Related-Key and Key-Collision Attacks Against RMAC

In [JJV02] Jaulmes, Joux, and Valette propose a new randomized message authentication scheme, called RMAC, which NIST is currently in the process of standardizing [NIS02]. In this work we present several attacks against RMAC. The attacks are based on a new protocol-level related-key attack against RMAC and can be considered variants of Biham\u27s key-collision attack [Bih02]. These attacks provide insights into the RMAC design. We believe that the protocol-level related-key attack is of independent interest

Is the U.S. Legal System Ready for AI's Challenges to Human Values?

Our interdisciplinary study investigates how effectively U.S. laws confront the challenges posed by Generative AI to human values. Through an analysis of diverse hypothetical scenarios crafted during an expert workshop, we have identified notable gaps and uncertainties within the existing legal framework regarding the protection of fundamental values, such as privacy, autonomy, dignity, diversity, equity, and physical/mental well-being. Constitutional and civil rights, it appears, may not provide sufficient protection against AI-generated discriminatory outputs. Furthermore, even if we exclude the liability shield provided by Section 230, proving causation for defamation and product liability claims is a challenging endeavor due to the intricate and opaque nature of AI systems. To address the unique and unforeseeable threats posed by Generative AI, we advocate for legal frameworks that evolve to recognize new threats and provide proactive, auditable guidelines to industry stakeholders. Addressing these issues requires deep interdisciplinary collaborations to identify harms, values, and mitigation strategies.Comment: 25 pages, 7 figure

Rewriting History: Changing the Archived Web from the Present

The Internet Archive’s Wayback Machine is the largest modern web archive, preserving web content since 1996. We discover and analyze several vulnerabilities in how the Wayback Machine archives data, and then leverage these vulnerabilities to create what are to our knowledge the first attacks against a user’s view of the archived web. Our vulnerabilities are enabled by the unique interaction between the Wayback Machine’s archives, other websites, and a user’s browser, and attackers do not need to compromise the archives in order to compromise users’ views of a stored page. We demonstrate the effectiveness of our attacks through proof-of-concept implementations. Then, we conduct a measurement study to quantify the prevalence of vulnerabilities in the archive. Finally, we explore defenses which might be deployed by archives, website publishers, and the users of archives, and present the prototype of a defense for clients of the Wayback Machine, ArchiveWatcher

Securing Deployed RFIDs by Randomizing the Modulation and the Channel

RFID cards are widely used today in sensitive applications such as access control, payment systems, and asset tracking. Past work shows that an eavesdropper snooping on the communication between a card and its legitimate reader can break their cryptographic protocol and obtain their secret keys. One solution for this problem is to install stronger cryptographic protocols on the cards. However, RFIDs' size, power, and cost limitations do not allow for conventional cryptographic protocols. Further, installing new protocols requires revoking billions of cards in consumers hands and facilities worldwide, which is costly and impractical. In this paper, we ask whether one can secure RFIDs from such attacks without revoking or changing the insecure cards. We propose LocRF, a solution that changes the signal used to read the RFID cards but does not require any changes to the cards themselves. LocRF introduces a new approach that randomizes the modulation of the RFID signal as well as the wireless channel. This design protects RFIDs from eavesdroppers even if they use multi-antenna MIMO receivers. We built a prototype of LocRF on software-defined radios and used it to secure the communication of off-the-shelf cards. Both our analysis and empirical evaluation demonstrate theeffectiveness of LocRF