TRANSPORT LAYER SECURITY PATH TRACER

Today, most of the traffic that traverses the Internet is encrypted. Users (e.g., clients) and servers are able to exchange data securely using the Transport Layer Security (TLS) protocol. However, there will likely be one or more proxies in the path between a client and a server and those proxies are able to change some of the security parameters based on, for example, a network security policy. As a result, a client may not know exactly what is happening in the middle. To address these types of challenges, techniques are presented herein that support an extension to the handshake protocol that can request a ‘trace’ feature along a network path. All of the different TLS entities in the network can recognize the extension and add any changes that they are making to the upstream proposal. Advantages of the techniques presented herein include, among other things, helping to troubleshoot the TLS policy end-to-end

Impossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block cipher modes

The block cipher modes of operation that are widely used (CBC, CTR, CFB) are secure up to the birthday bound; that is, if $w2^{w}$ or fewer bits of data are encrypted with a $w$-bit block cipher. However, the detailed security properties close to this bound are not widely appreciated, despite the fact that $64$-bit block ciphers are sometimes used in that domain. This work addresses the issue by analyzing plaintext-recovery attacks that are effective close to that bound. We describe possible-plaintext attacks, which can learn unknown plaintext values that are encrypted with CBC, CFB, or OFB. We also introduce \textit{impossible plaintext} cryptanalysis, which can recover information encrypted with CTR, and can improve attacks against the aforementioned modes as well. These attacks work at the birthday bound, or even slightly below that bound, when the target plaintext values are encrypted under a succession of keys

The Security and Performance of the Galois/Counter Mode of Operation (Full Version)

The recently introduced Galois/Counter Mode (GCM) of operation for block ciphers provides both encryption and message authentication, using universal hashing based on multiplication in a binary finite field. We analyze its security and performance, and show that it is the most efficient mode of operation for high speed packet networks, by using a realistic model of a network crypto module and empirical data from studies of Internet traffic in conjunction with software experiments and hardware designs. GCM has several useful features: it can accept IVs of arbitrary length, can act as a stand-alone message authentication code (MAC), and can be used as an incremental MAC. We show that GCM is secure in the standard model of concrete security, even when these features are used. We also consider several of its important system-security aspects

The Extended Codebook (XCB) Mode of Operation

We describe a block cipher mode of operation that implements a `tweakable\u27 (super) pseudorandom permutation with an arbitrary block length. This mode can be used to provide the best possible security in systems that cannot allow data expansion, such as disk-block encryption and some network protocols. The mode accepts an additional input, which can be used to protect against attacks that manipulate the ciphertext by rearranging the ciphertext blocks. Our mode is similar to a five-round Luby-Rackoff cipher in which the first and last rounds do not use the conventional Feistel structure, but instead use a single block cipher invocation. The third round is a Feistel structure using counter mode as a PRF. The second and fourth rounds are Feistel structures using a universal hash function; we re-use the polynomial hash over a binary field defined in the Galois/Counter Mode (GCM) of operation for block ciphers. This choice provides efficiency in both hardware and software and allows for re-use of implementation effort. XCB also has several useful properties: it accepts arbitrarily-sized plaintexts and associated data, including any plaintexts with lengths that are no smaller than the width of the block cipher. This document is a pre-publication draft manuscript

Multiple forgery attacks against Message Authentication Codes

Some message authentication codes (MACs) are vulnerable to multiple forgery attacks, in which an attacker can gain information that allows her to succeed in forging multiple message/tag pairs. This property was first noted in MACs based on universal hashing, such as the Galois/Counter Mode (GCM) of operation for block ciphers. However, we show that CBC-MAC and HMAC also have this property, and for some parameters are more vulnerable than GCM. We present multiple-forgery attacks against these algorithms, then analyze the security against these attacks by using the expected number of forgeries. We compare the different MACs using this measure. This document is a pre-publication draft manuscript

COFFE: Ciphertext Output Feedback Faithful Encryption

In this paper we introduce the first authenticated encryption scheme based on a hash function, called COFFE. This research has been motivated by the challenge to fit secure cryptography into constrained devices -- some of these devices have to use a hash function, anyway, and the challenge is to avoid the usage of an additional block cipher to provide authenticated encryption. COFFE satisfies the common security requirements regarding authenticated encryption, i.e., IND-CPA- and INT-CTXT-security. Beyond that, it provides the following additional security features: resistance against side-channel attacks and INT-CTXT security in the nonce-misuse scenario. It also support failure-friendly authentication under reasonable assumptions

Prospects for Citizenship

This book is available as open access through the Bloomsbury Open Access programme and is available on www.bloomsburycollections.com. Is citizenship in decline due to globalisation and an erosion of civic participation and democratic representation? Or is it merely transformed and extended to new levels and larger scales? Should we assess these challenges and changes primarily from a perspective of global justice, or consider also membership in a democratic polity as itself a basic good? Prospects for Citizenship addresses these broad questions in a unique collaborative effort. The result is an impressive book that looks at the future of citizenship from multiple research perspectives while remaining coherent in its overall purpose. Rainer Bauböck, European University Institute, Florence This book offers a perspicuous overview of the prospects for citizenship in our contemporary political context. The authorial team draw on a wide range of empirical and normative research in order to offer an incisive analysis of the problems and pressures of citizenship in the twenty-first century. The authors focus in particular on the apparent decline of traditional forms of civic engagement, the emergence of new forms of participation and the relationship between citizenship and globalization