Formally based semi-automatic implementation of an open security protocol

International audienceThis paper presents an experiment in which an implementation of the client side of the SSH Transport Layer Protocol (SSH-TLP) was semi-automatically derived according to a model-driven development paradigm that leverages formal methods in order to obtain high correctness assurance. The approach used in the experiment starts with the formalization of the protocol at an abstract level. This model is then formally proved to fulfill the desired secrecy and authentication properties by using the ProVerif prover. Finally, a sound Java implementation is semi-automatically derived from the verified model using an enhanced version of the Spi2Java framework. The resulting implementation correctly interoperates with third party servers, and its execution time is comparable with that of other manually developed Java SSH-TLP client implementations. This case study demonstrates that the adopted model-driven approach is viable even for a real security protocol, despite the complexity of the models needed in order to achieve an interoperable implementation

Crypto-Verifying Protocol Implementations in ML

We intend to narrow the gap between concrete implementations and verified models of cryptographic protocols. We consider protocols implemented in F#, a variant of ML, and verified using CryptoVerif, Blanchet's protocol verifier for computational cryptography. We experiment with compilers from F# code to CryptoVerif processes, and from CryptoVerif declarations to F# code. We present two case studies: an implementation of the Otway-Rees protocol, and an implementation of a simplified password-based authentication protocol. In both cases, we obtain concrete security guarantees for a computational model closely related to executable code

miTLS: Verifying Protocol Implementations against Real-World Attacks

International audienceThe TLS Internet Standard, previously known as SSL, is the default protocol for encrypting communications between clients and servers on the Web. Hence, TLS routinely protects our sensitive emails, health records, and payment information against network-based eavesdropping and tampering. For the past 20 years, TLS security has been analyzed in various cryptographic and programming models to establish strong formal guarantees for various protocol configurations. However, TLS deployments are still often vulnerable to attacks and rely on security experts to fix the protocol implementations. The miTLS project intends to solve this apparent contradiction between published proofs and real-world attacks, which reveals a gap between TLS theory and practice. To this end, the authors developed a verified reference implementation and a cryptographic security proof that account for the protocol's low-level details. The resulting formal development sheds light on recent attacks, yields security guarantees for typical TLS usages, and informs the design of the protocol's next version

EVALUATION OF NOOTROPIC ACTIVITY OF ACHYRANTHES ASPERA LEAVES EXTRACT IN WISTAR RATS

Objective: The objective of the study was to evaluate the nootropic activity of hydroalcoholic extract of Achyranthes aspera leaves using elevated plus maze and radial arm maze.Methods: Adult Wistar rats were allotted to three groups; Group 1 served as control, Groups 2 and 3 received 200 mg/kg and 400 mg/kg of AA extract, respectively, orally for 2 weeks after which the extent of improvement of memory was assessed.Results: AA showed nootropic activity in both elevated plus maze and radial arm maze. 200 mg/kg of AA extract showed better improvement in learning and memory compared to 400 mg/kg.Conclusions: These results indicate that AA leaves extract clearly exhibited the improvement in learning and memory

Clinical Significance of an Unusual Variation : Anomalous additional belly of the sternothyroid muscle

The infrahyoid muscles are involved in vocalisation and swallowing; among these, the sternothyroid muscle is derived from the common primitive sheet. The improper differentiation of this muscle may therefore result in morphological variations. We report an unusual variation found during the dissection of a 65-year-old male cadaver at the Sri Manakula Vinayagar Medical College, Madagadipet, Pondicherry, India, in 2015. An anomalous belly of the right sternothyroid muscle was observed between the internal jugular (IJ) vein and the internal carotid artery with an additional insertion into the tympanic plate and petrous part of the temporal bone and the presence of a levator glandulae thyroideae muscle. The anomalous muscle may compress the IJ vein if it is related to the neurovascular structures of neck; hence, knowledge of variations of the infrahyoid muscles can aid in the evaluation of IJ vein compression among patients with idiopathic symptoms resulting from venous congestion

Refinement Types for Secure Implementations

We present the design and implementation of a typechecker for verifying security properties of the source code of cryptographic protocols and access control mechanisms. The underlying type theory is a λ-calculus equipped with refinement types for expressing pre- and post-conditions within first-order logic. We derive formal cryptographic primitives and represent active adversaries within the type theory. Well-typed programs enjoy assertion-based security properties, with respect to a realistic threat model including key compromise. The implementation amounts to an enhanced typechecker for the general purpose functional language F#; typechecking generates verification conditions that are passed to an SMT solver. We describe a series of checked examples. This is the first tool to verify authentication properties of cryptographic protocols by typechecking their source code. © 2008 IEEE

On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals

The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions.Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data. Properties such as confidentiality, authentication and authorization are the key for the success for these projects. The Integrating the Healthcare Enterprise (IHE) initiative promotes the coordinated use of established standards for authenticated and secure EHR exchanges among clinics and hospitals. In particular, the IHE integration profile named XUA permits to attest user identities by relying on SAML assertions, i.e. XML documents containing authentication statements. In this paper, we provide a formal model for the secure issuance of such an assertion. We first specify the scenario using the process calculus COWS and then analyse it using the model checker CMC. Our analysis reveals a potential flaw in the XUA profile when using a SAML assertion in an unprotected network. We then suggest a solution for this flaw, and model check and implement this solution to show that it is secure and feasible

The protective effect of Withania somnifera against oxidative damage caused by ethanol in the testes of adult male rats

Background: To investigate the effect of Withania somnifera (WS) in preventing the damage caused by alcohol on testis.Methods: Adult male Wistar rats were divided into 4 groups. Group A - control, Group B - WS200 mg orally, Group C - alcohol 4 g/kg orally, and Group D - WS + alcohol. The sperm parameters were examined. Testicular tissues were examined for biochemical (glutathione [GSH] peroxidase, superoxide dismutase, catalase (CAT), malondialdehyde [MDA]) analysis, and histopathological changes.Results: Biochemical parameters revealed tissue oxidative stress in alcohol group which was evidenced as increase in MDA level and reduction in CAT and GSH activities in testes which was reduced in co-treatment group. WS significantly reduced alcohol-induced sperm shape abnormality and sperm count. The alcohol-induced changes in histopathologic findings were partially reversed by treatment with WS.Conclusion: These observations suggest that the antioxidant property of WS might have contributed for its ability to ameliorate the testicular toxicity caused by alcohol

A verification framework for secure machine learning

International audienceWe propose a programming and verification framework to help developers build distributed software applications using composite homomorphic encryption (and secure multi-party computation) protocols, and implement secure machine learning and classification over private data. With our framework, a developer can prove that the application code is functionally correct, that it correctly composes the various cryptographic schemes it uses, and that it does not accidentally leak any secrets (via side-channels, for example.) Our end-to-end solution results in verified and efficient implementations of state-of-the-art secure privacy-preserving learning and classification techniques

Content delivery over TLS: a cryptographic analysis of keyless SSL

The Transport Layer Security (TLS) protocol is designed to allow two parties, a client and a server, to communicate securely over an insecure network. However, when TLS connections are proxied through an intermediate middlebox, like a Content Delivery Network (CDN), the standard endto- end security guarantees of the protocol no longer apply. In this paper, we investigate the security guarantees provided by Keyless SSL, a CDN architecture currently deployed by CloudFlare that composes two TLS 1.2 handshakes to obtain a proxied TLS connection. We demonstrate new attacks that show that Keyless SSL does not meet its intended security goals. These attacks have been reported to CloudFlare and we are in the process of discussing fixes. We argue that proxied TLS handshakes require a new, stronger, 3-party security definition. We present 3(S)ACCEsecurity, a generalization of the 2-party ACCE security definition that has been used in several previous proofs for TLS. We modify Keyless SSL and prove that our modifications guarantee 3(S)ACCE-security, assuming ACCE-security for the individual TLS 1.2 connections. We also propose a new design for Keyless TLS 1.3 and prove that it achieves 3(S)ACCEsecurity, assuming that the TLS 1.3 handshake implements an authenticated 2-party key exchange. Notably, we show that secure proxying in Keyless TLS 1.3 is computationally lighter and requires simpler assumptions on the certificate infrastructure than our proposed fix for Keyless SSL. Our results indicate that proxied TLS architectures, as currently used by a number of CDNs, may be vulnerable to subtle attacks and deserve close attention