On the security of TLS renegotiation

The Transport Layer Security (TLS) protocol is the most widely used security protocol on the Internet. It supports negotiation of a wide variety of cryptographic primitives through different cipher suites, various modes of client authentication, and additional features such as renegotiation. Despite its widespread use, only recently has the full TLS protocol been proven secure, and only the core cryptographic protocol with no additional features. These additional features have been the cause of several practical attacks on TLS. In 2009, Ray and Dispensa demonstrated how TLS renegotiation allows an attacker to splice together its own session with that of a victim, resulting in a man-in-the-middle attack on TLS-reliant applications such as HTTP. TLS was subsequently patched with two defence mechanisms for protection against this attack. We present the first formal treatment of renegotiation in secure channel establishment protocols. We add optional renegotiation to the authenticated and confidential channel establishment model of Jager et al., an adaptation of the Bellare--Rogaway authenticated key exchange model. We describe the attack of Ray and Dispensa on TLS within our model. We show generically that the proposed fixes for TLS offer good protection against renegotiation attacks, and give a simple new countermeasure that provides renegotiation security for TLS even in the face of stronger adversaries.

Molecular cytogenetic analysis of basal cell carcinoma DNA using comparative genomic hybridization

In an attempt to define genomic copy number changes associated with the development of basal cell carcinoma, we investigated 15 sporadic tumors by comparative genomic hybridization. With the incorporation of tissue microdissection and degenerate oligonucleotide primed-polymerase chain reaction we were able to isolate, and then universally amplify, DNA from the tumor type. This combined approach allows the investigation of chromosomal imbalances within a histologically distinct region of tissue. Using comparative genomic hybridization we have observed novel and recurrent chromosomal gains at 6p (47%), 6q (20%), 9p (20%), 7 (13%), and X (13%). In addition comparative genomic hybridization revealed regional loss on 9q in 33% of tested tumors encompassing 9q22.3 to which the putative tumor suppressor gene, Patched, has been mapped. The deletion of Patched has been indicated in the development of hereditary and sporadic basal cell carcinomas. The identification of these recurrent genetic aberrations suggests that basal cell carcinomas may not be as genetically stable as previously thought. Further investigation of these regions may lead to the identification of other genes responsible for basal cell carcinoma formation.

Cryptanalysis of LASH

We show that the LASH-x hash function is vulnerable to attacks that trade time for memory, including collision attacks as fast as 2(4x/11) and preimage attacks as fast as 2(4x/7). Moreover, we briefly mention heuristic lattice based collision attacks that use small memory but require very long messages that are expected to find collisions much faster than 2 x/2. All of these attacks exploit the designers’ choice of an all zero IV. We then consider whether LASH can be patched simply by changing the IV. In this case, we show that LASH is vulnerable to a 2(7x/8) preimage attack. We also show that LASH is trivially not a PRF when any subset of input bytes is used as a secret key. None of our attacks depend upon the particular contents of the LASH matrix – we only assume that the distribution of elements is more or less uniform.