Practical Detection of Entropy Loss in Pseudo-Random Number Generators : Extended Version

Pseudo-random number generators (PRNGs) are a critical infrastructure for cryptography and security of many computer applications. At the same time, PRNGs are surprisingly difficult to design, implement, and debug. This paper presents the first static analysis technique specifically for quality assurance of cryptographic PRNG implementations. The analysis targets a particular kind of implementation defect, the entropy loss. Entropy loss occurs when the entropy contained in the PRNG seed is not utilized to the full extent for generating the pseudo-random output stream. The Debian OpenSSL disaster, probably the most prominent PRNG-related security incident, was one but not the only manifestation of such a defect. Together with the static analysis technique, we present its implementation, a tool named Entroposcope. The tool offers a high degree of automation and practicality. We have applied the tool to five real-world PRNGs of different designs and show that it effectively detects both known and previously unknown instances of entropy loss

Secure Logging in between Theory and Practice: Security Analysis of the Implementation of Forward Secure Log Sealing in Journald

This paper presents a security analysis of forward secure log sealing in the journald logging system, which is part of systemd and used in modern Linux distributions. Forward secure log sealing is a cryptographic technique used to ensure the integrity of past log entries even in the event of a full system compromise. We analyze the implementation of this technique in journald, identifying multiple security vulnerabilities resulting from a gap between the model of the cryptographic primitives and their usage in a larger context. In particular one vulnerability allows to forge arbitrary logs for past entries without the validation tool noticing any problem. We demonstrate the found attacks on the journald implementation by providing a concrete security definition for the larger system, an implementation close to the security experiment and a corresponding attacker defeating it when used with a vulnerable version of journald. For the more serious vulnerabilities, we provide patch recommendations, which prevent the implemented attack. Our findings break the security guarantee from log sealing completely, without the error resulting from an inconsistency in the theoretical model nor being a simple implementation mistake. This provides a practical example of the problems that can occur when applying cryptographic primitives to a complex system in reality and that fall in between theory and practice

ConTra Corona : Contact Tracing against the Coronavirus by Bridging the Centralized–Decentralized Divide for Stronger Privacy

Contact tracing is among the most important interventions to mitigate the spread of any pandemic, usually in the form of manual contact tracing. Smartphone-facilitated digital contact tracing may help to increase tracing capabilities and extend the coverage to those contacts one does not know in person. Most implemented protocols use local Bluetooth Low Energy (BLE) communication to detect contagion-relevant proximity, together with cryptographic protections, as necessary to improve the privacy of the users of such a system. However, current decentralized protocols, including DP3T, do not sufficiently protect infected users from having their status revealed to their contacts, which raises fear of stigmatization. We alleviate this by proposing a new and practical solution with stronger privacy guarantees against active adversaries. It is based on the upload- what-you-observed paradigm, includes a separation of duties on the server side, and a mechanism to ensure that users cannot deduce which encounter caused a warning with high time resolution. Finally, we present a simulation-based security notion of digital contact tracing in the real- ideal setting, and prove the security of our protocol in this framework

Isotope-selective high-order interferometry with large organic molecules in free fall

Interferometry in the time domain has proven valuable for matter-wave based measurements. This concept has recently been generalized to cold molecular clusters using short-pulse standing light waves which realized photo-depletion gratings, arranged in a time-domain TalbotâEuro"Lau interferometer (OTIMA). Here we extend this idea further to large organic molecules and demonstrate a new scheme to scan the emerging molecular interferogram in position space. The capability of analyzing different isotopes of the same monomer under identical conditions opens perspectives for studying the interference fringe shift as a function of time in gravitational free fall. The universality of OTIMA interferometry allows one to handle a large variety of particles. In our present work, quasi-continuous laser evaporation allows transferring fragile organic molecules into the gas phase, covering more than an order of magnitude in mass between 614 amu and 6509 amu, i.e. 300% more massive than in previous OTIMA experiments. For all masses, we find about 30% fringe visibility

Isotope-selective high-order interferometry with large organic molecules in free fall

Interferometry in the time domain has proven valuable for matter-wave based measurements. This concept has recently been generalized to cold molecular clusters using short-pulse standing light waves which realized photo-depletion gratings, arranged in a time-domain TalbotâEuro"Lau interferometer (OTIMA). Here we extend this idea further to large organic molecules and demonstrate a new scheme to scan the emerging molecular interferogram in position space. The capability of analyzing different isotopes of the same monomer under identical conditions opens perspectives for studying the interference fringe shift as a function of time in gravitational free fall. The universality of OTIMA interferometry allows one to handle a large variety of particles. In our present work, quasi-continuous laser evaporation allows transferring fragile organic molecules into the gas phase, covering more than an order of magnitude in mass between 614 amu and 6509 amu, i.e. 300% more massive than in previous OTIMA experiments. For all masses, we find about 30% fringe visibility

Bacteria employ lysine acetylation of transcriptional regulators to adapt gene expression to cellular metabolism

Abstract The Escherichia coli TetR-related transcriptional regulator RutR is involved in the coordination of pyrimidine and purine metabolism. Here we report that lysine acetylation modulates RutR function. Applying the genetic code expansion concept, we produced site-specifically lysine-acetylated RutR proteins. The crystal structure of lysine-acetylated RutR reveals how acetylation switches off RutR-DNA-binding. We apply the genetic code expansion concept in E. coli in vivo revealing the consequences of RutR acetylation on the transcriptional level. We propose a model in which RutR acetylation follows different kinetic profiles either reacting non-enzymatically with acetyl-phosphate or enzymatically catalysed by the lysine acetyltransferases PatZ/YfiQ and YiaC. The NAD+-dependent sirtuin deacetylase CobB reverses enzymatic and non-enzymatic acetylation of RutR playing a dual regulatory and detoxifying role. By detecting cellular acetyl-CoA, NAD+ and acetyl-phosphate, bacteria apply lysine acetylation of transcriptional regulators to sense the cellular metabolic state directly adjusting gene expression to changing environmental conditions

Trabajo y Trabajadores en América Latina y el Caribe. Vol. 1

"Trabajo y Trabajadores en América Latina y el Caribe" (Vol. 1) integra e inaugura uma coleção de estudos do trabalho coordenada pelo Grupo de Pesquisa sobre Trabalho (CNPq) a partir da Universidade Federal da Integração Latino-Americana (Unila). Com organização e apresentação de Gil Felix, o livro tem formato multilíngue e conta com 14 capítulos de autores da América Latina, Caribe, África e Europa, oferecendo um panorama geral das pesquisas que estão sendo realizadas atualmente. A apresentação do presente volume está em versão trilíngue (português, castelhano e inglês), resume os capítulos do livro, diferencia e contrasta os três distintos approches dos estudos do trabalho."Trabajo y Trabajadores en América Latina y el Caribe" (Vol. 1) integra e inaugura uma coleção de estudos do trabalho coordenada pelo Grupo de Pesquisa sobre Trabalho (CNPq) a partir da Universidade Federal da Integração Latino-Americana (Unila). Com organização e apresentação de Gil Felix, o livro tem formato multilíngue e conta com 14 capítulos de autores da América Latina, Caribe, África e Europa, oferecendo um panorama geral das pesquisas que estão sendo realizadas atualmente. A apresentação do presente volume está em versão trilíngue (português, castelhano e inglês), resume os capítulos do livro, diferencia e contrasta os três distintos approches dos estudos do trabalho

Isotope-selective high-order interferometry with large organic molecules in free fall

Interferometry in the time domain has proven valuable for matter-wave based measurements. This concept has recently been generalized to cold molecular clusters using short-pulse standing light waves which realized photo-depletion gratings, arranged in a time-domain Talbot–Lau interferometer (OTIMA). Here we extend this idea further to large organic molecules and demonstrate a new scheme to scan the emerging molecular interferogram in position space. The capability of analyzing different isotopes of the same monomer under identical conditions opens perspectives for studying the interference fringe shift as a function of time in gravitational free fall. The universality of OTIMA interferometry allows one to handle a large variety of particles. In our present work, quasi-continuous laser evaporation allows transferring fragile organic molecules into the gas phase, covering more than an order of magnitude in mass between 614 amu and 6509 amu, i.e. 300% more massive than in previous OTIMA experiments. For all masses, we find about 30% fringe visibility.© 2018 The Author(s

Marx, 200 años : presente, pasado y futuro

Este libro colectivo recoge los trabajos presentados en el Foro Marx 200, organizado por el Consejo Latinoamericano de Ciencias Sociales (CLACSO) en el marco de la Conferencia Latinoamericana y Caribeña de Ciencias Sociales y del Primer Foro Mundial de Pensamiento Crítico, en noviembre de 2018. La enorme acogida que tuvo esta iniciativa, desarrollada en ese marco multitudinario, hizo que el Foro se convirtiera en un evento valioso y relevante, a partir de haber logrado conducir el peso retrospectivo que trae consigo la celebración de los 200 años del nacimiento de Marx hacia un debate colectivo de alto nivel en torno al presente y al futuro de su praxis en el mundo