کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
455839 695580 2015 21 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
On statistical distance based testing of pseudo random sequences and experiments with PHP and Debian OpenSSL
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر شبکه های کامپیوتری و ارتباطات
پیش نمایش صفحه اول مقاله
On statistical distance based testing of pseudo random sequences and experiments with PHP and Debian OpenSSL
چکیده انگلیسی


• Extensive testing shows that NIST's state of the art testing techniques for pseudorandom generators are not sufficient.
• Design and implementation of LIL based testing techniques.
• Comprehensive documentation of OpenSSL pseudorandom generators and entropy collection process.
• Based on the comprehensive documentation, identification of potential attacks and flaws on OpenSSL pseudorandom generators.

NIST SP800-22 (2010) proposed the state of the art statistical testing techniques for testing the quality of (pseudo) random generators. However, it is easy to construct natural functions that are considered as GOOD pseudorandom generators by the NIST SP800-22 test suite though the output of these functions is easily distinguishable from the uniform distribution. This paper proposes solutions to address this challenge by using statistical distance based testing techniques. We carried out both NIST tests and LIL based tests on commonly deployed pseudorandom generators such as the standard C linear congruential generator, Mersenne Twister pseudorandom generator, and Debian Linux (CVE-2008-0166) pseudorandom generator with OpenSSL 0.9.8c-1. Based on experimental results, we illustrate the advantages of our LIL based testing over NIST testing. It is known that Debian Linux (CVE-2008-0166) pseudorandom generator based on OpenSSL 0.9.8c-1 is flawed and the output sequences are predictable. Our LIL tests on these sequences discovered the flaws in Debian Linux implementation. However, NIST SP800-22 test suite is not able to detect this flaw using the NIST recommended parameters. It is concluded that NIST SP800-22 test suite is not sufficient and distance based LIL test techniques be included in statistical testing practice. It is also recommended that all pseudorandom generator implementations be comprehensively tested using state-of-the-art statistically robust testing tools.

ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Computers & Security - Volume 53, September 2015, Pages 44–64
نویسندگان
, ,