Pseudo-randomness Inside Web Browsers

Authors:
Zhi Guan;Long Zhang;Zhong Chen;Xianghao Nan
Affiliations:
Institute of Software, School of EECS, Peking University., Key Lab of High Confidence Software Technologies (Peking Univ.), Ministry of Education,;Institute of Software, School of EECS, Peking University., Key Lab of High Confidence Software Technologies (Peking Univ.), Ministry of Education,;Institute of Software, School of EECS, Peking University., Key Lab of High Confidence Software Technologies (Peking Univ.), Ministry of Education,;Institute of Software, School of EECS, Peking University., Key Lab of High Confidence Software Technologies (Peking Univ.), Ministry of Education,
Venue:
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Year:
2008

Citing 9
Cited 0

Handbook of Applied Cryptography

Handbook of Applied Cryptography
"Pseudo-Random" Number Generation Within Cryptographic Algorithms: The DDS Case

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Guide to Elliptic Curve Cryptography

Guide to Elliptic Curve Cryptography
A model and architecture for pseudo-random generation with applications to /dev/random

Proceedings of the 12th ACM conference on Computer and communications security
Analysis of the Linux Random Number Generator

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Software generation of practically strong random numbers

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Beamauth: two-factor web authentication with a bookmark

Proceedings of the 14th ACM conference on Computer and communications security
Cryptanalysis of the windows random number generator

Proceedings of the 14th ACM conference on Computer and communications security
WebIBC: Identity Based Cryptography for Client Side Security in Web Applications

ICDCS '08 Proceedings of the 2008 The 28th International Conference on Distributed Computing Systems

Quantified Score

Hi-index	0.01

Visualization

Abstract

With the increasing concerns over the security and privacy of Web based applications, many solutions based on strong cryptography have been proposed to protect client side Web applications against attacks such as phishing, pharming and even server side attacks. While strong cryptography is used, one critical building block in cryptosystem, the random number generator, is often neglected. Considering this situation, in this paper we design and implement a pseudo-random number generator only rely on ubiquitous Web browser abilities - JavaScript, HTML and AJAX. We also provide a mechanism called Pseudo-cookiefor JavaScript programs to access operating system services for retrieving random or entropy values without changing Web browser security policies. The security model, analysis and performance evaluation demonstrate that our method is secure and efficient.