A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf
.
A Systematic Analysis of the Juniper Dual EC Incident
2016
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16
In December 2015, Juniper Networks announced multiple security vulnerabilities stemming from unauthorized code in ScreenOS, the operating system for their NetScreen VPN routers. The more sophisticated of these vulnerabilities was a passive VPN decryption capability, enabled by a change to one of the elliptic curve points used by the Dual EC pseudorandom number generator. In this paper, we describe the results of a full independent analysis of the ScreenOS randomness and VPN key establishment
doi:10.1145/2976749.2978395
dblp:conf/ccs/CheckowayMGFC0H16
fatcat:vgx7xgnjh5bnro5kryr6qbaqi4