KeyForge: Mitigating Email Breaches with Forward-Forgeable Signatures

Email breaches are commonplace, and they expose a wealth of personal, business, and political data that may have devastating consequences. The current email system allows any attacker who gains access to your email to prove the authenticity of the stolen messages to third parties -- a property arising from a necessary anti-spam / anti-spoofing protocol called DKIM. This exacerbates the problem of email breaches by greatly increasing the potential for attackers to damage the users' reputation, blackmail them, or sell the stolen information to third parties. In this paper, we introduce "non-attributable email", which guarantees that a wide class of adversaries are unable to convince any third party of the authenticity of stolen emails. We formally define non-attributability, and present two practical system proposals -- KeyForge and TimeForge -- that provably achieve non-attributability while maintaining the important protection against spam and spoofing that is currently provided by DKIM. Moreover, we implement KeyForge and demonstrate that that scheme is practical, achieving competitive verification and signing speed while also requiring 42% less bandwidth per email than RSA2048

Can large language models democratize access to dual-use biotechnology?

Large language models (LLMs) such as those embedded in 'chatbots' are accelerating and democratizing research by providing comprehensible information and expertise from many different fields. However, these models may also confer easy access to dual-use technologies capable of inflicting great harm. To evaluate this risk, the 'Safeguarding the Future' course at MIT tasked non-scientist students with investigating whether LLM chatbots could be prompted to assist non-experts in causing a pandemic. In one hour, the chatbots suggested four potential pandemic pathogens, explained how they can be generated from synthetic DNA using reverse genetics, supplied the names of DNA synthesis companies unlikely to screen orders, identified detailed protocols and how to troubleshoot them, and recommended that anyone lacking the skills to perform reverse genetics engage a core facility or contract research organization. Collectively, these results suggest that LLMs will make pandemic-class agents widely accessible as soon as they are credibly identified, even to people with little or no laboratory training. Promising nonproliferation measures include pre-release evaluations of LLMs by third parties, curating training datasets to remove harmful concepts, and verifiably screening all DNA generated by synthesis providers or used by contract research organizations and robotic cloud laboratories to engineer organisms or viruses.Comment: 6 pages, 0 figure

A Systematization of Voter Registration Security

Voter registration is an essential part of almost any election process, and its security is a critical component of election security. Yet, despite notable compromises of voter registration systems, relatively little academic work has been devoted to securing voter registration systems, compared to research on other aspects of election security. In this paper, we present a systematic treatment of voter registration system security. We propose the first rigorous definitional framework for voter registration systems, describing the entities and core functionalities inherent in most voter registration systems, the jurisdictional policies that constrain specific implementations, and key security properties. Our definitions are configurable based on jurisdiction-specific parameters and policies. We provide a template for the structured presentation of detailed jurisdictional policy information, via a series of tables, and illustrate its application with detailed case studies of the voter registration systems of three U.S. states and Panama. Throughout our research, with the aim of realism and practical applicability, we consulted current and former U.S. election officials, civil society, and non-profits in the elections space. We conclude with a list of critical questions regarding voter registration security

Micromechanical Properties of Injection-Molded Starch–Wood Particle Composites

The micromechanical properties of injection molded starch–wood particle composites were investigated as a function of particle content and humidity conditions. The composite materials were characterized by scanning electron microscopy and X-ray diffraction methods. The microhardness of the composites was shown to increase notably with the concentration of the wood particles. In addition,creep behavior under the indenter and temperature dependence were evaluated in terms of the independent contribution of the starch matrix and the wood microparticles to the hardness value. The influence of drying time on the density and weight uptake of the injection-molded composites was highlighted. The results revealed the role of the mechanism of water evaporation, showing that the dependence of water uptake and temperature was greater for the starch–wood composites than for the pure starch sample. Experiments performed during the drying process at 70°C indicated that the wood in the starch composites did not prevent water loss from the samples.Peer reviewe

Elevated protein concentrations in newborn blood and the risks of autism spectrum disorder, and of social impairment, at age 10 years among infants born before the 28th week of gestation

Among the 1 of 10 children who are born preterm annually in the United States, 6% are born before the third trimester. Among children who survive birth before the 28th week of gestation, the risks of autism spectrum disorder (ASD) and non-autistic social impairment are severalfold higher than in the general population. We examined the relationship between top quartile inflammation-related protein concentrations among children born extremely preterm and ASD or, separately, a high score on the Social Responsiveness Scale (SRS total score ≥65) among those who did not meet ASD criteria, using information only from the subset of children whose DAS-II verbal or non-verbal IQ was ≥70, who were assessed for ASD, and who had proteins measured in blood collected on ≥2 days (N = 763). ASD (N = 36) assessed at age 10 years is associated with recurrent top quartile concentrations of inflammation-related proteins during the first post-natal month (e.g., SAA odds ratio (OR); 95% confidence interval (CI): 2.5; 1.2–5.3) and IL-6 (OR; 95% CI: 2.6; 1.03–6.4)). Top quartile concentrations of neurotrophic proteins appear to moderate the increased risk of ASD associated with repeated top quartile concentrations of inflammation-related proteins. High (top quartile) concentrations of SAA are associated with elevated risk of ASD (2.8; 1.2–6.7) when Ang-1 concentrations are below the top quartile, but not when Ang-1 concentrations are high (1.3; 0.3–5.8). Similarly, high concentrations of TNF-α are associated with heightened risk of SRS-defined social impairment (N = 130) (2.0; 1.1–3.8) when ANG-1 concentrations are not high, but not when ANG-1 concentrations are elevated (0.5; 0.1–4.2)

Security Research for the Public Good: A Principled Approach

Recent history is littered with examples of software vendors betraying user trust, exposing the public to exploitable code, data leaks, and invasive privacy practices. Undirected security research may be insufficient for preventing such foreseeable and preventable failures, as these problems are often the result of misaligned vendor incentives rather than the technical specifics of the systems themselves. This dissertation illustrates the utility of security research that is motivated explicitly by the goal of realigning incentives of market actors toward providing better security. We find that a research approach guided by a deep understanding of the economic, regulatory, and technical attributes of the actors involved is crucial for solving important societally-relevant problems in computer security. We present three case studies in applying this vision: Our first case study considers vulnerability discovery as applied to Internet voting. We perform a security analysis of the dominant Internet voting systems used in U.S. federal elections, including those used in the 2020 U.S. presidential race. We find that, despite decades of research in cryptography and voting, all deployed systems are of simplistic design and suffer basic security and privacy problems, supporting the conclusion that the market is in failure. Our second case study involves designing cryptography to disincentivize (rather than prevent) bad behavior through the example of deniability in messaging. We find that the evolution of the email ecosystem has inadvertently resulted in most messages being nonrepudiable, incentivizing email theft and public exposure of private data. We present cryptographic constructions that solve this problem while fitting in with email’s already complicated ecosystem. Our final case study involves government requests to mandate law enforcement access to encrypted data, colloquially known as ‘backdooring’ encryption. We perform a security analysis of technical proposals to provide such government exceptional access, and find that they would cause untenable security and privacy risks. Finally, we conclude with a discussion of security research as a public good, and provide direction for future work.Ph.D

The economics of cryptographic trust : understanding certificate authorities

Thesis: S.M. in Technology and Policy, Massachusetts Institute of Technology, Institute for Data, Systems, and Society, Technology and Policy Program, 2016.Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2016.Cataloged from PDF version of thesis.Includes bibliographical references (pages 71-75).Certificate Authorities (CAs) play a crucial role in HTTPS, the mechanism that secures all of the web's most important communication; if it has a log-in page, it must use HTTPS. However, recent history is littered with instances of CAs unabashedly undermining the trust model of the web in favor of economic gain, causing catastrophic harm to users in the process. The purpose of this thesis is to understand how well user, domain owner, and browser vendor controls function in order to evaluate methods of realigning CA incentives. Using a compendium of past incidents of CA failure as a series of natural experiments, along with a large dataset of all publicly available certificate collections, we find that it is possible to causally link a very slight increase in domain owners leaving a CA when a CA acts inappropriately. We further find that the technical architecture of the CA system leaves users without effective control over which CAs they trust, and that browsers face certain difficulty in distrusting larger CAs. The end result is a system where large CAs can unilaterally undermine the trust model of the web without clear repercussion.by Michael Alan Specter.S.M. in Technology and PolicyS.M

Going from bad to worse: from Internet voting to blockchain voting

Abstract Voters are understandably concerned about election security. News reports of possible election interference by foreign powers, of unauthorized voting, of voter disenfranchisement, and of technological failures call into question the integrity of elections worldwide. This article examines the suggestions that “voting over the Internet” or “voting on the blockchain” would increase election security, and finds such claims to be wanting and misleading. While current election systems are far from perfect, Internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures. Online voting may seem appealing: voting from a computer or smartphone may seem convenient and accessible. However, studies have been inconclusive, showing that online voting may have little to no effect on turnout in practice, and it may even increase disenfranchisement. More importantly, given the current state of computer security, any turnout increase derived from Internet- or blockchain-based voting would come at the cost of losing meaningful assurance that votes have been counted as they were cast, and not undetectably altered or discarded. This state of affairs will continue as long as standard tactics such as malware, zero day, and denial-of-service attacks continue to be effective. This article analyzes and systematizes prior research on the security risks of online and electronic voting, and shows that not only do these risks persist in blockchain-based voting systems, but blockchains may introduce ‘additional’ problems for voting systems. Finally, we suggest questions for critically assessing security risks of new voting system proposals.</jats:p