Online privacy: towards informational self-determination on the internet : report from Dagstuhl Perspectives Workshop 11061

The Dagstuhl Perspectives Workshop "Online Privacy: Towards Informational Self-Determination on the Internet" (11061) has been held in February 6-11, 2011 at Schloss Dagstuhl. 30 participants from academia, public sector, and industry have identified the current status-of-the-art of and challenges for online privacy as well as derived recommendations for improving online privacy. Whereas the Dagstuhl Manifesto of this workshop concludes the results of the working groups and panel discussions, this article presents the talks of this workshop by their abstracts

Poster: The Unintended Consequences of Algorithm Agility in DNSSEC

Cryptographic algorithm agility is an important property for DNSSEC: it allows easy deployment of new algorithms if the existing ones are no longer secure. In this work we show that the cryptographic agility in DNSSEC, although critical for provisioning DNS with strong cryptography, also introduces a vulnerability. We find that under certain conditions, when new algorithms are listed in signed DNS responses, the resolvers do not validate DNSSEC. As a result, domains that deploy new ciphers may in fact cause the resolvers not to validate DNSSEC. We exploit this to develop DNSSEC-downgrade attacks and experimentally and ethically evaluate them against popular DNS resolver implementations, public DNS providers, and DNS services used by web clients worldwide. We find that major DNS providers as well as 45% of DNS resolvers used by web clients are vulnerable to our attacks.Comment: This work has been accepted for publication at the ACM SIGSAC Conference on Computer and Communications Security (CCS 22

Byzantine-Secure Relying Party for Resilient RPKI

To protect against prefix hijacks, Resource Public Key Infrastructure (RPKI) has been standardized. To enjoy the security guarantees of RPKI validation, networks need to install a new component, the relying party validator, which fetches and validates RPKI objects and provides them to border routers. However, recent work shows that relying parties experience failures when retrieving RPKI objects and are vulnerable to attacks, all of which can disable RPKI validation. Therefore even the few adopters are not necessarily secure. We make the first proposal that significantly improves the resilience and security of RPKI. We develop BRP, a Byzantine-Secure relying party implementation. In BRP the relying party nodes redundantly validate RPKI objects and reach a global consensus through voting. BRP provides an RPKI equivalent of public DNS, removing the need for networks to install, operate, and upgrade their own relying party instances while avoiding the need to trust operators of BRP nodes. We show through simulations and experiments that BRP, as an intermediate RPKI service, results in less load on RPKI publication points and a robust output despite RPKI repository failures, jitter, and attacks. We engineer BRP to be fully backward compatible and readily deployable - it does not require any changes to the border routers and the RPKI repositories. We demonstrate that BRP can protect many networks transparently, with either a decentralized or centralized deployment. BRP can be set up as a network of decentralized volunteer deployments, similarly to NTP and TOR, where different operators participate in the peering process with their node, and provide resilient and secure relying party validation to the Internet. BRP can also be hosted by a single operator as a centralized service, e.g., on one cloud or CDN, and provides RPKI validation benefits even when hosted on a single network

The Harder You Try, The Harder You Fail: The KeyTrap Denial-of-Service Algorithmic Complexity Attacks on DNSSEC

Availability is a major concern in the design of DNSSEC. To ensure availability, DNSSEC follows Postel's Law [RFC1123]: "Be liberal in what you accept, and conservative in what you send." Hence, nameservers should send not just one matching key for a record set, but all the relevant cryptographic material, e.g., all the keys for all the ciphers that they support and all the corresponding signatures. This ensures that validation succeeds, and hence availability, even if some of the DNSSEC keys are misconfigured, incorrect or correspond to unsupported ciphers. We show that this design of DNSSEC is flawed. Exploiting vulnerable recommendations in the DNSSEC standards, we develop a new class of DNSSEC-based algorithmic complexity attacks on DNS, we dub KeyTrap attacks. All popular DNS implementations and services are vulnerable. With just a single DNS packet, the KeyTrap attacks lead to a 2.000.000x spike in CPU instruction count in vulnerable DNS resolvers, stalling some for as long as 16 hours. This devastating effect prompted major DNS vendors to refer to KeyTrap as the worst attack on DNS ever discovered. Exploiting KeyTrap, an attacker could effectively disable Internet access in any system utilizing a DNSSEC-validating resolver. We disclosed KeyTrap to vendors and operators on November 2, 2023, confidentially reporting the vulnerabilities to a closed group of DNS experts, operators and developers from the industry. Since then we have been working with all major vendors to mitigate KeyTrap, repeatedly discovering and assisting in closing weaknesses in proposed patches. Following our disclosure, the industry-wide umbrella CVE-2023-50387 has been assigned, covering the DNSSEC protocol vulnerabilities we present in this work.Comment: Accepted to ACM CCS 202

Online Privacy: Towards Informational Self-Determination on the Internet

February 6 – 11 , 2011, Dagstuhl Perspectives Workshop 1106

Digitale Schwellen: Freiheit und Privatheit in der digitalisierten Welt

Eine Welt digitaler Techniken im weitesten Sinne verändert die Kommunikationsbeziehungen, die sozialen Beziehungen der Menschen untereinander und damit auch die sozialen Verhältnisse der Menschen in der Gesellschaft in fundamentaler Weise. Wir stehen ganz offensichtlich erst an der Schwelle des Verstehens dieser komplexen und alle Lebensbereiche verändernden Revolution. Die technischen Möglichkeiten, die unser Leben ja auch erleichtern können und schöner und klüger machen, werden in großer Geschwindigkeit erweitert, immer neue Schwellen des Mach- und Denkbaren werden permanent überschritten. Redaktionsschluss: April 201

Introduction

Introduction to the 2013 Digital Enlightenment Forum Yearbook. The chapters in this yearbook have been invited from not only scholars from across various disciplinary backgrounds, notably computer science, psychology, law and philosophy, but also a number of authors involved in specific personal data management initiatives, and they investigate how these technologies will affect individuals with regard to privacy, informational self-determination, contextual integrity, and the notions of personal identity and the networked self. What values do the different stakeholders associate with and derive from personal data and individual privacy? What are the options for individuals and society to control the use of personal data in a digital world full of user-generated content, multinational service providers, smart and interconnected devices, and sophisticated Big Data algorithms? How can individuals and civil society organisations use these new technologies for their own benefit and for their own perception of the public benefit, for example, via the exploitation of open data – and, when it comes to open data, can they really exploit without being exploited? To what extent can increasing transparency support trust and privacy? What technical and social infrastructures are needed for supporting control and transparency? Can they be put in place without destroying social (and commercial) value? And what if they can’t? To what extent must a Digital Enlightenment live with the monetisation of our personal data