DNSSEC -- authenticated denial of existence : understanding zone enumeration

Over the years DNS has proved to be an integral part of the internet infracstructure. For our purposes, DNS is simply a large scale distributed database that maps human-readable domain names to network recognizable IP addresses. Unfortunately, authenticity of responses was not integral to the initial DNS design. This lead to the possibility of a very practical forgery of responses as displayed by Kaminsky's cache poisoning attacks. DNSSEC is primarily designed as a security extension of DNS, that guarantees authenticity of DNS responses. To answer invalid queries in an authenticated manner, DNSSEC initially employed the NSEC records. To its credit, NSEC allowed nameservers to precompute signatures for such negative responses offline. As a result, NSEC is highly scalable while preserving the authenticity/correctness of responses. But, while doing so, NSEC leaks domains from nameserver's zone. This is called zone enumeration. To counter zone enumeration, NSEC3 was deployed. It is a hashed authenticated denial of existence of mechanism,i.e., it reveals the hashes of the zones in a domain. NSEC3 yet allows offline signatures, and is scalable like NSEC. Unfortunately, hashes are vulnerable to dictionary attacks a property exploited by conventional NSEC3 zone enumeration tool, e.g., nsec3walkertool. This leads us to investigate the possibility of constructing an authenticated denial of existence of mechanism which yet allows offline cryptography. To do so, we first define the security goals of a "secure" DNSSEC mechanism in terms of an Authenticated Database System (ADS) with additional goals of privacy, that we define. Any protocol that achieves these goals, maintains the integrity of DNSSEC responses and prevents zone enumeration. We then show that any protocol that achieves such security goals, can be used to construct weak signatures that prevent selective forgeries. This construction, though a strong indication, doesn't confirm the impossibility of generating proofs offline. To confirm that such proofs aren't possible offline, we show attacks of zone enumeration on two large classes of proofs. The provers/responders in this case either repeat proofs non-negligibly often or select proofs as subsets from a pre-computed set of proof elements. The attackers we present use a dictionary of all elements that are likely to occur in the database/zone. The attackers prune the said dictionary to obtain the set of all elements in the database (along with a few additional elements that are erroneously classified to be in the database). These attackers minimize the number of queries made to such responders and are loosely based on the paradigm of Probably Approximately Correct learning as introduced by Valiant

A CCA2 secure Code based encryption scheme in the Standard Model

This paper proposes an encryption scheme secureagainst chosen cipher text attack, built on the Niederreiterencryption scheme. The security of the scheme is based on thehardness of the Syndrome Decoding problem and the Goppa CodeDistinguishability problem. The scheme uses the techniques providedby Peikert and Waters using the lossy trapdoor functions.Compared to the existing IND-CCA2 secure variants in standardmodel due to Dowsley et.al. and Freeman et. al. (using the repetition paradigm initiated by Rosen and Segev), this schemeis more efficient as it avoids repetitions

Utilization of Information Technology in Public Health Management: Trends and Challenges

Putting Information Technology (IT) into Public Health Management (PHM) has changed the way healthcare is provided by creating new ways to deal with difficult problems. This essay looks at current issues and trends in the use of IT in PHM, focusing on how it can help improve patient results and service performance. Recent trends show a move toward digitizing health information and using Electronic Health information (EHRs), which make it easier for healthcare workers to share data and work together. Telemedicine and mobile health apps have also made it easier for more people to get medical care, especially in places that are hard to reach or don\u27t have enough doctors. Even with these improvements, there are still problems with how IT is used in PHM. There are big problems with storing and exchanging health data because of worries about privacy and security. Strong hacking means and following data protection rules like the Health Insurance Portability and Accountability Act (HIPAA) are needed to protect the privacy and safety of patient information. The digital gap is another problem. This is when some groups of people can\u27t use technology or can\u27t get their hands on it. To close this gap, we need creative solutions like community-based projects and relationships with tech companies. Additionally, the fast pace of technological progress means that healthcare workers need to keep learning and training to make sure they have the right skills to use IT successfully in PHM. DOI: https://doi.org/10.52710/seejph.49

On Provably Secure Code-based Signature and Signcryption Scheme

Signcryption is a cryptographic protocol that provides authentication and confidentiality as a single primitive at a cost lower than the combined cost of sign and encryption. Due to the improved efficiency, signcryption schemes have found significant applications in areas related to E-commerce. Shor’s algorithm [22] poses a threat to number-theoretic algorithms, as it can solve the number-theoretic hard problems in polynomial time using quantum computers. Therefore, code-based cryptography offers an exciting alternative to number-theoretic cryptography, as it is not only resistant to quantum algorithms, but also, the base operation (matrix-vector multiplication) is far less computationally intensive compared to the modular exponentiation required in number-theoretic schemes. Courtois, Finiasz and Sendrier proposed the only practical code-based signature(CFS signature) [7]. It can be used to realise many cryptographic primitives. But the signature is currently not provably secure due to the existence of the high rate distinguisher [11]. In this paper, we make use of an alternate key-construct for the CFS signature, and thus prove its existential unforgeability under chosen message attacks (EUF-CMA). Also, we propose a code-based signcryption scheme and proved its security. To the best of our knowledge, this is the first code-based, provably secure signature and signcryption scheme in literature

Absolute frequency measurements in Yb with 0.08 ppb uncertainty: Isotope shifts and hyperfine structure in the 399-nm 1S0−>1P1^{1}S_{0} -> ^{1}P_{1} line

We apply our recent technique of using a Rb-stabilized ring-cavity resonator to measure the absolute frequencies of various isotopic components in the 399-nm $^{1}S_{0} -> ^{1}P_{1}$ line of Yb. For the transitionin $^{174}Yb$, we obtain a value of 751 525 987.761(60) MHz, representing a relative uncertainty of 0.08 ppb. We also obtain the isotope shifts and hyperfine structure with 50 kHz precision, an order-of-magnitude improvement over our earlier measurements on this line. Our earlier work had helped in resolving some discrepancies among previous measurements, and the present work further confirms those results

Clinical performance of newly developed android mobile digital application on tooth shade reproduction: A multicenter randomized controlled clinical trial

Aim: This study aimed to determine the clinical effectiveness of android mobile digital application shade matching on tooth shade reproduction. Setting and Design: This was a double-blind randomized controlled clinical trial (REF/2021/03/042258). Materials and Methods: Thirty participants were selected from the two dental centers. The participant who required full-coverage restorations in one of the central incisors with adjacent central incisor untouched was the main inclusion criteria. Three metal–ceramic or all-ceramic crowns were fabricated with reference shades from Vita Three-Dimensional (3D) Master shade guide, Vita Easyshade spectrophotometer, and mobile application for each participant. ΔE values between reference maxillary central incisor and metal–ceramic and all-ceramic crowns were measured for each participant. In addition, two operators and participants observed the clinical agreement between for each crown on a visual analog scale. Statistical Analysis Used: ANOVA statistics and Turkey's post hoc test were used for ΔE value. Kappa statistics was used for clinical agreement. Results: Mean ΔE value of fabricated metal–ceramic and all-ceramic crowns and reference maxillary central incisor of Vita 3D Master shade guide was significantly higher than Vita Easyshade spectrophotometer and mobile digital application (P = 0.004). However, ΔE values of Vita Easyshade and mobile digital application were contiguous. However, ΔE value of Vita 3D Master was lower than clinically acceptable value of intraoral color difference. Kappa value figured moderate agreement for Vita Easyshade and mobile digital application and slight to no agreement for Vita 3D Master. Conclusion: Within the limitations of the study, the Android mobile digital application can turn up as a reliable method for shade selection

NSEC5: Provably Preventing DNSSEC Zone Enumeration

DNSSEC is designed to prevent network attackers from tampering with domain name system (DNS) messages. The cryptographic machinery used in DNSSEC, however, also creates a new vulnerability—-zone enumeration, where an adversary launches a small number of online DNSSEC queries and then uses offline dictionary attacks to learn which domain names are present or absent in a DNS zone. We explain why the current DNSSEC standard (with NSEC and NSEC3) suffers from zone enumeration; we do this via cryptographic lower bounds that prove that DNSSEC’s design goals — security against network attackers, and privacy against zone enumeration — cannot be satisfied without online signing of DNSSEC responses. We then introduce NSEC5, a new cryptographic construction that solves the problem of DNSSEC zone enumeration while matching our lower bounds and remaining faithful to the operational realities of DNSSEC. NSEC5 can be thought of as a variant of NSEC3, where the hash function is replaced with an RSA-based keyed-hashing scheme. 1 Zone enumeration issues in DNSSEC To understand the zone enumeration problem, we can partition the functionalities of DNSSE