Protecting encrypted cookies from compression side-channel attacks

Compression is desirable for network applications as it saves bandwidth; however, when data is compressed before being encrypted, the amount of compression leaks information about the amount of redundancy in the plaintext. This side channel has led to successful CRIME and BREACH attacks on web traffic protected by the Transport Layer Security (TLS) protocol. The general guidance in light of these attacks has been to disable compression, preserving confidentiality but sacrificing bandwidth. In this paper, we examine two techniques - heuristic separation of secrets and fixed-dictionary compression|for enabling compression while protecting high-value secrets, such as cookies, from attack. We model the security offered by these techniques and report on the amount of compressibility that they can achieve.

What is the scale of intimate partner homicide?

Intimate partner homicides are fatal violent attacks perpetrated by intimate partners, and are often the extreme and unplanned consequence of abusive relationships. Although recognised as an important risk factor for death and disability among women, previous country-level assessments and the recent Global Burden of Disease Study 2010 (GBD 2010)4 have not considered the extent of intimate partner violence among male victims...

Real-time and interactive attacks on DNP3 critical infrastructure using Scapy

The Distributed Network Protocol v3.0 (DNP3) is one of the most widely used protocols, to control national infrastructure. Widely used interactive packet manipulation tools, such as Scapy, have not yet been augmented to parse and create DNP3 frames (Biondi 2014). In this paper we extend Scapy to include DNP3, thus allowing us to perform attacks on DNP3 in real-time. Our contribution builds on East et al. (2009), who proposed a range of possible attacks on DNP3. We implement several of these attacks to validate our DNP3 extension to Scapy, then executed the attacks on real world equipment. We present our results, showing that many of these theoretical attacks would be unsuccessful in an Ethernet-based network.

Desynchronization and Traceability Attacks on RIPTA-DA Protocol

Recently Gao et al. proposed a lightweight RFID mutual authentication protocol [3] to resist against intermittent position trace attacks and desynchronization attacks and called it RIPTA-DA. They also verified their protocol’s security by data reduction method with the learning parity with noise (LPN) and also formally verified the functionality of the proposed scheme by Colored Petri Nets. In this paper, we investigate RIPTA-DA’s security. We present an efficient secret disclosure attack against the protocol which can be used to mount both de-synchronization and traceability attacks against the protocol. Thus our attacks show that RIPTA-DA protocol is not a RIPTA-DA.

Fatal consequences: An analysis of the failed employee voice system at the Bundaberg Hospital

In this paper we discuss the failure of the employee voice system at the Bundaberg Base Hospital (BBH) in Australia. Surgeon Jayant Patel was arrested over the deaths of patients on whom he operated when he was the director of surgery at the hospital. Our interest is in the reasons the established employee voice mechanisms failed when employees attempted to bring serious issues to the attention of managers. Our data is based on an analysis of the sworn testimonies of participants who participated in two inquiries concerning these events. An analysis of the events with a particular focus on the failings of the voice system is presented. We ask the following: how and why did the voice systems in the case of the BBH fail?

Bees at war: Interspecific battles and nest usurpation in stingless bees

We provide the first evidence for interspecific warfare in bees, a spectacular natural phenomenon that involves a series of aerial battles and leads to thousands of fatalities from both attacking and defending colonies. Molecular analysis of fights at a hive of the Australian stingless bee Tetragonula carbonaria revealed that the attack was launched by a related species, Tetragonula hockingsi, which has only recently extended its habitat into southeastern Queensland. Following a succession of attacks by the same T. hockingsi colony over a 4-month period, the defending T. carbonaria colony was defeated and the hive usurped, with the invading colony installing a new queen. We complemented our direct observations with a 5-year study of more than 260 Tetragonula hives and found interspecific hive changes, which were likely to be usurpation events, occurring in 46 hives over this period. We discuss how fighting swarms and hive usurpation fit with theoretical predictions on the evolution of fatal fighting and highlight the many unexplained features of these battles that warrant further study.

A framework for generating realistic traffic for distributed denial-of-service attacks and flash events

An intrinsic challenge associated with evaluating proposed techniques for detecting Distributed Denial-of-Service (DDoS) attacks and distinguishing them from Flash Events (FEs) is the extreme scarcity of publicly available real-word traffic traces. Those available are either heavily anonymised or too old to accurately reflect the current trends in DDoS attacks and FEs. This paper proposes a traffic generation and testbed framework for synthetically generating different types of realistic DDoS attacks, FEs and other benign traffic traces, and monitoring their effects on the target. Using only modest hardware resources, the proposed framework, consisting of a customised software traffic generator, ‘Botloader’, is capable of generating a configurable mix of two-way traffic, for emulating either large-scale DDoS attacks, FEs or benign traffic traces that are experimentally reproducible. Botloader uses IP-aliasing, a well-known technique available on most computing platforms, to create thousands of interactive UDP/TCP endpoints on a single computer, each bound to a unique IP-address, to emulate large numbers of simultaneous attackers or benign clients.

Forgery attacks on ++AE authenticated encryption mode

In this paper, we analyse a block cipher mode of operation submitted in 2014 to the cryptographic competition for authenticated encryption (CAESAR). This mode is designed by Recacha and called ++AE (plus-plus-ae). We propose a chosen plaintext forgery attack on ++AE that requires only a single chosen message query to allow an attacker to construct multiple forged messages. Our attack is deterministic and guaranteed to pass ++AE integrity check. We demonstrate the forgery attack using 128-bit AES as the underlying block cipher. Hence, ++AE is insecure as an authenticated encryption mode of operation.

Neurological manifestations and molecular genetics of acute intermittent porphyria in North Western Russia

Acute intermittent porphyria (AIP, MIM #176000) is an inherited metabolic disease due to a partial deficiency of the third enzyme, hydroxymethylbilane synthase (HMBS, EC: 4.3.1.8), in the haem biosynthesis. Neurological symptoms during an acute attack, which is the major manifestation of AIP, are variable and relatively rare, but may endanger a patient's life. In the present study, 12 Russian and two Finnish AIP patients with severe neurological manifestations during an acute attack were studied prospectively from 1995 to 2006. Autonomic neuropathy manifested as abdominal pain (88%), tachycardia (94%), hypertension (75%) and constipation (88%). The most common neurological sign was acute motor peripheral neuropathy (PNP, 81%) often associated with neuropathic sensory loss (54%) and CNS involvement (85%). Despite heterogeneity of the neurological manifestations in our patients with acute porphyria, the major pattern of PNP associated with abdominal pain, dysautonomia, CNS involvement and mild hepatopathy could be demonstrated. If more strict inclusion criteria for biochemical abnormalities (>10-fold increase in excretion of urinary PBG) are applied, neurological manifestations in an acute attack are probably more homogeneous than described previously, which suggests that some of the neurological patients described previously may not have acute porphyria but rather secondary porphyrinuria. Screening for acute porphyria using urinary PBG is useful in a selected group of neurological patients with acute PNP or encephalopathy and seizures associated with pain and dysautonomia. Clinical manifestations and the outcome of acute attacks were used as a basis for developing a 30-score scale of the severity of an acute attack. This scale can easily be used in clinical practice and to standardise the outcome of an attack. Degree of muscle weakness scored by MRC, prolonged mechanical ventilation, bulbar paralysis, impairment of consciousness and hyponatraemia were important signs of a poor prognosis. Arrhythmia was less important and autonomic dysfunction, severity of pain and mental symptoms did not affect the outcome. The delay in the diagnosis and repeated administrations of precipitating factors were the main cause of proceeding of an acute attack into pareses and severe CNS involvement and a fatal outcome in two patients. Nerve conduction studies and needle EMG were performed in eleven AIP patients during an acute attack and/or in remission. Nine patients had severe PNP and two patients had an acute encephalopathy but no clinically evident PNP. In addition to axonopathy, features suggestive of demyelination could be demonstrated in patients with severe PNP during an acute attack. PNP with a moderate muscle weakness was mainly pure axonal. Sensory involvement was common in acute PNP and could be subclinical. Decreased conduction velocities with normal amplitudes of evoked potentials during acute attacks with no clinically evident PNP indicated subclinical polyneuropathy. Reversible symmetrical lesions comparable with posterior reversible encephalopathy syndrome (PRES) were revealed in two patients' brain CT or MRI during an acute attack. In other five patients brain MRI during or soon after the symptoms was normal. The frequency of reversible brain oedema in AIP is probably under-estimated since it may be short-lasting and often indistinguishable on CT or MRI. In the present study, nine different mutations were identified in the HMBS gene in 11 unrelated Russian AIP patients from North Western Russia and their 32 relatives. AIP was diagnosed in nine symptom-free relatives. The majority of the mutations were family-specific and confirmed allelic heterogeneity also among Russian AIP patients. Three mutations, c.825+5G>C, c.825+3_825+6del and c.770T>C, were novel. Six mutations, c.77G>A (p.R26H), c.517C>T (p.R173W), c.583C>T (p.R195C), c.673C>T (p.R225X), c.739T>C (p.C247R) and c.748G>C (p.E250A), have previously been identified in AIP patients from Western and other Eastern European populations. The effects of novel mutations were studied by amplification and sequencing of the reverse-transcribed total RNA obtained from the patients' lymphoblastoid or fibroblast cell lines. The mutations c.825+5G>C and c.770T>C resulted in varyable amounts of abnormal transcripts, r.822_825del (p.C275fsX2) and [r.770u>c, r.652_771del, r.613_771del (p.L257P, p.G218_L257del, p.I205_L257del)]. All mutations demonstrated low residual activities (0.1-1.3 %) when expressed in COS-1 cells confirming the causality of the mutations and the enzymatic defect of the disease. The clinical outcome, prognosis and correlation between the HMBS genotype and phenotype were studied in 143 Finnish and Russian AIP patients with ten mutations (c.33G>T, c.97delA, InsAlu333, p.R149X, p.R167W, p.R173W, p.R173Q, p.R225G, p.R225X, c.1073delA) and more than six patients in each group. The patients were selected from the pool of 287 Finnish AIP patients presented in a Finnish Porphyria Register (1966-2003) and 23 Russian AIP patients (diagnosed 1995-2003). Patients with the p.R167W and p.R225G mutations showed lower penetrance (19% and 11%) and the recurrence rate (33% and 0%) in comparison to the patients with other mutations (range 36 to 67% and 0 to 66%, respectively), as well as milder biochemical abnormalities [urinary porphobilinogen 47±10 vs. 163±21 mol/L, p<0.001; uroporphyrin 130±40 vs. 942±183 nmol/L, p<0.001] suggesting a milder form of AIP in these patients. Erythrocyte HMBS activity did not correlate with the porphobilinogen excretion in remission or the clinical of the disease. In all AIP severity patients, normal PBG excretion predicted freedom from acute attacks. Urinary PBG excretion together with gender, age at the time of diagnosis and mutation type could predict the likelihood of acute attacks in AIP patients.

Nucleophilic attacks of 1,2-diaminoethane on MeCN ligands: synthesis, x-ray structure, and spectral and electrochemical properties of [Ru(.mu.-O)(.mu.-O2CAr)2[NH2CH2CH2NHC(Me)NH]2(PPh3)2](ClO4)2(Ar = C6H4-p-X; X = H, Me, OMe, Cl)

The diruthenium(III) complex [Ru2O(O2CAr)2(MeCN)4(PPh3)2](ClO4)2 (1), on reaction with 1,2-diaminoethane (en) in MeOH at 25-degrees-C, undergoes nucleophilic attacks at the carbon of two facial MeCN ligands to form [(Ru2O)-O-III(O2CAr)2-{NH2CH2CH2NHC(Me)NH}2(PPh3)2](ClO4)2 (2) (Ar = C6H4-p-X, X = H, Me, OMe, Cl) containing two seven-membered amino-amidine chelating ligands. The molecular structure of 2 with Ar = C6H4-p-OMe was determined by X-ray crystallography. Crystal data are as follows: triclinic, P1BAR, a = 13.942 (5) angstrom, b = 14.528 (2) angstrom, c = 21.758 (6) angstrom, alpha = 109.50 (2)-degrees, beta = 92.52 (3)-degrees, gamma = 112.61 (2)-degrees, V = 3759 (2) angstrom 3, and Z = 2. The complex has an {Ru2(mu-O)(mu-O2CAr2)2(2+)} core. The Ru-Ru and average Ru-O(oxo) distances and the Ru-O-Ru angle are 3.280 (2) angstrom, 1.887 [8] angstrom, and 120.7 (4)-degrees, respectively. The amino group of the chelating ligand is trans to the mu-oxo ligand. The nucleophilic attacks take place on the MeCN ligands cis to the mu-oxo ligand. The visible spectra of 2 in CHCl3 display an absorption band at 565 nm. The H-1 NMR spectra of 2 in CDCl3 are indicative of the formation of an amino-amidine ligand. Complex 2 exhibits metal-centered quasireversible one-electron oxidation and reduction processes in the potential ranges +0.9 to +1.0 V and -0.3 to -0.5 V (vs SCE), respectively, involving the Ru(III)2/Ru(III)Ru(IV) and Ru(III)2/Ru(II)Ru(III) redox couples in CH2Cl2 containing 0.1 M TBAP. The mechanistic aspects of the nucleophilic reaction are discussed.

Recovery from DoS Attacks in MIPv6: Modelling and Validation

Denial-of-service (DoS) attacks form a very important category of security threats that are prevalent in MIPv6 (mobile internet protocol version 6) today. Many schemes have been proposed to alleviate such threats, including one of our own [9]. However, reasoning about the correctness of such protocols is not trivial. In addition, new solutions to mitigate attacks may need to be deployed in the network on a frequent basis as and when attacks are detected, as it is practically impossible to anticipate all attacks and provide solutions in advance. This makes it necessary to validate the solutions in a timely manner before deployment in the real network. However, threshold schemes needed in group protocols make analysis complex. Model checking threshold-based group protocols that employ cryptography have not been successful so far. Here, we propose a new simulation based approach for validation using a tool called FRAMOGR that supports executable specification of group protocols that use cryptography. FRAMOGR allows one to specify attackers and track probability distributions of values or paths. We believe that infrastructure such as FRAMOGR would be required in future for validating new group based threshold protocols that may be needed for making MIPv6 more robust.

Fault Attacks on Pairing-Based Protocols Revisited

Several papers have studied fault attacks on computing a pairing value e(P, Q), where P is a public point and Q is a secret point. In this paper, we observe that these attacks are in fact effective only on a small number of pairing-based protocols, and that too only when the protocols are implemented with specific symmetric pairings. We demonstrate the effectiveness of the fault attacks on a public-key encryption scheme, an identity-based encryption scheme, and an oblivious transfer protocol when implemented with a symmetric pairing derived from a supersingular elliptic curve with embedding degree 2.