An Internet-Wide Analysis of Diffie-Hellman Key Exchange and X.509 Certificates in TLS

Transport Layer Security (TLS) is a mature cryptographic protocol, but has flexibility during implementation which can introduce exploitable flaws. New vulnerabilities are routinely discovered that affect the security of TLS implementations. We discovered that discrete logarithm implementations have poor parameter validation, and we mathematically constructed a deniable backdoor to exploit this flaw in the finite field Diffie-Hellman key exchange. We described attack vectors an attacker could use to position this backdoor, and outlined a man-in-the-middle attack that exploits the backdoor to force Diffie-Hellman use during the TLS connection. We conducted an Internet-wide survey of ephemeral finite field Diffie-Hellman (DHE) across TLS and STARTTLS, finding hundreds of potentially backdoored DHE parameters and partially recovering the private DHE key in some cases. Disclosures were made to companies using these parameters, resulting in a public security advisory and discussions with the CTO of a billion-dollar company. We conducted a second Internet-wide survey investigating X.509 certificate name mismatch errors, finding approximately 70 million websites invalidated by these errors and additionally discovering over 1000 websites made inaccessible due to a combination of forced HTTPS and mismatch errors. We determined that name mismatch errors occur largely due to certificate mismanagement by web hosting and content delivery network companies. Further research into TLS implementations is necessary to encourage the use of more secure parameters

Indiscreet Logs: Persistent Diffie-Hellman Backdoors in TLS

Software implementations of discrete logarithm based cryptosystems over finite fields typically make the assumption that any domain parameters they are presented with are trustworthy, i.e., the parameters implement cyclic groups where the discrete logarithm problem is assumed to be hard. An informal and widespread justification for this seemingly exists that says validating parameters at run time is too computationally expensive relative to the perceived risk of a server sabotaging the privacy of its own connection. In this paper we explore this trust assumption and examine situations where it may not always be justified. We conducted an investigation of discrete logarithm domain parameters in use across the Internet and discovered evidence of a multitude of potentially backdoored moduli of unknown order in TLS and STARTTLS spanning numerous countries, organizations, and protocols. Although our disclosures resulted in a number of organizations taking down suspicious parameters, we argue the potential for TLS backdoors is systematic and will persist until either until better parameter hygiene is taken up by the community, or finite field based cryptography is eliminated altogether

Association of Obesity and Diabetes with SARS-Cov-2 Infection and Symptoms in the COVID-19 Community Research Partnership

OBJECTIVE: Obesity and diabetes are established risk factors for severe SARS-CoV-2 outcomes, but less is known about their impact on susceptibility to COVID-19 infection and general symptom severity. We hypothesized that those with obesity or diabetes would be more likely to self-report a positive SARS-CoV-2 test, and among those with a positive test, have greater symptom severity and duration. METHODS: Among 44,430 COVID-19 Community Research Partnership participants, we evaluated the association of self-reported and electronic health record obesity and diabetes with a self-reported positive COVID-19 test at any time. Among the 2,663 participants with a self-reported positive COVID-19 test during the study, we evaluated the association of obesity and diabetes with self-report of symptom severity, duration, and hospitalization. Logistic regression models were adjusted for age, sex, race/ethnicity, socioeconomic status, and healthcare worker status. RESULTS: We found a positive graded association between Body Mass Index (BMI) category and positive COVID-19 test (Overweight OR = 1.14 [1.05-1.25]; Obesity I OR = 1.29 [1.17-2.42]; Obesity II OR = 1.34 [1.19-1.50]; Obesity III OR = 1.53 [1.35-1.73]), and a similar but weaker association with COVID-19 symptoms and severity among those with a positive test. Diabetes was associated with COVID-19 infection but not symptoms after adjustment, with some evidence of an interaction between obesity and diabetes. CONCLUSIONS: While the limitations of this health system convenience sample include generalizability and selection around test-seeking, the strong graded association of BMI and diabetes with self-reported COVID-19 infection suggests that obesity and diabetes may play a role in risk for symptomatic SARS-CoV-2 beyond co-occurrence with socioeconomic factors