Tests for Establishing Security Properties

Ensuring strong security properties in some cases requires participants to carry out tests during the execution of a protocol. A classical example is electronic voting: participants are required to verify the presence of their ballots on a bulletin board, and to verify the computation of the election outcome. The notion of certificate transparency is another example, in which participants in the protocol are required to perform tests to verify the integrity of a certificate log. We present a framework for modelling systems with such `testable properties', using the applied pi calculus. We model the tests that are made by participants in order to obtain the security properties. Underlying our work is an attacker model called ``malicious but cautious'', which lies in between the Dolev-Yao model and the ``honest but curious'' model. The malicious-but-cautious model is appropriate for cloud computing providers that are potentially malicious but are assumed to be cautious about launching attacks that might cause user tests to fail

Formal Analysis of V2X Revocation Protocols

Research on vehicular networking (V2X) security has produced a range of security mechanisms and protocols tailored for this domain, addressing both security and privacy. Typically, the security analysis of these proposals has largely been informal. However, formal analysis can be used to expose flaws and ultimately provide a higher level of assurance in the protocols. This paper focusses on the formal analysis of a particular element of security mechanisms for V2X found in many proposals: the revocation of malicious or misbehaving vehicles from the V2X system by invalidating their credentials. This revocation needs to be performed in an unlinkable way for vehicle privacy even in the context of vehicles regularly changing their pseudonyms. The REWIRE scheme by Forster et al. and its subschemes BASIC and RTOKEN aim to solve this challenge by means of cryptographic solutions and trusted hardware. Formal analysis using the TAMARIN prover identifies two flaws with some of the functional correctness and authentication properties in these schemes. We then propose Obscure Token (OTOKEN), an extension of REWIRE to enable revocation in a privacy preserving manner. Our approach addresses the functional and authentication properties by introducing an additional key-pair, which offers a stronger and verifiable guarantee of successful revocation of vehicles without resolving the long-term identity. Moreover OTOKEN is the first V2X revocation protocol to be co-designed with a formal model.Comment: 16 pages, 4 figure

Traumatic abdominal wall hernias: disruptions of the abdominal wall muscles associated to pelvic bone fractures illustrated by two case reports.

Blunt abdominal traumas are often associated with intra-abdominal injuries and pelvic fractures. Traumatic abdominal wall hernias due to disruption of the abdominal wall muscles may be overlooked. Delayed diagnosis can lead to hernia related complications. We present two cases of high kinetic trauma with pelvic fractures and acute traumatic abdominal wall herniation. Both of these cases suffered from a delayed diagnosis and needed surgery to treat the symptomatic herniation. Clinical reassessment and appropriate medical imaging are mandatory in patients with high kinetic abdominal blunt traumas and associated pelvic fracture, in order to prevent delayed diagnosis and possible complications

Vote-Independence: A Powerful Privacy Notion for Voting Protocols

International audienceRecently an attack on ballot privacy in Helios has been discovered [20], which is essentially based on copying other voter's votes. To capture this and similar attacks, we extend the classical threat model and introduce a new security notion for voting protocols: Vote-Independence. We give a formal definition and analyze its relationship to established privacy properties such as Vote-Privacy, Receipt-Freeness and Coercion-Resistance. In particular we show that even Coercion-Resistant protocols do not necessarily ensure Vote-Independence

Automating Security Analysis: Symbolic Equivalence of Constraint Systems

We consider security properties of cryptographic protocols, that are either trace properties (such as confidentiality or authenticity) or equivalence properties (such as anonymity or strong secrecy). Infinite sets of possible traces are symbolically represented using deducibility constraints. We give a new algorithm that decides the trace equivalence for the traces that are represented using such constraints, in the case of signatures, symmetric and asymmetric encryptions. Our algorithm is implemented and performs well on typical benchmarks. This is the first implemented algorithm, deciding symbolic trace equivalence

Emerg. Infect. Dis

The multidrug-resistant (MDR) Salmonella enterica serotype Newport strain that produces CMY-2 β-lactamase(Newport MDR-AmpC) was the source of sporadic cases and outbreaks in humans in France during 2000–2005. Because this strain was not detected in food animals, it was most likely introduced into France through imported food products

Fresh-Register Automata

What is a basic automata-theoretic model of computation with names and fresh-name generation? We introduce Fresh-Register Automata (FRA), a new class of automata which operate on an infinite alphabet of names and use a finite number of registers to store fresh names, and to compare incoming names with previously stored ones. These finite machines extend Kaminski and Francez’s Finite-Memory Automata by being able to recognise globally fresh inputs, that is, names fresh in the whole current run. We exam-ine the expressivity of FRA’s both from the aspect of accepted languages and of bisimulation equivalence. We establish primary properties and connections between automata of this kind, and an-swer key decidability questions. As a demonstrating example, we express the theory of the pi-calculus in FRA’s and characterise bisimulation equivalence by an appropriate, and decidable in the finitary case, notion in these automata

Formal Analysis of Key Integrity in PKCS#11

PKCS#11 is a standard API to cryptographic devices such as smarcards, hardware security modules and usb crypto-tokens. Though widely adopted, this API has been shown to be prone to attacks in which a malicious user gains access to the sensitive keys stored in the devices. In 2008, Delaune, Kremer and Steel proposed a model to formally reason on this kind of attacks. We extend this model to also describe flaws that are based on integrity violations of the stored keys. In particular, we consider scenarios in which a malicious overwriting of keys might fool honest users into using attacker’s own keys, while performing sensitive operations. We further enrich the model with a trusted key mechanism ensuring that only controlled, non-tampered keys are used in cryptographic operations, and we show how this modified API prevents the above mentioned key-replacement attacks

Modular Architecture for the Measurement of Space Radiation

A modular architecture has been conceived for the design of radiation-monitoring instruments used aboard spacecraft and in planetary-exploration settings. This architecture reflects lessons learned from experience with prior radiation-monitoring instruments. A prototype instrument that embodies the architecture has been developed as part of the Mars Advanced Radiation Acquisition (MARA) project. The architecture is also applicable on Earth for radiation-monitoring instruments in research of energetic electrically charged particles and instruments monitoring radiation for purposes of safety, military defense, and detection of hidden nuclear devices and materials

Deduction with XOR Constraints in Security API Modelling

We introduce XOR constraints, and show how they enable a theorem prover to reason effectively about security critical subsystems which employ bitwise XOR. Our primary case study is the API of the IBM 4758 hardware security module. We also show how our technique can be applied to standard security protocols