Skip to main content
SpringerLink
Log in

Randomly Failed! The State of Randomness in Current Java Implementations

  • Conference paper
Topics in Cryptology – CT-RSA 2013 (CT-RSA 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7779))

Included in the following conference series:

Abstract

This paper investigates the Randomness of several Java Runtime Libraries by inspecting the integrated Pseudo Random Number Generators. Significant weaknesses in different libraries including Android, are uncovered.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Gupta, A., Cozza, R., Nguyen, T.H., Milanesi, C., Shen, S., Vergne, H.J.D.L., Zimmermann, A., Lu, C., Sato, A., Glenn, D.: Market Share: Mobile Devices, Worldwide, 1Q12. Technical report, Garnter, Inc. (May 2012)

    Google Scholar 

  2. Nielsen: Two Thirds of New Mobile Buyers Now Opting For Smartphones. Technical report, The Nielsen Company (June 2012)

    Google Scholar 

  3. Bennett, J.: Android Smartphone Activations Reached 331 Million in Q1 2012 Reveals New Device Tracking Database from Signals and Systems Telecom. Technical report, Signals and Systems Telecom (May 2012)

    Google Scholar 

  4. Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM (August 1986)

    Google Scholar 

  5. Gutterman, Z., Pinkas, B., Reinman, T.: Analysis of the Linux Random Number Generator. In: IEEE Symposium on Security and Privacy (2006)

    Google Scholar 

  6. Dorrendorf, L., Gutterman, Z., Pinkas, B.: Cryptanalysis of the windows random number generator. In: ACM Conference on Computer and Communications Security (2007)

    Google Scholar 

  7. Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. In: Proceedings of the 21st USENIX Security Symposium (August 2012)

    Google Scholar 

  8. Agyros, G., Kiayias, A.: I forgot your password: Randomness attacks against PHP applications. In: Proceedings of the 21st USENIX Security Symposium. USENIX Association (2012)

    Google Scholar 

  9. Kopf, G.: Non-Obvious Bugs by Example (2010), http://gregorkopf.de/slides_berlinsides_2010.pdf

  10. Meyer, C., Somorovsky, J.: Why seeding with System.currentTimeMillis() is not a good idea (January 2012), http://armoredbarista.blogspot.de/2012/01/why-seeding-with-systemcurrenttimemilli.html

  11. Lenstra, A., Hughes, J., Augier, M., Bos, J., Kleinjung, T., Wachter, C.: Public Keys. In: Advances in Cryptology CRYPTO 2012. LNCS. Springer, Heidelberg (2012)

    Google Scholar 

  12. Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Cryptanalytic Attacks on Pseudorandom Number Generators. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 168–188. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  13. Brown, R.G., Eddelbuettel, D., Bauer, D.: Dieharder: A Random Number Test Suite. Technical report, Duke University (2012)

    Google Scholar 

  14. Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, A., Dray, J., Vo, S., Bassham III, L.E.: A Statistical Test Suite for the Validation of Random Number Generators and Pseudo Random Number Generators for Cryptographic Applications. Technical report, National Institute of Standards and Technology (NIST) (April 2010)

    Google Scholar 

  15. Lee, E.H., Lee, J.H., Park, I.H., Cho, K.R.: Implementation of high-speed SHA-1 architecture. IEICE Electronics Express (2009)

    Google Scholar 

  16. Zoltak, B.: VMPC One-Way Function and Stream Cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 210–225. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  17. Google Inc.: javax.crypto — Android Developers (July 2012)

    Google Scholar 

  18. McDonald, C., Hawkes, P., Pieprzyk, J.: Differential Path for SHA-1 with complexity O(2^52). IACR Cryptology ePrint Archive (2009)

    Google Scholar 

  19. Wikipedia: Preimage attack — Wikipedia, The Free Encyclopedia (accessed August 24, 2012)

    Google Scholar 

  20. Handschuh, H., Knudsen, L.R., Robshaw, M.: Analysis of SHA-1 in Encryption Mode. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 70–83. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  21. Tsunoo, Y., Saito, T., Kubo, H., Shigeri, M., Suzaki, T., Kawabata, T.: The Most Efficient Distinguishing Attack on VMPC and RC4A (2005)

    Google Scholar 

  22. Maximov, A.: Two Linear Distinguishing Attacks on VMPC and RC4A and Weakness of RC4 Family of Stream Ciphers (2007) (corrected)

    Google Scholar 

  23. Li, S., Hu, Y., Zhao, Y., Wang, Y.: Improved cryptanalysis of the vmpc stream cipher. Journal of Computational Information Systems (2012)

    Google Scholar 

  24. Sverdlove, H., Brown, D., Cilley, J., Munro, K.: Orphan Android: Top Vulnerable Smartphones 2011. Technical report, Bit9, Inc. (November 2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Germany

    Kai Michaelis, Christopher Meyer & Jörg Schwenk

Authors
  1. Kai Michaelis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christopher Meyer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jörg Schwenk
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Future Enviroments, Queensland University of Technology, GPO Box 2434, 4000, Brisbane, QLD, Australia

    Ed Dawson

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Michaelis, K., Meyer, C., Schwenk, J. (2013). Randomly Failed! The State of Randomness in Current Java Implementations. In: Dawson, E. (eds) Topics in Cryptology – CT-RSA 2013. CT-RSA 2013. Lecture Notes in Computer Science, vol 7779. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36095-4_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-36095-4_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-36094-7

  • Online ISBN: 978-3-642-36095-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation