Lengths May Break Privacy – Or How to Check for Equivalences with Length

Security protocols have been successfully analyzed using symbolic models, where messages are represented by terms and protocols by processes. Privacy properties like anonymity or untraceability are typically expressed as equivalence between processes. While some decision procedures have been proposed for automatically deciding process equivalence, all existing approaches abstract away the information an attacker may get when observing the length of messages. In this paper, we study process equivalence with length tests. We first show that, in the static case, almost all existing decidability results (for static equivalence) can be extended to cope with length tests. In the active case, we prove decidability of trace equivalence with length tests, for a bounded number of sessions and for standard primitives. Our result relies on a previous decidability result from Cheval et al (without length tests). Our procedure has been implemented and we have discovered a new flaw against privacy in the biometric passport protocol

YAPA: A generic tool for computing intruder knowledge

Reasoning about the knowledge of an attacker is a necessary step in many formal analyses of security protocols. In the framework of the applied pi calculus, as in similar languages based on equational logics, knowledge is typically expressed by two relations: deducibility and static equivalence. Several decision procedures have been proposed for these relations under a variety of equational theories. However, each theory has its particular algorithm, and none has been implemented so far. We provide a generic procedure for deducibility and static equivalence that takes as input any convergent rewrite system. We show that our algorithm covers most of the existing decision procedures for convergent theories. We also provide an efficient implementation, and compare it briefly with the tools ProVerif and KiSs

Analysis of Galaxy Formation with Hydrodynamics

We present a hydrodynamical code based on the Smooth Particle Hydrodynamics technique implemented in an AP3M code aimed at solving the hydrodynamical and gravitational equations in a cosmological frame. We analyze the ability of the code to reproduce standard tests and perform numerical simulations to study the formation of galaxies in a typical region of a CDM model. These numerical simulations include gas and dark matter particles and take into account physical processes such as shock waves, radiative cooling, and a simplified model of star formation. Several observed properties of normal galaxies such as $M_{gas}/M_{total}$ ratios, the luminosity function and the Tully-Fisher relation are analyzed within the limits imposed by numerical resolution.Comment: 21 pages, 2 postscript tables. Submitted MNRAS 04.03.9

The Hierarchical Formation of the Galactic Disk

I review the results of recent cosmological simulations of galaxy formation that highlight the importance of satellite accretion in the formation of galactic disks. Tidal debris of disrupted satellites may contribute to the disk component if they are compact enough to survive the decay and circularization of the orbit as dynamical friction brings the satellite into the disk plane. This process may add a small but non-negligible fraction of stars to the thin and thick disks, and reconcile the presence of very old stars with the protracted merging history expected in a hierarchically clustering universe. I discuss various lines of evidence which suggest that this process may have been important during the formation of the Galactic disk.Comment: paper to be read at the "Penetrating Bars through Masks of Cosmic Dust" conference in South Afric

Relating two standard notions of secrecy

Two styles of definitions are usually considered to express that a security protocol preserves the confidentiality of a data s. Reachability-based secrecy means that s should never be disclosed while equivalence-based secrecy states that two executions of a protocol with distinct instances for s should be indistinguishable to an attacker. Although the second formulation ensures a higher level of security and is closer to cryptographic notions of secrecy, decidability results and automatic tools have mainly focused on the first definition so far. This paper initiates a systematic investigation of the situations where syntactic secrecy entails strong secrecy. We show that in the passive case, reachability-based secrecy actually implies equivalence-based secrecy for digital signatures, symmetric and asymmetric encryption provided that the primitives are probabilistic. For active adversaries, we provide sufficient (and rather tight) conditions on the protocol for this implication to hold.Comment: 29 pages, published in LMC

APTE: An Algorithm for Proving Trace Equivalence

This paper presents APTE, a new tool for automatically proving the security of cryptographic protocols. It focuses on proving trace equivalence between processes, which is crucial for specifying privacy type properties such as anonymity and unlinkability. The tool can handle protocols expressed in a calculus similar to the applied-pi calculus, which allows us to capture most existing protocols that rely on classical cryptographic primitives. In particular, APTE handles private channels and else branches in protocols with bounded number of sessions. Unlike most equivalence verifier tools, APTE is guaranteed to terminate Moreover, APTE is the only tool that extends the usual notion of trace equivalence by considering ``side-channel'' information leaked to the attacker such as the length of messages and the execution times. We illustrate APTE on different case studies which allowed us to automatically (re)-discover attacks on protocols such as the Private Authentication protocol or the protocols of the electronic passports

On the statistical distribution of first--return times of balls and cylinders in chaotic systems

We study returns in dynamical systems: when a set of points, initially populating a prescribed region, swarms around phase space according to a deterministic rule of motion, we say that the return of the set occurs at the earliest moment when one of these points comes back to the original region. We describe the statistical distribution of these "first--return times" in various settings: when phase space is composed of sequences of symbols from a finite alphabet (with application for instance to biological problems) and when phase space is a one and a two-dimensional manifold. Specifically, we consider Bernoulli shifts, expanding maps of the interval and linear automorphisms of the two dimensional torus. We derive relations linking these statistics with Renyi entropies and Lyapunov exponents.Comment: submitted to Int. J. Bifurcations and Chao

Pengaruh Penambahan ‘Limbah Karet Ban Luar\u27 Terhadap Karakteristik Marshall Pada Lapis Tipis Aspal Pasir (Latasir) Kelas B

Asphalt mixture Latasir called HRSS (Hot Rolled Sand Sheet). Proper aggregate gradation,asphalt latasir distinct class A and class B. A known class Latasir HRSS-A with a nominal minimumthickness of 1.5 cm. As a class known as HRSS Latasir B-B with a nominal minimum thickness of2 cm. Latasir intended for asphalt road with light traffic, especially in areas where coarse aggregateis not available. The use of “rubber tire waste” as asphalt additives latasir is expected to reduce theuse of asphalt and benefits, including increases due to the braking surface traction and reduces tirenoise due to friction with the floor surface. The addition of “waste tire rubber” mixing the asphaltmade with a variety B latasir rubber content of 1%, 2%, 3%, 4% and 5% of the bitumen content. Itis known that a mixture of asphalt latasir B with the addition of “waste rubber tire ‘can improve thequality of Marshal. In the rubber content optimum for the ratio of 0312% rubber content andasphalt content of 7.89%, resulting in a mixture characteristics: Marshall Stability 950 kg, MarshallQuotient 4.1 kN/mm, Air Voids 3.5 % dan film thickness 8 μm

Efficient Parallel Translating Embedding For Knowledge Graphs

Knowledge graph embedding aims to embed entities and relations of knowledge graphs into low-dimensional vector spaces. Translating embedding methods regard relations as the translation from head entities to tail entities, which achieve the state-of-the-art results among knowledge graph embedding methods. However, a major limitation of these methods is the time consuming training process, which may take several days or even weeks for large knowledge graphs, and result in great difficulty in practical applications. In this paper, we propose an efficient parallel framework for translating embedding methods, called ParTrans-X, which enables the methods to be paralleled without locks by utilizing the distinguished structures of knowledge graphs. Experiments on two datasets with three typical translating embedding methods, i.e., TransE [3], TransH [17], and a more efficient variant TransE- AdaGrad [10] validate that ParTrans-X can speed up the training process by more than an order of magnitude.Comment: WI 2017: 460-46

Automating Security Analysis: Symbolic Equivalence of Constraint Systems

We consider security properties of cryptographic protocols, that are either trace properties (such as confidentiality or authenticity) or equivalence properties (such as anonymity or strong secrecy). Infinite sets of possible traces are symbolically represented using deducibility constraints. We give a new algorithm that decides the trace equivalence for the traces that are represented using such constraints, in the case of signatures, symmetric and asymmetric encryptions. Our algorithm is implemented and performs well on typical benchmarks. This is the first implemented algorithm, deciding symbolic trace equivalence