{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T16:52:37Z","timestamp":1775667157453,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":47,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,24]],"date-time":"2017-10-24T00:00:00Z","timestamp":1508803200000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["EFRI-1441209, CNS-1505799, CNS-1408734, CNS-1410031"],"award-info":[{"award-number":["EFRI-1441209, CNS-1505799, CNS-1408734, CNS-1410031"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-14-1-0333"],"award-info":[{"award-number":["N00014-14-1-0333"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,10,24]]},"DOI":"10.1145\/2976749.2978395","type":"proceedings-article","created":{"date-parts":[[2016,10,25]],"date-time":"2016-10-25T08:46:35Z","timestamp":1477385195000},"page":"468-479","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":51,"title":["A Systematic Analysis of the Juniper Dual EC Incident"],"prefix":"10.1145","author":[{"given":"Stephen","family":"Checkoway","sequence":"first","affiliation":[{"name":"University of Illinois at Chicago, Chicago, IL, USA"}]},{"given":"Jacob","family":"Maskiewicz","sequence":"additional","affiliation":[{"name":"UC San Diego, La Jolla, CA, USA"}]},{"given":"Christina","family":"Garman","sequence":"additional","affiliation":[{"name":"Johns Hopkins University, Baltimore, MD, USA"}]},{"given":"Joshua","family":"Fried","sequence":"additional","affiliation":[{"name":"University of Pennsylvania, Philadelphia, PA, USA"}]},{"given":"Shaanan","family":"Cohney","sequence":"additional","affiliation":[{"name":"University of Pennsylvania, Philadelphia, PA, USA"}]},{"given":"Matthew","family":"Green","sequence":"additional","affiliation":[{"name":"Johns Hopkins University, Baltimore, MD, USA"}]},{"given":"Nadia","family":"Heninger","sequence":"additional","affiliation":[{"name":"University of Pennsylvania, Philadelphia, PA, USA"}]},{"given":"Ralf-Philipp","family":"Weinmann","sequence":"additional","affiliation":[{"name":"Comsecuris, Duisburg, Germany"}]},{"given":"Eric","family":"Rescorla","sequence":"additional","affiliation":[{"name":"UC San Diego, La Jolla, CA, USA"}]},{"given":"Hovav","family":"Shacham","sequence":"additional","affiliation":[{"name":"UC San Diego, La Jolla, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2016,10,24]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Digital signatures using reversible algorithms for the financial services industry (rDSA)","author":"Accredited Standards Committee (ASC) X9, Financial Services. ANS X9.31--1998","year":"1998","unstructured":"Accredited Standards Committee (ASC) X9, Financial Services. ANS X9.31--1998: Digital signatures using reversible algorithms for the financial services industry (rDSA), 1998. Withdrawn."},{"key":"e_1_3_2_1_2_1","volume-title":"Random number generation, part 3: Deterministic random bit generators","author":"Accredited Standards Committee (ASC) X9, Financial Services. ANS X9.82--3--2007","year":"2007","unstructured":"Accredited Standards Committee (ASC) X9, Financial Services. ANS X9.82--3--2007: Random number generation, part 3: Deterministic random bit generators, 2007."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813707"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/2206302"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/2206302"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10366-7_14"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44371-2_1"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-42045-0_18"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/2671225.2671246"},{"key":"e_1_3_2_1_10_1","volume-title":"Senate Armed Services Committee. Online: http:\/\/www.armed-services.senate.gov\/imo\/media\/doc\/Clapper_02-09--16.pdf","author":"Clapper J. R.","year":"2016","unstructured":"J. R. Clapper. Worldwide threat assessment of the U.S. intelligence community. Statement for the record, Senate Armed Services Committee. Online: http:\/\/www.armed-services.senate.gov\/imo\/media\/doc\/Clapper_02-09--16.pdf, Feb. 2016."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516653"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44381-1_3"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-46800-5_5"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1609956.1609966"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.5555\/2534766.2534818"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813703"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.42"},{"key":"e_1_3_2_1_18_1","volume-title":"draft","author":"Gj\u00f8steen K.","year":"2005","unstructured":"K. Gj\u00f8steen. Comments on Dual-EC-DRBG\/NIST SP 800--90, draft December 2005. Online: https:\/\/www.math.ntnu.no\/kristiag\/drafts\/dual-ec-drbg-comments.pdf, Mar. 2006."},{"issue":"1","key":"e_1_3_2_1_19_1","first-page":"66","article-title":"Randomness and the Netscape browser","volume":"21","author":"Goldberg I.","year":"1996","unstructured":"I. Goldberg and D. Wagner. Randomness and the Netscape browser. Dr. Dobb's Journal, 21 (1): 66--70, Jan. 1996.","journal-title":"Dr. Dobb's Journal"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.5"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2409"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.5555\/2362793.2362828"},{"key":"e_1_3_2_1_23_1","unstructured":"Juniper Networks. 2015--12 Out of Cycle Security Bulletin: ScreenOS: Multiple Security issues with ScreenOS (CVE-2015--7755 CVE-2015--7756) Dec. 15. URL https:\/\/kb.juniper.net\/InfoCenter\/index?page=content&id=JSA10713&cat=SIRT_1&actp=LIST."},{"key":"e_1_3_2_1_24_1","volume-title":"Dec.","author":"Networks Juniper","year":"2012","unstructured":"Juniper Networks. Concepts & Examples ScreenOS Reference Guide: Virtual Private Networks, rev. 02 edition, Dec. 2012. URL http:\/\/www.juniper.net\/techpubs\/software\/screenos\/screenos6.3.0\/630_ce_VPN.pdf."},{"key":"e_1_3_2_1_25_1","volume-title":"Oct.","author":"Networks Juniper","year":"2013","unstructured":"Juniper Networks. Juniper Networks product information about Dual_EC_DRBG. Knowledge Base Article KB28205, Oct. 2013. Online: https:\/\/web.archive.org\/web\/20151219210530\/https:\/\/kb.juniper.net\/InfoCenter\/index?page=content&id=KB28205&pmv=print&actp=LIST."},{"key":"e_1_3_2_1_26_1","volume-title":"Dec.","author":"Kaufman C.","year":"2005","unstructured":"C. Kaufman. Internet Key Exchange (IKEv2) Protocol. RFC 4306 (Proposed Standard), Dec. 2005. Obsoleted by RFC 5996, updated by RFC 5282. Online: https:\/\/tools.ietf.org\/html\/rfc4306."},{"key":"e_1_3_2_1_27_1","first-page":"800","article-title":"Dual EC","volume":"82","author":"Kelsey J.","unstructured":"J. Kelsey. Dual EC in X9.82 and SP 800--90A. Presentation to NIST VCAT committee, May 2014. Slides online http:\/\/csrc.nist.gov\/groups\/ST\/crypto-review\/documents\/dualec_in_X982_and_sp800--90.pdf.","journal-title":"X9"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/647933.740748"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"crossref","unstructured":"S. Kent. IP Encapsulating Security Payload (ESP). RFC 4303 (Proposed Standard) Nov. 2005. Online: https:\/\/tools.ietf.org\/html\/rfc4303.","DOI":"10.17487\/rfc4303"},{"key":"e_1_3_2_1_30_1","volume-title":"Dec.","author":"Kent S.","year":"2005","unstructured":"S. Kent and K. Seo. Security architecture for the Internet Protocol. RFC 4301 (Proposed Standard), Dec. 2005. Online: https:\/\/tools.ietf.org\/html\/rfc4301."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516706"},{"key":"e_1_3_2_1_32_1","unstructured":"P. Lacharme A. R\u00f6ck V. Strubel and M. Videau. The Linux pseudorandom number generator revisited. Cryptology ePrint Archive Report 2012\/251 2012. https:\/\/eprint.iacr.org\/."},{"key":"e_1_3_2_1_33_1","volume-title":"Dec.","author":"Moore H. D.","year":"2015","unstructured":"H. D. Moore. CVE-2015--7755: Juniper ScreenOS Authentication Backdoor. https:\/\/community.rapid7.com\/community\/infosec\/blog\/2015\/12\/20\/cve-2015--7755-juniper-screenos-authentication-backdoor, Dec. 2015."},{"key":"e_1_3_2_1_34_1","unstructured":"National Institute of Standards and Technology. NIST opens draft Special Publication 800--90A recommendation for random number generation using deterministic random bit generators for review and comment. http:\/\/csrc.nist.gov\/publications\/nistbul\/itlbul2013_09_supplemental.pdf Sept. 2013."},{"key":"e_1_3_2_1_35_1","volume-title":"Retrieved","author":"National Institute of Standards and Technology.","year":"2016","unstructured":"National Institute of Standards and Technology. CMVP historical validation list, Feb. 2016. URL http:\/\/csrc.nist.gov\/groups\/STM\/cmvp\/documents\/140--1\/140val-historical.htm. Retrieved February 18, 2016."},{"key":"e_1_3_2_1_36_1","volume-title":"Sept.","author":"Personnel Management Office","year":"2013","unstructured":"Office of Personnel Management. Juniper network firewall maintenance renewal. FedBizOps.gov solicitation number M-13-00031. Online: https:\/\/www.fbo.gov\/index?id=b3246ffee0a3e9c0ced948b3a8ebca7b, Sept. 2013."},{"key":"e_1_3_2_1_37_1","volume-title":"The New York Times","author":"Perlroth N.","year":"2013","unstructured":"N. Perlroth, J. Larson, and S. Shane. N.S.A. able to foil basic safeguards of privacy on Web. The New York Times, Sep. 5 2013. Online: http:\/\/www.nytimes.com\/2013\/09\/06\/us\/nsa-foils-much-internet-encryption.html."},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings of NDSS 2010","author":"Ristenpart T.","year":"2010","unstructured":"T. Ristenpart and S. Yilek. When good randomness goes bad: Virtual machine reset vulnerabilities and hedging deployed cryptography. In W. Lee, editor, Proceedings of NDSS 2010. Internet Society, Feb. 2010."},{"key":"e_1_3_2_1_39_1","unstructured":"B. Schoenmakers and A. Sidorenko. Cryptanalysis of the Dual Elliptic Curve pseudorandom generator. Cryptology ePrint Archive Report 2006\/190 2006. URL https:\/\/eprint.iacr.org\/."},{"key":"e_1_3_2_1_40_1","volume-title":"Aug.","author":"Shumow D.","year":"2007","unstructured":"D. Shumow and N. Ferguson. On the possibility of a back door in the NIST SP800--90 Dual Ec Prng. Presented at the Crypto 2007 rump session, Aug. 2007. Slides online: http:\/\/rump2007.cr.yp.to\/15-shumow.pdf."},{"key":"e_1_3_2_1_41_1","series-title":"LNCS","first-page":"129","volume-title":"Proceedings of Crypto","author":"Stevens M.","year":"2013","unstructured":"M. Stevens. Counter-cryptanalysis. In C. Ran and J. A. Garay, editors, Proceedings of Crypto 2013, Part I, volume 8042 of LNCS, pages 129--46. Springer-Verlag, Aug. 2013."},{"key":"e_1_3_2_1_42_1","volume-title":"Nov.","year":"2015","unstructured":"strongSwan. strongSwan: the opensource IPsec-based VPN solution, Nov. 2015. URL https:\/\/www.strongswan.org\/."},{"key":"e_1_3_2_1_43_1","volume-title":"Dec.","author":"Weinmann R.-P.","year":"2015","unstructured":"R.-P. Weinmann. Some analysis of the backdoored backdoor. Online: https:\/\/rpw.sh\/blog\/2015\/12\/21\/the-backdoored-backdoor\/, Dec. 2015."},{"key":"e_1_3_2_1_44_1","volume-title":"Jan.","author":"Worrall B.","year":"2016","unstructured":"B. Worrall. Advancing the security of Juniper products. Online: http:\/\/forums.juniper.net\/t5\/Security-Incident-Response\/Advancing-the-Security-of-Juniper-Products\/ba-p\/286383, Jan. 2016."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1644893.1644896"},{"key":"e_1_3_2_1_46_1","volume-title":"Jan.","author":"Ylonen T.","year":"2006","unstructured":"T. Ylonen and C. Lonvick. The Secure Shell (SSH) Protocol Architecture. RFC 4251 (Proposed Standard), Jan. 2006. Online: https:\/\/tools.ietf.org\/html\/rfc4251."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.5555\/1754542.1754551"}],"event":{"name":"CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security","location":"Vienna Austria","acronym":"CCS'16","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978395","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2976749.2978395","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2976749.2978395","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:24:31Z","timestamp":1763457871000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978395"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,10,24]]},"references-count":47,"alternative-id":["10.1145\/2976749.2978395","10.1145\/2976749"],"URL":"https:\/\/doi.org\/10.1145\/2976749.2978395","relation":{},"subject":[],"published":{"date-parts":[[2016,10,24]]},"assertion":[{"value":"2016-10-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}