David Arroyo

Cryptanalysis of a one round chaos-based Substitution Permutation Network

The interleaving of chaos and cryptography has been the aim of a large set of works since the beginning of the nineties. Many encryption proposals have been introduced to improve conventional cryptography. However, many of possess serious problems according to the basic requirements for the secure exchange of information. In this paper we highlight some of the main problems of chaotic cryptography by means of the analysis of a very recent chaotic cryptosystem based on a one round Substitution Permutation Network. More specifically, we show that it is not possible to avoid the security problems of that encryption architecture just by including a chaotic system as the core of the derived encryption system. Highlights? The security problems of one round Substitution Permutation Networks are discussed. ? The problems of considering unimodal maps as the core of cryptosystems are analysed. ? The cryptanalysis of an specific permutation-only cipher is performed.

Generalization of the Dynamic Clamp Concept in Neurophysiology and Behavior

The idea of closed-loop interaction in in vitro and in vivo electrophysiology has been successfully implemented in the dynamic clamp concept strongly impacting the research of membrane and synaptic properties of neurons. In this paper we show that this concept can be easily generalized to build other kinds of closed-loop protocols beyond (or in addition to) electrical stimulation and recording in neurophysiology and behavioral studies for neuroethology. In particular, we illustrate three different examples of goal-driven real-time closed-loop interactions with drug microinjectors, mechanical devices and video event driven stimulation. Modern activity-dependent stimulation protocols can be used to reveal dynamics (otherwise hidden under traditional stimulation techniques), achieve control of natural and pathological states, induce learning, bridge between disparate levels of analysis and for a further automation of experiments. We argue that closed-loop interaction calls for novel real time analysis, prediction and control tools and a new perspective for designing stimulus-response experiments, which can have a large impact in neuroscience research.

An approach for adapting moodle into a secure infrastructure

Moodle is one of the most popular open source e-learning platforms. It makes available a very easy-to-deploy environment, which once installed, is ready to be used. These two characteristics, make it a very attractive choice. But regarding information security and privacy, it presents several and important drawbacks. This is mainly due to the fact that it leaves the most serious tasks, like server configuration or access control in the hands of the system administrator or third-party module developers. This approach is understandable, as is that very fact what makes Moodle easy and therefore attractive. The aim of this paper is not to discredit this option, but to enhance it by means of standard cryptographic and information security infrastructures. We focus in the registration process, which ends with the distribution of a user certificate. To link the users real identity with their virtual one, we have taken an approach that merges EBIAS (Email Based Identification and Authentication System) with a kind of challenge-response method involving secure pseudo random number generation based in a fast chaos-based Pseudo Random Number Generator.

A formal methodology for integral security design and verification of network protocols

HighlightsAn iterative methodology for verifying communication protocols, combining formal and informal analysis, is presented.When security flaws are detected, it provides feedback for easing their resolution.Three case studies with real protocols are introduced to show the benefits of such methodology.The first two case studies (MANA III and WEPs Shared Key Authentication) show how some weaknesses could have been detected.The third case study shows the complete process of verification of a new protocol for obtaining digital identities. In this work we propose a methodology for incorporating the verification of the security properties of network protocols as a fundamental component of their design. This methodology can be separated in two main parts: context and requirements analysis along with its informal verification; and formal representation of protocols and the corresponding procedural verification. Although the procedural verification phase does not require any specific tool or approach, automated tools for model checking and/or theorem proving offer a good trade-off between effort and results. In general, any security protocol design methodology should be an iterative process addressing in each step critical contexts of increasing complexity as result of the considered protocol goals and the underlying threats. The effort required for detecting flaws is proportional to the complexity of the critical context under evaluation, and thus our methodology avoids wasting valuable system resources by analyzing simple flaws in the first stages of the design process. In this work we provide a methodology in coherence with the step-by-step goals definition and threat analysis using informal and formal procedures, being our main concern to highlight the adequacy of such a methodology for promoting trust in the accordingly implemented communication protocols. Our proposal is illustrated by its application to three communication protocols: MANA III, WEPs Shared Key Authentication and CHAT-SRP.

New X.509-based mechanisms for fair anonymity management

Abstract Privacy has become a major concern in the Internet, resulting in an increased popularity of anonymizing systems aimed to protect users identities. However, service providers sometimes interpret this anonymity as a risk, since dishonest users may take advantage of it. A possible solution is to create a practical implementation of fairness mechanisms to reach an equilibrium between anonymity and its different types of revocation. Furthermore, in order to reach a wide acceptance, any new mechanism must be easily deployable in current systems and must be adaptable (from the functionality perspective) to the needs that may arise in different situations. To that end, we propose a set of extensions to the CRL and OCSP procedures of the X.509 infrastructure, and a new protocol for easing the task of providing evidence of illegitimate actions. On one hand, the adaptability of our scheme relies on the already widely deployed X.509 infrastructure. On the other hand, the functionality provided by our proposal is mainly built upon group signatures, which gives it a vast variety of schemes to choose from, depending on the specific needs that may arise.

Anonymity Revocation through Standard Infrastructures

Anonymity in information systems has been a very active field of study in recent years. Indeed, it provides fundamental improvements in privacy by protecting users identities. However, it also serves as a shield for malicious parties, since it makes tracing users difficult. Many anonymous signature schemes and systems have been proposed to overcome this problem through the incorporation of some kind of credential revocation. However, these revocation functions have been proposed at a theoretical level or, at the most, as part of highly customized systems. Moreover, another critical requirement for any practical information system is usability, which calls for the standardization of the underlying primitives. In the context of the distribution and management of digital identities the most widely known standard is X.509 Public Key Infrastructure PKI. Several proposals have been made to extend X.509 certificates to support anonymous signature schemes. However, further work is required in order to succcessfully implement revocation functionalities in such environments. Since in X.509 the procedures for identity revocation mainly rely on either Certificate Revocation Lists CRLs or the Online Certificate Status Protocol OCSP, we propose a set of extensions for both revocation standards in order to incorporate support for anonymous signature schemes. With these extensions, we achieve revocation functionality similar to that for current PKIs.

Non-conventional Digital Signatures and Their Implementations—A Review

The current technological scenario determines a profileration of trust domains, which are usually defined by validating the digital identity linked to each user. This validation entails critical assumptions about the way users’ privacy is handled, and this calls for new methods to construct and treat digital identities. Considering cryptography, identity management has been constructed and managed through conventional digital signatures. Nowadays, new types of digital signatures are required, and this transition should be guided by rigorous evaluation of the theoretical basis, but also by the selection of properly verified software means. This latter point is the core of this paper. We analyse the main non-conventional digital signatures that could endorse an adequate tradeoff between security and privacy. This discussion is focused on practical software solutions that are already implemented and available online. The goal is to help security system designers to discern identity management functionalities through standard cryptographic software libraries.

New perspectives on CKD-induced dyslipidemia

ABSTRACT Introduction: Chronic kidney disease (CKD) is a world-wide health concern associated with a significantly higher cardiovascular morbidity and mortality. One of the principal cardiovascular risk factors is the lipid profile. CKD patients have a more frequent and progressive atheromatous disease that cannot be explained by the classical lipid parameters used in the daily clinical practice. Areas covered: The current review summarizes prevailing knowledge on the role of lipids in atheromathosis in CKD patients, including an overview of lipoprotein metabolism highlighting the CKD-induced alterations. Moreover, to obtain information beyond traditional lipid parameters, new state-of-the-art technologies such as lipoprotein subfraction profiling and lipidomics are also reviewed. Finally, we analyse the potential of new lipoprotein subclasses as therapeutic targets in CKD. Expert opinion: The CKD-induced lipid profile has specific features distinct from the general population. Besides quantitative alterations, renal patients have a plethora of qualitative lipid alterations that cannot be detected by routine determinations and are responsible for the excess of cardiovascular risk. New parameters, such as lipoprotein particle number and size, together with new biomarkers obtained by lipidomics will personalize the management of these patients. Therefore, nephrologists need to be aware of new insights into lipoprotein metabolism to improve cardiovascular risk assessment.

Application of Gray codes to the study of the theory of symbolic dynamics of unimodal maps

In this paper we provide a closed mathematical formulation of our previous results in the field of symbolic dynamics of unimodal maps. This being the case, we discuss the classical theory of applied symbolic dynamics for unimodal maps and its reinterpretation using Gray codes. This connection was previously emphasized but no explicit mathematical proof was provided. The work described in this paper not only contributes to the integration of the different interpretations of symbolic dynamics of unimodal maps, it also points out some inaccuracies that exist in previous works.

Skin Autofluorescence and Subclinical Atherosclerosis in Mild to Moderate Chronic Kidney Disease: A Case-Control Study

Advanced glycation end-products (AGEs) are increased and predict mortality in patients with chronic kidney disease (CKD) who are undergoing hemodialysis, irrespective of the presence of type 2 diabetes. However, little information exits about the relationship between AGEs and subclinical atherosclerosis at the early stages of CKD. A case-control study was performed including 87 patients with mild-to-moderate stages of CKD (glomerular filtration rate from 89 to 30 ml/min/per 1.73m2) and 87 non-diabetic non-CKD subjects matched by age, gender, body mass index, and waist circumference. Skin autofluorescence (AF), a non-invasive assessment of AGEs, was measured. The presence of atheromatous disease in carotid and femoral arteries was evaluated using vascular ultrasound, and vascular age and SCORE risk were estimated. Patients with mild-to-moderate stages of CKD showed an increase in skin AF compared with control subjects (2.5±0.6 vs. 2.2±0.4 AU, p<0.001). A skin AF value >2.0 AU was accompanied by a 3-fold increased risk of detecting the presence of an atheromathous plaque (OR 3.0, 95% CI 1.4–6.5, p = 0.006). When vascular age was assessed through skin AF, subjects with CKD were almost 12 years older than control subjects (70.3±25.5 vs. 58.5±20.2 years, p = 0.001). Skin AF was negatively correlated with glomerular filtration rate (r = -0.354, p<0.001) and LDL-cholesterol (r = -0.269, p = 0.001), and positively correlated with age (r = 0.472, p<0.001), pulse pressure (r = 0.238, p = 0.002), and SCORE risk (r = 0.451, p<0.001). A stepwise multivariate regression analysis showed that age and glomerular filtration rate independently predicted skin AF (R2 = 0.289, p<0.001). Skin AF is elevated in patients with mild-to-moderate CKD compared with control subjects. This finding may be independently associated with the glomerular filtration rate and the presence of subclinical atheromatous disease. Therefore, the use of skin AF may help to accurately evaluate the real cardiovascular risk at the early stages of CKD.