Automating Security Analysis: Symbolic Equivalence of Constraint Systems

We consider security properties of cryptographic protocols, that are either trace properties (such as confidentiality or authenticity) or equivalence properties (such as anonymity or strong secrecy). Infinite sets of possible traces are symbolically represented using deducibility constraints. We give a new algorithm that decides the trace equivalence for the traces that are represented using such constraints, in the case of signatures, symmetric and asymmetric encryptions. Our algorithm is implemented and performs well on typical benchmarks. This is the first implemented algorithm, deciding symbolic trace equivalence

Formal Analysis of V2X Revocation Protocols

Research on vehicular networking (V2X) security has produced a range of security mechanisms and protocols tailored for this domain, addressing both security and privacy. Typically, the security analysis of these proposals has largely been informal. However, formal analysis can be used to expose flaws and ultimately provide a higher level of assurance in the protocols. This paper focusses on the formal analysis of a particular element of security mechanisms for V2X found in many proposals: the revocation of malicious or misbehaving vehicles from the V2X system by invalidating their credentials. This revocation needs to be performed in an unlinkable way for vehicle privacy even in the context of vehicles regularly changing their pseudonyms. The REWIRE scheme by Forster et al. and its subschemes BASIC and RTOKEN aim to solve this challenge by means of cryptographic solutions and trusted hardware. Formal analysis using the TAMARIN prover identifies two flaws with some of the functional correctness and authentication properties in these schemes. We then propose Obscure Token (OTOKEN), an extension of REWIRE to enable revocation in a privacy preserving manner. Our approach addresses the functional and authentication properties by introducing an additional key-pair, which offers a stronger and verifiable guarantee of successful revocation of vehicles without resolving the long-term identity. Moreover OTOKEN is the first V2X revocation protocol to be co-designed with a formal model.Comment: 16 pages, 4 figure

Fresh-Register Automata

What is a basic automata-theoretic model of computation with names and fresh-name generation? We introduce Fresh-Register Automata (FRA), a new class of automata which operate on an infinite alphabet of names and use a finite number of registers to store fresh names, and to compare incoming names with previously stored ones. These finite machines extend Kaminski and Francez’s Finite-Memory Automata by being able to recognise globally fresh inputs, that is, names fresh in the whole current run. We exam-ine the expressivity of FRA’s both from the aspect of accepted languages and of bisimulation equivalence. We establish primary properties and connections between automata of this kind, and an-swer key decidability questions. As a demonstrating example, we express the theory of the pi-calculus in FRA’s and characterise bisimulation equivalence by an appropriate, and decidable in the finitary case, notion in these automata

Modular Architecture for the Measurement of Space Radiation

A modular architecture has been conceived for the design of radiation-monitoring instruments used aboard spacecraft and in planetary-exploration settings. This architecture reflects lessons learned from experience with prior radiation-monitoring instruments. A prototype instrument that embodies the architecture has been developed as part of the Mars Advanced Radiation Acquisition (MARA) project. The architecture is also applicable on Earth for radiation-monitoring instruments in research of energetic electrically charged particles and instruments monitoring radiation for purposes of safety, military defense, and detection of hidden nuclear devices and materials

Deduction with XOR Constraints in Security API Modelling

We introduce XOR constraints, and show how they enable a theorem prover to reason effectively about security critical subsystems which employ bitwise XOR. Our primary case study is the API of the IBM 4758 hardware security module. We also show how our technique can be applied to standard security protocols

Groundwater Nitrogen Source Identification and Remediation in the Texas High Plains and Rolling Plains Regions

Nitrogen in groundwater, more specifically nitrate, is common in certain areas and is often associated with agricultural production or urban areas underlain by coarse soils. While the presence of nitrates in groundwater is not debated, the specific sources or cause of the elevated nitrate in these areas is often questioned. The Texas High Plains and Rolling Plains regions are two areas in the state where elevated nitrates are readily found in groundwater and such questions regarding its cause and source are raised. These areas include portions of the Ogallala and Seymour Aquifers which both exhibit elevated nitrates in certain areas. In an effort to address questions about sources and causes of elevated groundwater nitrate and to provide sound data on potential management strategies that can remediate groundwater nitrate levels, this project was developed. The primary objective was to identify sources of groundwater nitrate in the Texas High Plains and Rolling Plains and the secondary objective was to evaluate and demonstrate strategies and practices for reducing nitrate levels in these same areas. Collectively, this effort was able to provide insight into the potential sources of nitrate found in groundwater while also demonstrating how available nitrates can be captured as a beneficial resource and effectively removed from the underlying aquifer

The role of tolerant genotypes and plant nutrients in the management of iron toxicity in lowland rice

Iron toxicity is a nutrient disorder associated with high concentrations of iron in soil solutions. Deficiencies of other nutrients, such as P, K, Ca, Mg and Zn, have been implicated in its occurrence in rice plants. Field experiments were carried out in 1992 and 1993 in Ivory Coast to evaluate the iron toxicity tolerance of promising rice cultivars available in West Africa, and to provide additional information for selecting breeding materials. Two sites, differing in their potential to cause iron toxicity, were used. Glasshouse and field studies were also conducted to test the role of other nutrients in the occurrence of iron toxicity. The results showed that genetic tolerance to iron toxicity can significantly improve rice production in iron-toxic soils, with some cultivars producing yields in excess of 5 t/ha. The application of N, P, K and Zn in the field decreased the uptake of iron in rice tops, and this can be a significant factor in the iron-toxicity tolerance of the cultivars