DSTC: DNS-based Strict TLS Configurations

Most TLS clients such as modern web browsers enforce coarse-grained TLS security configurations. They support legacy versions of the protocol that have known design weaknesses, and weak ciphersuites that provide fewer security guarantees (e.g. non Forward-Secrecy), mainly to provide backward compatibility. This opens doors to downgrade attacks, as is the case of the POODLE attack [18], which exploits the client's silent fallback to downgrade the protocol version to exploit the legacy version's flaws. To achieve a better balance between security and backward compatibility, we propose a DNS-based mechanism that enables TLS servers to advertise their support for the latest version of the protocol and strong ciphersuites (that provide Forward-Secrecy and Authenticated-Encryption simultaneously). This enables clients to consider prior knowledge about the servers' TLS configurations to enforce a fine-grained TLS configurations policy. That is, the client enforces strict TLS configurations for connections going to the advertising servers, while enforcing default configurations for the rest of the connections. We implement and evaluate the proposed mechanism and show that it is feasible, and incurs minimal overhead. Furthermore, we conduct a TLS scan for the top 10,000 most visited websites globally, and show that most of the websites can benefit from our mechanism

Fake news: a technological approach to proving the origins of content, using blockchains

In this paper, we introduce a prototype of an innovative technology for proving the origins of captured digital media. In an era of fake news, when someone shows us a video or picture of some event, how can we trust its authenticity? It seems the public no longer believe that traditional media is a reliable reference of fact, perhaps due, in part, to the onset of many diverse sources of conflicting information, via social media. Indeed, the issue of ‘fake’ reached a crescendo during the 2016 US Presidential Election, when the winner, Donald Trump, claimed that the New York Times was trying to discredit him by pushing disinformation. Current research into overcoming the problem of fake news does not focus on establishing the ownership of media resources used in such stories - the blockchain-based application introduced in this article is technology that is capable of indicating the authenticity of digital media. Put simply; by using the trust mechanisms of blockchain technology, the tool can show, beyond doubt, the provenance of any source of digital media, including images used out of context in attempts to mislead. Although the application is an early prototype and its capability to find fake resources is Peer Review Only/Not for Distributionsomewhat limited, we outline future improvements that would overcome such limitations. Furthermore, we believe our application (and its use of blockchain technology and standardised metadata), introduces a novel approach to overcoming falsities in news reporting and the provenance of media resources used therein. However, while our application has the potential to be able to verify the originality of media resources, we believe technology is only capable of providing a partial solution to fake news. That is because it is incapable of proving the authenticity of a news story as a whole. We believe that takes human skills

A kilobit hidden SNFS discrete logarithm computation

We perform a special number field sieve discrete logarithm computation in a 1024-bit prime field. To our knowledge, this is the first kilobit-sized discrete logarithm computation ever reported for prime fields. This computation took a little over two months of calendar time on an academic cluster using the open-source CADO-NFS software. Our chosen prime $p$ looks random, and $p--1$ has a 160-bit prime factor, in line with recommended parameters for the Digital Signature Algorithm. However, our p has been trapdoored in such a way that the special number field sieve can be used to compute discrete logarithms in $\mathbb{F}\_p^*$ , yet detecting that p has this trapdoor seems out of reach. Twenty-five years ago, there was considerable controversy around the possibility of back-doored parameters for DSA. Our computations show that trapdoored primes are entirely feasible with current computing technology. We also describe special number field sieve discrete log computations carried out for multiple weak primes found in use in the wild. As can be expected from a trapdoor mechanism which we say is hard to detect, our research did not reveal any trapdoored prime in wide use. The only way for a user to defend against a hypothetical trapdoor of this kind is to require verifiably random primes

A family of key agreement mechanisms for mission critical communications for secure mobile ad hoc and wireless mesh internetworking

Future wireless networks like mobile ad hoc networks and wireless mesh networks are expected to play important role in demanding communications such as mission critical communications. MANETs are ideal for emergency cases where the communication infrastructure has been completely destroyed and there is a need for quick set up of communications among the rescue/emergency workers. In such emergency scenarios wireless mesh networks may be employed in a later phase for providing advanced communications and services acting as a backbone network in the affected area. Internetworking of both types of future networks will provide a broad range of mission critical applications. While offering many advantages, such as flexibility, easy of deployment and low cost, MANETs and mesh networks face important security and resilience threats, especially for such demanding applications. We introduce a family of key agreement methods based on weak to strong authentication associated with several multiparty contributory key establishment methods. We examine the attributes of each key establishment method and how each method can be better applied in different scenarios. The proposed protocols support seamlessly both types of networks and consider system and application requirements such as efficient and secure internetworking, dynamicity of network topologies and support of thin clients. © 2011 Ioannis G. Askoxylakis et al

DRE-ip : A Verifiable E-Voting Scheme without Tallying Authorities

Nearly all verifiable e-voting schemes require trustworthy authorities to perform the tallying operations. An exception is the DRE-i system which removes this requirement by pre-computing all encrypted ballots before the election using random factors that will later cancel out and allow the public to verify the tally after the election. While the removal of tallying authorities significantly simplifies election management, the pre-computation of ballots necessitates secure ballot storage, as leakage of precomputed ballots endangers voter privacy. In this paper, we address this problem and propose DRE-ip (DRE-i with enhanced privacy). Adopting a different design strategy, DRE-ip is able to encrypt ballots in real time in such a way that the election tally can be publicly verified without decrypting the cast ballots. As a result, DRE-ip achieves end-to-end verifiability without tallying authorities, similar to DRE-i, but with a significantly stronger guarantee on voter privacy. In the event that the voting machine is fully compromised, the assurance on tallying integrity remains intact and the information leakage is limited to the minimum: only the partial tally at the time of compromise is leaked

The Platino project: methodology of a multicenter prevalence survey of chronic obstructive pulmonary disease in major Latin American cities

BACKGROUND: The prevalence of Chronic Obstructive Pulmonary Disease (COPD) in many developed countries appears to be increasing. There is some evidence from Latin America that COPD is a growing cause of death, but information on prevalence is scant. It is possible that, due to the high frequency of smoking in these countries, this disease may represent a major public health problem that has not yet been recognized as such. The PLATINO study is aimed at measuring COPD prevalence in major cities in Latin America. METHODS/DESIGN: A multi-country survey is being carried out in major cities in Latin America. In each metropolitan area, a population-based sample of approximately 1,000 individuals aged 40 years or older is being interviewed using standardized questionnaires. Eligible subjects are submitted to pre- and post-bronchodilator spirometry, and classified according to several criteria for COPD. Anthropometric examinations are also performed. Several risk factors are being studied, including smoking, socioeconomic factors, exposure to domestic biomass pollution, occupational exposure to dust and hospital admissions due to respiratory conditions during childhood. Whether or not subjects affected by COPD are aware of their disease, and if so how it is being managed by health services, is also being investigated, as are the consequences of this condition on quality of life and work performance. RESULTS: At the present time, the study is completed in São Paulo, Mexico City and Montevideo; Chile has started the study in March 2004 and it will be followed by Venezuela; two other metropolitan areas could still join the PLATINO project. Similar sampling procedures, with stratification for socio-economic status, are being used in all sites. Strict coordination, training and standardization procedures have been used to ensure comparability of results across sites. Overall 92% of the pre-bronchodilator spirometry tests fulfilled ATS criteria of quality in the three first sites (97% in Montevideo, 91% in Mexico and 89% in Sao Paulo). CONCLUSIONS: The PLATINO project will provide a detailed picture of the global distribution of COPD in Latin America. This project shows that studies from Latin America can be carried out with adequate quality and be of scientific value

Upregulation of the cell-cycle regulator RGC-32 in Epstein-Barr virus-immortalized cells

Epstein-Barr virus (EBV) is implicated in the pathogenesis of multiple human tumours of lymphoid and epithelial origin. The virus infects and immortalizes B cells establishing a persistent latent infection characterized by varying patterns of EBV latent gene expression (latency 0, I, II and III). The CDK1 activator, Response Gene to Complement-32 (RGC-32, C13ORF15), is overexpressed in colon, breast and ovarian cancer tissues and we have detected selective high-level RGC-32 protein expression in EBV-immortalized latency III cells. Significantly, we show that overexpression of RGC-32 in B cells is sufficient to disrupt G2 cell-cycle arrest consistent with activation of CDK1, implicating RGC-32 in the EBV transformation process. Surprisingly, RGC-32 mRNA is expressed at high levels in latency I Burkitt's lymphoma (BL) cells and in some EBV-negative BL cell-lines, although RGC-32 protein expression is not detectable. We show that RGC-32 mRNA expression is elevated in latency I cells due to transcriptional activation by high levels of the differentially expressed RUNX1c transcription factor. We found that proteosomal degradation or blocked cytoplasmic export of the RGC-32 message were not responsible for the lack of RGC-32 protein expression in latency I cells. Significantly, analysis of the ribosomal association of the RGC-32 mRNA in latency I and latency III cells revealed that RGC-32 transcripts were associated with multiple ribosomes in both cell-types implicating post-initiation translational repression mechanisms in the block to RGC-32 protein production in latency I cells. In summary, our results are the first to demonstrate RGC-32 protein upregulation in cells transformed by a human tumour virus and to identify post-initiation translational mechanisms as an expression control point for this key cell-cycle regulator

A rare case of a retroperitoneal enterogenous cyst with in-situ adenocarcinoma

<p>Abstract</p> <p>Background</p> <p>Retroperitoneal enterogenous cysts are uncommon and adenocarcinoma within such cysts is a rare complication.</p> <p>Case presentation</p> <p>We present the third described case of a retroperitoneal enterogenous cyst with adenocarcinomatous changes and only the second reported case whereby the cyst was not arising from any anatomical structure.</p> <p>Conclusion</p> <p>This case demonstrates the difficulties in making a diagnosis as well as the importance of a multi-disciplinary approach, and raises further questions regarding post-operative treatment with chemotherapy.</p