NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Randomness Classes in Bugs Framework (BF): True-Random Number Bugs (TRN) and Pseudo-Random Number Bugs (PRN)

Published

Author(s)

Irena Bojanova, Yaacov Yesha, Paul E. Black

Abstract

Random number generators may have weaknesses (bugs) and the applications using them may become vulnerable to attacks. Formalization of randomness bugs would help researchers and practitioners identify them and avoid security failures. The Bugs Framework (BF) comprises rigorous definitions and (static) attributes of bug classes, along with their related dynamic properties, such as proximate and secondary causes, consequences and sites. This paper presents two new BF classes: True-Random Number Bugs (TRN) and Pseudo-Random Number Bugs (PRN). We analyze particular vulnerabilities and use these classes to provide clear BF descriptions. Finally, we discuss the lessons learned towards creating new BF class.
Proceedings Title
2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC)
Conference Dates
July 23-27, 2018
Conference Location
Tokyo, JP
Pub Type
Conferences

Download Paper

https://doi.org/10.1109/COMPSAC.2018.00110
Local Download

Keywords

randomness, random numbers, random number generators, pseudo-random number generators, software weaknesses, bug taxonomy, attacks
Cybersecurity and privacy

Citation

Bojanova, I. , Yesha, Y. and Black, P. (2018), Randomness Classes in Bugs Framework (BF): True-Random Number Bugs (TRN) and Pseudo-Random Number Bugs (PRN), 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Tokyo, JP, [online], https://doi.org/10.1109/COMPSAC.2018.00110, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=925123 (Accessed October 4, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created July 22, 2018, Updated November 17, 2021
Was this page helpful?