Improving SNI-based HTTPS Security Monitoring

International audienceRecent surveys show that the proportion of encrypted web traffic is quickly increasing. On one side, it provides users with essential properties of security and privacy, but on the other side, it raises important challenges and issues for organizations, related to the security monitoring of encrypted traffic (filtering, anomaly detection, etc.). This paper proposes to improve a recent technique for HTTPS traffic monitoring that is based on the Server Name Indication (SNI) field of TLS and which has been implemented in many firewall solutions. This method currently has some weaknesses that can be used to bypass firewalls by overwriting the SNI value of new TLS connections. Our investigation shows that 92% of the HTTPS websites surveyed in this paper can be accessed with a fake SNI. Our approach verifies the coherence between the real destination server and the claimed value of SNI by relying on a trusted DNS service. Experimental results show the ability to overcome the shortage of SNI-based monitoring by detecting forged SNI values while having a very small false positive rate (1.7%). The overhead of our solution only adds negligible delays to access HTTPS websites. The proposed method opens the door to improve global HTTPS monitoring and firewall systems

A Multi-Level Framework to Identify HTTPS Services

International audienceThe development of TLS-based encrypted traffic comes with new challenges related to the management and security analysis of encrypted traffic. There is an essential need for new methods to investigate, with a proper level of identification, the increasing number of HTTPS traffic that may hold security breaches. In fact, although many approaches detect the type of an application (Web, P2P, SSH, etc.) running in secure tunnels, and others identify a couple of specific encrypted web pages through website fingerprinting, this paper proposes a robust technique to precisely identify the services run within HTTPS connections, i.e. to name the services, without relying on specific header fields that can be easily altered. We have defined dedicated features for HTTPS traffic that are used as input for a multi-level identification framework based on machine learning algorithms. Our evaluation based on real traffic shows that we can identify encrypted web services with a high accuracy

Ultraviolet astronomical spectrograph calibration with laser frequency combs from nanophotonic waveguides

Astronomical precision spectroscopy underpins searches for life beyond Earth, direct observation of the expanding Universe and constraining the potential variability of physical constants across cosmological scales. Laser frequency combs can provide the critically required accurate and precise calibration to the astronomical spectrographs. For cosmological studies, extending the calibration with such astrocombs to the ultraviolet spectral range is highly desirable, however, strong material dispersion and large spectral separation from the established infrared laser oscillators have made this exceedingly challenging. Here, we demonstrate for the first time astronomical spectrograph calibrations with an astrocomb in the ultraviolet spectral range below 400 nm. This is accomplished via chip-integrated highly nonlinear photonics in periodically-poled, nano-fabricated lithium niobate waveguides in conjunction with a robust infrared electro-optic comb generator, as well as a chip-integrated microresonator comb. These results demonstrate a viable route towards astronomical precision spectroscopy in the ultraviolet and may contribute to unlocking the full potential of next generation ground- and future space-based astronomical instruments

Involvement of the Efflux Pumps in Chloramphenicol Selected Strains of Burkholderia thailandensis: Proteomic and Mechanistic Evidence

Burkholderia is a bacterial genus comprising several pathogenic species, including two species highly pathogenic for humans, B. pseudomallei and B. mallei. B. thailandensis is a weakly pathogenic species closely related to both B. pseudomallei and B. mallei. It is used as a study model. These bacteria are able to exhibit multiple resistance mechanisms towards various families of antibiotics. By sequentially plating B. thailandensis wild type strains on chloramphenicol we obtained several resistant variants. This chloramphenicol-induced resistance was associated with resistance against structurally unrelated antibiotics including quinolones and tetracyclines. We functionally and proteomically demonstrate that this multidrug resistance phenotype, identified in chloramphenicol-resistant variants, is associated with the overexpression of two different efflux pumps. These efflux pumps are able to expel antibiotics from several families, including chloramphenicol, quinolones, tetracyclines, trimethoprim and some β-lactams, and present a partial susceptibility to efflux pump inhibitors. It is thus possible that Burkholderia species can develop such adaptive resistance mechanisms in response to antibiotic pressure resulting in emergence of multidrug resistant strains. Antibiotics known to easily induce overexpression of these efflux pumps should be used with discernment in the treatment of Burkholderia infections

LRCH Proteins: A Novel Family of Cytoskeletal Regulators

Background: Comparative genomics has revealed an unexpected level of conservation for gene products across the evolution of animal species. However, the molecular function of only a few proteins has been investigated experimentally, and the role of many animal proteins still remains unknown. Here we report the characterization of a novel family of evolutionary conserved proteins, which display specific features of cytoskeletal scaffolding proteins, referred to as LRCHs. Principal Findings: Taking advantage of the existence of a single LRCH gene in flies, dLRCH, we explored its function in cultured cells, and show that dLRCH act to stabilize the cell cortex during cell division. dLRCH depletion leads to ectopic cortical blebs and alters positioning of the mitotic spindle. We further examined the consequences of dLRCH deletion throughout development and adult life. Although dLRCH is not essential for cell division in vivo, flies lacking dLRCH display a reduced fertility and fitness, particularly when raised at extreme temperatures. Conclusion/Significance: These results support the idea that some cytoskeletal regulators are important to buffer environmental variations and ensure the proper execution of basic cellular processes, such as the control of cell shape

The neutral kaon decays to π+π−π0\pi^+ \pi^- \pi^0: a detailed analysis of the CPLEAR data

A detailed analysis of neutral kaons decaying to \Pgpp \Pgpm \Pgpz\ is presented based on the complete data set containing half a million events. Time-dependent decay rate asymmetries are measured between initially tagged \PKz\ and \PaKz\ and for different regions of the phase space. These asymmetries, resulting from the interference between the CP-conserving decay amplitude of \PKzL\ and the decay amplitude of \PKzS\ -- either CP-violating or CP-conserving -- allow the determinationof the \PKzS\ parameters \etapmz\ (CP-violating) and \lampmz\ (CP-conserving), and also of the main i sospin components of the \PKzS\ decay amplitude. The branching ratio of \PKzS\ $\rightarrow$ \Pgpp \Pgpm \Pgpz\ (CP-conserving) is deduced directly from \lampmz . In addition, we extract the slope parameters describing the energy dependence of the \PKzL \rightarrow \Pgpp \Pgpm \Pgpz Dalitz plot. The whole set of our results fits well within the current phenomenological picture of the neut ral-kaon system including CP violation and Chiral Perturbation Theory (ChPT)

Determination of the T- and CPT-violation parameters in the neutral-kaon system using the Bell-Steinberger relation and data from CPLEAR

Data from the CPLEAR experiment, together with the most recent world averages for some of the neutral-kaon parameters, were constrained with the Bell--Steinberger (or unitarity) relation, allowing the T-violation parameter \ree and the CPT-violation parameter \imd of the neutral-kaon mixing matrix to be determined with an increased accuracy: \ree = (164.9 \pm 2.5)\times 10^{-5}, \imd = ( 2.4 \pm 5.0)\times 10^{-5}. Moreover, the constraint allows the CPT-violation parameter for the neutral-kaon semileptonic decays, \rey, to be determined for the first time. The $\Delta S \neq \Delta Q$ parameters \rexm and \imxp are given with an increased accuracy. The quantity $\mathrm{Re}(y~+~x_-)$, which enters the T-violation CPLEAR asymmetry previously published, is determined to be $(0.2 \pm 0.3)\times 10^{-3}$. The value obtained for \red is in agreement with the one resulting from a previous unconstrained fit and has a slightly smaller error

Measurement of the KL−KSK_{L}-K_{S} mass difference using semileptonic decays of tagged neutral kaons

We report on a new measurement of the \kl--\ks\ mass difference \dm\ using the CPLEAR full data sample of neutral-kaon decays to \semi. The result is \dm = (0.5295 \pm 0.0020_{\stat} \pm 0.0003_{\syst}) \times 10^{10}\ \hbs. It includes earlier data reported in Ref. \cite{deltam1}. A measurement of the \dsdq\ violating parameter \rex\ is also obtained

A determination of the CPT violation parameter Re(δ\delta) from the semileptonic decay of strangeness-tagged neutral kaons

We have improved by two orders of magnitude the limit currently available for the CPT violation parameter \red . To this purpose we have analyzed the full sample of neutral-kaon decays to \semi\ recorded in the CPLEAR experiment, where the strangeness of the neutral kaons was tagged at production and decay time. An appropriate function of the measured decay rates, including information from the analysis of \pip\pim\ decay channel, gives directly \red . The result $\red = (3.0 \pm 3.3_\mathrm{{stat}} \pm 0.6_\mathrm{{syst}}) \times 10^{-4}$ is compatible with zero. Values for the parameters \imd, \rexm and \imxp were also obtained