Cryptographic attack highlights the importance of bug-free software
2012-02-29
(Press-News.org) A padlocked icon in a web-browser or a URL starting with https provides communication security over the Internet. The icon or URL indicates OpenSSL, a cryptography toolkit implementing the SSL protocol, or a similar system is being used. New research by a collaborative team has developed an attack that can circumvent the security OpenSSL should provide. The attack worked on a very specific version of the OpenSSL software, 0.9.8g, and only when a specific set of options were used.
Dr Dan Page, Senior Lecturer in Computer Science in the Department of Computer Science at the University of Bristol, and one of the collaborative team, will present a paper at the RSA conference in San Francisco next week [Wednesday 29 February] about the EPSRC-funded research.
The attack worked by targeting a bug in the software. Carefully constructed messages were sent to the web-server, each of which triggered the bug and allowed part of a cryptographic key to be recovered. Using enough messages, the entire key could be recovered.
Dr Dan Page said: "Our work suggests an underlying problem. With software and hardware playing increasingly significant roles in our day-to-day life, how much can and should we trust them to be correct?
"The answer, in part at least, is a stronger emphasis on and investment in formal verification and correctness of open source software. Our research highlights the important role this topic will play for software engineers of the future."
SSL is designed to provide two guarantees. Firstly, that a web-server accessed is the one expected, and, secondly, that subsequent communication between the user and the web-server cannot be read by anyone else.
Both guarantees are important for e-commerce websites that need to manage sensitive data such as credit card details in a secure, dependable way. However, both depend on the web-server keeping various cryptographic keys secret.
OpenSSL is embedded in many platforms, particularly those based on the Linux operating system. Some operating system vendors have started to release advisories that prompt the upgrade of older versions of OpenSSL. This acts to limit any implications of an attack.
INFORMATION:
Paper: 'Practical realisation and elimination of an ECC-related software bug attack?', B B Brumle, Aalto University, Finland; M Barbosa, Universidade do Minho, Portugal; D Page, University of Bristol, and F Vercauteren, Katholieke Universiteit Leuven, Belgium, Cryptology ePrint archive: report 2011/633.
END
ELSE PRESS RELEASES FROM THIS DATE:
2012-02-29
PHILADELPHIA — Oncologists who treat patients with pancreatic cancer may be one step closer to understanding why gemcitabine, the only currently available treatment, works in some cases but not in others, according to a paper in Cancer Discovery, a journal of the American Association for Cancer Research.
David Tuveson, M.D., Ph.D., a professor of pancreatic cancer medicine at the University of Cambridge, utilized a laboratory model to test the combination of gemcitabine and nab-paclitaxel in pancreatic cancer.
"The combination has shown promise in an early clinical ...
2012-02-29
Washington, D.C. (28 February 2012)—The prospect of deep cuts in the federal budget threatens to reverse the dramatic progress of a bipartisan US commitment to defeat neglected diseases in developing countries, according to a new report released today by the Global Health Technologies Coalition (GHTC).
Federal investments in global health research and development (R&D) programs that span multiple agencies have helped nurture an array of new vaccines, medicines, diagnostics, and other health products needed to combat diseases like HIV/AIDS, malaria, tuberculosis (TB), ...
2012-02-29
Clean delivery kits combined with clean delivery practices could lead to substantial reductions in neonatal mortality in infants born at home, according to a study published in this week's PLoS Medicine.
The authors, led by Nadine Seward and Audrey Prost from the Institute of Child Health at University College London, analysed data from three previous studies to investigate the links between neonatal mortality, the use of clean delivery kits, and individual clean delivery practices in almost 20 000 home births in rural areas of India, Nepal, and Bangladesh. The researchers ...
2012-02-29
In this week's PLoS Medicine, Cleusa Ferri of King's College London Institute of Psychiatry, UK and colleagues report on their investigation of mortality rates in over 12 000 people aged 65 years and over in Latin America, India, and China. The authors show that chronic diseases are the main causes of death, with stroke the leading cause in almost all sites studied, and that education has an important effect on mortality.
The authors state: "Our findings are important in informing priorities to improve health and reduce deaths in older people…Given the much higher absolute ...
2012-02-29
For mental health to gain significant attention, and funding from policymakers globally, it is not enough to convince people that it has a high disease burden but also that there are deliverable and cost-effective interventions – according to South African researchers writing in this week's PLoS Medicine.
Mark Tomlinson and Crick Lund from the Department of Psychiatry and Mental Health based at the University of Cape Town, argue that global mental health must demonstrate its social and economic impact. The authors argue: "a coherent evidence base for scalable interventions ...
2012-02-29
In their February editorial, the PLoS Medicine Editors reflect on recent research by Olav Lindqvist and colleagues which describes nonpharmacological palliative care for cancer patients in the last days of life. The qualitative study found that the approaches used by palliative care staff were multifaceted, with physical, psychological, social, spiritual, and existential care interwoven in caregiving activities. The Editors comment: "[Lindqvist and colleagues' findings] reveal the complex and sometimes subtle caregiving approaches that palliative care staff take to improve ...
2012-02-29
The ability to detect and respond to magnetic fields is not usually associated with living things. Yet some organisms, including some bacteria and various migratory animals, do respond to magnetic fields. In migratory animals like fish, birds, and turtles, this behavior involves small magnetic particles in the nervous system. However, how these particles form and what they are actually doing is not fully understood.
In a new study, published February 28 in the online, open-access journal PLoS Biology, Keiji Nishida and Pamela Silver of Harvard Medical School take a major ...
2012-02-29
Some disease-causing parasites are known to favor one sex over the other in their host species, and such differences between the sexes have generally been attributed to differences in immune responses or behavior. But in a new article, published February 28 in the magazine section of the online, open-access journal PLoS Biology, David Duneau from Cornell University and Dieter Ebert from the University of Basel now propose that all sorts of characteristics that differ between the sexes of the host species can influence a parasite's adaptation.
These characteristics, such ...
2012-02-29
Reconstructing family trees dating back to 1811, Dutch researchers have estimated the death risk for people with inherited heart rhythm disorders, according to a study in Circulation: Cardiovascular Genetics, a journal of the American Heart Association.
Heart rhythm disorders can result in sudden cardiac death in apparently healthy people because of severe disturbances in the rhythm of the heart. The risk is high for people who carry one of these rare genes and have symptoms such as fainting.
Before the study, the risk in people without symptoms was less certain. Thus, ...
2012-02-29
U-Jam Fitness, a cardio dance fitness program that unites world beats with urban flavor and takes students around the world from Hip-Hop to Bollywood, announced a special 90 minute class and celebration in honor of its two year anniversary.
U-Jam Fitness founders Susy C. Marks and Matt Marks launched the athletic dance fitness program in January 2010 to give students of all levels an intense and sweat-induced workout set to exciting, high energy music--a unique combination of world beats with urban rhythm. In just two years, the fitness program has exploded and now ...
LAST 30 PRESS RELEASES:
[Press-News.org] Cryptographic attack highlights the importance of bug-free software
