PRESS-NEWS.org - Press Release Distribution
PRESS RELEASES DISTRIBUTION

Computer scientists discover vulnerabilities in a popular security protocol

Computer scientists discover vulnerabilities in a popular security protocol
2024-08-20
(Press-News.org) A widely used security protocol that dates back to the days of dial-up Internet has vulnerabilities that could expose large numbers of networked devices to an attack and allow an attacker to gain control of traffic on an organization's network.

A research team led by University of California San Diego computer scientists investigated the Remote Authentication Dial-In User Service (RADIUS) protocol and found a vulnerability they call Blast-RADIUS that has been present for decades. RADIUS, designed in 1991, allows networked devices such as routers, switches or mobile roaming gear to use a remote server to validate login or other credentials. 

This is a common set-up in enterprise and telecommunications networks because it allows credentials to be centrally managed. As a result, RADIUS is a critical part of modern telecommunications and enterprise networks; in large enterprises, it may control access to tens of thousands of switches. 

Authors of the paper “RADIUS/UDP Considered Harmful” include researchers from Cloudfare, Centrum Wiskunde & Informatica, BastiionZero and Microsoft Research. It was presented last week at the USENIX Security 2024 conference. 

“This is among the largest and most complex vulnerability disclosure processes that we have been involved in, “ said Nadia Heninger, a professor in the Jacobs School of Engineering Department of Computer Science and Engineering. “Given how widely this protocol is used, it is surprising that it has received almost no formal security analysis in the academic cryptography and security communities.”

Heninger notes the large gap that existed between those who deploy these protocols and those who study them. 

The researchers discovered the ability for a “man in the middle” to attack communication between a RADIUS client (or the victim’s networked device) and RADIUS server to forge a valid protocol accept message in response to a fake login or authentication request. This could give an attacker administrative access to networked devices and services without requiring an attacker to guess or “brute force” passwords. 

The root of this vulnerability stems from the fact RADIUS was developed before proper cryptographic protocol design was well understood, the authors say. It uses an authentication check based on an ad hoc and insecure construction based on the MD5 hash function, which has been known to be broken for two decades.

However, the RADIUS protocol was not updated when MD5 was broken in 2004, the authors note. Before their work, the maintainers of the protocol standards defining RADIUS thought that the MD5-based construction used in RADIUS was still secure. 

Vendors have released patches that implement the authors’ recommended short-term mitigation for this vulnerability. System administrators should check for patches for protocols they use with RADIUS and apply the updated configuration options suggested by their vendors. 

The authors have disclosed their findings (security advisories CVE-2024-3596 and VU#456537) and more than 90 vendors have been involved in a coordinated disclosure and issued security bulletins. 

The research team includes Heninger, Miro Haller and Adam Suhl of UC San DIego; Sharon Goldberg of Cloudfare; Mike Milano of BastionZero; Dan Shumow of Microsoft Research; and Marc Stevens of Centrum Wiskunde & Informatica. 

 

END

[Attachments] See images for this press release:
Computer scientists discover vulnerabilities in a popular security protocol

ELSE PRESS RELEASES FROM THIS DATE:

The emergence of moral foundations in children’s speech

2024-08-20
A study of children’s conversations with their caretakers sheds light on the timeline of the emergence of moral foundation words in the first six years of life in English-speaking children. Moral Foundations theory posits that morality is largely intuitive and underlaid by modular foundations. The original set of five foundations proposed by researchers includes Care/Harm, Fairness/Cheating, Authority/Subversion, Loyalty/Betrayal, and Purity/Degradation. Aida Ramezani and colleagues systematically ...

Correcting misperceptions of opposing party won’t reduce polarization

2024-08-20
Political animus between Republicans and Democrats in the United States is alarmingly high, raising fears of undemocratic or even violent actions. An often-touted intervention to prevent political polarization is to identify and correct misperceptions about people’s partisan opponents. Sean Westwood and colleagues sought to empirically test the effectiveness of this strategy. The authors surveyed 9,810 American partisans online from fall 2022 to fall 2023, finding that their opinions of whether ...

Scientists discover new code governing gene activity

2024-08-20
A newly discovered code within DNA – coined “spatial grammar” – holds a key to understanding how gene activity is encoded in the human genome. This breakthrough finding, identified by researchers at Washington State University and the University of California, San Diego and published in Nature, revealed a long-postulated hidden spatial grammar embedded in DNA. The research could reshape scientists’ understanding of gene regulation and how genetic variations may influence gene expression in development or disease. Transcription factors, the proteins that control which genes in one’s genome are turned on or off, ...

The invasion of Ukraine and European attitudes

2024-08-20
An ongoing survey captures how the Russian invasion of Ukraine affected attitudes in European countries not directly involved in the conflict. Margaryta Klymak and Tim Vlandas examine how the Russian invasion of Ukraine affected economic and political attitudes in eight European countries. The authors took advantage of the timing of the European Social Survey (ESS), which happened to be administered both just before and just after the Russian invasion of Ukraine in February 2022 in eight countries: Switzerland, Greece, Italy, Montenegro, Macedonia, Netherlands, Norway, and Portugal. Overall, the invasion increased support ...

A new reaction to enhance aromatic ketone use in chemical synthesis

A new reaction to enhance aromatic ketone use in chemical synthesis
2024-08-20
Aromatic ketones have long been valuable intermediates in chemical synthesis, particularly in cross-coupling reactions where different chemical entities are combined to form new compounds. For instance, a process called deacylative cross-coupling removes the acyl group from the aromatic ketone, allowing it to bond with other chemicals and produce a wide variety of useful compounds. These reactions are crucial for producing a wide array of aromatic compounds used in various industries like agrochemicals. However, the utility of aromatic ketones has been limited due to the difficulty in breaking their strong carbon-carbon bonds. These robust bonds are challenging to cleave, ...

Investigating the interplay of folding and aggregation in supramolecular polymer systems

Investigating the interplay of folding and aggregation in supramolecular polymer systems
2024-08-20
In polymers, the competition between the folding and aggregation of chains, both at an individual level and between chains, can determine the mechanical, thermal, and conductive properties of such materials. Understanding the interplay of folding and aggregation presents a significant opportunity for the development and discovery of polymeric materials with tailored properties and functionalities. This also holds true for non-covalent counterparts of conventional covalent polymers, i.e., supramolecular polymers (SPs). SPs are expected to have practical applications as novel stimuli-responsive ...

Adaptive 3D printing system to pick and place bugs and other organisms

Adaptive 3D printing system to pick and place bugs and other organisms
2024-08-20
MINNEAPOLIS / ST. PAUL (08/20/2024) — A first-of-its-kind adaptive 3D printing system developed by University of Minnesota Twin Cities researchers can identify the positions of randomly distributed organisms and safely move them to specific locations for assembly. This autonomous technology will save researchers time and money in bioimaging, cybernetics, cryopreservation, and devices that integrate living organisms. The research is published in Advanced Science, a peer-reviewed scientific journal. The researchers ...

Fossil hotspots in Africa obscure a more complete picture of human evolution

Fossil hotspots in Africa obscure a more complete picture of human evolution
2024-08-20
WASHINGTON (August 20, 2024) – Much of the early human fossil record originates from just a few places in Africa, where favorable geological conditions have preserved a trove of fossils used by scientists to reconstruct the story of human evolution. One of these fossil hotspots is the eastern branch of the East African Rift System, home to important fossil sites such as Oldupai Gorge in Tanzania. Yet, the eastern branch of the rift system only accounts for 1% of the surface area of Africa—a fact that makes it possible to estimate how much information scientists who rely on such small samples are missing. In ...

Extraterrestrial chemistry with earthbound possibilities

Extraterrestrial chemistry with earthbound possibilities
2024-08-20
DENVER, Aug. 20, 2024 — Who are we? Why are we here? As the Crosby, Stills, Nash & Young song suggests, we are stardust, the result of chemistry occurring throughout vast clouds of interstellar gas and dust. To better understand how that chemistry could create prebiotic molecules — the seeds of life on Earth and possibly elsewhere — researchers investigated the role of low-energy electrons created as cosmic radiation traverses through ice particles. Their findings may also inform medical and environmental applications on our home planet. Undergraduate student Kennedy Barnes will present the team’s results at the fall meeting of the American ...

Deadly sea snail toxin could be key to making better medicines

Deadly sea snail toxin could be key to making better medicines
2024-08-20
Scientists are finding clues for how to treat diabetes and hormone disorders in an unexpected place: a toxin from one of the most venomous animals on the planet. A multinational research team led by University of Utah scientists has identified a component within the venom of a deadly marine cone snail, the geography cone, that mimics a human hormone called somatostatin, which regulates the levels of  blood sugar and various hormones in the body. The hormone-like toxin’s specific, long-lasting effects, which help the snail hunt its prey, could also help scientists design better ...

LAST 30 PRESS RELEASES:

Reality check: making indoor smartphone-based augmented reality work

Overthinking what you said? It’s your ‘lizard brain’ talking to newer, advanced parts of your brain

Black men — including transit workers — are targets for aggression on public transportation, study shows

Troubling spike in severe pregnancy-related complications for all ages in Illinois

Alcohol use identified by UTHealth Houston researchers as most common predictor of escalated cannabis vaping among youths in Texas

Need a landing pad for helicopter parenting? Frame tasks as learning

New MUSC Hollings Cancer Center research shows how Golgi stress affects T-cells' tumor-fighting ability

#16to365: New resources for year-round activism to end gender-based violence and strengthen bodily autonomy for all

Earliest fish-trapping facility in Central America discovered in Maya lowlands

São Paulo to host School on Disordered Systems

New insights into sleep uncover key mechanisms related to cognitive function

USC announces strategic collaboration with Autobahn Labs to accelerate drug discovery

Detroit health professionals urge the community to act and address the dangers of antimicrobial resistance

3D-printing advance mitigates three defects simultaneously for failure-free metal parts 

Ancient hot water on Mars points to habitable past: Curtin study

In Patagonia, more snow could protect glaciers from melt — but only if we curb greenhouse gas emissions soon

Simplicity is key to understanding and achieving goals

Caste differentiation in ants

Nutrition that aligns with guidelines during pregnancy may be associated with better infant growth outcomes, NIH study finds

New technology points to unexpected uses for snoRNA

Racial and ethnic variation in survival in early-onset colorectal cancer

Disparities by race and urbanicity in online health care facility reviews

Exploring factors affecting workers' acquisition of exercise habits using machine learning approaches

Nano-patterned copper oxide sensor for ultra-low hydrogen detection

Maintaining bridge safer; Digital sensing-based monitoring system

A novel approach for the composition design of high-entropy fluorite oxides with low thermal conductivity

A groundbreaking new approach to treating chronic abdominal pain

ECOG-ACRIN appoints seven researchers to scientific committee leadership positions

New model of neuronal circuit provides insight on eye movement

Cooking up a breakthrough: Penn engineers refine lipid nanoparticles for better mRNA therapies

[Press-News.org] Computer scientists discover vulnerabilities in a popular security protocol