This HTML5 document contains 28 embedded RDF statements represented using HTML+Microdata notation.

The embedded RDF content will be recognized by any processor of HTML5 Microdata.

Namespace Prefixes

PrefixIRI
dctermshttp://purl.org/dc/terms/
n2https://kar.kent.ac.uk/id/eprint/
wdrshttp://www.w3.org/2007/05/powder-s#
dchttp://purl.org/dc/elements/1.1/
n7http://purl.org/ontology/bibo/status/
rdfshttp://www.w3.org/2000/01/rdf-schema#
n15doi:10.1109/
n11https://demo.openlinksw.com/about/id/entity/https/raw.githubusercontent.com/annajordanous/CO644Files/main/
n12https://kar.kent.ac.uk/id/eprint/81881#
n8http://eprints.org/ontology/
bibohttp://purl.org/ontology/bibo/
n5https://kar.kent.ac.uk/id/publication/
n18https://kar.kent.ac.uk/id/org/
rdfhttp://www.w3.org/1999/02/22-rdf-syntax-ns#
owlhttp://www.w3.org/2002/07/owl#
n9https://kar.kent.ac.uk/id/
n13https://kar.kent.ac.uk/id/document/
xsdhhttp://www.w3.org/2001/XMLSchema#
n20https://demo.openlinksw.com/about/id/entity/https/www.cs.kent.ac.uk/people/staff/akj22/materials/CO644/
n17https://kar.kent.ac.uk/81881/
n4https://kar.kent.ac.uk/id/person/

Statements

Subject Item
n2:81881
rdf:type
n8:ArticleEPrint bibo:AcademicArticle n8:EPrint bibo:Article
rdfs:seeAlso
n17:
owl:sameAs
n15:TIFS.2020.2988505
n8:hasAccepted
n13:3211524
n8:hasDocument
n13:3211524 n13:3211537 n13:3211542 n13:3211543 n13:3211544 n13:3211545
dc:hasVersion
n13:3211524
dcterms:title
On the unbearable lightness of FIPS 140-2 randomness tests
wdrs:describedby
n11:export_kar_RDFN3.n3 n20:export_kar_RDFN3.n3
dcterms:date
2020-04-17
dcterms:creator
n4:ext-j.c.hernandez-castro@kent.ac.uk n4:ext-d170caf27fa9e7a64b695bf591c58b03 n4:ext-edd47dfdf865950312f1e61adf674c44
bibo:status
n7:peerReviewed n7:published
dcterms:publisher
n18:ext-af0a9a5baed87c407844a3f5db44597c
bibo:abstract
Random number generation is critical to many applications. Gaming, gambling, and particularly cryptography all require random numbers that are uniform and unpredictable. For testing whether supposedly random sources feature particular characteristics commonly found in random sequences, batteries of statistical tests are used. These are fundamental tools in the evaluation of random number generators and form part of the pathway to certification of secure systems implementing them. Although there have been previous studies into this subject becker2013stealthy, RNG manufacturers and vendors continue to use statistical tests known to be of dubious reliability, in their RNG verification processes. Our research shows that FIPS-140-2 cannot identify adversarial biases effectively, even very primitive ones. Concretely, this work illustrates the inability of the FIPS 140 family of tests to detect bias in three obviously flawed PRNGs. Deprecated by official standards, these tests are nevertheless still widely used, for example in hardware-level self-test schemes incorporated into the design of many True RNGs (TRNGs). They are also popular with engineers and cryptographers for quickly assessing the randomness characteristics of security primitives and protocols, and even with manufacturers aiming to market the randomness features of their products to potential customers. In the following, we present three biased-by-design RNGs to show in explicit detail how simple, glaringly obvious biases are not detected by any of the FIPS 140-2 tests. One of these RNGs is backdoored, leaking key material, while others suffer from significantly reduced unpredictability in their output sequences. To make our point even more straightforward, we show how files containing images can also fool the FIPS 140 family of tests. We end with a discussion on the security issues affecting an interesting and active project to create a randomness beacon. Their authors only tested the quality of their randomness with the FIPS 140 family of tests, and we will show how this has led them to produce predictable output that, albeit passing FIPS fails other randomness tests quite catastrophically.
dcterms:isPartOf
n5:ext-15566013 n9:repository
bibo:authorList
n12:authors