APTE: An Algorithm for Proving Trace Equivalence

This paper presents APTE, a new tool for automatically proving the security of cryptographic protocols. It focuses on proving trace equivalence between processes, which is crucial for specifying privacy type properties such as anonymity and unlinkability. The tool can handle protocols expressed in a calculus similar to the applied-pi calculus, which allows us to capture most existing protocols that rely on classical cryptographic primitives. In particular, APTE handles private channels and else branches in protocols with bounded number of sessions. Unlike most equivalence verifier tools, APTE is guaranteed to terminate Moreover, APTE is the only tool that extends the usual notion of trace equivalence by considering ``side-channel'' information leaked to the attacker such as the length of messages and the execution times. We illustrate APTE on different case studies which allowed us to automatically (re)-discover attacks on protocols such as the Private Authentication protocol or the protocols of the electronic passports

A reduced semantics for deciding trace equivalence using constraint systems

Many privacy-type properties of security protocols can be modelled using trace equivalence properties in suitable process algebras. It has been shown that such properties can be decided for interesting classes of finite processes (i.e., without replication) by means of symbolic execution and constraint solving. However, this does not suffice to obtain practical tools. Current prototypes suffer from a classical combinatorial explosion problem caused by the exploration of many interleavings in the behaviour of processes. M\"odersheim et al. have tackled this problem for reachability properties using partial order reduction techniques. We revisit their work, generalize it and adapt it for equivalence checking. We obtain an optimization in the form of a reduced symbolic semantics that eliminates redundant interleavings on the fly.Comment: Accepted for publication at POST'1

The hitchhiker's guide to decidability and complexity of equivalence properties in security protocols

International audiencePrivacy-preserving security properties in cryptographic protocols are typically modelled by observational equivalences in process calculi such as the applied pi-calulus. We survey decidability and complexity results for the automated verification of such equivalences, casting existing results in a common framework which allows for a precise comparison. This unified view, beyond providing a clearer insight on the current state of the art, allowed us to identify some variations in the statements of the decision problems-sometimes resulting in different complexity results. Additionally, we prove a couple of novel or strengthened results

Expression Profile of Nuclear Receptors along Male Mouse Nephron Segments Reveals a Link between ERRβ and Thick Ascending Limb Function

The nuclear receptor family orchestrates many functions related to reproduction, development, metabolism, and adaptation to the circadian cycle. The majority of these receptors are expressed in the kidney, but their exact quantitative localization in this ultrastructured organ remains poorly described, making it difficult to elucidate the renal function of these receptors. In this report, using quantitative PCR on microdissected mouse renal tubules, we established a detailed quantitative expression map of nuclear receptors along the nephron. This map can serve to identify nuclear receptors with specific localization. Thus, we unexpectedly found that the estrogen-related receptor β (ERRβ) is expressed predominantly in the thick ascending limb (TAL) and, to a much lesser extent, in the distal convoluted tubules. In vivo treatment with an ERR inverse agonist (diethylstilbestrol) showed a link between this receptor family and the expression of the Na+,K+-2Cl− cotransporter type 2 (NKCC2), and resulted in phenotype presenting some similarities with the Bartter syndrom (hypokalemia, urinary Na+ loss and volume contraction). Conversely, stimulation of ERRβ with a selective agonist (GSK4716) in a TAL cell line stimulated NKCC2 expression. All together, these results provide broad information regarding the renal expression of all members of the nuclear receptor family and have allowed us to identify a new regulator of ion transport in the TAL segments

Episodic memory encoding and retrieval in face-name paired paradigm: An FNIRS study

Background: Episodic memory (EM) is particularly sensitive to pathological conditions and aging. In a neurocognitive context, the paired-associate learning (PAL) paradigm, which requires participants to learn and recall associations between stimuli, has been used to measure EM. The present study aimed to explore whether functional near-infrared spectroscopy (fNIRS) can be employed to determine cortical activity underlying encoding and retrieval. Moreover, we examined whether and how different aspects of task (i.e., novelty, difficulty) affects those cortical activities. Methods: Twenty-two male college students (age: M = 20.55, SD = 1.62) underwent a face-name PAL paradigm under 40-channel fNIRS covering fronto-parietal and middle occipital regions. Results: A decreased activity during encoding in a broad network encompassing the bilateral frontal cortex (Brodmann areas 9, 11, 45, and 46) was observed during the encoding, while an increased activity in the left orbitofrontal cortex (Brodmann area 11) was observed during the retrieval. Increased HbO concentration in the superior parietal cortices and decreased HbO concentration in the inferior parietal cortices were observed during encoding while dominant activation of left PFC was found during retrieval only. Higher task difficulty was associated with greater neural activity in the bilateral prefrontal cortex and higher task novelty was associated with greater activation in occipital regions. Conclusion: Combining the PAL paradigm with fNIRS provided the means to differentiate neural activity characterising encoding and retrieval. Therefore, the fNIRS may have the potential to complete EM assessments in clinical settings

A Multiset Rewriting Model for Specifying and Verifying Timing Aspects of Security Protocols

Catherine Meadows has played an important role in the advancement of formal methods for protocol security verification. Her insights on the use of, for example, narrowing and rewriting logic has made possible the automated discovery of new attacks and the shaping of new protocols. Meadows has also investigated other security aspects, such as, distance-bounding protocols and denial of service attacks. We have been greatly inspired by her work. This paper describes the use of Multiset Rewriting for the specification and verification of timing aspects of protocols, such as network delays, timeouts, timed intruder models and distance-bounding properties. We detail these timed features with a number of examples and describe decidable fragments of related verification problems

Affective Responses to Increasing- and Decreasing-Intensity Resistance Training Protocols.

This study compared the effects of an increasing-intensity (UP) and a decreasing-intensity (DOWN) resistance training protocol on affective responses across six training sessions. Novice participants (Mage 43.5 ± 13.7 years) were randomly assigned to UP (n = 18) or DOWN (n = 17) resistance training groups. Linear mixed-effects models showed that the evolution of affective valence within each training session was significantly moderated by the group (b = -0.45, p ≤ .001), with participants in the UP group reporting a decline in pleasure during each session (b = -0.82) and the DOWN group reporting an improvement (b = 0.97; ps < .001). Remembered pleasure was significantly higher in the DOWN group compared to the UP group (b = 0.57, p = .004). These findings indicate that a pattern of decreasing intensity throughout a resistance exercise session can elicit more positive affective responses and retrospective affective evaluations of resistance training