2013-08-01 1300-1500

SAAG (Security Area Advisory Group)

The CFRGis working on a couple of forward-looking topics: 1) randomized hashing 
might help if a hash functions is somewhat compromised in the future, and 2) 
properties of a standby replacement for AES, should the need arise.

Amir Herzberg and Haya Shulman (Bar Ilan University) Ð DNS Cache-Poisoning: 
New Vulnerabilities and Implications, or: DNSSEC, the time has come!

MitM attacks are common despite a belief to the contrary.  DNS poisoning is one 
means to make MitM attacks possible.  Yet security mechanisms are frequently 
targeted against off-path attacks, not MitM attacks.  DNS cache poisoning occurs 
when a false DNS response is injected into a DNS response resulting in the querying 
party getting (and caching) an incorrect response.  Such a response can be used to 
redirect the querying party to a MitM attacker instead of the desired destination. 
DNS queries are sent in the clear, so a poisoner can get the necessary information 
that must be reflected back in the response as the response to the initial challenge-
response.  DNSSEC would overcome this vulnerability, but to date it has not been 
widely deployed.  Another way to provide false information in a DNS response is to 
force fragmentation of a long response.  The challenge responses are all in the first 
fragment, so any information injected in later packets can be sent without having to 
know the challenge response. The presentersÕ recommended solutions to these 
problems include: better resolvers that use smart query source port randomization 
and insert a random length prefix at the beginning of a referral; or better yet, use 
DNSSEC.  They feel that DNSSEC could use some fixes including algorithm agility (to 
allow use of ECDSA, for example) and abolition of the insecure NSEC3 opt-out.

Quynh Dang (NIST) Ð SHA-3 Update

SHA-3 will have 4 normal output lengths (224, 256, 384, and 512 bits). There will 
also be 2 variable-length ÒspongeÓ algorithms in 256- and 512-bit lengths.  The 
public request for comments on the SHA-3 candidate will go out this quarter, with 
90 days allotted for input.  Final release of SHA-3 is expected in 2014 2Q.  Once SHA-
3 is approved, additional specifications are being considered for: single-pass MAC, 
tree hashing modes, pseudo random function, stream cipher, and authenticated 
encryption function.

Linus Nordberg & Jacob Appelbaum (The Tor Project) - Anonymity and Censorship: 
The Tor Network

Tor is a peer to peer network with a focus on anonymity, privacy and security that is 
freely available (open source) and unencumbered.  The basic design of Tor uses a 
simple centralized directory protocol. Servers publish self-signed descriptors which 
Authorities then check and publish a signed consensus list of all relay descriptors.  
The sender then downloads the consensus list and a list of all the relay descriptors.  
The routing uses the "onion" model and avoids the single hop paradigm by 
encrypting the messages for in multiple layers, which are peeled by each router.   
For more information: https://www.torproject.org/