playing proofs and the security of triple encryption. In EUROCRYPT 2006. Springer, 2006.
26. Daniele R.L. Brown. A weak randomizer attack on RSA-OAEP with e=3. IACR ePrint Archive, 2005.
27. Ran Canetti and Hugo Krawczyk. Analysis of key-exchange protocols and their use for building secure channels. In EUROCRYPT 2001, pages 453–474, 2001.
28. Leo Dorrendorf, Zvi Gutterman, and Benny Pinkas. Cryptanalysis of the windows random number generator. In CCS 2007. ACM, 2007.
29. Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In CRYPTO 1986, pages 186–194. Springer, 1986.
30. Taher El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In CRYPTO 1984, pages 10–18. Springer, 1985.
31. Tal Garfinkel and Mendel Rosenblum. When virtual is harder than real: Security challenges in virtual machine based computing environments. In Proceedings of the 10th Workshop on Hot Topics in Operating Systems – HotOS-X, May 2005.
32. Ian Goldberg and David Wagner. Randomness and the netscape browser. Dr. Dobb’s Journal, January 1996.
33. Shafi Goldwasser and Silvio Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28(2):270–299, 1984.
34. Shafi Goldwasser, Silvio Micali, and Ron Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing, 17(2):281–308, 1988.
35. Zvi Gutterman and Dahlia Malkhi. Hold your sessions: An attack on java session-id generation. In CT-RSA 2005. Springer, 2005.
36. Zvi Gutterman, Benny Pinkas, and Tzachy Reinman. Analysis of the linux random number generator. In Symposium on Security and Privacy 2006. IEEE, 2006.
37. Seny Kamara and Jonathan Katz. How to encrypt with a malicious random number generator. In FSE 2008. Springer, 2008.
38. Jonathan Katz and Nan Wang. Efficiency improvements for signature schemes with tight security reductions. In CCS 2003. ACM.
39. Brian A. LaMacchia, Kristin Lauter, and Anton Mityagin. Stronger security of authenticated key exchange. In ProvSec 2007, pages 1–16. Springer, 2007.
40. David A. McGrew and John Viega. The security and performance of the galois/counter mode (gcm) of operation. In INDOCRYPT 2004, pages 343–355. Springer, 2004.
41. B. Moeller. Security of cbc ciphersuites in ssl/tls: Problems and countermeasures. http://www.openssl.org/bodo/tls-cbc.txt.
42. Markus Mueller. Debian OpenSSL predictable PRNG brute-force SSH exploit, May 2008. http://milw0rm.com/exploits/5622.
43. Mark R.V. Murray. An implementation of the yarrow prng for freebsd. In BSDCon 2002. USENIX, 2002.
44. NIST. Recommendations for block cipher modes of operation. http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, 2001.
45. Khaled Ouafi and Serge Vaudenay. Smashing SQUASH-0. In EUROCRYPT 2009. Springer, 2009.
46. Phillip Rogaway. Nonce-based symmetric encryption. In FSE 2004, volume 3017, pages 348–359. Springer, 2004.
47. Phillip Rogaway, Mihir Bellare, and John Black. Ocb: A block-cipher mode of operation for efficient authenticated encryption. ACM Trans. Inf. Syst. Secur., 6(3):365–403, 2003.
48. Phillip Rogaway and Thomas Shrimpton. Deterministic authenticated-encryption: A provable-security treatment of the key-wrap problem. In EUROCRYPT 2006. Springer, 2006.
49. Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu. Finding collisions in the full SHA-1. In CRYPTO 2005. Springer, 2005.
50. M. Wegman and L. Carter. New hash functions and their use in authentication and set equality. J. of Comp. and System Sciences, 22:265–279, 1981.
51. Robert Woolley, Mark Murray, Maxim Dounin, and Ruslan Ermilov. arc4random predictable sequence vulnerability. http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc, 2008.
52. Scott Yilek. Resettable public-key encryption: How to encrypt on a virtual machine. In Topics in Cryptology – CT-RSA 2010. Springer, 2010. To Appear.
53. Scott Yilek, Eric Rescorla, Hovav Shacham, Brandon En-right, and Stefan Savage. When Private Keys are Public: Results from the 2008 Debian OpenSSL Vulnerability. In IMC 2009, pages 15–27. ACM, 2009.