149 research outputs found
Related-Key and Key-Collision Attacks Against RMAC
In [JJV02] Jaulmes, Joux, and Valette propose a new randomized
message authentication scheme, called RMAC, which NIST is currently
in the process of standardizing [NIS02]. In this work we
present several attacks against RMAC. The attacks are based on a
new protocol-level related-key attack against RMAC and can be
considered variants of Biham\u27s key-collision attack [Bih02].
These attacks provide insights into the RMAC design. We believe
that the protocol-level related-key attack is of independent
interest
Is the U.S. Legal System Ready for AI's Challenges to Human Values?
Our interdisciplinary study investigates how effectively U.S. laws confront
the challenges posed by Generative AI to human values. Through an analysis of
diverse hypothetical scenarios crafted during an expert workshop, we have
identified notable gaps and uncertainties within the existing legal framework
regarding the protection of fundamental values, such as privacy, autonomy,
dignity, diversity, equity, and physical/mental well-being. Constitutional and
civil rights, it appears, may not provide sufficient protection against
AI-generated discriminatory outputs. Furthermore, even if we exclude the
liability shield provided by Section 230, proving causation for defamation and
product liability claims is a challenging endeavor due to the intricate and
opaque nature of AI systems. To address the unique and unforeseeable threats
posed by Generative AI, we advocate for legal frameworks that evolve to
recognize new threats and provide proactive, auditable guidelines to industry
stakeholders. Addressing these issues requires deep interdisciplinary
collaborations to identify harms, values, and mitigation strategies.Comment: 25 pages, 7 figure
Rewriting History: Changing the Archived Web from the Present
The Internet Archive’s Wayback Machine is the largest modern web archive, preserving web content since 1996. We discover and analyze several vulnerabilities in how the Wayback Machine archives data, and then leverage these vulnerabilities to create what are to our knowledge the first attacks against a user’s view of the archived web. Our vulnerabilities are enabled by the unique interaction between the Wayback Machine’s archives, other websites, and a user’s browser, and attackers do not need to compromise the archives in order to compromise users’ views of a stored page. We demonstrate the effectiveness of our attacks through proof-of-concept implementations. Then, we conduct a measurement study to quantify the prevalence of vulnerabilities in the archive. Finally, we explore defenses which might be deployed by archives, website publishers, and the users of archives, and present the prototype of a defense for clients of the Wayback Machine, ArchiveWatcher
Securing Deployed RFIDs by Randomizing the Modulation and the Channel
RFID cards are widely used today in sensitive applications such as access control, payment systems, and asset tracking. Past work shows that an eavesdropper snooping on the communication between a card and its legitimate reader can break their cryptographic protocol and obtain their secret keys. One solution for this problem is to install stronger cryptographic protocols on the cards. However, RFIDs' size, power, and cost limitations do not allow for conventional cryptographic protocols. Further, installing new protocols requires revoking billions of cards in consumers hands and facilities worldwide, which is costly and impractical. In this paper, we ask whether one can secure RFIDs from such attacks without revoking or changing the insecure cards. We propose LocRF, a solution that changes the signal used to read the RFID cards but does not require any changes to the cards themselves. LocRF introduces a new approach that randomizes the modulation of the RFID signal as well as the wireless channel. This design protects RFIDs from eavesdroppers even if they use multi-antenna MIMO receivers. We built a prototype of LocRF on software-defined radios and used it to secure the communication of off-the-shelf cards. Both our analysis and empirical evaluation demonstrate theeffectiveness of LocRF
- …