CITP Seminar: Shaanan Cohney - Leaving Randomness to Chance: Standards Shortcomings and Buried Backdoors in Random Number Generators
From CI Center for Information Technology Policy on October 5th, 2020
Security is too important to leave to chance. Security by design is often touted as the solution, but when your system is broken before you design it—something has gone very, very wrong.
Secure random number generators are a critical part of most deployed cryptosystems. When they fail, so does the cryptography.
Over the past two decades, researchers have discovered vulnerabilities in many of the most commonly deployed algorithms that generate these random numbers. In more than one instance, researchers discovered flaws in proposed algorithms before it was too late. Yet, these algorithms still went on to become U.S. government standards and were broadly deployed.
This talk draws on Shaanan’s work discovering fatal flaws in real systems to find that behind each one is the hint of a new type of adversary, an adversary who threads flaws into our standards.
Shaanan Cohney is a postdoctoral research associate at CITP (2020-2021). Shaanan’s research centers on the interplay between networking protocols and the law, with particular focus on applications of cryptography. His methodology mixes reverse engineering and systems analysis, with approaches from legal scholarship.
Shaanan has won awards for his research and teaching including the Dean’s Award for Excellence in Tutoring (2014), Best Paper at ACM CCS (2016), and the inaugural Geller Fellowship (2019) from the Wharton Public Policy Initiative.
Prior to beginning his role at CITP, Shaanan served as a Cybersecurity Fellow in the office of U.S. Senator Ron Wyden, and as a technologist at the Federal Trade Commission’s Office of Policy Planning.
Shaanan completed his Ph.D., Masters of Science and Engineering, and Masters in Law at the University of Pennsylvania. Prior to that he was awarded a B.Sc and Diploma of Music (Vocal Performance) from the University of Melbourne.