Term-based composition of security protocols

In the context of security protocol parallel composition, where messages belonging to different protocols can intersect each other, we introduce a new paradigm: term-based composition (i.e. the composition of message components also known as terms). First, we create a protocol specification model by extending the original strand spaces. Then, we provide a term composition algorithm based on which new terms can be constructed. To ensure that security properties are maintained, we introduce the concept of term connections to express the existing connections between terms and encryption contexts. We illustrate the proposed composition process by using two existing protocols.Comment: 2008 IEEE International Conference on Automation, Quality and Testing, Robotics, Cluj-Napoca, Romania, May 2008, pp. 233-238, ISBN 978-1-4244-2576-

Cortical activity evoked by inoculation needle prick in infants up to one-year old

Inoculation is one of the first and most common experiences of procedural pain in infancy. However, little is known about how needle puncture pain is processed by the central nervous system in children. In this study, we describe for the first time the event-related activity in the infant brain during routine inoculation using electroencephalography. Fifteen healthy term-born infants aged 1 to 2 months (n = 12) or 12 months (n = 5) were studied in an outpatient clinic. Pain behavior was scored using the Modified Behavioral Pain Scale. A distinct inoculation event-related vertex potential, consisting of 2 late negative-positive complexes, was observable in single trials after needle contact with the skin. The amplitude of both negative-positive components was significantly greater in the 12-month group. Both inoculation event-related potential amplitude and behavioral pain scores increased with age but the 2 measures were not correlated with each other. These components are the first recordings of brain activity in response to real-life needle pain in infants up to a year old. They provide new evidence of postnatal nociceptive processing and, combined with more traditional behavioral pain scores, offer a potentially more sensitive measure for testing the efficacy of analgesic protocols in this age group

Secure detection in quantum key distribution by real-time calibration of receiver

The single photon detection efficiency of the detector unit is crucial for the security of common quantum key distribution protocols like Bennett-Brassard 1984 (BB84). A low value for the efficiency indicates a possible eavesdropping attack that exploits the photon receiver's imperfections. We present a method for estimating the detection efficiency, and calculate the corresponding secure key generation rate. The estimation is done by testing gated detectors using a randomly activated photon source inside the receiver unit. This estimate gives a secure rate for any detector with non-unity single photon detection efficiency, both inherit or due to blinding. By adding extra optical components to the receiver, we make sure that the key is extracted from photon states for which our estimate is valid. The result is a quantum key distribution scheme that is secure against any attack that exploits detector imperfections.Comment: 7 pages, 4 figure

Enhanced yeast one-hybrid screens to identify transcription factor binding to human DNA sequences

Identifying the sets of transcription factors (TFs) that regulate each human gene is a daunting task that requires integrating numerous experimental and computational approaches. One such method is the yeast one-hybrid (Y1H) assay, in which interactions between TFs and DNA regions are tested in the milieu of the yeast nucleus using reporter genes. Y1H assays involve two components: a 'DNA-bait' (e.g., promoters, enhancers, silencers, etc.) and a 'TF-prey,' which can be screened for reporter gene activation. Most published protocols for performing Y1H screens are based on transforming TF-prey libraries or arrays into DNA-bait yeast strains. Here, we describe a pipeline, called enhanced Y1H (eY1H) assays, where TF-DNA interactions are interrogated by mating DNA-bait strains with an arrayed collection of TF-prey strains using a high density array (HDA) robotic platform that allows screening in a 1,536 colony format. This allows for a dramatic increase in throughput (60 DNA-bait sequences against >1,000 TFs takes two weeks per researcher) and reproducibility. We illustrate the different types of expected results by testing human promoter sequences against an array of 1,086 human TFs, as well as examples of issues that can arise during screens and how to troubleshoot them.Accepted manuscrip

I/O Master

The I/O Master is an engineering tool designed to let users quickly and efficiently use their computer to interface with embedded devices and sensors. Using a general purpose design, the goal is to make it possible to implement any digital protocol on the I/O Master. With the use of onboard level shifting, differential communication components, peripheral DMA through GPIO and a USB 2.0 High Speed computer interface, the I/O Master is able to implement such a general purpose design with initial implementation of five protocols to verify the design\u27s capabilities. The implementation of a computer-based GUI and underlying framework allows users to easily use the I/O Master with additional flexibility to write custom programs for it. While many characteristics of components were considered for the design, the design lacks quantified information relating to propagation delay of components and response time for some of the electrical safety components. Engineers can use the I/O Master to make the early phases of design faster when there is a need to interface with sensors for testing and analysis. The design of the I/O Master allows for additional protocols to be implemented in the future with only limited changes needed in the software

Evaluating Mooring Line Test Procedures Through the Application of a Round Robin Test Approach

This is the final version. Available from MDPI via the DOI in this record. Innovation in materials and test protocols, as well as physical and numerical investigations, is required to address the technical challenges arising due to the novel application of components from conventional industries to the marine renewable energy (MRE) industry. Synthetic fibre ropes, widely used for offshore station-keeping, have potential application in the MRE industry to reduce peak mooring line loads. This paper presents the results of a physical characterisation study of a novel hybrid polyester-polyolefin rope for MRE mooring applications through a round robin testing (RRT) approach at two test facilities. The RRT was performed using standard guidelines for offshore mooring lines and the results are verified through the numerical modelling of the rope tensile behaviour. The physical testing provides quantifiable margins for the strength and stiffness properties of the hybrid rope, increases confidence in the test protocols and assesses facility-specific influences on test outcomes. The results indicate that the adopted guidance is suitable for rope testing in mooring applications and there is good agreement between stiffness characterisation at both facilities. Additionally, the numerical model provides a satisfactory prediction of the rope tensile behaviour and it can be used for further parametric studies.European Unio

A UML-integrated test description language for component testing

International audienceA mass market in reusable components demands a high level of component quality, testing being a crucial part of software quality assurance. For components modelled in UML there are significant advantages to using UML also for the test description language. Since we wish to describe tests of non-trivial temporal ordering properties, we define our test description language based around UML interaction diagrams, seeking inspiration from the work on conformance testing of telecom protocols. We aim at a fully integrated approach which can be captured in a UML component testing profile

Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On

Single Sign-On (SSO) systems simplify login procedures by using an an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are modeled as trusted third parties. This is reasonable for SSO systems like Kerberos, MS Passport and SAML, where each SP explicitely specifies which IdP he trusts. However, in open systems like OpenID and OpenID Connect, each user may set up his own IdP, and a discovery phase is added to the protocol flow. Thus it is easy for an attacker to set up its own IdP. In this paper we use a novel approach for analyzing SSO authentication schemes by introducing a malicious IdP. With this approach we evaluate one of the most popular and widely deployed SSO protocols - OpenID. We found four novel attack classes on OpenID, which were not covered by previous research, and show their applicability to real-life implementations. As a result, we were able to compromise 11 out of 16 existing OpenID implementations like Sourceforge, Drupal and ownCloud. We automated discovery of these attacks in a open source tool OpenID Attacker, which additionally allows fine-granular testing of all parameters in OpenID implementations. Our research helps to better understand the message flow in the OpenID protocol, trust assumptions in the different components of the system, and implementation issues in OpenID components. It is applicable to other SSO systems like OpenID Connect and SAML. All OpenID implementations have been informed about their vulnerabilities and we supported them in fixing the issues