{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,15]],"date-time":"2025-08-15T02:07:05Z","timestamp":1755223625913,"version":"3.43.0"},"reference-count":66,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,6,16]],"date-time":"2025-06-16T00:00:00Z","timestamp":1750032000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,6,16]],"date-time":"2025-06-16T00:00:00Z","timestamp":1750032000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,6,16]]},"DOI":"10.1109\/csf64896.2025.00037","type":"proceedings-article","created":{"date-parts":[[2025,8,11]],"date-time":"2025-08-11T17:40:16Z","timestamp":1754934016000},"page":"394-409","source":"Crossref","is-referenced-by-count":0,"title":["Formal Analysis of Random Nonce Misuses in Cryptographic Protocols"],"prefix":"10.1109","author":[{"given":"Gildas","family":"Avoine","sequence":"first","affiliation":[{"name":"INSA Rennes, Univ Rennes, CNRS, IRISA, IUF,Rennes,France"}]},{"given":"Tristan","family":"Claverie","sequence":"additional","affiliation":[{"name":"ANSSI, INSA Rennes, IRISA,Rennes,France"}]},{"given":"St\u00e9phanie","family":"Delaune","sequence":"additional","affiliation":[{"name":"Univ Rennes, CNRS, IRISA,Rennes,France"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/RISP.1994.296587"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/CSF49147.2020.00027"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-024-09492-8"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/11513988_27"},{"key":"ref5","article-title":"Formal Analysis of Random Nonce Misuses in Cryptographic Protocols","volume-title":"Technical report","author":"Avoine","year":"2025"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-58387-6_14"},{"key":"ref7","volume-title":"Modern Cryptography - Theory and Practice","author":"Bao","year":"2004"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.6028\/nist.sp.800-102"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2022.3154689"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-28641-4_8"},{"key":"ref11","volume-title":"PLY - Python Lex-Yacc","author":"Beazley"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0052242"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49890-3_28"},{"key":"ref14","first-page":"39","article-title":"Randomness of random in Cisco ASA","volume-title":"Symposium sur la S\u00e9curit\u00e9 des Technologies de l\u2019Information et de la Communication, SSTIC 2023","author":"Benadjila","year":"2023"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-38471-5_11"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1023\/A:1016549024113"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1561\/3300000004"},{"key":"ref18","article-title":"Bluetooth SIG","year":"2024","journal-title":"Bluetooth Core Specification"},{"key":"ref19","volume-title":"Offline bruteforce attack on WiFi Protected Setup","author":"Bongard","year":"2014"},{"key":"ref20","article-title":"BSI","year":"2024","journal-title":"Cryptographic Mechanisms: Recommendations and Key Lengths - BSI TR-02102\u20131"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/77648.77649"},{"key":"ref22","first-page":"5899","article-title":"Hash gone bad: Automated discovery of protocol attacks that exploit hash function weaknesses","volume-title":"32nd USENIX Security Symposium","author":"Cheval","year":"2023"},{"key":"ref23","first-page":"3935","article-title":"SAPIC+: protocol verifiers of the world, unite!","volume-title":"31st USENIX Security Symposium","author":"Cheval","year":"2022"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-51479-1_6"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53018-4_5"},{"key":"ref26","first-page":"5935","article-title":"Automated analysis of protocols that use authenticated encryption: How subtle AEAD differences can impact protocol security","volume-title":"32nd USENIX Security Symposium","author":"Cremers","year":"2023"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.17487\/rfc8937"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2019.00013"},{"key":"ref29","first-page":"1","article-title":"A Formal Analysis of IEEE 802.11 \u2019s WPA2: Countering the Kracks Caused by Cracking the Counters","volume-title":"29th USENIX Security Symposium","author":"Cremers","year":"2020"},{"key":"ref30","first-page":"6525","article-title":"DVSorder: Ballot Randomization Flaws Threaten Voter Privacy","volume-title":"33rd USENIX Security Symposium","author":"Crimmins","year":"2024"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-54455-6_6"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45537-X_1"},{"key":"ref33","article-title":"RFC 7664: Dragonfly Key Exchange","author":"Harkins","year":"2015","journal-title":"Internet Requests for Comments"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-47989-6_24"},{"key":"ref35","article-title":"ISO Central Secretary. IT Security techniques - Entity authentication - Part 4: Mechanisms using a cryptographic check function","year":"1999","journal-title":"Standard ISO\/IEC 9798\u20134: 1999, International Organization for Standardization"},{"key":"ref36","article-title":"ISO Central Secretary","year":"2019","journal-title":"IT Security techniques - Entity authentication - Part 2: Mechanisms using authenticated encryption. Standard ISO\/IEC 9798\u20132:2019, International Organization for Standardization"},{"key":"ref37","article-title":"ISO Central Secretary","year":"2019","journal-title":"IT Security techniques - Entity authentication - Part 3: Mechanisms using digital signature techniques. Standard ISO\/IEC 9798\u20133:2019, International Organization for Standardization"},{"key":"ref38","volume-title":"Journal of Cryptology","year":"2021"},{"key":"ref39","article-title":"Antoine Joux. Authentication Failures in NIST version of GCM","year":"2006","journal-title":"Technical report, DGA"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-77697-2_6"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0013902"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00862-7_5"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1016\/0020-0190(95)00144-2"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.1997.596782"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39799-8_48"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1201\/9780429466335"},{"key":"ref47","volume-title":"A New English Dictionary on Historical Principles","volume":"VI","author":"Murray","year":"1908"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/359657.359659"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417236"},{"key":"ref50","first-page":"185","article-title":"Reverse-Engineering a Cryptographic RFID Tag","volume-title":"17th USENIX Security Symposium","author":"Nohl","year":"2008"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.17487\/rfc6979"},{"key":"ref52","volume-title":"Formal analysis of security protocols: real-world case-studies and automated proof strategies","author":"Racouchot","year":"2024"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-25937-4_22"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1007\/11761679_23"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2012.25"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/188280.188298"},{"key":"ref57","article-title":"LoRaWAN Specification","author":"Sornin","year":"2016","journal-title":"LoRa Alliance"},{"key":"ref58","author":"Sornin","year":"2017","journal-title":"LoRaWAN 1.1 Specification"},{"key":"ref59","article-title":"Firmware Insider: Bluetooth Randomness is Mostly Random","volume-title":"14th USENIX Workshop on Offensive Technologies","author":"Tillmanns","year":"2020"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.6028\/nist.sp.800-44ver2"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134027"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00031"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00013"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP48549.2020.00034"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833777"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/ASIAJCIS.2013.25"}],"event":{"name":"2025 IEEE 38th Computer Security Foundations Symposium (CSF)","location":"Santa Cruz, CA, USA","start":{"date-parts":[[2025,6,16]]},"end":{"date-parts":[[2025,6,20]]}},"container-title":["2025 IEEE 38th Computer Security Foundations Symposium (CSF)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11097355\/11097828\/11097849.pdf?arnumber=11097849","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,12]],"date-time":"2025-08-12T05:23:36Z","timestamp":1754976216000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11097849\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,16]]},"references-count":66,"URL":"https:\/\/doi.org\/10.1109\/csf64896.2025.00037","relation":{},"subject":[],"published":{"date-parts":[[2025,6,16]]}}}