On formal verification of arithmetic-based cryptographic primitives

Cryptographic primitives are fundamental for information security: they are used as basic components for cryptographic protocols or public-key cryptosystems. In many cases, their security proofs consist in showing that they are reducible to computationally hard problems. Those reductions can be subtle and tedious, and thus not easily checkable. On top of the proof assistant Coq, we had implemented in previous work a toolbox for writing and checking game-based security proofs of cryptographic primitives. In this paper we describe its extension with number-theoretic capabilities so that it is now possible to write and check arithmetic-based cryptographic primitives in our toolbox. We illustrate our work by machine checking the game-based proofs of unpredictability of the pseudo-random bit generator of Blum, Blum and Shub, and semantic security of the public-key cryptographic scheme of Goldwasser and Micali.Comment: 13 page

Effect of a therapeutic exercise program (FisioPausa) on the quality of life of employees from CESPU

Introduction In the context of work, labouring time is mainly spent in the sitting position and in a continuous way. This reality contributes for the increase of a sedentary lifestyle of workers, leading to health-related diseases and consequently decreasing they quality of life (QoL).info:eu-repo/semantics/publishedVersio

Meningitis Dipstick Rapid Test: Evaluating Diagnostic Performance during an Urban Neisseria meningitidis Serogroup A Outbreak, Burkina Faso, 2007

Meningococcal meningitis outbreaks occur every year during the dry season in the “meningitis belt” of sub-Saharan Africa. Identification of the causative strain is crucial before launching mass vaccination campaigns, to assure use of the correct vaccine. Rapid agglutination (latex) tests are most commonly available in district-level laboratories at the beginning of the epidemic season; limitations include a short shelf-life and the need for refrigeration and good technical skills. Recently, a new dipstick rapid diagnostic test (RDT) was developed to identify and differentiate disease caused by meningococcal serogroups A, W135, C and Y. We evaluated the diagnostic performance of this dipstick RDT during an urban outbreak of meningitis caused by N. meningitidis serogroup A in Ouagadougou, Burkina Faso; first against an in-country reference standard of culture and/or multiplex PCR; and second against culture and/or a highly sensitive nested PCR technique performed in Oslo, Norway. We included 267 patients with suspected acute bacterial meningitis. Using the in-country reference standard, 50 samples (19%) were positive. Dipstick RDT sensitivity (N = 265) was 70% (95%CI 55–82) and specificity 97% (95%CI 93–99). Using culture and/or nested PCR, 126/259 (49%) samples were positive; dipstick RDT sensitivity (N = 257) was 32% (95%CI 24–41), and specificity was 99% (95%CI 95–100). We found dipstick RDT sensitivity lower than values reported from (i) assessments under ideal laboratory conditions (>90%), and (ii) a prior field evaluation in Niger [89% (95%CI 80–95)]. Specificity, however, was similar to (i), and higher than (ii) [62% (95%CI 48–75)]. At this stage in development, therefore, other tests (e.g., latex) might be preferred for use in peripheral health centres. We highlight the value of field evaluations for new diagnostic tests, and note relatively low sensitivity of a reference standard using multiplex vs. nested PCR. Although the former is the current standard for bacterial meningitis surveillance in the meningitis belt, nested PCR performed in a certified laboratory should be used as an absolute reference when evaluating new diagnostic tests

Transitions/relaxations in polyester adhesive/PET system

The correlations between the transitions and the dielectric relaxation processes of the oriented poly(ethylene terephthalate) (PET) pre-impregnated of the polyester thermoplastic adhesive have been investigated by differential scanning calorimetry (DSC) and dynamic dielectric spectroscopy (DDS). The thermoplastic polyester adhesive and the oriented PET films have been studied as reference samples. This study evidences that the adhesive chain segments is responsible for the physical structure evolution in the PET-oriented film. The transitions and dielectric relaxation modes’ evolutions in the glass transition region appear characteristic of the interphase between adhesive and PET film, which is discussed in terms of molecular mobility. The storage at room temperature of the adhesive tape involves the heterogeneity of the physical structure, characterized by glass transition dissociation. Thus, the correlation between the transitions and the dielectric relaxation processes evidences a segregation of the amorphous phases. Therefore, the physical structure and the properties of the material have been linked to the chemical characteristics

Authenticated key agreement mediated by a proxy re-encryptor for the Internet of Things

International audienceThe Internet of Things (IoT) is composed of a wide range of heterogeneous network devices that communicate with their users and the surrounding devices. The secure communications between these devices are still essential even with little or no previous knowledge about each other and regardless of their resource capabilities. This particular context requires appropriate security mechanisms which should be wellsuited for the heterogeneous nature of IoT devices, without pre-sharing a secret key for each secure connection. In this work, we first propose a novel symmetric cipher proxy re-encryption scheme. Such a primitive allows a user to delegate her decryption rights to another with the help of a semi-trusted proxy, but without giving this latter any information on the transmitted messages and the user's secret keys. We then propose AKAPR, an Authenticated Key Agreement mediated by a Proxy Re-encryptor for IoT. The mechanism permits any two highly resource-constrained devices to establish a secure communication with no prior trust relationship. AKAPR is built upon our proposed proxy re-encryption scheme. It has been proved by ProVerif to provide mutual authentication for participants while preserving the secrecy of the generated session key. In addition, the scheme benefits from the lightness of our proxy re-encryption algorithm as it requires no expensive cryptographic operations such as pairing or modular exponentiatio

Relationship Between Biogenic Amines and Free Amino Acid Contents of Winesand Musts from Alentejo (Portugal)

The concentration of biogenic amines and free amino acids was studied in 102 Portuguese wines and 18 musts from Alentejo demarcated (D.O.C.) regions. Most wines were commercial, except for 38 monovarietals obtained by micro vinification. Musts from the varieties used to produce the latter wines were also studied. Both biogenic amines and free amino acids were analyzed by HPLC using fluorescence detection for their o-phthalaldehyde/fluorenylmethyl chloroformate (OPA/FMOC) derivatives. The most significant amines (average 10.8 mg/L for histamine+tyramine in red, and 7.4 mg/L for white wines) were found to be present at low levels and, although no important relationship between each individual biogenic amine could be obtained, the total amine content depends significantly on the assimilable amino acid content in wine

A Phase II, Randomized Study on an Investigational DTPw-HBV/Hib-MenAC Conjugate Vaccine Administered to Infants in Northern Ghana

BACKGROUND: Combining meningococcal vaccination with routine immunization in infancy may reduce the burden of meningococcal meningitis, especially in the meningitis belt of Africa. We have evaluated the immunogenicity, persistence of immune response, immune memory and safety of an investigational DTPw-HBV/Hib-MenAC conjugate vaccine given to infants in Northern Ghana. METHODS AND FINDINGS: In this phase II, double blind, randomized, controlled study, 280 infants were primed with DTPw-HBV/Hib-MenAC or DTPw-HBV/Hib vaccines at 6, 10 and 14 weeks of age. At 12 months of age, children in each group received a challenge dose of serogroup A+C polysaccharides. Antibody responses were assessed pre, and one month-post dose 3 of the priming schedule and pre and 1 month after administration of the challenge dose. One month post-dose 3, 87.8% and 88.2% of subjects in the study group had bactericidal meningococcal serogroup A (SBA-MenA) and meningococcal serogroup C (SBA-MenC) antibody titres > or = 1:8 respectively. Seroprotection/seropositivity rates to the 5 antigens administered in the routine EPI schedule were non-inferior in children in the study group compared to those in the control group. The percentages of subjects in the study group with persisting SBA-MenA titres > or = 1:8 or SBA-MenC titres > or = 1:8 at the age of 12 months prior to challenge were significantly higher than in control group (47.7% vs 25.7% and 56.4% vs 5.1% respectively). The administration of 10 microg of serogroup A polysaccharide increased the SBA-MenA GMT by 14.0-fold in the DTPW-HBV/HibMenAC-group compared to a 3.8 fold increase in the control-group. Corresponding fold-increases in SBA-MenC titres following challenge with 10 microg of group C polysaccharide were 18.8 and 1.9 respectively. Reactogenicity following primary vaccination or the administration of the challenge dose was similar in both groups, except for swelling (Grade 3) after primary vaccination which was more frequent in children in the vaccine than in the control group (23.7%; 95%CI [19.6-28.1] of doses vs 14.1%; 95% CI [10.9-17.8] of doses). Fifty-nine SAEs (including 8 deaths), none of them related to vaccination, were reported during the entire study. CONCLUSIONS: Three dose primary vaccination with DTPw-HBV/Hib-MenAC was non-inferior to DTPw-HBV/Hib for the 5 common antigens used in the routine EPI schedule and induced bactericidal antibodies against Neisseria meningitidis of serogroups A and C in the majority of infants. Serogroup A and C bactericidal antibody levels had fallen below titres associated with protection in nearly half of the infants by the age of 12 months confirming that a booster dose is required at about that age. An enhanced memory response was shown after polysaccharide challenge. This vaccine could provide protection against 7 important childhood diseases (including meningococcal A and C) and be of particular value in countries of the African meningitis belt. TRIAL REGISTRATION: Controlled-Trials.com ISRCTN35754083

Protocol analysis modulo combination of theories: A case study in Maude-NPA

There is a growing interest in formal methods and tools to analyze cryptographic protocols modulo algebraic properties of their underlying cryptographic functions. It is well-known that an intruder who uses algebraic equivalences of such functions can mount attacks that would be impossible if the cryptographic functions did not satisfy such equivalences. In practice, however, protocols use a collection of well-known functions, whose algebraic properties can naturally be grouped together as a union of theories E 1... ¿ n. Reasoning symbolically modulo the algebraic properties E 1... ¿ n requires performing (E 1... ¿ n)-unification. However, even if a unification algorithm for each individual E i is available, this requires combining the existing algorithms by methods that are highly non-deterministic and have high computational cost. In this work we present an alternative method to obtain unification algorithms for combined theories based on variant narrowing. Although variant narrowing is less efficient at the level of a single theory E i, it does not use any costly combination method. Furthermore, it does not require that each E i has a dedicated unification algorithm in a tool implementation. We illustrate the use of this method in the Maude-NPA tool by means of a well-known protocol requiring the combination of three distinct equational theories. © 2011 Springer-Verlag.R. Sasse and J. Meseguer have been partially supported by NSF Grants CNS0716638, CNS-0831064 and CNS-0904749. S. Escobar has been partially supported by the EU (FEDER) and the Spanish MEC/MICINN under grant TIN 2007-68093- C02-02. C. Meadows has been partially supported by NSF Grant CNS-0904749National Science Foundation, EEUUSasse, R.; Escobar Román, S.; Meadows, C.; Meseguer, J. (2011). Protocol analysis modulo combination of theories: A case study in Maude-NPA. En Security and Trust Management. Springer Verlag (Germany). 6710:163-178. doi:10.1007/978-3-642-22444-7_11S1631786710Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. Theoretical Computer Science 367(1-2), 2–32 (2006)Armando, A., Basin, D.A., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P.H., Héam, P.-C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The avispa tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)Baader, F., Schulz, K.U.: Unification in the union of disjoint equational theories: Combining decision procedures. In: Kapur, D. (ed.) CADE 1992. LNCS, vol. 607, pp. 50–65. Springer, Heidelberg (1992)Basin, D.A., Mödersheim, S., Viganò, L.: An on-the-fly model-checker for security protocol analysis. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 253–270. Springer, Heidelberg (2003)Baudet, M., Cortier, V., Delaune, S.: YAPA: A generic tool for computing intruder knowledge. In: Treinen, R. (ed.) RTA 2009. LNCS, vol. 5595, pp. 148–163. Springer, Heidelberg (2009)Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: CSFW, pp. 82–96. IEEE Computer Society, Los Alamitos (2001)Bursuc, S., Comon-Lundh, H.: Protocol security and algebraic properties: Decision results for a bounded number of sessions. In: Treinen, R. (ed.) RTA 2009. LNCS, vol. 5595, pp. 133–147. Springer, Heidelberg (2009)Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP decision procedure for protocol insecurity with XOR. In: LICS, pp. 261–270. IEEE Computer Society, Los Alamitos (2003)Chevalier, Y., Rusinowitch, M.: Hierarchical combination of intruder theories. Inf. Comput. 206(2-4), 352–377 (2008)Chevalier, Y., Rusinowitch, M.: Symbolic protocol analysis in the union of disjoint intruder theories: Combining decision procedures. Theor. Comput. Sci. 411(10), 1261–1282 (2010)Ciobâcă, Ş., Delaune, S., Kremer, S.: Computing knowledge in security protocols under convergent equational theories. In: Schmidt, R.A. (ed.) CADE-22. LNCS, vol. 5663, pp. 355–370. Springer, Heidelberg (2009)Comon-Lundh, H., Delaune, S.: The finite variant property: How to get rid of some algebraic properties. In: Giesl, J. (ed.) RTA 2005. LNCS, vol. 3467, pp. 294–307. Springer, Heidelberg (2005)Cortier, V., Delaitre, J., Delaune, S.: Safely composing security protocols. In: Arvind, V., Prasad, S. (eds.) FSTTCS 2007. LNCS, vol. 4855, pp. 352–363. Springer, Heidelberg (2007)Cremers, C.J.F.: The scyther tool: Verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008)Escobar, S., Meadows, C., Meseguer, J.: A rewriting-based inference system for the NRL protocol analyzer and its meta-logical properties. Theoretical Computer Science 367(1-2), 162–202 (2006)Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: Cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007/2008/2009 Tutorial Lectures. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009)Escobar, S., Meseguer, J., Sasse, R.: Effectively checking or disproving the finite variant property. Technical Report UIUCDCS-R-2008-2960, Department of Computer Science - University of Illinois at Urbana-Champaign (April 2008)Escobar, S., Meseguer, J., Sasse, R.: Effectively checking the finite variant property. In: Voronkov, A. (ed.) RTA 2008. LNCS, vol. 5117, pp. 79–93. Springer, Heidelberg (2008)Escobar, S., Meseguer, J., Sasse, R.: Variant narrowing and equational unification. Electr. Notes Theor. Comput. Sci. 238(3), 103–119 (2009)Escobar, S., Sasse, R., Meseguer, J.: Folding variant narrowing and optimal variant termination. In: Ölveczky, P.C. (ed.) WRLA 2010. LNCS, vol. 6381, pp. 52–68. Springer, Heidelberg (2010)Fabrega, F.J.T., Herzog, J., Guttman, J.: Strand Spaces: What Makes a Security Protocol Correct? Journal of Computer Security 7, 191–230 (1999)Guo, Q., Narendran, P.: Unification and matching modulo nilpotence. In: CADE-13. LNCS, vol. 1104, pp. 261–274. Springer, Heidelberg (1996)Harkins, D., Carrel, D.: The Internet Key Exchange (IKE), IETF RFC 2409, (November 1998)Jouannaud, J.-P., Kirchner, C., Kirchner, H.: Incremental construction of unification algorithms in equational theories. In: Díaz, J. (ed.) ICALP 1983. LNCS, vol. 154, pp. 361–373. Springer, Heidelberg (1983)Küsters, R., Truderung, T.: Reducing protocol analysis with xor to the xor-free case in the Horn theory based approach. In: ACM Conference on Computer and Communications Security, pp. 129–138 (2008)Küsters, R., Truderung, T.: Using ProVerif to analyze protocols with Diffie-Hellman exponentiation. In: CSF, pp. 157–171. IEEE Computer Society, Los Alamitos (2009)Lafourcade, P., Terrade, V., Vigier, S.: Comparison of cryptographic verification tools dealing with algebraic properties. In: Degano, P., Guttman, J.D. (eds.) FAST 2009. LNCS, vol. 5983, pp. 173–185. Springer, Heidelberg (2010)Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)Meadows, C.: The NRL protocol analyzer: An overview. J. Log. Program. 26(2), 113–131 (1996)Meseguer, J.: Conditional rewriting logic as a united model of concurrency. Theor. Comput. Sci. 96(1), 73–155 (1992)Meseguer, J.: Membership algebra as a logical framework for equational specification. In: Parisi-Presicce, F. (ed.) WADT 1997. LNCS, vol. 1376, pp. 18–61. Springer, Heidelberg (1998)Meseguer, J., Thati, P.: Symbolic reachability analysis using narrowing and its application to verification of cryptographic protocols. Higher-Order and Symbolic Computation 20(1–2), 123–160 (2007)Ohlebusch, E.: Advanced Topics in Term Rewriting. Springer, Heidelberg (2002)Santiago, S., Talcott, C.L., Escobar, S., Meadows, C., Meseguer, J.: A graphical user interface for Maude-NPA. Electr. Notes Theor. Comput. Sci. 258(1), 3–20 (2009)Schmidt-Schauß, M.: Unification in a combination of arbitrary disjoint equational theories. J. Symb. Comput. 8(1/2), 51–99 (1989)Terese (ed.): Term Rewriting Systems. Cambridge University Press, Cambridge (2003)Turuani, M.: The CL-atse protocol analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006