Adam Barth

Publications

Journal

• Securing Frame Communication in Browsers

  Adam Barth, Collin Jackson, and John C. Mitchell

  In Communications of the ACM (CACM 2009)

  Abstract

  Abstract. Many Web sites embed third-party content in frames, relying on the browser's security policy to protect against malicious content. However, frames provide insufficient isolation in browsers that let framed content navigate other frames. We evaluate existing frame navigation policies and advocate a stricter policy, which we deploy in the open-source browsers. In addition to preventing undesirable interactions, the browser's strict isolation policy also affects communication between cooperating frames. We therefore analyze two techniques for interframe communication between isolated frames. The first method, fragment identifier messaging, initially provides confidentiality without authentication, which we repair using concepts from a well-known network protocol. The second method, postMessage, initially provides authentication, but we discover an attack that breaches confidentiality. We propose improvements in the postMessage API to provide confidentiality; our proposal has been standardized and adopted in browser implementations.
• Protecting Browsers from DNS Rebinding Attacks

  Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh

  In ACM Transactions on the Web (TWEB 2009)

  Abstract

  Abstract. DNS rebinding attacks subvert the same-origin policy of browsers, converting them into open network proxies. Using DNS rebinding, an attacker can circumvent organizational and personal firewalls, send spam email, and defraud pay-per-click advertisers. We evaluate the cost effectiveness of mounting DNS rebinding attacks, finding that an attacker requires less than $100 to hijack 100,000 IP addresses. We analyze defenses to DNS rebinding attacks, including improvements to the classic "DNS pinning," and recommend changes to browser plug-ins, firewalls, and Web servers. Our defenses have been adopted by plug-in vendors and by a number of open-source firewall implementations.

Conference

• Regular Expressions Considered Harmful in Client-Side XSS Filters

  Daniel Bates, Adam Barth, and Collin Jackson

  To appear: Proc. of the 19th International World Wide Web Conference (WWW 2010)
• Protecting Browsers from Extension Vulnerabilities

  Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman

  To appear: Proc. of the 17th Network and Distributed System Security Symposium (NDSS 2010)

  Abstract

  Abstract. Browser extensions are remarkably popular, with one in three Firefox users running at least one extension. Although well-intentioned, extension developers are often not security experts and write buggy code that can be exploited by malicious web site operators. In the Firefox extension system, these exploits are dangerous because extensions run with the user's full privileges and can read and write arbitrary files and launch new processes. In this paper, we analyze 25 popular Firefox extensions and find that 88% of these extensions need less than the full set of available privileges. Additionally, we find that 76% of these extensions use unnecessarily powerful APIs, making it difficult to reduce their privileges. We propose a new browser extension system that improves security by using least privilege, privilege separation, and strong isolation. Our system limits the misdeeds an attacker can perform through an extension vulnerability. Our design has been adopted as the Google Chrome extension system.
• Preventing Capability Leaks in Secure JavaScript Subsets

  Matthew Finifter, Joel Weinberger, and Adam Barth

  To appear: Proc. of the 17th Network and Distributed System Security Symposium (NDSS 2010)

  Abstract

  Abstract. Publishers wish to sandbox third-party advertisements to protect themselves from malicious advertisements. One promising approach, used by ADsafe, Dojo Secure, and Jacaranda, sandboxes advertisements by statically verifying that their JavaScript conforms to a safe subset of the language. These systems blacklist known dangerous properties that would let advertisements escape the sandbox. Unfortunately, this approach does not prevent advertisements from accessing new methods added to the built-in prototype objects by the hosting page. In this paper, we show that one-third of the Alexa US Top 100 web sites would be exploitable by an ADsafe-verified advertisement. We propose an improved statically verified JavaScript subset that whitelists known-safe properties using namespaces. Our approach maintains the expressiveness and performance of static verification while improving security.
• A Learning-Based Approach to Reactive Security

  Adam Barth, Benjamin I. P. Rubinstein, Mukund Sundararajan, John C. Mitchell, Dawn Song, and Peter L. Bartlett

  In Proc. of the 14th International Conference on Financial Cryptography and Data Security (FC 2010)

  Abstract

  Abstract. Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender's strategy and do not require the attacker to act rationally. In this model, we bound the competitive ratio between a reactive defense algorithm (which is inspired by online learning theory) and the best fixed proactive defense. Additionally, we show that, unlike proactive defenses, this reactive strategy is robust to a lack of information about the attacker's incentives and knowledge.
• Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense

  Adam Barth, Joel Weinberger, and Dawn Song

  In Proc. of the 18th USENIX Security Symposium (USENIX Security 2009)

  Abstract

  Abstract. We identify a class of Web browser implementation vulnerabilities, cross-origin JavaScript capability leaks, which occur when the browser leaks a JavaScript pointer from one security origin to another. We devise an algorithm for detecting these vulnerabilities by monitoring the "points-to" relation of the JavaScript heap. Our algorithm finds a number of new vulnerabilities in the open-sourceWebKit browser engine used by Safari. We propose an approach to mitigate this class of vulnerabilities by adding access control checks in browser JavaScript engines. These access control checks are perfectly backwardscompatible because they do not alter semantics of the Web platform. Through a application of the polymorphic inline cache, we implement these checks while incurring an overhead of only 1–2% on industry standard benchmarks.
• Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves

  Adam Barth, Juan Caballero, and Dawn Song

  In Proc. of the 30th IEEE Symposium on Security and Privacy (Oakland 2009)

  Abstract

  Abstract. Cross-site scripting defenses often focus on HTML documents, neglecting attacks involving the browser's content-sniffing algorithm, which can treat non-HTML content as HTML. Web applications, such as the one that manages this conference, must defend themselves against these attacks or risk authors uploading malicious papers that automatically submit stellar self-reviews. In this paper, we formulate content-sniffing XSS attacks and defenses. We study content-sniffing XSS attacks systematically by constructing high-fidelity models of the content-sniffing algorithms used by four major browsers. We compare these models with Web site content filtering policies to construct attacks. To defend against these attacks, we propose and implement a principled content-sniffing algorithm that provides security while maintaining compatibility. Our principles have been adopted, in part, by Internet Explorer 8 and, in full, by Google Chrome and the HTML 5 working group.
• Robust Defenses for Cross-Site Request Forgery

  Adam Barth, Collin Jackson, and John C. Mitchell

  In Proc. of the 15th ACM Conf. on Computer and Communications Security (CCS 2008)

  Abstract

  Abstract. Cross-Site Request Forgery (CSRF) is a widely exploited web site vulnerability. In this paper, we present a new variation on CSRF attacks, login CSRF, in which the attacker forges a cross-site request to the login form, logging the victim into the honest web site as the attacker. The severity of a login CSRF vulnerability varies by site, but it can be as severe as a cross-site scripting vulnerability. We detail three major CSRF defense techniques and find shortcomings with each technique. Although the HTTP Referer header could provide an effective defense, our experimental observation of 283,945 advertisement impressions indicates that the header is widely blocked at the network layer due to privacy concerns. Our observations do suggest, however, that the header can be used today as a reliable CSRF defense over HTTPS, making it particularly well-suited for defending against login CSRF. For the long term, we propose that browsers implement the Origin header, which provides the security benefits of the Referer header while responding to privacy concerns.
• Securing Frame Communication in Browsers

  Adam Barth, Collin Jackson, and John C. Mitchell

  In Proc. of the 17th USENIX Security Symposium (USENIX Security 2008)

  Abstract

  Abstract. Many web sites embed third-party content in frames, relying on the browser's security policy to protect them from malicious content. Frames, however, are often insufficient isolation primitives because most browsers let framed content manipulate other frames through navigation. We evaluate existing frame navigation policies and advocate a stricter policy, which we deploy in the open-source browsers. In addition to preventing undesirable interactions, the browser's strict isolation policy also hinders communication between cooperating frames. We analyze two techniques for inter-frame communication. The first method, fragment identifier messaging, provides confidentiality without authentication, which we repair using concepts from a well-known network protocol. The second method, postMessage, provides authentication, but we discover an attack that breaches confidentiality. We modify the postMessage API to provide confidentiality and see our modifications standardized and adopted in browser implementations.
• ForceHTTPS: Protecting High-Security Web Sites from Network Attacks

  Collin Jackson and Adam Barth

  In Proc. of the 17th International World Wide Web Conference (WWW 2008)

  Abstract

  Abstract. As wireless networks proliferate, web browsers operate in an increasingly hostile network environment. The HTTPS protocol has the potential to protect web users from network attackers, but real-world deployments must cope with misconfigured servers, causing imperfect web sites and users to compromise browsing sessions inadvertently. ForceHTTPS is a simple browser security mechanism that web sites or users can use to opt in to stricter error processing, improving the security of HTTPS by preventing network attacks that leverage the browser's lax error processing. By augmenting the browser with a database of custom URL rewrite rules, ForceHTTPS allows sophisticated users to transparently retrofit security onto some insecure sites that support HTTPS. We provide a prototype implementation of ForceHTTPS as a Firefox browser extension.
• Protecting Browsers from DNS Rebinding Attacks

  Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh

  In Proc. of the 14th ACM Conf. on Computer and Communications Security (CCS 2007)

  Abstract

  Abstract. DNS rebinding attacks subvert the same-origin policy of browsers, converting them into open network proxies. Using DNS rebinding, an attacker can circumvent organizational and personal firewalls, send spam e-mail, and defraud pay-per-click advertisers. We evaluate the cost-effectiveness of mounting DNS rebinding attacks, finding that an attacker requires less than $100 to hijack 100,000 IP addresses. We analyze defenses to DNS rebinding attacks, including improvements to the classic "DNS pinning," and recommend changes to browser plug-in, firewalls, and web servers. Our defenses have been adopted by plug-in vendors and by a number of open-source firewall implementations.
• Privacy and Utility in Business Processes

  Adam Barth, Anupam Datta, John C. Mitchell, and Sharada Sundaram

  In Proc. of the 20th IEEE Computer Security Foundations Symposium (CSF 2007)

  Abstract

  Abstract. We propose an abstract model of business processes for the purpose of (i) evaluating privacy policy in light of the goals of the process and (ii) developing automated support for privacy policy compliance and audit. In our model, agents that send and receive tagged personal information are assigned organizational roles and responsibilities. We present approaches and algorithms for determining whether a business process design simultaneously achieves privacy and the goals of the organization (utility). The model also allows us to develop a notion of minimal exposure of personal information, for a given process. We investigate the problem of auditing with inexact information and develop methods to identify a set of potentially culpable individuals when privacy is breached. The audit methods draw on traditional causality concepts to reduce the effort needed to search audit logs for irresponsible actions.
• Privacy and Contextual Integrity: Framework and Applications

  Adam Barth, Anupam Datta, John C. Mitchell, and Helen Nissenbaum

  In Proc. of the 27th IEEE Symposium on Security and Privacy (Oakland 2006)

  Abstract

  Abstract. Contextual integrity is a conceptual framework for understanding privacy expectations and their implications developed in the literature on law, public policy, and political philosophy. We formalize some aspects of contextual integrity in a logical framework for expressing and reasoning about norms of transmission of personal information. In comparison with access control and privacy policy frameworks such as RBAC, EPAL, and P3P, these norms focus on who personal information is about, how it is transmitted, and past and future actions by both the subject and the users of the information. Norms can be positive or negative depending on whether they refer to actions that are allowed or disallowed. Our model is expressive enough to capture naturally many notions of privacy found in legislation, including those found in HIPAA, COPPA, and GLBA. A number of important problems regarding compliance with privacy norms, future requirements associated with specific actions, and relations between policies and legal standards reduce to standard decision procedures for temporal logic.
• Managing Digital Rights using Linear Logic

  Adam Barth and John C. Mitchell

  In Proc. of the 21st Annual IEEE Symposium on Logic in Computer Science (LICS 2006)

  Abstract

  Abstract. Digital music players protect songs by enforcing licenses that convey specific rights for individual songs or groups of songs. For licenses specified in industry, we show that deciding whether a license authorizes a sequence of actions is NP-complete, with a restricted version of the problem solvable efficiently using a reduction to maximum network flow. The authorization algorithm used in industry is online, deciding which rights to exercise as actions occur, but we show that all online algorithms are necessarily non-monotonic: each allows actions under one license that it does not allow under a more flexible license. In one approach to achieving monotonicity, we exhibit the unique maximal set of licenses on which there exists a monotonic online algorithm. This set of well-behaved licenses induces an approximation algorithm by replacing each license with a well-behaved license. In a second approach, we consider allowing the player to revise its past decisions about which rights to exercise while still ensuring compliance with the license. We propose an efficient algorithm based on Linear Logic, with linear negation used to revise past decisions. We prove our algorithm monotonic, live, and sound with respect to the semantics of licenses.
• Private Encrypted Content Distribution Using Private Broadcast Encryption

  Adam Barth, Dan Boneh, and Brent Waters

  In Proc. of the 10th Financial Cryptography and Data Security Conference (FC 2006)

  Abstract

  Abstract. In many content distribution systems it is important both to restrict access to content to authorized users and to protect the identities of these users. We discover that current systems for encrypting content to sets of users are subject to attacks on user privacy. We propose a new mechanism, private broadcast encryption, to protect the privacy of users of encrypted file systems and content delivery systems. We construct a private broadcast scheme, with a strong privacy guarantee against an active attacker, that achieves ciphertext length, encryption time, and decryption time comparable with the non-private schemes currently used in encrypted file systems.
• High Performance Imaging Using Large Camera Arrays

  Bennett Wilburn, Neel Joshi, Vaibhav Vaish, Eino-Ville Talvala, Emilio Antunez, Adam Barth, Andrew Adams, Mark Horowitz, and Marc Levoy

  In ACM Transactions on Graphics (SIGGRAPH 2005)

  Abstract

  Abstract. The advent of inexpensive digital image sensors and the ability to create photographs that combine information from a number of sensed images are changing the way we think about photography. In this paper, we describe a unique array of 100 custom video cameras that we have built, and we summarize our experiences using this array in a range of imaging applications. Our goal was to explore the capabilities of a system that would be inexpensive to produce in the future. With this in mind, we used simple cameras, lenses, and mountings, and we assumed that processing large numbers of images would eventually be easy and cheap. The applications we have explored include approximating a conventional single center of projection video camera with high performance along one or more axes, such as resolution, dynamic range, frame rate, and/or large aperture, and using multiple cameras to approximate a video camera with a large synthetic aperture. This permits us to capture a video light field, to which we can apply spatiotemporal view interpolation algorithms in order to digitally simulate time dilation and camera motion. It also permits us to create video sequences using custom non-uniform synthetic apertures.

Workshop

• Rootkits for JavaScript Environments

  Ben Adida, Adam Barth, and Collin Jackson

  In Proc. of 3rd USENIX Workshop on Offensive Technologies (WOOT 2009)

  Abstract

  Abstract. A number of commercial cloud-based password managers use bookmarklets to automatically populate and submit login forms. Unfortunately, an attacker web site can maliciously alter the JavaScript environment and, when the login bookmarklet is invoked, steal the user's passwords. We describe general attack techniques for altering a bookmarklet's JavaScript environment and apply them to extracting passwords from six commercial password managers. Our proposed solution has been adopted by several of the commercial vendors.
• Attacks on JavaScript Mashup Communication

  Adam Barth, Collin Jackson, and William Li

  In Proc. of Web 2.0 Security and Privacy 2009 (W2SP 2009)

  Abstract

  Abstract. In a mashup, one principal wishes to communicate with another principal without necessarily ceding complete control to the other principal. In this paper, we analyze whether existing and proposed JavaScript mashup communication mechanisms have this security property. We show that failure to account for details of JavaScript often lets one communicant completely compromise the other. We illustrate these vulnerabilities with proof-of-concept privilege escalation attacks. Based on our analysis, we recommend that mashup communication mechanisms prevent privilege escalation by using lexical authorization across a specified interface that enforces type checks and allows the communicants to exchange only primitive values. We observe that we can implement such a mechanism in today's browsers using postMessage as a primitive. We demonstrate our approach by implementing a version of the Google Maps gadget that prevents Google from compromising the integrator.
• Beware of Finer-Grained Origins

  Collin Jackson and Adam Barth

  In Proc. of Web 2.0 Security and Privacy 2008 (W2SP 2008)

  Abstract

  Abstract. The security policy of browsers provides no isolation between documents from the same origin (scheme, host, and port), even if those documents have different security characteristics. We show how this lack of isolation leads to origin contamination vulnerabilities in a number of browser security features, such as cookies, encryption, and code signing. A tempting approach to fixing these vulnerabilities is to refine the browser's notion of origin, leveraging the browser's built-in isolation between security contexts. We demonstrate that attackers can circumvent these "finer-grained origins" using the library import and data export features of browsers. We discuss several approaches to preventing these attacks.
• An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks

  Collin Jackson, Dan Simon, Desney Tan, and Adam Barth

  In Proc. of the 2007 Workshop on Usable Security (USEC 2007)

  Abstract

  Abstract. In this usability study of phishing attacks and browser antiphishing defenses, 27 users each classified 12 web sites as fraudulent or legitimate. By dividing these users into three groups, our controlled study measured both the effect of extended validation certificates that appear only at legitimate sites and the effect of reading a help file about security features in Internet Explorer 7. Across all groups, we found that picture-in-picture attacks showing a fake browser window were as effective as the best other phishing technique, the homograph attack. Extended validation did not help users identify either attack. Additionally, reading the help file made users more likely to classify both real and fake web sites as legitimate when the phishing warning did not appear.
• Enterprise Privacy Promises and Enforcement

  Adam Barth and John C. Mitchell

  In Proc. of the 2005 ACM Workshop on Issues in the Theory of Security (WITS 2005)

  Abstract

  Abstract. Several formal languages have been proposed to encode privacy policies, ranging from the Platform for Privacy Preferences (P3P), intended for communicating privacy policies to consumers over the web, to the Enterprise Privacy Authorization Language (EPAL), intended to enable policy enforcement within an enterprise. However, current technology does not allow an enterprise to determine whether its detailed, internal enforcement policy meets its published privacy promises. We present a data-centric, unified model for privacy, equipped with a modal logic for reasoning about permission inheritance across data hierarchies. We use this model to critique two privacy preference languages (APPEL and XPref), to justify P3P's policy summarization algorithm, and to connect privacy policy languages, such as P3P, with privacy policy enforcement languages, such as EPAL. Specifically, we characterize when one policy enforces another and provide an algorithm for generating the most specific privacy promises, at a given level of detail, guaranteed by a more detailed enforcement policy.
• Conflict and Combination in Privacy Policy Languages

  Adam Barth, John C. Mitchell, and Justin Rosenstein

  In Proc. of the 2004 ACM Workshop on Privacy in the Electronic Society (WPES 2004)

  Abstract

  Abstract. Many modern enterprises require methods for guaranteeing compliance with privacy legislation and announced privacy policies. IBM has proposed a formal language, the Enterprise Privacy Authorization Language (EPAL), for describing privacy policies rigorously. In this paper, we identify four desirable properties of a privacy policy language: guaranteed consistency, guaranteed safety, admitting local reasoning, and closure under combination. While EPAL achieves only one of these four goals, an extended language framework allows us to achieve three out of four, while retaining the basic EPAL framework of restricting access and imposing obligations on users of confidential information.

Non-Peer Reviewed

• Browser Security: Lessons from Google Chrome

  Charlie Reis, Adam Barth, Carlos Pizano

  In ACM Queue, June 2009
• Extracting Models of Security-Sensitive Operations using String-Enhanced White-Box Exploration on Binaries

  Juan Caballero, Stephen McCamant, Adam Barth, and Dawn Song

  Technical Report UCB/EECS-2009-36

  Abstract

  Abstract. Models of security-sensitive code enable reasoning about the security implications of code. In this paper we present an approach for extracting models of security-sensitive operations directly from program binaries, which lets third-party analysts reason about a program when the source code is not available. Our approach is based on string-enhanced white-box exploration, a new technique that improves the effectiveness of current white-box exploration techniques on programs that use strings, by reasoning directly about string operations, rather than about the individual byte-level operations that comprise them. We implement our approach and use it to extract models of the closed-source content sniffing algorithms of two popular browsers: Internet Explorer 7 and Safari 3.1. We use the generated models to automatically find recently studied content-sniffing XSS attacks, and show the benefits of string-enhanced white-box exploration over current byte-level exploration techniques.
• The Security Architecture of the Chromium Browser

  Adam Barth, Collin Jackson, Charles Reis, and The Google Chrome Team

  Technical Report 2008

  Abstract

  Abstract. Most current web browsers employ a monolithic architecture that combines "the user" and "the web" into a single protection domain. An attacker who exploits an arbitrary code execution vulnerability in such a browser can steal sensitive files or install malware. In this paper, we present the security architecture of Chromium, the open-source browser upon which Google Chrome is built. Chromium has two modules in separate protection domains: a browser kernel, which interacts with the operating system, and a rendering engine, which runs with restricted privileges in a sandbox. This architecture helps mitigate high-severity attacks without sacrificing compatibility with existing web sites. We define a threat model for browser exploits and evaluate how the architecture would have mitigated past vulnerabilities.

Dissertation

• Design and Analysis of Privacy Policies

  Adam Barth

  Ph.D. Dissertation, Stanford University, 2008

Public Key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (Darwin)

mQGiBEp8w8QRBADl1TBoTVe3h08aw7KlQlnR6JOREnRpc6YzgMeRjPdk96/9qP8b
1OO7F8dB+9/gLH7t4epTQSt0U0/E5YC+kZgvqE0Wtq1dH6SMDhYwbMoW4VcvVY1g
JJoO9JjqL/ng4fTg+JOOBPEvko6j/ci8uORKNDsu/dJoUIPhSiq7CoO3EwCg5WNQ
fZmjsui/tv1OsKs05QXR3xMD/RgtXDpFimSLwU0OOoxo6w+I/OrYoQS8XrYEH4S2
snJHg9cppKBWq1oFHhCmKYZasW7z9R26MKHEtjvbCMihwxDgbZirdryyEQfEbGv3
TztrQce9ABrz95sPtzuaAmqruug4KOvQseotJAjDMY7hcm4rNln7ksgxdKkPfYvd
uNaIA/0X2+2ZO8A9uNiOV3Uh5aphl4dttJZFnnTtJtqpMStToNppFY0nEqogv2UI
1CmIaUvR3P9NehLd4wi3yYdJeIIiAaFy4dwxG33/YWbcS5BgWY06EgKwS0IzfQuy
NC5zWghm0TEP2gv4mJaUFN/G1r/B01DVMag9j92ociINwvL9PrQgQWRhbSBCYXJ0
aCA8YWJhcnRoQHplbnF1ZS5sb2NhbD6IZgQTEQIAJgUCSnzDxAIbAwUJCWYBgAYL
CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEAZboTPluFKpdXUAn3njcSHpOJtdPLUB
7+G6ZsrjawP5AJ4hn1Z5bpxrR6e7p5TKeHwFAQUezbkCDQRKfMPEEAgAq4EBP+4I
dC35+FKPVPSdjmavLsTGdzlNRkkshhTrdbQFmH7ZGRJALm6QYB9Z8xWTgZ0dpWW+
eHbaGOCpSd2j5JwVPfe3WniqG+hgcWHMkdiPnWlDK1AWvOlI5gUusgkNwVvQj8xM
hyQuWfLeAJymh69rE0zwZIeuDRhtvP5nBaruL8Y9RE+Xcr0r8Mk3CHO12NFBEASr
hqFR1ukUr9XvtXC0j5U/a6RFmmGVAYRlQAcxcIMjqZOaX7ES/HXLuey+WoRNaheU
Cetnckt6EaW/A0LVMDAyHZC2tGmsItNzMEHjC9B6EgmiC5yf0RCH73UcT7Aisynv
JwO9bLCxBrTKBwADBQf+Ozb6b42cxt10aUYY/IRIMqiX7Q6vIHCYsShxoBGDZfn0
hgL49Z2Z/PgXxAkO0cvhUjwe0yFJTl0Ofc3fBpTpe9euwhdF1qTamPq/7BDPJajO
u15ovY91mMdNReaJ8zFZYaaPV+VECaBzYKqthv4z5pvTRDwyT38n8DLZdNPU49mN
iv2+gnLrfdrb2NZP3ApVALnFP6Pqyq/PU1L2qfn5FqwX59lDar5bp1NPVb8PSXg7
6oUcBtp94vB1eVlNNmWR/CbeHGeNwQRgIUzOkQMPOwZa3GyGVSVYme5D/7/tSbWW
zIaQAtsG851DExEbRBQO7WEqYhX1BelaOyVehi68mYhPBBgRAgAPBQJKfMPEAhsM
BQkJZgGAAAoJEAZboTPluFKpzrwAoLNpGtZ0I8Myn65Nd+dEU1Ppyy4WAJ4poko+
aKHn3iCR8iClcayM/XHmPA==
=T9Vi
-----END PGP PUBLIC KEY BLOCK-----