The 2016 Internet Defense Prize and $100,000 from Facebook has been awarded to an international team that has proposed new parameters for providing post-quantum security for TLS.
Building on a previously proposed instantiation presented by researchers at IEEE Security & Privacy 2015, the winning research identified a better suited error distribution and reconciliation mechanism, analyzed the scheme's hardness against attacks by quantum computers, and identified a possible defense against backdoors and all-for-the-price-of-one attacks. Using these measures—and for the same lattice dimension—they were able to increase the security parameter by more than 100%, reduce the communication overhead by more than half, and significantly increase computation speed in portable C implementation and current Intel CPUs, all while protecting against timing attacks.
The work has already led to concrete use in Chrome and planned usage in TOR.
The prize, which is a partnership of Facebook and USENIX, goes to Erdem Alkim (Department of Mathemathics, Ege University, Turkey), Léo Ducas (Centrum Wiskunde & Informatica, Amsterdam, The Netherlands), Thomas Pöppelmann (Infineon Technologies AG, Munich, Germany), and Peter Schwabe (Digital Security Group, Radboud University, The Netherlands). Their paper is entitled, “Post-Quantum Key Exchange — A New Hope.”
The Internet Defense Prize recognizes and rewards research that meaningfully makes the internet more secure. Created in 2014, the award is funded by Facebook and offered in partnership with USENIX to celebrate contributions to the protection and defense of the Internet.
“Security research is in a race against time to innovate faster than adversaries,” said Nektarios Leontiadis, a threat research scientist on the Facebook Security team, in a post announcing the winners. “The last year has seen multiple high-visibility vulnerability disclosures for every major platform. The industry has a history of over-rotating toward offensive work that has little direct impact on most people's lives. Much of the attention still goes to research that celebrates ‘owning’ rather than finding practical solutions for protecting people in the real world. At Facebook, we believe these incentives need to change.”
Two additional projects were named as finalists:
One is DROWN, a dangerous attack against TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. SSLv2, an ancestor of TLS, has been obsolete for 20 years, but about a third of all TLS servers still support it for backwards compatibility. DROWN demonstrates, through several attack scenarios, that SSLv2 is not only weak, but actively harmful to the TLS ecosystem.
“The protocol flaws that DROWN exploits are an unanticipated side-effect of US government regulations from the 1990s, which limited the strength of cryptography that could be exported in order to ensure that intelligence agencies could circumvent it,” said Leontiadis. “Decades after these export restrictions were relaxed, they nonetheless contributed to widespread security problems. The authors argue that the attack provides an important historical perspective on how deliberately weakened cryptography can create risks for global Internet security, with implications for current law enforcement demands for backdoor access to encrypted devices and data.”
The other is an exploit for a subtle, yet serious, side channel vulnerability (CVE-2016-5696) introduced in a recent TCP specification. The vulnerability allows a blind off-path attacker to infer if any two arbitrary hosts on the Internet are communicating using a TCP connection, and ultimately terminate that connection and perform data injection attacks. This can be used to disrupt or degrade the privacy guarantees of an anonymity network such as Tor, and perform web connection hijacking. The authors also proposed changes to both the TCP specification and implementation to eliminate the root cause of the problem.
Photo © 360b/Shutterstock.com