Cryptanalysis of the random number generator of the Windows operating system

@article{Dorrendorf2009CryptanalysisOT,
  title={Cryptanalysis of the random number generator of the Windows operating system},
  author={Leo Dorrendorf and Zvi Gutterman and Benny Pinkas},
  journal={ACM Trans. Inf. Syst. Secur.},
  year={2009},
  volume={13},
  pages={10:1-10:32}
}
The PseudoRandom Number Generator (PRNG) used by the Windows operating system is the most commonly used PRNG. The pseudorandomness of the output of this generator is crucial for the security of almost any application running in Windows. Nevertheless, its exact algorithm was never published. We examined the binary code of a distribution of Windows 2000. This investigation was done without any help from Microsoft. We reconstructed the algorithm used by the pseudorandom number generator (namely… 

Figures and Tables from this paper

The Linux Pseudorandom Number Generator Revisited
TLDR
The PRNG architecture in the Linux system is detailed and its first accurate mathematical description and a precise analysis of the building blocks are provided, including entropy estimation and extraction, which gives the feasibility of cryptographic attacks and an empirical test of the entropy estimator.
Safe cryptographic random number generation using untrusted generators
TLDR
This paper proposes a simple method to obtain a secure TRNG based on n TRNGs originating from (potentially) untrusted vendors, and reviews several choices of functions to be used as combiner.
Characterization of Real-Life PRNGs under Partial State Corruption
TLDR
This work formalizes a framework based on the most recent and strongest security model called robustness ofPRNGs to analyze these PRNGs and their implementations and captures the notion of how much of the internal state must be corrupted in order to generate a predictable output.
Investigation of Strength and Security of Pseudo Random Number Generators
TLDR
This research work extensively surveys large set of state-of-the-art PRNGs and categorizes them based on methodology used to produce them, and quantitatively analyses them for their key space, key sensitivity, entropy, speed of bit generation, linear complexity.
ANALYSIS OF ANDROID RANDOM NUMBER GENERATOR
TLDR
It is found that security of random number generation done by Android relies on the security ofRandom number generation of Linux and this process should be analyzed deeply and cryptographically for different operating systems.
Practical State Recovery Attacks against Legacy RNG Implementations
TLDR
A systematic study of publicly available FIPS 140- 2 certifications for hundreds of products that implemented the ANSI X9.17/X9.31 random number generator found twelve whose certification documents use of static, hard-coded keys in source code, leaving the implementation vulnerable to an attacker who can learn this key from the source code or binary.
Convolution Neural Network-Based Sensitive Security Parameter Identification and Analysis
TLDR
Attack scenarios in which random numbers can be analyzed by identifying data used in the model learned through this study when a random cryptographic module is obtained are established.
Cryptography: all-out attacks or how to attack cryptography without intensive cryptanalysis
TLDR
Classic methods used in network supervision, forensics and sociology while studying social networks bring pertinent information, for example sociograms able to reveal key elements of an organization, to determine the type of organization, etc.
New Entropy Source for Cryptographic Modules Using OpenMP in Multicore CPUs
TLDR
This paper suggests a method for generating entropy source using parallel computations with OpenMP and verifies the experimental results based on the min-entropy estimation and concludes that a new source of randomness can be obtained from the race conditions in multicore environments.
A Systematic Analysis of the Juniper Dual EC Incident
TLDR
It is found that, contrary to Juniper's public statements, the ScreenOS VPN implementation has been vulnerable since 2008 to passive exploitation by an attacker who selects the Dual EC curve point.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 42 REFERENCES
Analysis of the Linux random number generator
TLDR
A description of the underlying algorithms and exposes several security vulnerabilities of the Linux random number generator are presented, and an attack on the forward security of the generator is shown which enables an adversary who exposes the state of the generators to compute previous states and outputs.
Software Generation of Practically Strong Random Numbers
TLDR
The performance of the generator on a variety of systems is analysed, and measures which can make recovery of the accumulator/generator state information more difficult for an attacker are presented.
Cryptanalytic Attacks on Pseudorandom Number Generators
TLDR
It is argued that PRNGs are their own unique type of cryptographic primitive, and should be analyzed as such, and a model forPRNGs is proposed, and possible attacks against this model are discussed.
An Implementation of the Yarrow PRNG for FreeBSD
TLDR
This work presents an implementation of an improved algorithm for providing statistically random numbers, at the same time cryptographically protecting their sequence and state, as the entropy device (/dev/random) in FreeBSD's kernel.
Cryptography in OpenBSD: An Overview
TLDR
An overview of the cryptography employed in OpenBSD is given, including the various components (IPsec, SSL libraries, stronger password encryption, Kerberos IV, random number generators, etc.), their role in system security, and their interactions with the rest of the system (and, where applicable, the network).
Weaknesses in the Key Scheduling Algorithm of RC4
TLDR
It is shown that RC4 is completely insecure in a common mode of operation which is used in the widely deployed Wired Equivalent Privacy protocol (WEP, which is part of the 802.11 standard), in which a fixed secret key is concatenated with known IV modifiers in order to encrypt different messages.
An Architecture for Robust Pseudo-Random Generation and Applications to /dev/random
TLDR
A formal model and a simple architecture for robust pseudorandom generation that ensures resilience in the face of an observer with partial knowledge (or even partial control) of the generator’s entropy source and advocates the separation of the entropy extraction phase from the output generation phase is presented.
Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator
TLDR
The design of Yarrow is described, a family of cryptographic pseudo-random number generators (PRNG) that makes use of available technology today and the ways that PRNGs can fail in practice are discussed.
A model and architecture for pseudo-random generation with applications to /dev/random
TLDR
A formal model and a simple architecture for robust pseudorandom generation that ensures resilience in the face of an observer with partial knowledge/control of the generator's entropy source and argues that the former is information-theoretic in nature, and could therefore rely on combinatorial and statistical tools rather than on cryptography.
Extracting Randomness from External Interrupts
TLDR
The method was originally designed for servers based on the PA RISC and IA-64 architectures and has already successfully been used to create random bit sources in those platforms, and is general enough so that it could be deployed on a much wider spectrum of computer system architectures.
...
1
2
3
4
5
...