328 research outputs found
On formal verification of arithmetic-based cryptographic primitives
Cryptographic primitives are fundamental for information security: they are
used as basic components for cryptographic protocols or public-key
cryptosystems. In many cases, their security proofs consist in showing that
they are reducible to computationally hard problems. Those reductions can be
subtle and tedious, and thus not easily checkable. On top of the proof
assistant Coq, we had implemented in previous work a toolbox for writing and
checking game-based security proofs of cryptographic primitives. In this paper
we describe its extension with number-theoretic capabilities so that it is now
possible to write and check arithmetic-based cryptographic primitives in our
toolbox. We illustrate our work by machine checking the game-based proofs of
unpredictability of the pseudo-random bit generator of Blum, Blum and Shub, and
semantic security of the public-key cryptographic scheme of Goldwasser and
Micali.Comment: 13 page
Dosage Microbiologique des Acides Aminés des Moûts de Raisin et des Vins
Nous avons déterminé au moyen des méthodes microbiologiques classiques dix-sept acides aminés se trouvant à l'état libre dans une série de moûts et de vins. Ces méthodes s'appliquent parfaitement à ces milieux sans autre traitement préalable qu'une neutralisation et une dilution convenable. L'arginine, la praline, la thréonine, l'acide glutamique sont les quatre acides aminés les plus abondants. Ils représentent plus de 85 0/o de l'azote aminé des moûts; dans les vins cependant, ils ne constituent plus qu'une fraction de 60 %. La fermentation alcoolique fait apparaître en effet de petites quantités d'acides aminés qui n'existaient pas à l'état libre dans les moûts; la composition azotée des vins est moins abondante mais plus variée que celle des moûts. Ces dosages montrent encore que les taux des acides aminés assimilables par les levures selon la réaction d'EHRLICH sont absents dans le moût de raisin, ou seulement présents à doses extrèmement faibles. Entre autres conséquences qui découlent de ces observations et contrairement aux notions admises jusqu'à maintenant, l'alcool isobutylique et l'alcool isoamylique des vins ne tirent leur origine que pour une part très minime de la valine et des leucines des moûts.Enfin s'il existe une certaine concordance entre les chiffres d'azote aminé obtenus par dosage microbiologique et par formoltitration dans le cas des vins rouges, les écarts obtenus pour les moûts et surtout les vins blancs suggèrent que les techniques microbiologiques dosent encore certains petits polypeptides pouvant être dégradés par les bactéries
Evolution des Aminoacides au Cours de la Maturation des Raisins
Pour compléter nos connaissances sur le métabolisme azoté du raisin et mieux déterminer les formes les plus utiles à la mutrition des microorganismes, nous avons suivi l'évolution des aminoacides du raisin au cours de sa maturation à l'aide de la chromatographie sur papier et des techniques de dosage microbiologique. La teneur de la plupart des aminoacides augmente, mais la proline est l'objet d'une accumulation considérable surtout accusée dans les jours qui précèdent la maturité. Nous avons fait cette remarque, importante par ses conséquences oenologiques, qu'au cours de la maturation, l'azote du raisin passe progressivement sous des formes de moindre valeur pour l'alimentation des levures
Meningitis Dipstick Rapid Test: Evaluating Diagnostic Performance during an Urban Neisseria meningitidis Serogroup A Outbreak, Burkina Faso, 2007
Meningococcal meningitis outbreaks occur every year during the dry season in the “meningitis belt” of sub-Saharan Africa. Identification of the causative strain is crucial before launching mass vaccination campaigns, to assure use of the correct vaccine. Rapid agglutination (latex) tests are most commonly available in district-level laboratories at the beginning of the epidemic season; limitations include a short shelf-life and the need for refrigeration and good technical skills. Recently, a new dipstick rapid diagnostic test (RDT) was developed to identify and differentiate disease caused by meningococcal serogroups A, W135, C and Y. We evaluated the diagnostic performance of this dipstick RDT during an urban outbreak of meningitis caused by N. meningitidis serogroup A in Ouagadougou, Burkina Faso; first against an in-country reference standard of culture and/or multiplex PCR; and second against culture and/or a highly sensitive nested PCR technique performed in Oslo, Norway. We included 267 patients with suspected acute bacterial meningitis. Using the in-country reference standard, 50 samples (19%) were positive. Dipstick RDT sensitivity (N = 265) was 70% (95%CI 55–82) and specificity 97% (95%CI 93–99). Using culture and/or nested PCR, 126/259 (49%) samples were positive; dipstick RDT sensitivity (N = 257) was 32% (95%CI 24–41), and specificity was 99% (95%CI 95–100). We found dipstick RDT sensitivity lower than values reported from (i) assessments under ideal laboratory conditions (>90%), and (ii) a prior field evaluation in Niger [89% (95%CI 80–95)]. Specificity, however, was similar to (i), and higher than (ii) [62% (95%CI 48–75)]. At this stage in development, therefore, other tests (e.g., latex) might be preferred for use in peripheral health centres. We highlight the value of field evaluations for new diagnostic tests, and note relatively low sensitivity of a reference standard using multiplex vs. nested PCR. Although the former is the current standard for bacterial meningitis surveillance in the meningitis belt, nested PCR performed in a certified laboratory should be used as an absolute reference when evaluating new diagnostic tests
Transitions/relaxations in polyester adhesive/PET system
The correlations between the transitions and the dielectric relaxation processes of the oriented poly(ethylene terephthalate) (PET) pre-impregnated of the polyester thermoplastic adhesive have been investigated by differential scanning calorimetry (DSC) and dynamic dielectric spectroscopy (DDS). The thermoplastic polyester adhesive and the oriented PET films have been studied as reference samples. This study evidences that the adhesive chain segments is responsible for the physical structure evolution in the PET-oriented film. The transitions and dielectric relaxation modes’ evolutions in the glass transition region appear characteristic of the interphase between adhesive and PET film, which is discussed in terms of molecular mobility. The storage at room temperature of the adhesive tape involves the heterogeneity of the physical structure, characterized by glass transition dissociation. Thus, the correlation between the transitions and the dielectric relaxation processes evidences a segregation of the amorphous phases. Therefore, the physical structure and the properties of the material have been linked to the chemical characteristics
Recommended from our members
Identification of Streptococcus suis Meningitis through Population-Based Surveillance, Togo, 2010-2014.
During 2010-2014, we enrolled 511 patients with suspected bacterial meningitis into surveillance in 2 districts of northern Togo. We identified 15 persons with Streptococcus suis infection; 10 had occupational contact with pigs, and 12 suffered neurologic sequelae. S. suis testing should be considered in rural areas of the African meningitis belt
Authenticated key agreement mediated by a proxy re-encryptor for the Internet of Things
International audienceThe Internet of Things (IoT) is composed of a wide range of heterogeneous network devices that communicate with their users and the surrounding devices. The secure communications between these devices are still essential even with little or no previous knowledge about each other and regardless of their resource capabilities. This particular context requires appropriate security mechanisms which should be wellsuited for the heterogeneous nature of IoT devices, without pre-sharing a secret key for each secure connection. In this work, we first propose a novel symmetric cipher proxy re-encryption scheme. Such a primitive allows a user to delegate her decryption rights to another with the help of a semi-trusted proxy, but without giving this latter any information on the transmitted messages and the user's secret keys. We then propose AKAPR, an Authenticated Key Agreement mediated by a Proxy Re-encryptor for IoT. The mechanism permits any two highly resource-constrained devices to establish a secure communication with no prior trust relationship. AKAPR is built upon our proposed proxy re-encryption scheme. It has been proved by ProVerif to provide mutual authentication for participants while preserving the secrecy of the generated session key. In addition, the scheme benefits from the lightness of our proxy re-encryption algorithm as it requires no expensive cryptographic operations such as pairing or modular exponentiatio
Protocol analysis modulo combination of theories: A case study in Maude-NPA
There is a growing interest in formal methods and tools to analyze cryptographic protocols modulo algebraic properties of their underlying cryptographic functions. It is well-known that an intruder who uses algebraic equivalences of such functions can mount attacks that would be impossible if the cryptographic functions did not satisfy such equivalences. In practice, however, protocols use a collection of well-known functions, whose algebraic properties can naturally be grouped together as a union of theories E 1... ¿ n. Reasoning symbolically modulo the algebraic properties E 1... ¿ n requires performing (E 1... ¿ n)-unification. However, even if a unification algorithm for each individual E i is available, this requires combining the existing algorithms by methods that are highly non-deterministic and have high computational cost. In this work we present an alternative method to obtain unification algorithms for combined theories based on variant narrowing. Although variant narrowing is less efficient at the level of a single theory E i, it does not use any costly combination method. Furthermore, it does not require that each E i has a dedicated unification algorithm in a tool implementation. We illustrate the use of this method in the Maude-NPA tool by means of a well-known protocol requiring the combination of three distinct equational theories. © 2011 Springer-Verlag.R. Sasse and J. Meseguer have been partially supported by NSF Grants CNS0716638, CNS-0831064 and CNS-0904749. S. Escobar has been partially supported
by the EU (FEDER) and the Spanish MEC/MICINN under grant TIN 2007-68093-
C02-02. C. Meadows has been partially supported by NSF Grant CNS-0904749National Science Foundation, EEUUSasse, R.; Escobar Román, S.; Meadows, C.; Meseguer, J. (2011). Protocol analysis modulo combination of theories: A case study in Maude-NPA. En Security and Trust Management. Springer Verlag (Germany). 6710:163-178. doi:10.1007/978-3-642-22444-7_11S1631786710Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. Theoretical Computer Science 367(1-2), 2–32 (2006)Armando, A., Basin, D.A., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P.H., Héam, P.-C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The avispa tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)Baader, F., Schulz, K.U.: Unification in the union of disjoint equational theories: Combining decision procedures. In: Kapur, D. (ed.) CADE 1992. LNCS, vol. 607, pp. 50–65. Springer, Heidelberg (1992)Basin, D.A., Mödersheim, S., Viganò, L.: An on-the-fly model-checker for security protocol analysis. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 253–270. Springer, Heidelberg (2003)Baudet, M., Cortier, V., Delaune, S.: YAPA: A generic tool for computing intruder knowledge. In: Treinen, R. (ed.) RTA 2009. LNCS, vol. 5595, pp. 148–163. Springer, Heidelberg (2009)Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: CSFW, pp. 82–96. IEEE Computer Society, Los Alamitos (2001)Bursuc, S., Comon-Lundh, H.: Protocol security and algebraic properties: Decision results for a bounded number of sessions. In: Treinen, R. (ed.) RTA 2009. LNCS, vol. 5595, pp. 133–147. Springer, Heidelberg (2009)Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP decision procedure for protocol insecurity with XOR. In: LICS, pp. 261–270. IEEE Computer Society, Los Alamitos (2003)Chevalier, Y., Rusinowitch, M.: Hierarchical combination of intruder theories. Inf. Comput. 206(2-4), 352–377 (2008)Chevalier, Y., Rusinowitch, M.: Symbolic protocol analysis in the union of disjoint intruder theories: Combining decision procedures. Theor. Comput. Sci. 411(10), 1261–1282 (2010)Ciobâcă, Ş., Delaune, S., Kremer, S.: Computing knowledge in security protocols under convergent equational theories. In: Schmidt, R.A. (ed.) CADE-22. LNCS, vol. 5663, pp. 355–370. Springer, Heidelberg (2009)Comon-Lundh, H., Delaune, S.: The finite variant property: How to get rid of some algebraic properties. In: Giesl, J. (ed.) RTA 2005. LNCS, vol. 3467, pp. 294–307. Springer, Heidelberg (2005)Cortier, V., Delaitre, J., Delaune, S.: Safely composing security protocols. In: Arvind, V., Prasad, S. (eds.) FSTTCS 2007. LNCS, vol. 4855, pp. 352–363. Springer, Heidelberg (2007)Cremers, C.J.F.: The scyther tool: Verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008)Escobar, S., Meadows, C., Meseguer, J.: A rewriting-based inference system for the NRL protocol analyzer and its meta-logical properties. Theoretical Computer Science 367(1-2), 162–202 (2006)Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: Cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007/2008/2009 Tutorial Lectures. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009)Escobar, S., Meseguer, J., Sasse, R.: Effectively checking or disproving the finite variant property. Technical Report UIUCDCS-R-2008-2960, Department of Computer Science - University of Illinois at Urbana-Champaign (April 2008)Escobar, S., Meseguer, J., Sasse, R.: Effectively checking the finite variant property. In: Voronkov, A. (ed.) RTA 2008. LNCS, vol. 5117, pp. 79–93. Springer, Heidelberg (2008)Escobar, S., Meseguer, J., Sasse, R.: Variant narrowing and equational unification. Electr. Notes Theor. Comput. Sci. 238(3), 103–119 (2009)Escobar, S., Sasse, R., Meseguer, J.: Folding variant narrowing and optimal variant termination. In: Ölveczky, P.C. (ed.) WRLA 2010. LNCS, vol. 6381, pp. 52–68. Springer, Heidelberg (2010)Fabrega, F.J.T., Herzog, J., Guttman, J.: Strand Spaces: What Makes a Security Protocol Correct? Journal of Computer Security 7, 191–230 (1999)Guo, Q., Narendran, P.: Unification and matching modulo nilpotence. In: CADE-13. LNCS, vol. 1104, pp. 261–274. Springer, Heidelberg (1996)Harkins, D., Carrel, D.: The Internet Key Exchange (IKE), IETF RFC 2409, (November 1998)Jouannaud, J.-P., Kirchner, C., Kirchner, H.: Incremental construction of unification algorithms in equational theories. In: Díaz, J. (ed.) ICALP 1983. LNCS, vol. 154, pp. 361–373. Springer, Heidelberg (1983)Küsters, R., Truderung, T.: Reducing protocol analysis with xor to the xor-free case in the Horn theory based approach. In: ACM Conference on Computer and Communications Security, pp. 129–138 (2008)Küsters, R., Truderung, T.: Using ProVerif to analyze protocols with Diffie-Hellman exponentiation. In: CSF, pp. 157–171. IEEE Computer Society, Los Alamitos (2009)Lafourcade, P., Terrade, V., Vigier, S.: Comparison of cryptographic verification tools dealing with algebraic properties. In: Degano, P., Guttman, J.D. (eds.) FAST 2009. LNCS, vol. 5983, pp. 173–185. Springer, Heidelberg (2010)Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)Meadows, C.: The NRL protocol analyzer: An overview. J. Log. Program. 26(2), 113–131 (1996)Meseguer, J.: Conditional rewriting logic as a united model of concurrency. Theor. Comput. Sci. 96(1), 73–155 (1992)Meseguer, J.: Membership algebra as a logical framework for equational specification. In: Parisi-Presicce, F. (ed.) WADT 1997. LNCS, vol. 1376, pp. 18–61. Springer, Heidelberg (1998)Meseguer, J., Thati, P.: Symbolic reachability analysis using narrowing and its application to verification of cryptographic protocols. Higher-Order and Symbolic Computation 20(1–2), 123–160 (2007)Ohlebusch, E.: Advanced Topics in Term Rewriting. Springer, Heidelberg (2002)Santiago, S., Talcott, C.L., Escobar, S., Meadows, C., Meseguer, J.: A graphical user interface for Maude-NPA. Electr. Notes Theor. Comput. Sci. 258(1), 3–20 (2009)Schmidt-Schauß, M.: Unification in a combination of arbitrary disjoint equational theories. J. Symb. Comput. 8(1/2), 51–99 (1989)Terese (ed.): Term Rewriting Systems. Cambridge University Press, Cambridge (2003)Turuani, M.: The CL-atse protocol analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006
A Proof Theoretic Analysis of Intruder Theories
We consider the problem of intruder deduction in security protocol analysis:
that is, deciding whether a given message M can be deduced from a set of
messages Gamma under the theory of blind signatures and arbitrary convergent
equational theories modulo associativity and commutativity (AC) of certain
binary operators. The traditional formulations of intruder deduction are
usually given in natural-deduction-like systems and proving decidability
requires significant effort in showing that the rules are "local" in some
sense. By using the well-known translation between natural deduction and
sequent calculus, we recast the intruder deduction problem as proof search in
sequent calculus, in which locality is immediate. Using standard proof
theoretic methods, such as permutability of rules and cut elimination, we show
that the intruder deduction problem can be reduced, in polynomial time, to the
elementary deduction problem, which amounts to solving certain equations in the
underlying individual equational theories. We show that this result extends to
combinations of disjoint AC-convergent theories whereby the decidability of
intruder deduction under the combined theory reduces to the decidability of
elementary deduction in each constituent theory. To further demonstrate the
utility of the sequent-based approach, we show that, for Dolev-Yao intruders,
our sequent-based techniques can be used to solve the more difficult problem of
solving deducibility constraints, where the sequents to be deduced may contain
gaps (or variables) representing possible messages the intruder may produce.Comment: Extended version of RTA 2009 pape
- …