Online privacy: towards informational self-determination on the internet : report from Dagstuhl Perspectives Workshop 11061

The Dagstuhl Perspectives Workshop "Online Privacy: Towards Informational Self-Determination on the Internet" (11061) has been held in February 6-11, 2011 at Schloss Dagstuhl. 30 participants from academia, public sector, and industry have identified the current status-of-the-art of and challenges for online privacy as well as derived recommendations for improving online privacy. Whereas the Dagstuhl Manifesto of this workshop concludes the results of the working groups and panel discussions, this article presents the talks of this workshop by their abstracts

Transcriptional profiling of Helicobacter pylori Fur- and iron-regulated gene expression

Intracellular iron homeostasis is a necessity for almost all living organisms, since both iron restriction and iron overload can result in cell death. The ferric uptake regulator protein, Fur, controls iron homeostasis in most Gram-negative bacteria. In the human gastric pathogen Helicobacter pylori, Fur is thought to have acquired extra functions to compensate for the relative paucity of regulatory genes. To identify H. pylori genes regulated by iron and Fur, we used DNA array-based transcriptional profiling with RNA isolated from H. pylori 26695 wild-type and fur mutant cells grown in iron-restricted and iron-replete conditions. Sixteen genes encoding proteins involved in metal metabolism, nitrogen metabolism, motility, cell wall synthesis and cofactor synthesis displayed iron-dependent Fur-repressed expression. Conversely, 16 genes encoding proteins involved in iron storage, respiration, energy metabolism, chemotaxis, and oxygen scavenging displayed iron-induced Fur-dependent expression. Several Fur-regulated genes have been previously shown to be essential for acid resistance or gastric colonization in animal models, such as those encoding the hydrogenase and superoxide dismutase enzymes. Overall, there was a partial overlap between the sets of genes regulated by Fur and those previously identified as growth-phase, iron or acid regulated. Regulatory patterns were confirmed for five selected genes using Northern hybridization. In conclusion, H. pylori Fur is a versatile regulator involved in many pathways essential for gastric colonization. These findings further delineate the central role of Fur in regulating the unique capacity of H. pylori to colonize the human stomach

Identifying Damage, Predicting Expansion, and Determining the Effectiveness of Sealers on Concrete Affected by Alkali-Silica Reaction and Freeze-Thaw

Premature cracking of the barrier wall and pavement on I-49 south of Fayetteville, Arkansas due to a combination of Alkali-Silica Reaction (ASR) and freeze-thaw has led to ASR and freeze-thaw research at the University of Arkansas. Potential for further expansion (PFET), Damage Rating Index (DRI), and mitigation of freeze-thaw and ASR with sealers testing and results are contained herein. PFET results indicated that the pavement will not continue to expand from ASR. With other interstate pavements deteriorating prematurely throughout Arkansas, DRI has shown that most are damaged not only by ASR but by freeze-thaw too. Recommendations for freeze-thaw’s inclusion into DRI are included. Early results for a sealer that will limit ASR and freeze-thaw expansion are given and have shown that silanes with 40% silane work effectively to reduce ASR and freeze-thaw expansion

Poster: The Unintended Consequences of Algorithm Agility in DNSSEC

Cryptographic algorithm agility is an important property for DNSSEC: it allows easy deployment of new algorithms if the existing ones are no longer secure. In this work we show that the cryptographic agility in DNSSEC, although critical for provisioning DNS with strong cryptography, also introduces a vulnerability. We find that under certain conditions, when new algorithms are listed in signed DNS responses, the resolvers do not validate DNSSEC. As a result, domains that deploy new ciphers may in fact cause the resolvers not to validate DNSSEC. We exploit this to develop DNSSEC-downgrade attacks and experimentally and ethically evaluate them against popular DNS resolver implementations, public DNS providers, and DNS services used by web clients worldwide. We find that major DNS providers as well as 45% of DNS resolvers used by web clients are vulnerable to our attacks.Comment: This work has been accepted for publication at the ACM SIGSAC Conference on Computer and Communications Security (CCS 22

Composability in quantum cryptography

In this article, we review several aspects of composability in the context of quantum cryptography. The first part is devoted to key distribution. We discuss the security criteria that a quantum key distribution protocol must fulfill to allow its safe use within a larger security application (e.g., for secure message transmission). To illustrate the practical use of composability, we show how to generate a continuous key stream by sequentially composing rounds of a quantum key distribution protocol. In a second part, we take a more general point of view, which is necessary for the study of cryptographic situations involving, for example, mutually distrustful parties. We explain the universal composability framework and state the composition theorem which guarantees that secure protocols can securely be composed to larger applicationsComment: 18 pages, 2 figure

Byzantine-Secure Relying Party for Resilient RPKI

To protect against prefix hijacks, Resource Public Key Infrastructure (RPKI) has been standardized. To enjoy the security guarantees of RPKI validation, networks need to install a new component, the relying party validator, which fetches and validates RPKI objects and provides them to border routers. However, recent work shows that relying parties experience failures when retrieving RPKI objects and are vulnerable to attacks, all of which can disable RPKI validation. Therefore even the few adopters are not necessarily secure. We make the first proposal that significantly improves the resilience and security of RPKI. We develop BRP, a Byzantine-Secure relying party implementation. In BRP the relying party nodes redundantly validate RPKI objects and reach a global consensus through voting. BRP provides an RPKI equivalent of public DNS, removing the need for networks to install, operate, and upgrade their own relying party instances while avoiding the need to trust operators of BRP nodes. We show through simulations and experiments that BRP, as an intermediate RPKI service, results in less load on RPKI publication points and a robust output despite RPKI repository failures, jitter, and attacks. We engineer BRP to be fully backward compatible and readily deployable - it does not require any changes to the border routers and the RPKI repositories. We demonstrate that BRP can protect many networks transparently, with either a decentralized or centralized deployment. BRP can be set up as a network of decentralized volunteer deployments, similarly to NTP and TOR, where different operators participate in the peering process with their node, and provide resilient and secure relying party validation to the Internet. BRP can also be hosted by a single operator as a centralized service, e.g., on one cloud or CDN, and provides RPKI validation benefits even when hosted on a single network

The Harder You Try, The Harder You Fail: The KeyTrap Denial-of-Service Algorithmic Complexity Attacks on DNSSEC

Availability is a major concern in the design of DNSSEC. To ensure availability, DNSSEC follows Postel's Law [RFC1123]: "Be liberal in what you accept, and conservative in what you send." Hence, nameservers should send not just one matching key for a record set, but all the relevant cryptographic material, e.g., all the keys for all the ciphers that they support and all the corresponding signatures. This ensures that validation succeeds, and hence availability, even if some of the DNSSEC keys are misconfigured, incorrect or correspond to unsupported ciphers. We show that this design of DNSSEC is flawed. Exploiting vulnerable recommendations in the DNSSEC standards, we develop a new class of DNSSEC-based algorithmic complexity attacks on DNS, we dub KeyTrap attacks. All popular DNS implementations and services are vulnerable. With just a single DNS packet, the KeyTrap attacks lead to a 2.000.000x spike in CPU instruction count in vulnerable DNS resolvers, stalling some for as long as 16 hours. This devastating effect prompted major DNS vendors to refer to KeyTrap as the worst attack on DNS ever discovered. Exploiting KeyTrap, an attacker could effectively disable Internet access in any system utilizing a DNSSEC-validating resolver. We disclosed KeyTrap to vendors and operators on November 2, 2023, confidentially reporting the vulnerabilities to a closed group of DNS experts, operators and developers from the industry. Since then we have been working with all major vendors to mitigate KeyTrap, repeatedly discovering and assisting in closing weaknesses in proposed patches. Following our disclosure, the industry-wide umbrella CVE-2023-50387 has been assigned, covering the DNSSEC protocol vulnerabilities we present in this work.Comment: Accepted to ACM CCS 202