Formally based semi-automatic implementation of an open security protocol

International audienceThis paper presents an experiment in which an implementation of the client side of the SSH Transport Layer Protocol (SSH-TLP) was semi-automatically derived according to a model-driven development paradigm that leverages formal methods in order to obtain high correctness assurance. The approach used in the experiment starts with the formalization of the protocol at an abstract level. This model is then formally proved to fulfill the desired secrecy and authentication properties by using the ProVerif prover. Finally, a sound Java implementation is semi-automatically derived from the verified model using an enhanced version of the Spi2Java framework. The resulting implementation correctly interoperates with third party servers, and its execution time is comparable with that of other manually developed Java SSH-TLP client implementations. This case study demonstrates that the adopted model-driven approach is viable even for a real security protocol, despite the complexity of the models needed in order to achieve an interoperable implementation

Safe abstractions of data encodings in formal security protocol models

When using formal methods, security protocols are usually modeled at a high level of abstraction. In particular, data encoding and decoding transformations are often abstracted away. However, if no assumptions at all are made on the behavior of such transformations, they could trivially lead to security faults, for example leaking secrets or breaking freshness by collapsing nonces into constants. In order to address this issue, this paper formally states sufficient conditions, checkable on sequential code, such that if an abstract protocol model is secure under a Dolev-Yao adversary, then a refined model, which takes into account a wide class of possible implementations of the encoding/decoding operations, is implied to be secure too under the same adversary model. The paper also indicates possible exploitations of this result in the context of methods based on formal model extraction from implementation code and of methods based on automated code generation from formally verified model

A kilobit hidden SNFS discrete logarithm computation

We perform a special number field sieve discrete logarithm computation in a 1024-bit prime field. To our knowledge, this is the first kilobit-sized discrete logarithm computation ever reported for prime fields. This computation took a little over two months of calendar time on an academic cluster using the open-source CADO-NFS software. Our chosen prime $p$ looks random, and $p--1$ has a 160-bit prime factor, in line with recommended parameters for the Digital Signature Algorithm. However, our p has been trapdoored in such a way that the special number field sieve can be used to compute discrete logarithms in $\mathbb{F}\_p^*$ , yet detecting that p has this trapdoor seems out of reach. Twenty-five years ago, there was considerable controversy around the possibility of back-doored parameters for DSA. Our computations show that trapdoored primes are entirely feasible with current computing technology. We also describe special number field sieve discrete log computations carried out for multiple weak primes found in use in the wild. As can be expected from a trapdoor mechanism which we say is hard to detect, our research did not reveal any trapdoored prime in wide use. The only way for a user to defend against a hypothetical trapdoor of this kind is to require verifiably random primes

Exposure to low pH induces molecular level changes in the marine worm, Platynereis dumerilii

© 2015 Elsevier Inc. Fossil fuel emissions and changes in net land use lead to an increase in atmospheric CO 2 concentration and a subsequent decrease of ocean pH. Noticeable effects on organisms' calcification rate, shell structure and energy metabolism have been reported in the literature. To date, little is known about the molecular mechanisms altered under low pH exposure, especially in non-calcifying organisms. We used a suppression subtractive hybridisation (SSH) approach to characterise differentially expressed genes isolated from Platynereis dumerilii, a non-calcifying marine polychaeta species, kept at normal and low pH conditions. Several gene sequences have been identified as differentially regulated. These are involved in processes previously considered as indicators of environment change, such as energy metabolism (NADH dehydrogenase, 2-oxoglutarate dehydrogenase, cytochrome c oxidase and ATP synthase subunit F), while others are involved in cytoskeleton function (paramyosin and calponin) and immune defence (fucolectin-1 and paneth cell-specific alpha-defensin) processes. This is the first study of differential gene expression in a non-calcifying, marine polychaete exposed to low pH seawater conditions and suggests that mechanisms of impact may include additional pathways not previously identified as impacted by low pH in other species