Key exchange with the help of a public ledger

Blockchains and other public ledger structures promise a new way to create globally consistent event logs and other records. We make use of this consistency property to detect and prevent man-in-the-middle attacks in a key exchange such as Diffie-Hellman or ECDH. Essentially, the MitM attack creates an inconsistency in the world views of the two honest parties, and they can detect it with the help of the ledger. Thus, there is no need for prior knowledge or trusted third parties apart from the distributed ledger. To prevent impersonation attacks, we require user interaction. It appears that, in some applications, the required user interaction is reduced in comparison to other user-assisted key-exchange protocols

On the security of some password-based key agreement schemes

In this paper we show that two potential security vulnerabilities exist in the strong password-only authenticated key exchange scheme due to Jablon. Two standardised schemes based on Jablon's scheme, namely the first password-based key agreement mechanism in ISO/IEC FCD 11770-4 and the scheme BPKAS-SPEKE in IEEE P1363.2 also suffer from one or both of these security vulnerabilities. We further show that other password-based key agreement mechanisms, including those in ISO/IEC FCD 11770-4 and IEEE P1363.2, also suffer from these two security vulnerabilities. Finally, we propose means to remove these security vulnerabilities

An Offline Dictionary Attack Against zkPAKE Protocol

Password Authenticated Key Exchange (PAKE) allows a user to establish a strong cryptographic key with a server, using only knowledge of a pre-shared password. One of the basic security requirements of PAKE is to prevent o ine dictionary attacks. In this paper, we revisit zkPAKE, an augmented PAKE that has been recently proposed by Mochetti, Resende, and Aranha (SBSeg 2015). Our work shows that the zkPAKE protocol is prone to o ine password guessing attack, even in the presence of an adversary that has only eavesdropping capabilities. Therefore, zkPAKE is insecure and should not be used as a password-authenticated key exchange mechanis

A method for making password-based key exchange resilient to server compromise

Abstract. This paper considers the problem of password-authenticated key exchange (PAKE) in a client-server setting, where the server authenticates using a stored password file, and it is desirable to maintain some degree of security even if the server is compromised. A PAKE scheme is said to be resilient to server compromise if an adversary who compromises the server must at least perform an offline dictionary attack to gain any advantage in impersonating a client. (Of course, offline dictionary attacks should be infeasible in the absence of server compromise.) One can see that this is the best security possible, since by definition the password file has enough information to allow one to play the role of the server, and thus to verify passwords in an offline dictionary attack. While some previous PAKE schemes have been proven resilient to server compromise, there was no known general technique to take an arbitrary PAKE scheme and make it provably resilient to server compromise. This paper presents a practical technique for doing so which requires essentially one extra round of communication and one signature computation/verification. We prove security in the universal composability framework by (1) defining a new functionality for PAKE with resilience to server compromise, (2) specifying a protocol combining this technique with a (basic) PAKE functionality, and (3) proving (in the random oracle model) that this protocol securely realizes the new functionality.

Cancer incidence in the vicinity of Finnish nuclear power plants: an emphasis on childhood leukemia

The objective of this paper was to study cancer incidence, especially leukemia in children (<15 years), in the vicinity of Finnish nuclear power plants (NPPs). We used three different approaches: ecological analysis at municipality level, residential cohorts defined from census data, and case–control analysis with individual residential histories. The standardized incidence ratio of childhood leukemia for the seven municipalities in the vicinity of NPPs was 1.0 (95% CI 0.6, 1.6) compared to the rest of Finland. The two cohorts defined by censuses of 1980 and 1990 gave rate ratios of 1.0 (95% CI 0.3, 2.6) and 0.9 (95% CI 0.2, 2.7), respectively, for childhood leukemia in the population residing within 15 km from the NPPs compared to the 15–50 km zone. The case–control analysis with 16 cases of childhood leukemia and 64 matched population-based controls gave an odds ratio for average distance between residence and NPP in the closest 5–9.9 km zone of 0.7 (95% CI 0.1, 10.4) compared to ≥30 km zone. Our results do not indicate an increase in childhood leukemia and other cancers in the vicinity of Finnish NPPs though the small sample size limits the strength of conclusions. The conclusion was the same for adults

Interventional radiography and mortality risks in U.S. radiologic technologists

With the exponential increase in minimally invasive fluoroscopically guided interventional radiologic procedures, concern has increased about the health effects on staff and patients of radiation exposure from these procedures. There has been no systematic epidemiologic investigation to quantify serious disease risks or mortality. To quantify all-cause, circulatory system disease and cancer mortality risks in U.S. radiologic technologists who work with interventional radiographic procedures, we evaluated mortality risks in a nationwide cohort of 88,766 U.S. radiologic technologists (77% female) who completed a self-administered questionnaire during 1994–998 and were followed through 31 December 2003. We obtained information on work experience, types of procedures (including fluoroscopically guided interventional procedures), and protective measures plus medical, family cancer history, lifestyle, and reproductive information. Cox proportional hazards regression models were used to compute relative risks (RRs) with 95% confidence intervals (CIs). Between completion of the questionnaire and the end of follow-up, there were 3,581 deaths, including 1,209 from malignancies and 979 from circulatory system diseases. Compared to radiologic technologists who never or rarely performed or assisted with fluoroscopically guided interventional procedures, all-cause mortality risks were not increased among those working on such procedures daily. Similarly, there was no increased risk of mortality resulting from all circulatory system diseases combined, all cancers combined, or female breast cancer among technologists who daily performed or assisted with fluoroscopically guided interventional procedures. Based on small numbers of deaths (n=151), there were non-significant excesses (40%–0%) in mortality from cerebrovascular disease among technologists ever working with these procedures. The absence of significantly elevated mortality risks in radiologic technologists reporting the highest frequency of interventional radiography procedures must be interpreted cautiously in light of the small number of deaths during the relatively short follow-up. The present study cannot rule out increased risks of cerebrovascular disease, specific cancers, and diseases with low case-fatality rates or a long latency period preceding death

Incidence of childhood leukaemia in the vicinity of nuclear sites in France, 1990–1998

Overall, 670 cases (O) of childhood leukaemia were diagnosed within 20 km of the 29 French nuclear installations between 1990 and 1998 compared to an expected number (E) of 729.09 cases (O/E=0.92, 95% confidence interval (CI)=[0.85-0.99]). Each of the four areas defined around the sites showed non significant deficits of cases (0-5 km: O=65, O/E=0.87, CI=[0.67-1.10]; 5-10 km: O=165, O/E=0.95, CI=[0.81-1.10]; 10-15 km: O=220, O/E=0.88, CI=[0.77-1.00]; 15-20 km: O=220, O/E=0.96, CI=[0.84-1.10]). There was no evidence of a trend in standardised incidence ratio with distance from the sites for all children or for any of the three age groups studied. Similar results were obtained when the start-up year of the electricity-generating nuclear sites and their electric nuclear power were taken into account. No evidence was found of a generally increased risk of childhood leukaemia around the 29 French nuclear sites under study during 1990-1998

Forward Secrecy of SPAKE2

Currently, the Simple Password-Based Encrypted Key Exchange (SPAKE2) protocol of Abdalla and Pointcheval (CT-RSA 2005) is being considered by the IETF for standardization and integration in TLS 1.3. Although it has been proven secure in the Find-then-Guess model of Bellare, Pointcheval and Rogaway (EUROCRYPT 2000), whether it satisfies some notion of forward secrecy remains an open question. In this work, we prove that the SPAKE2 protocol satisfies the so-called weak forward secrecy introduced by Krawczyk (CRYPTO 2005). Furthermore, we demonstrate that the incorporation of key-confirmation codes in SPAKE2 results in a protocol that provably satisfies the stronger notion of perfect forward secrecy. As forward secrecy is an explicit requirement for cipher suites supported in the TLS handshake, we believe this work could fill the gap in the literature and facilitate the adoption of SPAKE2 in the recently approved TLS 1.3