{"id":"https://openalex.org/W2532945044","doi":"https://doi.org/10.1145/2976749.2978395","title":"A Systematic Analysis of the Juniper Dual EC Incident","display_name":"A Systematic Analysis of the Juniper Dual EC Incident","publication_year":2016,"publication_date":"2016-10-24","ids":{"openalex":"https://openalex.org/W2532945044","doi":"https://doi.org/10.1145/2976749.2978395","mag":"2532945044"},"language":"en","primary_location":{"id":"doi:10.1145/2976749.2978395","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2976749.2978395","pdf_url":"http://dl.acm.org/ft_gateway.cfm?id=2978395&type=pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"http://dl.acm.org/ft_gateway.cfm?id=2978395&type=pdf","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5069566952","display_name":"Stephen Checkoway","orcid":null},"institutions":[{"id":"https://openalex.org/I39422238","display_name":"University of Illinois Chicago","ror":"https://ror.org/02mpq6x41","country_code":"US","type":"education","lineage":["https://openalex.org/I39422238"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Stephen Checkoway","raw_affiliation_strings":["University of Illinois at Chicago, Chicago, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois at Chicago, Chicago, IL, USA","institution_ids":["https://openalex.org/I39422238"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5040091363","display_name":"Jacob Maskiewicz","orcid":null},"institutions":[{"id":"https://openalex.org/I36258959","display_name":"University of California, San Diego","ror":"https://ror.org/0168r3w48","country_code":"US","type":"education","lineage":["https://openalex.org/I36258959"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jacob Maskiewicz","raw_affiliation_strings":["UC San Diego, La Jolla, CA, USA"],"affiliations":[{"raw_affiliation_string":"UC San Diego, La Jolla, CA, USA","institution_ids":["https://openalex.org/I36258959"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029779272","display_name":"Christina Garman","orcid":"https://orcid.org/0009-0006-5077-5404"},"institutions":[{"id":"https://openalex.org/I145311948","display_name":"Johns Hopkins University","ror":"https://ror.org/00za53h95","country_code":"US","type":"education","lineage":["https://openalex.org/I145311948"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Christina Garman","raw_affiliation_strings":["Johns Hopkins University, Baltimore, MD, USA"],"affiliations":[{"raw_affiliation_string":"Johns Hopkins University, Baltimore, MD, USA","institution_ids":["https://openalex.org/I145311948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031595297","display_name":"Joshua Fried","orcid":"https://orcid.org/0000-0002-5761-3516"},"institutions":[{"id":"https://openalex.org/I79576946","display_name":"University of Pennsylvania","ror":"https://ror.org/00b30xv10","country_code":"US","type":"education","lineage":["https://openalex.org/I79576946"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Joshua Fried","raw_affiliation_strings":["University of Pennsylvania, Philadelphia, PA, USA"],"affiliations":[{"raw_affiliation_string":"University of Pennsylvania, Philadelphia, PA, USA","institution_ids":["https://openalex.org/I79576946"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061801902","display_name":"Shaanan Cohney","orcid":"https://orcid.org/0000-0002-0890-6590"},"institutions":[{"id":"https://openalex.org/I79576946","display_name":"University of Pennsylvania","ror":"https://ror.org/00b30xv10","country_code":"US","type":"education","lineage":["https://openalex.org/I79576946"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shaanan Cohney","raw_affiliation_strings":["University of Pennsylvania, Philadelphia, PA, USA"],"affiliations":[{"raw_affiliation_string":"University of Pennsylvania, Philadelphia, PA, USA","institution_ids":["https://openalex.org/I79576946"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100626525","display_name":"Matthew Green","orcid":"https://orcid.org/0000-0001-5518-3412"},"institutions":[{"id":"https://openalex.org/I145311948","display_name":"Johns Hopkins University","ror":"https://ror.org/00za53h95","country_code":"US","type":"education","lineage":["https://openalex.org/I145311948"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Matthew Green","raw_affiliation_strings":["Johns Hopkins University, Baltimore, MD, USA"],"affiliations":[{"raw_affiliation_string":"Johns Hopkins University, Baltimore, MD, USA","institution_ids":["https://openalex.org/I145311948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007301401","display_name":"Nadia Heninger","orcid":"https://orcid.org/0000-0002-7904-7295"},"institutions":[{"id":"https://openalex.org/I79576946","display_name":"University of Pennsylvania","ror":"https://ror.org/00b30xv10","country_code":"US","type":"education","lineage":["https://openalex.org/I79576946"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nadia Heninger","raw_affiliation_strings":["University of Pennsylvania, Philadelphia, PA, USA"],"affiliations":[{"raw_affiliation_string":"University of Pennsylvania, Philadelphia, PA, USA","institution_ids":["https://openalex.org/I79576946"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112446252","display_name":"Ralf-Philipp Weinmann","orcid":null},"institutions":[{"id":"https://openalex.org/I4210105119","display_name":"Entwicklungszentrum f\u00fcr Schiffstechnik und Transportsysteme","ror":"https://ror.org/0163bsq78","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210105119"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ralf-Philipp Weinmann","raw_affiliation_strings":["Comsecuris, Duisburg, Germany"],"affiliations":[{"raw_affiliation_string":"Comsecuris, Duisburg, Germany","institution_ids":["https://openalex.org/I4210105119"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046950468","display_name":"Eric Rescorla","orcid":null},"institutions":[{"id":"https://openalex.org/I36258959","display_name":"University of California, San Diego","ror":"https://ror.org/0168r3w48","country_code":"US","type":"education","lineage":["https://openalex.org/I36258959"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Eric Rescorla","raw_affiliation_strings":["UC San Diego, La Jolla, CA, USA"],"affiliations":[{"raw_affiliation_string":"UC San Diego, La Jolla, CA, USA","institution_ids":["https://openalex.org/I36258959"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5006975767","display_name":"Hovav Shacham","orcid":"https://orcid.org/0009-0008-0225-8714"},"institutions":[{"id":"https://openalex.org/I36258959","display_name":"University of California, San Diego","ror":"https://ror.org/0168r3w48","country_code":"US","type":"education","lineage":["https://openalex.org/I36258959"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hovav Shacham","raw_affiliation_strings":["UC San Diego, La Jolla, CA, USA"],"affiliations":[{"raw_affiliation_string":"UC San Diego, La Jolla, CA, USA","institution_ids":["https://openalex.org/I36258959"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":10,"corresponding_author_ids":["https://openalex.org/A5069566952"],"corresponding_institution_ids":["https://openalex.org/I39422238"],"apc_list":null,"apc_paid":null,"fwci":6.2505,"has_fulltext":true,"cited_by_count":70,"citation_normalized_percentile":{"value":0.97807754,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"468","last_page":"479"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11017","display_name":"Chaos-based Image/Signal Encryption","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11017","display_name":"Chaos-based Image/Signal Encryption","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6529403924942017},{"id":"https://openalex.org/keywords/juniper","display_name":"Juniper","score":0.5784584283828735},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.49068963527679443},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4734194874763489},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.45326492190361023},{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.4448711574077606},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.4265534579753876},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.24138858914375305}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6529403924942017},{"id":"https://openalex.org/C2780476401","wikidata":"https://www.wikidata.org/wiki/Q25662","display_name":"Juniper","level":2,"score":0.5784584283828735},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.49068963527679443},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4734194874763489},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.45326492190361023},{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.4448711574077606},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.4265534579753876},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.24138858914375305},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0},{"id":"https://openalex.org/C97137747","wikidata":"https://www.wikidata.org/wiki/Q38112","display_name":"Forestry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2976749.2978395","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2976749.2978395","pdf_url":"http://dl.acm.org/ft_gateway.cfm?id=2978395&type=pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/2976749.2978395","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2976749.2978395","pdf_url":"http://dl.acm.org/ft_gateway.cfm?id=2978395&type=pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.5400000214576721,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G1086111944","display_name":null,"funder_award_id":"1441209","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2192838842","display_name":null,"funder_award_id":"CNS-1505799","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2695070368","display_name":"TWC: Medium: Collaborative: Black-Box Evaluation of Cryptographic Entropy at Scale","funder_award_id":"1410031","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G38644319","display_name":null,"funder_award_id":"N00014-14-1-0333","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G4002987656","display_name":"TC: Large:Self Protecting Electronic Medical Records","funder_award_id":"1010928","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4592769358","display_name":null,"funder_award_id":"EFRI-1441209, CNS-1505799, CNS-1408734, CNS-1410031","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G670166680","display_name":"Synergy: Collaborative: Security and Privacy-Aware Cyber-Physical Systems","funder_award_id":"1505799","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8476105519","display_name":null,"funder_award_id":"CNS-1408734","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8876996369","display_name":null,"funder_award_id":"N00014","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320307791","display_name":"Cisco Systems","ror":"https://ror.org/03yt1ez60"},{"id":"https://openalex.org/F4320327705","display_name":"Mozilla Foundation","ror":"https://ror.org/01y8r3379"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2532945044.pdf","grobid_xml":"https://content.openalex.org/works/W2532945044.grobid-xml"},"referenced_works_count":36,"referenced_works":["https://openalex.org/W124127463","https://openalex.org/W180983570","https://openalex.org/W639928820","https://openalex.org/W1531813576","https://openalex.org/W1564219727","https://openalex.org/W1857692135","https://openalex.org/W1873601359","https://openalex.org/W1949661937","https://openalex.org/W1976476866","https://openalex.org/W2001637908","https://openalex.org/W2042923641","https://openalex.org/W2061893451","https://openalex.org/W2076745395","https://openalex.org/W2077667328","https://openalex.org/W2101022010","https://openalex.org/W2101774955","https://openalex.org/W2114398364","https://openalex.org/W2121670402","https://openalex.org/W2129719496","https://openalex.org/W2134101189","https://openalex.org/W2139767578","https://openalex.org/W2140471436","https://openalex.org/W2169455260","https://openalex.org/W2295782180","https://openalex.org/W2319324897","https://openalex.org/W2396656690","https://openalex.org/W2397798646","https://openalex.org/W2407063206","https://openalex.org/W2901519077","https://openalex.org/W3014846293","https://openalex.org/W4290473017","https://openalex.org/W6640866947","https://openalex.org/W6677936465","https://openalex.org/W6697295644","https://openalex.org/W6814336774","https://openalex.org/W6830511510"],"related_works":["https://openalex.org/W4247297432","https://openalex.org/W2021045911","https://openalex.org/W1726101563","https://openalex.org/W2582981600","https://openalex.org/W4389238932","https://openalex.org/W4387467152","https://openalex.org/W1991642247","https://openalex.org/W3010413952","https://openalex.org/W4212885212","https://openalex.org/W3084814329"],"abstract_inverted_index":{"In":[0,54],"December":[1],"2015,":[2],"Juniper":[3,103],"Networks":[4],"announced":[5],"multiple":[6],"security":[7],"vulnerabilities":[8,28],"stemming":[9],"from":[10],"unauthorized":[11],"code":[12],"in":[13,80,106,154,175,212,229,250],"ScreenOS,":[14],"the":[15,42,48,59,67,99,125,142,170,182,191,222,230],"operating":[16],"system":[17],"for":[18,241],"their":[19],"NetScreen":[20,187],"VPN":[21,32,71,127,210],"routers.":[22],"The":[23],"more":[24],"sophisticated":[25],"of":[26,41,61,66,115,162,172,224,238],"these":[27],"was":[29],"a":[30,37,62,160,176,185],"passive":[31,135],"decryption":[33],"capability,":[34],"enabled":[35],"by":[36,47,137,189],"change":[38],"to":[39,82,90,121,134,151,193,205],"one":[40],"elliptic":[43,100],"curve":[44,101,145],"points":[45],"used":[46],"Dual":[49,86,143,173],"EC":[50,87,144,174],"pseudorandom":[51],"number":[52,243],"generator.":[53],"this":[55,83,113],"paper,":[56],"we":[57,77,199],"describe":[58],"results":[60],"full":[63],"independent":[64],"analysis":[65],"ScreenOS":[68,109,126,227],"randomness":[69],"and":[70,198,246],"key":[72],"establishment":[73],"protocol":[74],"subsystems,":[75],"which":[76],"carried":[78],"out":[79],"response":[81],"incident.":[84],"While":[85],"is":[88,203,234],"known":[89],"be":[91],"insecure":[92],"against":[93,112],"an":[94,138,208,235],"attacker":[95,139],"who":[96,140],"can":[97,248],"choose":[98],"parameters,":[102,197],"had":[104],"claimed":[105],"2013":[107],"that":[108,164,201],"included":[110],"countermeasures":[111,156],"type":[114],"attack.":[116],"We":[117,180,220],"find":[118],"that,":[119],"contrary":[120],"Juniper's":[122,155],"public":[123],"statements,":[124],"implementation":[128],"has":[129],"been":[130],"vulnerable":[131],"since":[132],"2008":[133,178],"exploitation":[136],"selects":[141],"point.":[146],"This":[147,232],"vulnerability":[148,183],"arises":[149],"due":[150],"apparent":[152],"flaws":[153],"as":[157,159],"well":[158],"cluster":[161],"changes":[163],"were":[165],"all":[166],"introduced":[167],"concurrently":[168],"with":[169],"inclusion":[171],"single":[177],"release.":[179],"demonstrate":[181],"on":[184],"real":[186],"device":[188],"modifying":[190],"firmware":[192],"install":[194],"our":[195],"own":[196],"show":[200],"it":[202],"possible":[204],"passively":[206,225],"decrypt":[207],"individual":[209],"session":[211],"isolation":[213],"without":[214],"observing":[215],"any":[216],"other":[217],"network":[218],"traffic.":[219],"investigate":[221],"possibility":[223],"fingerprinting":[226],"implementations":[228],"wild.":[231],"incident":[233],"important":[236],"example":[237],"how":[239],"guidelines":[240],"random":[242],"generation,":[244],"engineering,":[245],"validation":[247],"fail":[249],"practice.":[251]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":9},{"year":2019,"cited_by_count":9},{"year":2018,"cited_by_count":21},{"year":2017,"cited_by_count":6},{"year":2016,"cited_by_count":1}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}