Formal security analysis of registration protocols for interactive systems: a methodology and a case of study

In this work we present and formally analyze CHAT-SRP (CHAos based Tickets-Secure Registration Protocol), a protocol to provide interactive and collaborative platforms with a cryptographically robust solution to classical security issues. Namely, we focus on the secrecy and authenticity properties while keeping a high usability. In this sense, users are forced to blindly trust the system administrators and developers. Moreover, as far as we know, the use of formal methodologies for the verification of security properties of communication protocols isn't yet a common practice. We propose here a methodology to fill this gap, i.e., to analyse both the security of the proposed protocol and the pertinence of the underlying premises. In this concern, we propose the definition and formal evaluation of a protocol for the distribution of digital identities. Once distributed, these identities can be used to verify integrity and source of information. We base our security analysis on tools for automatic verification of security protocols widely accepted by the scientific community, and on the principles they are based upon. In addition, it is assumed perfect cryptographic primitives in order to focus the analysis on the exchange of protocol messages. The main property of our protocol is the incorporation of tickets, created using digests of chaos based nonces (numbers used only once) and users' personal data. Combined with a multichannel authentication scheme with some previous knowledge, these tickets provide security during the whole protocol by univocally linking each registering user with a single request. [..]Comment: 32 pages, 7 figures, 8 listings, 1 tabl

Dances to a redox tune

Reduction and oxidation of proteins through changes in their disulfide/sulfhydryl groups (S-S/ SH) have been increasingly implicated over the past 25 years in the redox regulation of plant metabolism in the light and in the dark. Recent findings indicate that this redox mechanism might be important in modulating all levéis of gene expression in plants and suggest new avenues for future work

Effects of thionins on β-glucuronidase in vitro and in plant protoplasts

Thionins cause the irreversible inactivation of β-glucuronidase (GUS) in vitro in a dose- and time-dependent manner. The enzyme is also sensitive to externally added thionins when expressed in the cytoplasmic compartment of tobacco protoplasts transformed with the Gus gene under the 35S promoter of the cauliflower mosaic virus. In protoplasts transformed with the Gus gene fused to a signal peptide, where GUS is translocated into the lumen of the endoplasmic reticulum, the activity is significantly increased both by externally-added and by transiently-expressed thionin, suggesting that it interferes with GUS secretio

Aspectos teóricos y empíricos de la relación empresa bancos

Desde la perspectiva de la política coyuntural de la empresa, este artículo prueba, para el caso colombiano, lo que los autores han denominado la “hipótesis de Krugman”, según la cual el sector real incide en el desempeño del sector financiero. Con información disponible en la Superintendencia de Valores, para el período 1997-2001, y utilizando el método de la correlación canónica, que establece la correlación entre conjuntos de variables, los resultados permiten concluir que a través de los ingresos operacionales de las empresas y las provisiones del las firmas del sector financiero, el sector real influyó, de manera importante, en el desempeño del sector financiero.From the perspective of the enterprise business cycle policy, this article tests, for the Colombian case, what the authors named “the Krugman’s Hypothesis”, by which the real sector explains partially the performance of the financial sector. With the information available at Superintendencia de Valores, during the period 1997-2001, using the Canonical Analysis method, a method to quantify the correlation between two sets of variable, the results show, through the operational earnings of the businesses and the credit provision of the finance firm, the real sector had an impact on the financial sector

libgroupsig: An extensible C library for group signatures

One major need in the context of Privacy Enhancing Technologies (PETs) is to bridge theoretical proposals and practical implementations. In order to foster easy deployment of PETs, the crux is on proposing standard and well-defined programming interfaces. This need is not completely fulfilled in the case of group signatures. Group signatures are key cryptographic primitives to build up privacy respectful protocols and endorsing fair management of anonymity. To the best of our knowledge, currently there exists no abstract and unified programming interface definition for group signatures. In this work we address this matter and propose a programming interface definition enclosing the functionality of current group signatures schemes. Furthermore, for the sake of abstraction and generalization, we have also endowed our interface with the means to include new group signatures schemes. Finally, we have considered three well known group signature schemes to implement an open source library of the interface using C programming language. We have also performed an analysis of the software implementation with respect to different values of the key size and other parameters of the group signatures interface

A formal methodology for integral security design and verification of network protocols

We propose a methodology for verifying security properties of network protocols at design level. It can be separated in two main parts: context and requirements analysis and informal verification; and formal representation and procedural verification. It is an iterative process where the early steps are simpler than the last ones. Therefore, the effort required for detecting flaws is proportional to the complexity of the associated attack. Thus, we avoid wasting valuable resources for simple flaws that can be detected early in the verification process. In order to illustrate the advantages provided by our methodology, we also analyze three real protocols