Practical Effect of the Predictability of Android OpenSSL PRNG
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Kim, Soo Hyeon | - |
dc.contributor.author | Han, Daewan | - |
dc.contributor.author | Lee, Dong Hoon | - |
dc.date.accessioned | 2021-09-04T13:36:11Z | - |
dc.date.available | 2021-09-04T13:36:11Z | - |
dc.date.created | 2021-06-18 | - |
dc.date.issued | 2015-08 | - |
dc.identifier.issn | 0916-8508 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/92800 | - |
dc.description.abstract | The built-in Pseudo Random Number Generator (PRNG) of OpenSSL on Android platform is important for producing the encryption keys and nonce needed for SSL/TLS communication. In addition, it is also widely used in generating random numbers for many applications irrelevant to SSL. We demonstrated that the initial OpenSSL PRNG state of Android apps can be restored practically, and claimed that a PreMasterSecret (PMS) can be recovered in certain apps using the RSA key agreement scheme at CCS 2013. In this paper, we investigate more deeply the practical effect of the predictability of OpenSSL PRNG. First, we precisely analyze, and reduce the complexity of a PMS recovery attack on SSL with the RSA key exchange by analyzing the ASLR mechanism of Android. As a result, we show that the PMS can be recovered in O(246) computations with a probability of 25%. Next, we show that the attack is also applicable to the PMS of the ECDH key exchange by analyzing the heap memory pattern. We confirmed experimentally that the PMS can be recovered in real-time with a probability of 20%. Finally, we show the relation between the predictability of OpenSSL PRNG and the vulnerability of Android SecureRandom java class. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG | - |
dc.title | Practical Effect of the Predictability of Android OpenSSL PRNG | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Lee, Dong Hoon | - |
dc.identifier.doi | 10.1587/transfun.E98.A.1806 | - |
dc.identifier.scopusid | 2-s2.0-84938913194 | - |
dc.identifier.wosid | 000359467200030 | - |
dc.identifier.bibliographicCitation | IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, v.E98A, no.8, pp.1806 - 1813 | - |
dc.relation.isPartOf | IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES | - |
dc.citation.title | IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES | - |
dc.citation.volume | E98A | - |
dc.citation.number | 8 | - |
dc.citation.startPage | 1806 | - |
dc.citation.endPage | 1813 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Hardware & Architecture | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
dc.subject.keywordAuthor | SSL/TLS | - |
dc.subject.keywordAuthor | android | - |
dc.subject.keywordAuthor | OpenSSL | - |
dc.subject.keywordAuthor | PRNG | - |
dc.subject.keywordAuthor | SecureRandom | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
145 Anam-ro, Seongbuk-gu, Seoul, 02841, Korea+82-2-3290-2963
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.