A Symbolic Framework to Analyse Physical Proximity in Security Protocols

For many modern applications like e.g., contactless payment, and keyless systems, ensuring physical proximity is a security goal of paramount importance. Formal methods have proved their usefulness when analysing standard security protocols. However, existing results and tools do not apply to e.g., distance bounding protocols that aims to ensure physical proximity between two entities. This is due in particular to the fact that existing models do not represent in a faithful way the locations of the participants, and the fact that transmission of messages takes time. In this paper, we propose several reduction results: when looking for an attack, it is actually sufficient to consider a simple scenario involving at most four participants located at some specific locations. These reduction results allow one to use verification tools (e.g. ProVerif, Tamarin) developed for analysing more classical security properties. As an application, we analyse several distance bounding protocols, as well as a contactless payment protocol

Diseño de un UAV orientado a la logística de transporte

This project provides a broad overview of the world of UAV sector that is constantly growing for all that it can bring and help in all kind os situations. An exhaustive analysis of the past, current and future market is presented to understand where this technology comes from and where it is heading. The main components that make up a UAV are evaluated, and a solution is provided, optimizing the key parts and features. Finally, a simulation of the UAV generated from the choice of components will be carried out and a basis for a future design of a UAV oriented to transport logistics will be established.Objectius de Desenvolupament Sostenible::9 - Indústria, Innovació i Infraestructur

Mutations specific to the Rac-GEF domain of <i>TRIO</i> cause intellectual disability and microcephaly

Background: Neurodevelopmental disorders have challenged clinical genetics for decades, with over 700 genes implicated and many whose function remains unknown. The application of whole-exome sequencing is proving pivotal in closing the genotype/phenotype gap through the discovery of new genes and variants that help to unravel the pathogenic mechanisms driving neuropathogenesis. One such discovery includes TRIO, a gene recently implicated in neurodevelopmental delay. Trio is a Dbl family guanine nucleotide exchange factor (GEF) and a major regulator of neuronal development, controlling actin cytoskeleton dynamics by activating the GTPase Rac1.Methods: Whole-exome sequencing was undertaken on a family presenting with global developmental delay, microcephaly and mild dysmorphism. Father/daughter exome analysis was performed, followed by confirmatory Sanger sequencing and segregation analysis on four individuals. Three further patients were recruited through the deciphering developmental disorders (DDD) study. Functional studies were undertaken using patient-specific Trio protein mutations.Results: We identified a frameshift deletion in TRIO that segregated autosomal dominantly. By scrutinising data from DDD, we further identified three unrelated children with a similar phenotype who harboured de novo missense mutations in TRIO. Biochemical studies demonstrated that in three out of four families, the Trio mutations led to a markedly reduced Rac1 activation.Conclusions: We describe an inherited global developmental delay phenotype associated with a frameshift deletion in TRIO. Additionally, we identify pathogenic de novo missense mutations in TRIO associated with the same consistent phenotype, intellectual disability, microcephaly and dysmorphism with striking digital features. We further functionally validate the importance of the GEF domain in Trio protein function. Our study demonstrates how genomic technologies are yet again proving prolific in diagnosing and advancing the understanding of neurodevelopmental disorders.<br/

Reversing, Breaking, and Fixing the French Legislative Election E-Voting Protocol

We conduct a security analysis of the e-voting protocol used for the largest political election using e-voting in the world, the 2022 French legislative election for the citizens overseas. Due to a lack of system and threat model specifications, we built and contributed such specifications by studying the French legal framework and by reverse-engineering the code base accessible to the voters. Our analysis reveals that this protocol is affected by two design-level and implementation-level vulnerabilities. We show how those allow a standard voting server attacker and even more so a channel attacker to defeat the election integrity and ballot privacy due to 6 attack variants. We propose and discuss 5 fixes to prevent those attacks. Our specifications, the attacks, and the fixes were acknowledged by the relevant stakeholders during our responsible disclosure. Our attacks are in the process of being prevented with our fixes for future elections. Beyond this specific protocol, we draw general conclusions and lessons from this instructive experience where an e-voting protocol meets the real-world constraints of a large-scale and political election. Responsible Disclosure and Acknowledgments We conducted this security analysis through passive analysis only; we never attacked voting servers. Therefore, we could not alter the integrity or the security of the election. Moreover, all the vulnerabilities reported in this document have been reported to the relevant stakeholders at least 3 months before publication. We thank those stakeholders, i.e., Europe and Foreign Affairs French Ministry (EFA French Ministry), Agence nationale de la sécurité des systèmes d'information (ANSSI), Voxaly Docaposte, and the researchers running the 3 rd-party services (Stéphane Glondu, Pierrick Gaudry, and Véronique Cortier) for their help and discussions after we sent them our findings. In particular, we would like to thank again the role of ANSSI in the responsible disclosure process, which has always be a key player in promoting transparency and openness. This is greatly appreciated given the context of this work. Finally, we would like to thank our colleagues Myrto Arapinis, Hugo Labrande, and Emmanuel Thomé for their help to collect data about the French Legislative E-Voting Protocol (FLEP)

TRIO (triple functional domain (PTPRF interacting))

Review on TRIO (triple functional domain (PTPRF interacting)), with data on DNA, on the protein encoded, and where the gene is implicated

Kidins220/ARMS regulates Rac1-dependent neurite outgrowth by direct interaction with the RhoGEF Trio

Supplementary material available online at http://jcs.biologists.org/cgi/content/full/123/12/2111/DC1Neurite extension depends on extracellular signals that lead to changes in gene expression and rearrangement of the actin cytoskeleton. A factor that might orchestrate these signalling pathways with cytoskeletal elements is the integral membrane protein Kidins220/ARMS, a downstream target of neurotrophins. Here, we identified Trio, a RhoGEF for Rac1, RhoG and RhoA, which is involved in neurite outgrowth and axon guidance, as a binding partner of Kidins220. This interaction is direct and occurs between the N-terminus of Trio and the ankyrin repeats of Kidins220. Trio and Kidins220 colocalise at the tips of neurites in NGF differentiated PC12 cells, where F-actin and Rac1 also accumulate. Expression of the ankyrin repeats of Kidins220 in PC12 cells inhibits NGF-dependent and Trio induced neurite outgrowth. Similar results are seen in primary hippocampal neurons. Our data indicate that Kidins220 might localise Trio to specific membrane sites and regulate its activity, leading to Rac1 activation and neurite outgrowth.Cancer Research UKFritz-Thyssen-StiftungCNRSANR-07-NEURO-006-01 from the Agence Nationale de la Recherch

Breaking verifiability and vote privacy in CHVote

Abstract. CHVote is one of the two main electronic voting systems developed in the context of political elections in Switzerland, where the regulation requires a specific setting and specific trust assumptions. We show that actually, CHVote fails to achieve vote secrecy and individual verifiability (here, recorded-as-intended), as soon as one of the online components is dishonest, contradicting the security claims of CHVote. In total, we found 9 attacks or variants against CHVote, 2 of them being based on a bug in the reference implementation. We confirmed our findings through a proof-of-concept implementation of our attacks

A privacy attack on the Swiss Post e-voting system

International audienceThe SwissPost e-voting system is currently proposed under the scrutiny of the community, before being deployed in 2022 for political elections in several Swiss Cantons. We explain how real world constraints led to shortcomings that allowed a privacy attack to be mounted. More precisely, dishonest authorities can learn the vote of several voters of their choice, without being detected, even when the requested threshold of honest authorities act as prescribed

Proving Unlinkability using ProVerif through Desynchronized Bi-Processes

International audienceUnlinkability is a privacy property of crucial importance for several systems such as mobile phones or RFID chips. Analysing this security property is very complex, and highly error-prone. Therefore, formal verification with machine support is desirable. Unfortunately, existing techniques are not sufficient to directly apply verification tools to automatically prove unlinkability.In this paper, we overcome this limitation by defining a simple transformation that will exploit some specific features of ProVerif. This transformation, together with some generic axioms, allows the tool to successfully conclude on several case studies. We have implemented our approach, effectively obtaining direct proofs of unlinkability on several protocols that were, until now, out of reach of automatic verification tools