Generalized Langevin equations for a driven tracer in dense soft colloids: construction and applications

We describe a tracer in a bath of soft Brownian colloids by a particle coupled to the density field of the other bath particles. From the Dean equation, we derive an exact equation for the evolution of the whole system, and show that the density field evolution can be linearized in the limit of a dense bath. This linearized Dean equation with a tracer taken apart is validated by the reproduction of previous results on the mean-field liquid structure and transport properties. Then, the tracer is submitted to an external force and we compute the density profile around it, its mobility and its diffusion coefficient. Our results exhibit effects such as bias enhanced diffusion that are very similar to those observed in the opposite limit of a hard core lattice gas, indicating the robustness of these effects. Our predictions are successfully tested against molecular dynamics simulations.Comment: 21 pages, 7 figure

Too Big or Too Small? The PTB-PTS ICMP-based Attack against IPsec Gateways

International audienceThis work introduces the "Packet Too Big"-"Packet Too Small" ICMP based attack against IPsec gateways. We explain how an attacker having eavesdropping and packet injection capabilities, from the insecure network where he only sees encrypted packets, can force a gateway to reduce the Path MTU of an IPsec tunnel to the minimum, which triggers severe issues for the hosts behind this gateway: depending on the Path MTU discovery algorithm in use, the attack either creates a Denial of Service or major performance penalties. This attack highlights two fundamental problems that we discuss, along with potential counter-measures to mitigate the attack while keeping ICMP benefits

ICMP: an Attack Vector against IPsec Gateways

In this work we show that the Internet Control Message Protocol (ICMP) can be used as an attack vector against IPsec gateways. The main contribution of this work is to demonstrate that an attacker having eavesdropping and traffic injection capabilities in the black untrusted network (he only sees ciphered packets), can force a gateway to reduce the Path MTU of an IPsec tunnel to a minimum, which in turn creates serious issues for devices on the trusted network behind this gateway: depending on the Path MTU discovery algorithm, it either prevents any new TCP connection (Denial of Service), or it creates major performance penalties (more than 6 seconds of delay in TCP connection establishment and ridiculously small TCP segment sizes). After detailing the attack and the behavior of the various nodes, we discuss some counter measures, with the goal to find a balance between ICMP benefits and the associated risks

ICMP: an Attack Vector against IPsec Gateways

In this work we show that the Internet Control Message Protocol (ICMP) can be used as an attack vector against IPsec gateways. The main contribution of this work is to demonstrate that an attacker having eavesdropping and traffic injection capabilities in the black untrusted network (he only sees ciphered packets), can force a gateway to reduce the Path MTU of an IPsec tunnel to a minimum, which in turn creates serious issues for devices on the trusted network behind this gateway: depending on the Path MTU discovery algorithm, it either prevents any new TCP connection (Denial of Service), or it creates major performance penalties (more than 6 seconds of delay in TCP connection establishment and ridiculously small TCP segment sizes). After detailing the attack and the behavior of the various nodes, we discuss some counter measures, with the goal to find a balance between ICMP benefits and the associated risks

New Results for the PTB-PTS Attack on Tunneling Gateways

International audienceThis work analyzes the impacts of the ”Packet Too Big”- ”Packet Too Small” (PTB-PTS) Internet Control Message Protocol (ICMP) based attack against tunneling gateways. It is a follow up of a prior work [2] that detailed how to launch the PTB-PTS attack against IPsec gate- ways (for secure tunnels) and their consequences, ranging from major performance impacts (additional delays at session establishment and/or packet fragmentation) to Denial of Services (DoS).In the present work we examine a much wider range of configurations: we now consider the two IP protocol versions (previous work was lim- ited to IPv4, we add IPv6), two operating systems (previous work was limited to Linux Debian, we add a recent Ubuntu distribution as well as Windows 7), and two tunnelling protocols (previous work was limited to IPsec, we add IPIP).This work highlights the complexity of the situation as different behav- iors will be observed depending on the exact configuration. It also high- lights Microsoft’s strategy when approaching the ”minimum maximum packet size” (i.e., minimum MTU) any link technology should support: if Windows 7 mitigates the attack in IPv4 (there is no DoS), however the performance impact remains, and since the technique is inapplicable to IPv6, the attack succeeds in that case. Finally, this work highlights a fundamental problem: the impossibility to reliably identify illegitimate ICMP error packets coming from the untrusted network

Too Big or Too Small? The PTB-PTS ICMP-based Attack against IPsec Gateways

International audienceThis work introduces the "Packet Too Big"-"Packet Too Small" ICMP based attack against IPsec gateways. We explain how an attacker having eavesdropping and packet injection capabilities, from the insecure network where he only sees encrypted packets, can force a gateway to reduce the Path MTU of an IPsec tunnel to the minimum, which triggers severe issues for the hosts behind this gateway: depending on the Path MTU discovery algorithm in use, the attack either creates a Denial of Service or major performance penalties. This attack highlights two fundamental problems that we discuss, along with potential counter-measures to mitigate the attack while keeping ICMP benefits

Parallel arithmetic encryption for high-bandwidth communications on multicore/GPGPU platforms.

International audienceIn this work we study the feasibility of high-bandwidth, secure communications on generic machines equipped with the latest CPUs and General-Purpose Graphical Processing Units (GPGPU). We first analyze the suitability of current Nehalem CPU architectures. We show in particular that high performance CPUs are not sufficient by themselves to reach our performance objectives, and that encryption is the main bottleneck. Therefore we also consider the use of GPGPU, and more particularly we measure the bandwidth of the AES ciphering on CUDA. These tests lead us to the conclusion that finding an appropriate solution is extremely difficult

Prandial states modify the reactivity of the gustatory cortex using gustatory evoked potentials in humans

Previous functional Magnetic Resonance Imaging studies evaluated the role of satiety on cortical taste area activity and highlighted decreased activation in the orbito-frontal cortex when food was eaten until satiation. The modulation of orbito-frontal neurons (secondary taste area) by ad libitum food intake has been associated with the pleasantness of the food's flavor. The insula and frontal operculum (primary taste area) are also involved in reward processing. The aim was to compare human gustatory evoked potentials (GEP) recorded in the primary and secondary gustatory cortices in a fasted state with those after food intake. Fifteen healthy volunteers were enrolled in this observational study. In each of two sessions, two GEP recordings were performed (at 11:00 am and 1:30 pm) in response to sucrose gustatory stimulation, and a sucrose-gustatory threshold was determined. During one session, a standard lunch was provided between the two GEP recordings. During the other session, subjects had nothing to eat. Hunger sensation, wanting, liking, and the perception of the solution's intensity were evaluated with visual analog scales. GEP latencies measured in the Pz (p < 0.001), Cz (p < 0.01), Fz (p < 0.001) recordings (primary taste area) were longer after lunch than in the pre-prandial condition. Fp1 and Fp2 latencies (secondary taste area) tended to be longer after lunch, but the difference was not significant. No difference was observed for the sucrose-gustatory threshold regardless of the session and time. Modifications in the primary taste area activity during the post-prandial period occurred regardless of the nature of the food eaten and could represent the activity of the frontal operculum and insula, which was recently shown to be modulated by gut signals (GLP-1, CCK, ghrelin, or insulin) through vagal afferent neurons or metabolic changes of the internal milieu after nutrient absorption. This trial was registered at clinicalstrials.gov as NCT02472444

On the linear receptivity of trailing vortices

The present work investigates the excitation process by which free-stream disturbances are transformed into vortex-core perturbations. This problem of receptivity is modelled in terms of the resolvent in frequency space as the linear response to forcing. This formulation of receptivity suggests that non-normality of the resolvent is necessary to allow free-stream disturbances to excite the vortex core. Considering a local (in frequency) measure of non-normality, we show that vortices are frequency-selectively non-normal in a narrow frequency band of retrograde perturbations while the rest of the range is governed by an effectively normal operator, thus not contributing to receptivity. Canonical decomposition of the resolvent reveals that vortices are most susceptible to coiled filaments localised about the critical layer that induce bending waves on the core. Considering Lamb–Oseen, Batchelor and Moore–Saffman vortices as reference-flow models, we find free-stream receptivity to be essentially generic and independent of the axial wavelength on the considered range. A stochastic interpretation of the results could be a model for trailing-vortex meandering.This work has been supported by the French Ministry of Civil Aviation (DGAC) under PHYWAKE (PHYsics of WAKE vortices) research program. We are grateful to the anonymous referees for their exceptional investment and insightful suggestions

IBTrack: An ICMP Black holes Tracker

ICMP is a fundamental part of the Internet as it handles the control and error messages. ICMP's treatment by the network and in particular by different routers it may cross is therefore a key aspect driving troubleshooting and diagnosis processes. In this paper we present IBTrack, a tool that aims at characterizing how the network actually treats different ICMP messages from an user point of view. Specifically, we detail a classification algorithm to categorize router behaviors and we introduce its associated refining method which exploits multiple probing protocols. We illustrate the average Internet router behavior and path composition through results gathered from Planet-Lab nodes using a large CAIDA's snapshot of routed /24. We further show that our refining method improves the routers behavior characterization up to 10% for more than 1% of the total number of observed routers