Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Randomness Classes in Bugs Framework (BF): True-Random Number Bugs (TRN) and Pseudo-Random Number Bugs (PRN)

Published

Author(s)

Irena Bojanova, Yaacov Yesha, Paul E. Black

Abstract

Random number generators may have weaknesses (bugs) and the applications using them may become vulnerable to attacks. Formalization of randomness bugs would help researchers and practitioners identify them and avoid security failures. The Bugs Framework (BF) comprises rigorous definitions and (static) attributes of bug classes, along with their related dynamic properties, such as proximate and secondary causes, consequences and sites. This paper presents two new BF classes: True-Random Number Bugs (TRN) and Pseudo-Random Number Bugs (PRN). We analyze particular vulnerabilities and use these classes to provide clear BF descriptions. Finally, we discuss the lessons learned towards creating new BF class.
Proceedings Title
2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC)
Conference Dates
July 23-27, 2018
Conference Location
Tokyo, JP

Keywords

randomness, random numbers, random number generators, pseudo-random number generators, software weaknesses, bug taxonomy, attacks

Citation

Bojanova, I. , Yesha, Y. and Black, P. (2018), Randomness Classes in Bugs Framework (BF): True-Random Number Bugs (TRN) and Pseudo-Random Number Bugs (PRN), 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Tokyo, JP, [online], https://doi.org/10.1109/COMPSAC.2018.00110, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=925123 (Accessed August 18, 2022)
Created July 22, 2018, Updated November 17, 2021