288 research outputs found

    A Symbolic Framework to Analyse Physical Proximity in Security Protocols

    Get PDF
    For many modern applications like e.g., contactless payment, and keyless systems, ensuring physical proximity is a security goal of paramount importance. Formal methods have proved their usefulness when analysing standard security protocols. However, existing results and tools do not apply to e.g., distance bounding protocols that aims to ensure physical proximity between two entities. This is due in particular to the fact that existing models do not represent in a faithful way the locations of the participants, and the fact that transmission of messages takes time. In this paper, we propose several reduction results: when looking for an attack, it is actually sufficient to consider a simple scenario involving at most four participants located at some specific locations. These reduction results allow one to use verification tools (e.g. ProVerif, Tamarin) developed for analysing more classical security properties. As an application, we analyse several distance bounding protocols, as well as a contactless payment protocol

    Diseño de un UAV orientado a la logística de transporte

    Get PDF
    This project provides a broad overview of the world of UAV sector that is constantly growing for all that it can bring and help in all kind os situations. An exhaustive analysis of the past, current and future market is presented to understand where this technology comes from and where it is heading. The main components that make up a UAV are evaluated, and a solution is provided, optimizing the key parts and features. Finally, a simulation of the UAV generated from the choice of components will be carried out and a basis for a future design of a UAV oriented to transport logistics will be established.Objectius de Desenvolupament Sostenible::9 - IndĂșstria, InnovaciĂł i Infraestructur

    Identification of the first Rho–GEF inhibitor, TRIPα, which targets the RhoA-specific GEF domain of Trio

    Get PDF
    AbstractThe Rho–guanine nucleotide exchange factors (Rho–GEFs) remodel the actin cytoskeleton via their Rho–GTPase targets and affect numerous physiological processes such as transformation and cell motility. They are therefore attractive targets to design specific inhibitors that may have therapeutic applications. Trio contains two Rho–GEF domains, GEFD1 and GEFD2, which activate the Rac and RhoA pathways, respectively. Here we have used a genetic screen in yeast to select in vivo peptides coupled to thioredoxin, called aptamers, that could inhibit GEFD2 activity. One aptamer, TRIAPα (TRio Inhibitory APtamer), specifically blocks GEFD2-exchange activity on RhoA in vitro. The corresponding peptide sequence, TRIPα, inhibits TrioGEFD2-mediated activation of RhoA in intact cells and specifically reverts the neurite retraction phenotype induced by TrioGEFD2 in PC12 cells. Thus TRIPα is the first Rho–GEF inhibitor isolated so far, and represents an important step in the design of inhibitors for the expanding family of Rho–GEFs

    Reversing, Breaking, and Fixing the French Legislative Election E-Voting Protocol

    Get PDF
    We conduct a security analysis of the e-voting protocol used for the largest political election using e-voting in the world, the 2022 French legislative election for the citizens overseas. Due to a lack of system and threat model specifications, we built and contributed such specifications by studying the French legal framework and by reverse-engineering the code base accessible to the voters. Our analysis reveals that this protocol is affected by two design-level and implementation-level vulnerabilities. We show how those allow a standard voting server attacker and even more so a channel attacker to defeat the election integrity and ballot privacy due to 6 attack variants. We propose and discuss 5 fixes to prevent those attacks. Our specifications, the attacks, and the fixes were acknowledged by the relevant stakeholders during our responsible disclosure. Our attacks are in the process of being prevented with our fixes for future elections. Beyond this specific protocol, we draw general conclusions and lessons from this instructive experience where an e-voting protocol meets the real-world constraints of a large-scale and political election. Responsible Disclosure and Acknowledgments We conducted this security analysis through passive analysis only; we never attacked voting servers. Therefore, we could not alter the integrity or the security of the election. Moreover, all the vulnerabilities reported in this document have been reported to the relevant stakeholders at least 3 months before publication. We thank those stakeholders, i.e., Europe and Foreign Affairs French Ministry (EFA French Ministry), Agence nationale de la sécurité des systÚmes d'information (ANSSI), Voxaly Docaposte, and the researchers running the 3 rd-party services (Stéphane Glondu, Pierrick Gaudry, and Véronique Cortier) for their help and discussions after we sent them our findings. In particular, we would like to thank again the role of ANSSI in the responsible disclosure process, which has always be a key player in promoting transparency and openness. This is greatly appreciated given the context of this work. Finally, we would like to thank our colleagues Myrto Arapinis, Hugo Labrande, and Emmanuel Thomé for their help to collect data about the French Legislative E-Voting Protocol (FLEP)

    Kidins220/ARMS regulates Rac1-dependent neurite outgrowth by direct interaction with the RhoGEF Trio

    Get PDF
    Supplementary material available online at http://jcs.biologists.org/cgi/content/full/123/12/2111/DC1Neurite extension depends on extracellular signals that lead to changes in gene expression and rearrangement of the actin cytoskeleton. A factor that might orchestrate these signalling pathways with cytoskeletal elements is the integral membrane protein Kidins220/ARMS, a downstream target of neurotrophins. Here, we identified Trio, a RhoGEF for Rac1, RhoG and RhoA, which is involved in neurite outgrowth and axon guidance, as a binding partner of Kidins220. This interaction is direct and occurs between the N-terminus of Trio and the ankyrin repeats of Kidins220. Trio and Kidins220 colocalise at the tips of neurites in NGF differentiated PC12 cells, where F-actin and Rac1 also accumulate. Expression of the ankyrin repeats of Kidins220 in PC12 cells inhibits NGF-dependent and Trio induced neurite outgrowth. Similar results are seen in primary hippocampal neurons. Our data indicate that Kidins220 might localise Trio to specific membrane sites and regulate its activity, leading to Rac1 activation and neurite outgrowth.Cancer Research UKFritz-Thyssen-StiftungCNRSANR-07-NEURO-006-01 from the Agence Nationale de la Recherch

    TRIO (triple functional domain (PTPRF interacting))

    Get PDF
    Review on TRIO (triple functional domain (PTPRF interacting)), with data on DNA, on the protein encoded, and where the gene is implicated

    Proving Unlinkability using ProVerif through Desynchronized Bi-Processes

    Get PDF
    International audienceUnlinkability is a privacy property of crucial importance for several systems such as mobile phones or RFID chips. Analysing this security property is very complex, and highly error-prone. Therefore, formal verification with machine support is desirable. Unfortunately, existing techniques are not sufficient to directly apply verification tools to automatically prove unlinkability.In this paper, we overcome this limitation by defining a simple transformation that will exploit some specific features of ProVerif. This transformation, together with some generic axioms, allows the tool to successfully conclude on several case studies. We have implemented our approach, effectively obtaining direct proofs of unlinkability on several protocols that were, until now, out of reach of automatic verification tools

    A privacy attack on the Swiss Post e-voting system

    Get PDF
    International audienceThe SwissPost e-voting system is currently proposed under the scrutiny of the community, before being deployed in 2022 for political elections in several Swiss Cantons. We explain how real world constraints led to shortcomings that allowed a privacy attack to be mounted. More precisely, dishonest authorities can learn the vote of several voters of their choice, without being detected, even when the requested threshold of honest authorities act as prescribed

    So near and yet so far - Symbolic verification of distance-bounding protocols

    Get PDF
    International audienceThe rise of new technologies, and in particular Near Field Communication (NFC) tags, offers new applications such as contactless payments, key-less entry systems, transport ticketing. .. Due to their security concerns, new security protocols, called distance-bounding protocols, have been developed to ensure physical proximity of the devices during a session. In order to prevent flaws and attacks, these protocols require formal verification. In this paper, we propose a new symbolic model allowing us to take into account the location of the agents and to model the fact that transmitting a message takes time. We propose two reduction results to render automatic verification possible relying on the existing verification tool ProVerif. Then, we perform a comprehensive case studies analysis (more than 25 protocols) relying on our new framework and its integration in ProVerif. We obtain new proofs of security for some protocols and detect attacks on some others

    Election Eligibility with OpenID: Turning Authentication into Transferable Proof of Eligibility

    Get PDF
    Eligibility checks are often abstracted away or omitted in voting protocols, leading to situations where the voting server can easily stuff the ballot box. One reason for this is the difficulty of bootstraping the authentication material for voters without relying on trusting the voting server. In this paper, we propose a new protocol that solves this problem by building on OpenID, a widely deployed authentication protocol. Instead of using it as a standard authentication means, we turn it into a mechanism that delivers transferable proofs of eligibility. Using zk-SNARK proofs, we show that this can be done without revealing any compromising information, in particular, protecting everlasting privacy. Our approach remains efficient and can easily be integrated into existing protocols, as we have done for the Belenios voting protocol. We provide a full-fledged proof of concept along with benchmarks showing our protocol could be realistically used in large-scale elections
    • 

    corecore