Too Important to Leave to Chance: Pseudorandom Number Generator Standardization & Security

Shaanan Natanel Cohney, University of Pennsylvania


This dissertation addresses the security of pseudorandom number generators (PRGs), illustrating that flaws persist within key standards despite the purported effectiveness of standardization and certification processes. By evaluating three standardized designs and developing real-world attacks against each, I show how an adversary who is able to introduce flaws into a standard can compromise real implementations. Such 'pre-supply chain operations' (PSYCHOs) are within the capabilities of state actors who, as I evidence, may have already incorporated similar attacks into their strategic portfolios. My first case study is an attack on the ANSI X9.31 PRG highlighting the vulnerability of standards in the absence of correct advice concerning keying and key rotation. The analysis illustrates how a known flaw in a design can persist through multiple rounds of review, and ultimately impact certified devices. I demonstrate that the presence of this flaw in one particular manufacturer's devices enables a passive traffic decryption exploit against the IKEv2 virtual private network (VPN) protocol. The next case study examines the Dual_EC PRG design which contains a potential backdoor, contingent on how certain parameters in the standard were chosen. Unlike the flaw in X9.31, credible reporting indicates that the flaw was an intentional design outcome and the result of intervention by U.S. intelligence agencies. I build a reconstructed timeline of how the flaw impacted the Juniper ScreenOS line of devices, along with a demonstration of how it can be used to achieve passive VPN decryption. The final study develops attacks on the CTR_DRBG design, which rely on the absence of clear guidance on reseeding and exclusion of side channel attacks from the corresponding standard's threat model. Using these attacks I show how an adversary can compromise long term TLS authentication keys belonging to a client using the design. I conclude by drawing together these threads to taxonomize different PSYCHO attack vectors which are potentially attractive for highly sophisticated adversaries with long time horizons and institutional influence.

Subject Area

Computer science|Mathematics

Recommended Citation

Cohney, Shaanan Natanel, "Too Important to Leave to Chance: Pseudorandom Number Generator Standardization & Security" (2019). Dissertations available from ProQuest. AAI27548433.