Stay Informed:

COVID-19 (coronavirus) information
Zoom Links: Zoom Help | Teaching with Zoom | Zoom Quick Guide

Advancement: Bad Random: Large Scale TLS Survey

Speaker Name: 
James Hughes
Speaker Title: 
Ph.D. Candidate
Start Time: 
Tuesday, January 14, 2020 - 9:30am
Engineering 2, Room 399

The security of encrypted internet traffic forms a critical part of global commerce today, from shopping sites to business banking. It is critical to know whether or not these protocols, algorithms, and implementations are indeed secure. Many of these components require the use of numbers that must satisfy statistical randomness properties, yet the functions used to generate these random numbers have a long history of problems.

This project’s goal is to determine if there are insecure random number generators in TLS implementations. Our contribution is the design and implementation of an algorithm to analyze the statistical bias of random numbers exposed by any protocol and apply this algorithm to random numbers transmitted by TLS implementations. This algorithm is accompanied by a large scale survey of TLS encrypted communications to determine which implementations exhibit a bias.

Random number generators that do not meet the criteria described in the TLS Specification threaten the privacy of TLS users. We expect to work with any implementations showing a bias to determine why the bias exists and potential solutions. Longer-term, the expectation is that this random number testing algorithm can be deployed on the internet independent of vendors or geopolitical boundaries, continually identifying implementations that threaten user privacy by using insecure random number generators.

Event Type: 
Darrell Long
Graduate Program: 
Computer Science, Ph.D.