Protein dynamics in the reductive activation of a B12-containing enzyme

B12-dependent proteins are involved in methyl transfer reactions ranging from the biosynthesis of methionine in humans to the formation of acetyl-CoA in anaerobic bacteria. During their catalytic cycle, they undergo large conformational changes to interact with various proteins. Recently, the crystal structure of the B12-containing corrinoid iron–sulfur protein (CoFeSP) in complex with its reductive activator (RACo) was determined, providing a first glimpse of how energy is transduced in the ATP-dependent reductive activation of corrinoid-containing methyltransferases. The thermodynamically uphill electron transfer from RACo to CoFeSP is accompanied by large movements of the cofactor-binding domains of CoFeSP. To refine the structure-based mechanism, we analyzed the conformational change of the B12-binding domain of CoFeSP by pulsed electron–electron double resonance and Förster resonance energy transfer spectroscopy. We show that the site-specific labels on the flexible B12-binding domain and the small subunit of CoFeSP move within 11 Å in the RACo:CoFeSP complex, consistent with the recent crystal structures. By analyzing the transient kinetics of formation and dissociation of the RACo:CoFeSP complex, we determined values of 0.75 μM–1 s–1 and 0.33 s–1 for rate constants kon and koff, respectively. Our results indicate that the large movement observed in crystals also occurs in solution and that neither the formation of the protein encounter complex nor the large movement of the B12-binding domain is rate-limiting for the ATP-dependent reductive activation of CoFeSP by RACo

A blue light receptor that mediates RNA binding and translational regulation

Sensory photoreceptor proteins underpin light-dependent adaptations in nature and enable the optogenetic control of organismal behavior and physiology. We identified the bacterial light-oxygen-voltage (LOV) photoreceptor PAL that sequence-specifically binds short RNA stem loops with around 20 nM affinity in blue light and weaker than 1 µM in darkness. A crystal structure rationalizes the unusual receptor architecture of PAL with C-terminal LOV photosensor and N-terminal effector units. The light-activated PAL–RNA interaction can be harnessed to regulate gene expression at the RNA level as a function of light in both bacteria and mammalian cells. The present results elucidate a new signal-transduction paradigm in LOV receptors and conjoin RNA biology with optogenetic regulation, thereby paving the way toward hitherto inaccessible optoribogenetic modalities

Efficient Secure Communication in VANETs under the Presence of new Requirements Emerging from Advanced Attacks

Drahtlose ad-hoc Netzwerke zwischen Fahrzeugen, sog. Vehicular ad-hoc Networks (VANETs), bilden einen Ansatz zur Verbesserung der Verkehrssicherheit, indem sie zukünftige kooperative Fahrerassistenzsysteme ermöglichen. Diese Netzwerke erfordern ein hohes Sicherheitsniveau, sowohl in Bezug auf Datenintegrität und -authentizität als auch im Bereich Datenschutz. Aktuell verfügbare Technologien können diese Anforderungen nicht vollständig erfüllen. Etliche Nachteile aktueller VANET-Ansätze werden in dieser Arbeit aufgezeigt. In dieser Arbeit werden drei Schachpunkte von ETSI ITS bzw. WAVE basierten VANETs identifiziert, welche Angriffe auf Teilnehmer dieser Netzwerke ermöglichen. Diese ergeben sich aus 1. konstanten und für Teilnehmer charakteristischen Datensätzen innerhalb der zyklisch versandten Statusnachrichten, welche den Datenschutz der Fahrzeuge und damit auch ihrer Fahrer gefährden, 2. die Strategie zur Verteilung von digitalen Zertifikaten von Zertifizierungsstellen erlaubt es selbst Angreifern mit minimalen Fähigkeiten (einzelner, statischer Angreifer von außerhalb des Netzwerkes) die Kanallast in einem großen Teilgebiet des Netzwerkes massiv zu erhöhen, 3. GNSS Manipulation durch sog. spoofing erlaubt Angriffe auf zeit- und ortsbasiere Informationen in Fahrzeugen, wodurch sich folgende Gefährdungen ergeben: a. Der Grundanforderung Teilnehmer durch Nichtabstreitbarkeit der gesendeten Daten für ihr Verhalten zur Rechenschaft ziehen zu können wird die Grundlage entzogen, da der Zeitpunkt des Sendens der Daten nicht mehr sicher festgestellt werden kann. b. Die Zugangskontrolle zum System wird gefährdet, da angegriffene Teilnehmer veraltete Nachrichten und digitale Zertifikate akzeptieren. c. Angreifer können einen sog. Sybil Angriff durchführen. Es ist notwendig die identifizierten Sicherheitsprobleme zu beheben um eine sichere Verwendung von VANETs für zukünftige kooperative Fahrerassistenzsysteme zu ermöglichen. Weiterhin werden einige Designprobleme in ETSI ITS Protokollen identifiziert. Die bisherige Art der Nachrichtenzusammensetzung auf den einzelnen Protokollschichten führt häufig zu Gesamtnachrichten, welche die zulässige maximale Gesamtlänge auf niedrigen Protokollschichten überschreitet. Da solche Nachrichten nicht versandt werden könne, können diverse wichtige Datensätze nicht im Netzwerk verteilt werden. Außerdem ist keine verschlüsselte Ende-zu-Ende Kommunikation über eine Multi-Hop Verbindung möglich, da die notwendigen Routing-Informationen den weiterleitenden Teilnehmern nicht zur Verfügung stehen. Es werden Vorschläge diskutiert, wie diese Probleme gelöst werden können. Zur Adressierung der genannten Probleme werden u.a. folgende Maßnahmen vorgeschlagen: 1. Eine sichere Zeitsynchronisierung in VANETs ist notwendig. 2. Das Speichern von mehreren Fahrzeug-Zertifikaten mit gleicher Laufzeit ist zu vermeiden. 3. Das Speichern von Fahrzeug-Zertifikaten mit zukünftiger Laufzeit ist auf ein Minimum zu begrenzen. 4. Konstante und gleichzeitig für Teilnehmer charakteristische Datensätze sind nicht zu versenden. 5. Weitere Mechanismen zur Minimierung der Kanallast durch Zertifikatsverteilung sind notwendig, u.a. a. nach einem Pseudonymwechsel sollte dieser explizit signalisiert werden um das Versenden aller Zertifikate in der Umgebung durch die Detektion eines neuen Nachbarn zu verhindern. b. es sollte keine Verteilung von Zertifikatsketten erfolgen, da einzelne Zertifikate ausreichen. c. die Anzahl der Übermittlungen von Zertifikaten von Zertifizierungsstellen ist zu minimieren. Die Anwendung der genannten Verbesserungen überwindet die meisten Sicherheitsprobleme (1,2, und 3c). Für die weiteren Probleme kann der notwendige Aufwand für einen erfolgreichen Angriff deutlich erhöht werden.Vehicular ad-hoc networks (VANETs) are an important approach to increase future safety of driving by enabling cooperative advanced driver assistance systems. However, rigid security and privacy requirements employed to conducted wireless data exchange still pose significant challenges for VANET approaches. Several weaknesses of the current state of the art of VANET approaches from ETSI ITS as well as WAVE standard frameworks have been identified in this work. Three main attack surfaces of ETSI ITS or WAVE based VANETs are identified in this thesis, which are 1. constant and distinctive content in data fields within frequently sent VANET messages highly endanger privacy of vehicles, and thereby also their drivers, 2. the distribution strategy of certificate authority (CA) certificates allows even a simple static outsider attacker to massively increase the channel load within a large area around the attacker, which significantly exceeds his own communication range, and 3. GNSS spoofing modifying time and position information inside nodes a. endangers the basic system requirement of accountability by circumventing the nonrepudiation feature of the employed digital signature scheme, b. endangers the access control system by forcing the acceptance of outdated messages and certificates, and c. enables an attacker to perform a Sybil attack. The identified security problems need to be overcome to re-enable secure usage of VANETs and ADASs, which are based on the information obtained via VANETs. Several protocol design weaknesses of the ETSI ITS approach have been identified. It is found that the standardized way of cross layer message assembly leads to frequent violation of low layers’ maximum packet size restrictions. This causes inabilities to distribute important data sets from the application layer. Furthermore, confidential end-to-end encrypted communication over a multi-hop connection is impossible, as forwarders cannot access required routing information. This is caused by incorrect data encryption rules. Approaches to overcome the found shortcomings are proposed and evaluated. To overcome the outlined security issues, several improvements have been proposed. These include, 1. secure time synchronization among nodes, but current mechanisms can hardly provide it, 2. caching of multiple pseudonym certificates being valid during the same time span is to be avoided, 3. pre-caching of pseudonym certificates valid in the future is to be limited to a minimum, 4. presence of constant but distinctive data sets within VANET messages has to be avoided to enable privacy conserving pseudonym changes, 5. mechanisms for limiting the channel load caused by certificate distribution are required, especially a. after a pseudonym change the number of superficial pseudonym certificate distributions due to new neighbor detection should be limited by using explicit signaling of the change, b. sending of certificate chains should be removed altogether, instead individual dissemination should be used for CA certificates, and c. the number of CA certificate deliveries after a request for such a kind of certificate should be limited to a minimum by using targeted requests. By employing the given improvements most of the found security weaknesses can be overcome (issues 1, 2 and 3c). For the remaining weaknesses the required capabilities for a successful attack can be made significantly more challenging

Feasibility of Verify-on-Demand in VANETs

Wireless ad hoc networks are an important topic in the automotive domain. Thereby, strict security requirements lead to high effort for verification of digital signatures used to secure message exchange. A popular approach to limit such effort is to apply verify-on-demand schemes. However, we show that verify-on-demand requires much more cross layer dependencies than identified before. Moreover, a massive denial of service weakness of this kind of verification mechanism is found. Thus, we recommend to prefer verify-all schemes over their verify-ondemand counterparts

Efficient construction of infinite length hash chains with perfect forward secrecy using two independent hash functions

One-way hash chains have been used to secure many applications over the last three decades. To overcome the fixed length limitation of first generation designs, so-called infinite length hash chains have been introduced. Such designs typically employ methods of asynchronous cryptography or hash based message authentication codes. However, none of the proposed schemes offers perfect forward secrecy, keeping former outputs secret once the system got compromised. A novel algorithm for constructing infinite length hash chains with built in support for perfect forward secrecy is presented in this work. Thereby, the scheme differs significantly from existing proposals by using a combination of two different hash functions. It avoids the computational complexity of public-key algorithm s, utilises well studied standard hash functions and keeps the benefits of a hash chain without a length constraint

Mutual influence of certificate distribution and pseudonym change strategies in vehicular ad-hoc networks

Vehicular ad-hoc networks (VANETs) are subject to high interest from both the automotive industry as well as government bodies owing to their prospect of increasing safety of driving. Wireless data exchange within VANETs requires rigid security mechanisms to enable its usage in safety critical driver assistance systems. Requirements include not only authenticity and integrity of messages, but also privacy of drivers. We find that much research has been conducted on certificate dissemination and on privacy enhancing certificate (i.e., pseudonym) change. However, mutual influence of techniques from both domains has not been studied in prior work. Hence, we provide an analysis of such cross influence. We show that certificate change massively increases channel load under currently standardised certificate distribution mechanisms. Thus, we propose to use explicit signalling of certificate changes among nodes to limit the found overhead. The conducted evaluation shows that this approach overcomes the identified problems

Privacy issues and pitfalls in VANET standards

Wireless vehicular networks are about to enter the deployment stage in the next years with important progress being made in Europe and the USA. Thereby, one of the core concerns is privacy of vehicles and their drivers, especially in Europe. Prior work has regarded only a small sub-set of the information exposed by current standards to an attacker for vehicle tracking. Thus, we take a close look on the data contained on different protocol layers of an ETSI ITS system. We find that much data is very distinctive and can be used to identify static vehicle parameters such as manufacturer or even model. This greatly reduces the usability of formerly proposed cooperative pseudonym switching strategies. Many more constraints have to be applied for selecting cooperation partners significantly reducing their availability. Therefore, current techniques cannot provide the level of privacy defined in VANET standards. Suggestions for improving the security entity and facility layer of ETSI ITS are given to limit the impact of the found issues