Automatic Generation of Security Protocols Attacks Specifications and Implementations

Confidence in a communication protocol’s security is a key requirement for its deployment and long-term maintenance. Checking if a vulnerability exists and is exploitable requires extensive expertise. The research community has advocated for a systematic approach with formal methods to model and automatically test a protocol against a set of desired security properties. As verification tools reach conclusions, the applicability of their results still requires expert scrutiny. We propose a code generation approach to automatically build both an abstract specification and a concrete implementation of a Dolev-Yao intruder from an abstract attack trace, bridging the gap between theoretical attacks discovered by formal means and practical ones. Through our case studies, we focus on attack traces from the OFMC model checker, Alice&Bob specifications and Java implementations. We introduce a proof-of-concept workflow for concrete attack validation that allows to conveniently integrate, in a user-friendly way, formal methods results into a Model-Driven Development process and at the same time automatically generate a program that allows to demonstrate the attack in practice. In fact, in this contribution, we produce high-level and concrete attack narrations that are both human and machine readable

Towards the Multiple Constant Multiplication at Minimal Hardware Cost

Multiple Constant Multiplication (MCM) over integers is a frequent operation arising in embedded systems that require highly optimized hardware. An efficient way is to replace costly generic multiplication by bit-shifts and additions, i.e. a multiplierless circuit. In this work, we improve the state-of-the-art optimal approach for MCM, based on Integer Linear Programming (ILP). We introduce a new lower-level hardware cost, based on counting the number of one-bit adders and demonstrate that it is strongly correlated with the LUT count. This new model for the multiplierless MCM circuits permitted us to consider intermediate truncations that permit to significantly save resources when a full output precision is not required. We incorporate the error propagation rules into our ILP model to guarantee a user-given error bound on the MCM results. The proposed ILP models for multiple flavors of MCM are implemented as an open-source tool and, combined with the FloPoCo code generator, provide a complete coefficient-to-VHDL flow. We evaluate our models in extensive experiments, and propose an in-depth analysis of the impact that design metrics have on actually synthesized hardware.Comment: 10 pages, 3 tables, 6 figures, journal submissio

Un site d’élevage de lapins de la fin du moyen âge : les garennes de Sainte-Foy (Val-Suzon, Côte-d’Or)

En 2017, un sondage archéologique a été réalisé sur des structures d’élevage de lapins situées à quelques centaines de mètres du hameau de Sainte-Foy, sur la commune de Val-Suzon (Côte-d’Or). Ces structures médiévales que l’on appelle des garennes correspondent ici à des tertres en terre à l’intérieur desquels sont aménagées des galeries en pierre, qui servaient de terriers artificiels aux lapins. Ces garennes ont fait l’objet d’une étude multi-sources s’appuyant sur des données LiDAR, de prospection magnétique et des archives textuelles. Cette étude concerne ainsi les données recueillies sur le site de Sainte-Foy et essaye notamment de répondre aux questions de la construction et de la localisation historique des garennes. D’autres aspects (identification, typologie) concernant de manière plus générale ces structures archéologiques sont également abordés.In 2017, an archaeological test-pit was made on rabbit breeding structures located a few hundred meters from the hamlet of Sainte-Foy, in the commune of Val-Suzon (Côte-d’Or). These medieval structures, which we call “warrens,” correspond here to earth mounds inside of which stone galleries were constructed and served as artificial rabbit burrows. These garennes were the subject of multi-source studies based on lidar data, magnetic surveys and text archives. This study thus concerns the data collected at the site of Sainte-Foy and attempts to answer questions concerning the construction and historic location of the garennes. Other aspects (identification, typology) more broadly concerning these archaeological structures are also addressed.2017 wurde ein paar hundert Meter von dem Weiler Sainte-Foy in der Gemeinde Val-Suzon (Departement Côte-d’Or) eine archäologische Sondierungsgrabung vorgenommen. Die mittelalterlichen, als Wildkaninchengehege bezeichneten, Strukturen einer Kaninchenzucht entsprechen hier Erdhügeln, in denen Steingalerien angelegt sind, die den Kaninchen als künstlicher Bau dienten. Die Gehege waren Gegenstand einer auf LIDAR-Daten, einer magnetischen Prospektion und Textarchiven basierenden Untersuchung, die sich insbesondere bemüht, die Fragen der Konstruktion und der historischen Lokalisierung der Wildkaninchengehege zu beantworten. Weitere Aspekte (Identifizierung, Typologie) die diese archäologischen Befunde allgemein betreffen, werden ebenfalls angesprochen

Olfactory preference conditioning changes the reward value of reinforced and non-reinforced odors

International audienceOlfaction is determinant for the organization of rodent behavior. In a feeding context, rodents must quickly discriminate whether a nutrient can be ingested or whether it represents a potential danger to them. To understand the learning processes that support food choice, aversive olfactory learning and flavor appetitive learning have been extensively studied. In contrast, little is currently known about olfactory appetitive learning and its mechanisms. We designed a new paradigm to study conditioned olfactory preference in rats. After 8 days of exposure to a pair of odors (one paired with sucrose and the other with water), rats developed a strong and stable preference for the odor associated with the sucrose solution. A series of experiments were conducted to further analyze changes in reward value induced by this paradigm for both stimuli. As expected, the reward value of the reinforced odor changed positively. Interestingly, the reward value of the alternative odor decreased. This devaluation had an impact on further odor comparisons that the animal had to make. This result suggests that appetitive conditioning involving a comparison between two odors not only leads to a change in the reward value of the reinforced odor, but also induces a stable devaluation of the non-reinforced stimulus

Securing Distributed Systems: A Survey on Access Control Techniques for Cloud, Blockchain, IoT and SDN

Access Control is a crucial defense mechanism organizations can deploy to meet modern cybersecurity needs and legal compliance with data privacy. The aim is to prevent unauthorized users and systems from accessing protected resources in a way that exceeds their permissions. The present survey aims to summarize state-of-the-art Access Control techniques, presenting recent research trends in this area. Moreover, as the cyber-attack landscape and zero-trust networking challenges require organizations to consider their Information Security management strategies carefully, in this study, we present a review of contemporary Access Control techniques and technologies being discussed in the literature and the various innovations and evolution of the technology. We also discuss adopting and applying different Access Control techniques and technologies in four upcoming and crucial domains: Cloud Computing, Blockchain, the Internet of Things, and Software-Defined Networking. Finally, we discuss the business adoption strategies for Access Control and how the technology can be integrated into a cybersecurity and network architecture strategy

A site selection methodology for CO2 underground storage in deep saline aquifers: case of the Paris Basin

International audienceSite selection is a fundamental step, which can condition the success of a CO2 geological storage. A CO2 storage has to gather several targets, which can be expressed through a list of criteria. In the proposed site selection methodology, these criteria can be classified into “killer criteria” and “site-qualification criteria”, whose combinations allow identifying potential sites and the most appropriate one(s). This multicriteria methodology is applied on the PICOREF study area, located in the Paris Basin, on which potential site(s) in deep saline aquifers are investigated

FUNTIMES – Future Navigation and Timing Evolved Signals

International audienceThe European Galileo system moves clear steps forward towards the completion of its space and ground segment infrastructures, after starting providing early services in 2016 and with the plan to achieve the full operational capability (FOC) in 2020. Also the user segment is rapidly expanding, with the increasing introduction of mass market chipsets fully supporting Galileo in a constantly growing number of smartphones. In this context a strong need for R&D activities in the field of navigation signal engineering has been identified by various Programme's stakeholders. Considering the long process required for introducing new signals and features in a system that is already deployed and finds itself in the exploitation phase, early R&D activities become essential to investigate potential evolutions and new concepts to improve the Galileo signals and services in the short, medium and long term. The Future Navigation and Timing Evolved Signals (FUNTIMES) project is a European GNSS mission evolution study funded by the European Commission within the Horizon 2020 Framework for Research and Development. It aims at identifying, studying and recommending mission evolution directions and at preliminary supporting the definition, design and implementation of the future generation of Galileo signals. The project is led by Airbus Defence and Space as prime contractor, supported by Ecole Nationale de l‘Aviation Civile (ENAC) and Istituto Superiore Mario Boella (ISMB) as subcontractors and was run under the supervision of the European Commission and its Joint Research Centre. The research activities were conducted according to the following high level evolution directions: - Improve the Galileo OS reliability by providing an enhanced authentication service based on both navigation message authentication and spreading code authentication, in such a way that the two solutions can take advantage of their combination. - Improve the sensitivity and/or reduce the complexity of the acquisition of the Galileo OS signals, e.g. by studying the potential introduction of a new signal component for this purpose. - Make use of new concepts and techniques for the delivery of the data messages, to improve the time-to-data performance and robustness. - Consider options for providing an effective high data rate component suitable for satellite navigation purposes, e.g. in view of a possible evolution of the signals providing the Galileo Commercial Service. The project started by defining the key elements characterizing GNSS signals, describing the current signal plans of the major global and regional satellite systems and carrying out a literature survey on the various proposals for the evolution and optimization of navigation signals. A key role in the project was then played by a specific task on the definition of signal user requirements, which, besides providing by themselves an added-value to the project outcomes, were taken into account to select and consolidate the R&D topics defined at the beginning of the study. For what concerns the core navigation signal R&D activity, various solutions belonging to the following areas were considered: new and evolved modulations and multiplexing techniques, new concepts and techniques for the data message, solutions providing services with higher reliability, solutions for improved navigation performance. In the followings, some highlights about the main project tasks are provided. *Adding New Signal Components to Galileo E1 OS* Due to backward compatibility constraints, the Galileo legacy signals defined in the current SIS-ICD do not offer much space for further modifications. The possibility to add new signal components to the Galileo E1 signal was investigated with the goals of providing a fast and reliable authentication service and better acquisition performance while keeping the complexity of the acquisition process low. Various options were investigated, considering new components centered at E1 or ones presenting a carrier offset. The options were studied in terms of ranging performance, compatibility with other signals in E1/L1, multiplexing efficiency and backward compatibility. The outcome of this task was then combined with the other solutions investigated during the project and briefly introduced in the followings. *Signal User Requirements Survey* This task aimed at identifying and understanding the current and future needs of various GNSS user groups in order to derive requirements and evolution directions for the Galileo signals. The work logic followed was based on a 3-step approach: - Definition of the user communities - Analysis of available documentation and state-of-the-art for each user communities to extract high level and, if possible, low level requirements - Consultation of representative of the various user communities by means of questionnaire on signal user requirements. The considered user communities are representative of 7 classes of users: - Traditional Safety-of-Life Applications (Navigation of Civil Aviation aircrafts, Train Control) - Automotive Location-Based Charging (LBC) and Vehicle Motion Sensing (VMS) - Mobile Location-Based Services (LBS) - Surveying - Timing and Synchronization - Search and Rescue - Remotely-Piloted Aircraft Systems (RPAS). As mentioned above, the consortium prepared a questionnaire which was distributed to companies and organizations representative of various GNSS user communities. After collecting the answers, personal interviews were conducted to deepen the outcomes of the survey and collect more details about their expectations. From the received answers, the following points were considered particularly relevant for the identification/consolidation of signal evolution directions: - The need for integrity and authentication is present also in non-safety of life applications (e.g. precise positioning) - Very wide-spread need for fast authenticated PVT (fast data and pseudo-range authentication) - Interest in fast Time-To-First-Fix (TTFF) Data, or in other words, fast provision of the Clock error corrections and satellites Ephemeris Data (CED). - Need for precise clock and orbit data, freely accessible through the navigation message transmitted through conventional signals (at L1/E1 or L5/E5) - Importance of stand-alone operation mode despite the increasing number of connected users (network connection still judged not reliable enough). - Need for multipath/NLOS resistant signals - Need for RFI resistant signals - Interest for an alert/emergency service. *Reed-Solomon Codes for the Improvement of the I/NAV Message* Despite the growing number of connected user devices, the reception of the clock and ephemeris data (CED) is still a major factor impacting the TTFF. The current approach for the dissemination of these data can be defined as "data carouseling": the data are repeatedly sent to the users with a certain repetition rate. For example the repetition rate of the CED contained in the Galileo E1 OS message is equal to 1 every 30 s. A different approach is offered by Maximum Distance Separable (MDS) codes like Reed-Solomon codes, whose erasure correction capability allows to retrieve the entire information contained in k data blocks from any combination of k received blocks of the codeword. During the project, the performance of Reed-Solomon codes when applied to the Galileo I/NAV message as proposed in [1] were studied, in terms of Time-to-Data, with extensive simulations in the AWGN and mobile channel. The results were then compared with the legacy implementation and with the performance of the GPS L1C signal and showed a very significant improvement, with a reduction of the Galileo E1 OS TTFF by up to 50% in difficult urban environments. Also received processing scheme and complexity aspects were taken into account in the work. *Spreading Code Authentication Techniques* The increasing awareness concerning the vulnerability of GNSS signals to potential spoofing attacks suggested to dedicate an important part of the project R&D activities to investigating new concepts and ideas to improve the reliability of the provided PNT service. This need was also confirmed by the conducted user requirements survey. The investigation of possible authentication techniques has been carried out on the basis of both quantitative results and qualitative analyses, considering a set of criteria useful to weight the overall performance of different options in realistic scenarios. The methodology used to trade-off different options took into account four main criteria: - the authentication performance, aiming to assess the techniques mainly in terms of Time Between Authentications (TBA) and Time To Alarm (TTA) metrics; - the spoofing robustness, that measures the level of resilience to different specific spoofing attacks; - the implementation readiness, that assesses the level of complexity required both at the system and receiver levels and the backward compatibility; - the legacy signal valorization, with the objective to assess the level of reuse and valorization of today’s signal and messages structures, e.g. considering the current Galileo plans to provide navigation message authentication for his Open Service. When considering authentication solutions, it is important not to focus only on the benefits of future participant users, i.e., those able to exploit the features of the authenticated signals, but also to take into account the possible impact on the existing satellites, ground segment, and other receivers (i.e. non-participant users). Therefore the activities included the assessment of the impact of authentication schemes on user receivers. In detail, the analysis covered the possible degradation of the performance of non-participant users, in terms of C/N0 degradation and impact on acquisition and tracking, and the evaluation of the performance of participant users in relation with the authentication technique parameters. In addition, a novel high-level concept for spreading code authentication, based on the idea of reusing the E1-B OS NMA data, was investigated. The proposed concept, already anticipated in [2], foresees the use of two types of SCA bursts, inserted in the open Pseudo-Random Noise (PRN) code sequence at different rates: - “Slow rate” SCA bursts, which are intended for a robust a-posteriori verification with moderate latency (i.e., TBA of about 10 seconds); - “Fast rate” SCA bursts, potentially suitable to improve the authentication performance (e.g. TBA of about 2 seconds) under a wide set of spoofing attacks. The proposed solution can potentially exploit the information received from all the in-view satellites by means of a two-steps authentication procedure. *CSK Modulation and Channel Codes for a High Data Rate Component* The Code Shift Keying (CSK) modulation is an orthogonal M-ary modulation (M orthogonal symbols are used in order to transmit U =log_2?(M) bits) which was specially designed to increase the bandwidth efficiency of a DS-SS signal, i.e. the bit rate to signal bandwidth ratio, without affecting the PRN code structure. The usage of CSK for the improvement of GNSS data delivery was already investigated in the past (e.g. in [3]). Within the FUNTIMES project the main scope of this task was to prove the expected benefits of this technique by applying it to a number of signal design options, considering various data rates, power distributions between data and pilot components and demodulation strategies at the receiver. The first advantage of CSK is the possibility to increase the bit rate of a DS-SS signal without increasing the PRN code number of bits and without increasing the signal chip rate (and thus signal bandwidth). The increased data rate could be used to increase the number of services provided by the signal and/or to improve the services already available, e.g. by sending correction data. The second benefit is enhanced flexibility of the signal bit rate as the CSK modulation allows to change the number of symbols of the modulation alphabet from one codeword to another one. This allows the GNSS signal to provide more robustness to fundamental data and less robustness to less relevant or optional data since the bit rate is directly relate to the demodulation sensitivity. The third major benefit of a CSK modulation is the possibility of implementing a non-coherent demodulation process that does not require the estimation of the incoming signal carrier phase. Therefore, when in degraded environments and/or for high dynamic users, the PLL cannot be in lock for a certain time, the GNSS receiver could still be able to demodulate the data signal. The results obtained in terms of signal availability and reduced Time-to-First-Fix are very promising and bring a significant improvement when compared with the data delivery performance of today's navigation signals. For what concerns the study of channel codes that could be best suited for high data rate transmission and, especially, in combination with a CSK scheme, the investigation focused on LDPC codes with a bit interleaved coded modulation (BICM/BCIM-ID). As Galileo transmits a navigation signal intended to deliver value-added data in a significant amount (high accuracy service through the E6-B signal), it was decided to study a potential application of the studied CSK schemes to a similar use case. From the results obtained, depending on the C/N0 value considered, an increase of the information bit rate from the current 500 bps up to 5000 bps can be feasible, while still reaching a WER equal to 10-3 for a signal component C/N0 equal to 37 dB-Hz. The project allowed to study new elements in the field of GNSS signal engineering and to consolidate solutions that were already investigated in the recent literature, paving the way to the evolution of the Galileo signal plan but also offering elements and ideas that can be adopted by any other GNSS. The variety of solutions proposed presents different levels of maturity. In some cases the solutions are ready to be implemented in the currently deployed systems, while in other cases they would require a corresponding evolution of the space and ground segments. Where deemed necessary, specific recommendations for future R&D work in the areas studied in the project were provided

Efficient Distribution of Security Policy Filtering Rules in Software Defined Networks

International audienceSoftware Defined Networks administrators can specify and smoothly deploy abstract network-wide policies, and then the controller acting as a central authority implements them in the flow tables of the network switches. The rule sets of these policies are specified in the forwarding tables, which are usually accessed using very expensive and power-hungry ternary content-addressable memory (TCAM). Consequently, a given table can only contain a limited number of rules. However, various applications need large rule sets to perform filtering on diverse flows. In this paper, we propose several algorithms for decomposing and distributing a rule set on network switches of limited flow tables size, while preserving the network policy semantics. Through experiments on several rule sets with single and multiple dimensions, we evaluate and analyse the performance of our rule placement techniques. Our results show that our proposals are efficient in practice

R2-D2: Filter Rule set Decomposition and Distribution in Software Defined Networks

International audienc

Improving headspace-solid-phase microextraction of 3-isobutyl-2-methoxypyrazine by experimental design with regard to stable isotope dilution gas chromatography–mass spectrometric analysis of wine

To solve problems of sensitivity, repeatability and multi-step extraction related to 3-isobutyl-2-methoxypyrazine (IBMP) determination in wines, a simple method based on the novel combination of solid-phase microextraction and stable isotope dilution assay is presented. Among the parameters that affect this type of extraction, five of them have been optimised since the other parameters have common values or do not require optimisation (e.g. addition of sodium chloride at saturated concentration) and so were fixed. Vial volume, sample volume/vial volume ratio, pH, adsorption time and temperature have been optimised by means of two experimental designs. After extraction, quantification was performed by stable isotope dilution with gas chromatography-tandem mass spectrometry ([]-IBMP as internal standard). The final procedure allowed quantification far below IBMP’s sensory threshold (1 ng l−1 versus 15 ng l−1) with a 4% standard deviation. This method has been applied to experimental Fer servadou wines. Comparison of IBMP contents confirmed the efficiency of some viticultural and enological techniques on the herbaceous flavour decrease, such as prior fermentation maceration at high temperature (70 °C) and the use of a reflective carpet on viticultural soil