Attacking RSA-based sessions in SSL/TLS

Abstract. In this paper we present a practically feasible attack on RSA-based sessions in SSL/TLS protocols. These protocols incorporate the PKCS#1 (v. 1.5) encoding method for the RSA encryption of a premaster-secret value. The premaster-secret is the only secret value that is used for deriving all the particular session keys. Therefore, an attacker who can recover the premastersecret can decrypt the whole captured SSL/TLS session. We show that incorporating a version number check over PKCS#1 plaintext used in the SSL/TLS creates a side channel that allows the attacker to invert the RSA encryption. The attacker can then either recover the premaster-secret or sign a message on behalf of the server. Practical tests showed that two thirds of randomly chosen Internet SSL/TLS servers were vulnerable. The attack is an extension of Bleichenbacher’s attack on PKCS#1 (v. 1.5). We introduce the concept of a bad-version oracle (BVO) that covers the side channel leakage, and present several methods that speed up the original algorithm. Our attack was successfully tested in practice and the results of complexity measurements are presented in the paper. Plugging a testing server (2x Pentium III/1.4 GHz, 1 GB RAM, 100 Mb/s Ethernet, OS RedHat 7.2, Apache 1.3.27), it was possible to achieve a speed of 67.7 BVO calls per second for a 1024 bits RSA key. The median time for a whole attack on the premaster-secret could be then estimated as 54 hours and 42 minutes. We also propose and discuss countermeasures, which are both cryptographically acceptable and practically feasible. 1

Are preventive and generative causal reasoning symmetrical? Extinction and competition

We tested whether preventive and generative reasoning processes are symmetrical by keeping the training and testing of preventive (inhibitory) and generative (excitatory) causal cues as similar as possible. In Experiment 1, we extinguished excitors and inhibitors in a blocking design, in which each extinguished cause was presented in compound with a novel cause, with the same outcome occurring following the compound and following the novel cause alone. With this novel extinction procedure, the inhibitory cues seemed more likely to lose their properties than the excitatory cues. In Experiment 2, we investigated blocking of excitatory and inhibitory causes and found similar blocking effects. Taken together, these results suggest that acquisition of excitation and inhibition is similar, but that inhibition is more liable to extinguish with our extinction procedure. In addition, we used a variable outcome, and this enabled us to test the predictions of an inferential reasoning account about what happens when the outcome level is at its minimum or maximum (De Houwer, Beckers, & Glautier, 2002). We discuss the predictions of this inferential account, Rescorla and Wagner’s (1972) model, and a connectionist model—the auto-associator.Irina Baetu & A. G. Bake

Kamin blocking is not disrupted by amphetamine in human subjects.

The effect of oral amphetamine administration on the Kamin-blocking effect in healthy volunteer subjects was investigated. Against predictions, Kamin blocking was not disrupted by either a high or low oral dose of D-amphetamine under conditions which have, in previous studies, led to disruption of a related learning phenomenon (latent inhibition). This lack of effect of amphetamine administration upon Kamin blocking weakens hypotheses that this cognitive process is mediated by the same changes in dopaminergic activity which affect latent inhibition. Currently, the only data which show strong comparative associations between Kamin blocking and latent inhibition are when they are applied to schizophrenic populations. These results may suggest that Kamin blocking and latent inhibition may be measuring different aspects of schizophrenic cognitive dysfunction