Content delivery over TLS: a cryptographic analysis of keyless SSL

The Transport Layer Security (TLS) protocol is designed to allow two parties, a client and a server, to communicate securely over an insecure network. However, when TLS connections are proxied through an intermediate middlebox, like a Content Delivery Network (CDN), the standard endto- end security guarantees of the protocol no longer apply. In this paper, we investigate the security guarantees provided by Keyless SSL, a CDN architecture currently deployed by CloudFlare that composes two TLS 1.2 handshakes to obtain a proxied TLS connection. We demonstrate new attacks that show that Keyless SSL does not meet its intended security goals. These attacks have been reported to CloudFlare and we are in the process of discussing fixes. We argue that proxied TLS handshakes require a new, stronger, 3-party security definition. We present 3(S)ACCEsecurity, a generalization of the 2-party ACCE security definition that has been used in several previous proofs for TLS. We modify Keyless SSL and prove that our modifications guarantee 3(S)ACCE-security, assuming ACCE-security for the individual TLS 1.2 connections. We also propose a new design for Keyless TLS 1.3 and prove that it achieves 3(S)ACCEsecurity, assuming that the TLS 1.3 handshake implements an authenticated 2-party key exchange. Notably, we show that secure proxying in Keyless TLS 1.3 is computationally lighter and requires simpler assumptions on the certificate infrastructure than our proposed fix for Keyless SSL. Our results indicate that proxied TLS architectures, as currently used by a number of CDNs, may be vulnerable to subtle attacks and deserve close attention

Beyond Grinberg Equation in Cubic Planar Graphs

In this paper, Grinberg equation related to the Hamiltonicity of cubic planar graphs is revisited using the cycle base description of the graph and the related Laplacian. The advantages and the limitations of a pure Algebraic approach to Hamiltonicity are shown. Examples, showing the limitations are presented, too. Further possible approaches are suggested. Some unexpected results are shown, too

A multiplicity theorem for parametric superlinear (p, q)-equations

We consider a parametric nonlinear Robin problem driven by the sum of a p-Laplacian and of a q-Laplacian ((p, q)-equation). The reaction term is (p - 1)-superlinear but need not satisfy the Ambrosetti-Rabinowitz condition. Using variational tools, together with truncation and comparison techniques and critical groups, we show that for all small values of the parameter, the problem has at least five nontrivial smooth solutions, all with sign information

Location leakage in distance bounding: Why location privacy does not work

In many cases, we can only have access to a service by proving we are sufficiently close to a particular location (e.g. in automobile or building access control). In these cases, proximity can be guaranteed through signal attenuation. However, by using additional transmitters an attacker can relay signals between the prover and the verifier. Distance-bounding protocols are the main countermeasure against such attacks; however, such protocols may leak information regarding the location of the prover and/or the verifier who run the distance-bounding protocol. In this paper, we consider a formal model for location privacy in the context of distance-bounding. In particular, our contributions are threefold: we first define a security game for location privacy in distance bounding; secondly, we define an adversarial model for this game, with two adversary classes; finally, we assess the feasibility of attaining location privacy for distance-bounding protocols. Concretely, we prove that for protocols with a beginning or a termination, it is theoretically impossible to achieve location privacy for either of the two adversary classes, in the sense that there always exists a polynomially-bounded adversary winning the security game. However, for so-called limited adversaries, who cannot see the location of arbitrary provers, carefully chosen parameters do, in practice, enable computational location privacy

Breaking and Fixing the HB+DB protocol

HB+ is a lightweight authentication scheme, which is secure against passive attacks if the Learning Parity with Noise Prob- lem (LPN) is hard. However, HB+ is vulnerable to a key- recovery, man-in-the-middle (MiM) attack dubbed GRS. The HB+DB protocol added a distance-bounding dimension to HB+, and was experimentally proven to resist the GRS attack. We exhibit several security flaws in HB+DB. First, we refine the GRS strategy to induce a different key-recovery MiM attack, not deterred by HB+DB's distance bounding. Second, we prove HB+DB impractical as a secure distance-bounding (DB) protocol, as its DB security-levels scale poorly compared to other DB protocols. Third, we refute that HB+DB's security against passive attackers relies on the hardness of LPN; more-over, (erroneously) requiring such hardness lowers HB+DB's efficiency and security. We also propose a new distance-bounding protocol called BLOG. It retains parts of HB+DB, yet BLOG is provably secure and enjoys better (asymptotical) security

Health burden in type 2 diabetes and prediabetes in The Maastricht Study

Mortality in type 2 diabetes, is determined not only by classical complications, but also by comorbidities, and is linked to hyperglycaemia and apparent even in prediabetes. We aimed to comprehensively investigate, in a population-based cohort, health burden defined as the presence of comorbidities in addition to classical complications and cardiometabolic risk factors, in not only type 2 diabetes but also prediabetes. Such population-based study has not been performed previously. Extensive phenotyping was performed in 3,410 participants of the population-based Maastricht Study (15.0% prediabetes and 28.6% type 2 diabetes) to assess presence of 17 comorbidities, six classical complications, and ten cardiometabolic risk factors. These were added up into individual and combined sum scores and categorized. Group differences were studied with multinomial regression analyses adjusted for age and sex. Individuals with type 2 diabetes and prediabetes, as compared to normal glucose metabolism (NGM), had greater comorbidities, classical complications, cardiometabolic risk factors and combined sum scores (comorbidities sum score ≥ 3: frequencies (95% CI) 61.5% (57.6;65.4) and 41.2% (36.5;45.9) vs. 25.4% (23.5;27.4), p-trend < 0.001; classical complications ≥ 2 (26.6% (23.1;30.1; P < 0.001 vs. NGM) and 10.1% (7.8;12.7; P = 0.065 vs NGM) vs. 8.0% (6.9;9.3)); cardiometabolic risk factors ≥ 6 (39.7% (35.9;43.4) and 28.5% (24.5;32.6) vs. 14.0% (12.5;15.6); p-trend < 0.001); combined ≥ 8 (66.6% (62.7;70.5) and 48.4% (43.7;53.1) vs. 26.0%(24.1;28.0), p-trend < 0.001). Type 2 diabetes and prediabetes health burden was comparable to respectively 32 and 14 years of ageing. Our population-based study shows, independently of age and sex, a considerable health burden in both type 2 diabetes and prediabetes, which to a substantial extent can be attributed to comorbidities in addition to classical complications and cardiometabolic risk factors. Our findings emphasize the necessity of comorbidities' awareness in (pre)diabetes and for determining the exact role of hyperglycaemia in the occurrence of comorbidities

The Romanian Grassland Database (RGD): historical background, current status and future perspectives

This report describes the Romanian Grassland Database (RGD), registered under EU-RO-008 in the Global Index of Vegetation-Plot Databases (GIVD). This collaborative initiative aims at collecting all available vegetation-plot data (relevés) of grasslands and other open habitats from the territory of Romania and providing them for science, nationally and internationally, e.g. via the European Vegetation Archive (EVA) and the global database “sPlot”. It mainly contains data from wet, mesic, dry, saline, alpine and rocky grasslands, but also some other vegetation types like heathlands, mires, ruderal, segetal, aquatic and cryptogam-dominated vegetation. The currently 21,685 relevés have mainly been digitised from literature sources (90%), while the rest comes from individual unpublished sources (10%). We report on the background and history of RGD, explain its “Data Property and Governance Rules” under which data are contributed and retrieved and outline how RGD can contribute to research in the fields of vegetation ecology, macroecology and conservation