Bojanova, I.
, Yesha, Y.
and Black, P.
(2018),
Randomness Classes in Bugs Framework (BF): True-Random Number Bugs (TRN) and Pseudo-Random Number Bugs (PRN), 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Tokyo, JP, [online], https://doi.org/10.1109/COMPSAC.2018.00110, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=925123
(Accessed May 10, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Randomness Classes in Bugs Framework (BF): True-Random Number Bugs (TRN) and Pseudo-Random Number Bugs (PRN)
Published
Author(s)
, ,
Abstract
Random number generators may have weaknesses (bugs) and the applications using them may become vulnerable to attacks. Formalization of randomness bugs would help researchers and practitioners identify them and avoid security failures. The Bugs Framework (BF) comprises rigorous definitions and (static) attributes of bug classes, along with their related dynamic properties, such as proximate and secondary causes, consequences and sites. This paper presents two new BF classes: True-Random Number Bugs (TRN) and Pseudo-Random Number Bugs (PRN). We analyze particular vulnerabilities and use these classes to provide clear BF descriptions. Finally, we discuss the lessons learned towards creating new BF class.Proceedings Title
2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC)
Conference Dates
July 23-27, 2018
Conference Location
Tokyo, JP
Pub Type
Conferences
Download Paper
Keywords
randomness, random numbers, random number generators, pseudo-random number generators, software weaknesses, bug taxonomy, attacks
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.
Created July 22, 2018, Updated November 17, 2021