| 1. |
|
|
| 2. |
- Baker, Joseph, et al.
(författare)
-
Impact of an alpha helix and a cysteine-cysteine disulfide bond on the resistance of bacterial adhesion pili to stress
- 2021
-
Ingår i: Proceedings of the National Academy of Sciences of the United States of America. - : Proceedings of the National Academy of Sciences. - 0027-8424 .- 1091-6490. ; 118:21
-
Tidskriftsartikel (refereegranskat)abstract
- Escherichia coli express adhesion pili that mediate attachment to host cell surfaces and are exposed to body fluids in the urinary and gastrointestinal tracts. Pilin subunits are organized into helical polymers, with a tip adhesin for specific host binding. Pili can elastically unwind when exposed to fluid flow forces, reducing the adhesin load, thereby facilitating sustained attachment. Here we investigate biophysical and structural differences of pili commonly expressed on bacteria that inhabit the urinary and intestinal tracts. Optical tweezers measurements reveal that Class 1a pili of uropathogenic E. coli (UPEC), as well as Class 1b of enterotoxigenic E. coli (ETEC), undergo an additional conformational change beyond pilus unwinding, providing significantly more elasticity to their structure than ETEC Class 5 pili. Examining structural and steered molecular dynamics simulation data, we find this difference in Class 1 pili subunit behavior originates from an alpha-helical motif that can unfold when exposed to force. A disulfide bond cross-linking beta-strands in Class 1 pili stabilizes subunits, allowing them to tolerate higher forces than Class 5 pili that lack this covalent bond. We suggest that these extra contributions to pilus resiliency are relevant for the UPEC niche since resident bacteria are exposed to stronger, more transient drag forces compared to those experienced by ETEC bacteria in the mucosa of the intestinal tract. Interestingly, Class 1b ETEC pili include the same structural features seen in UPEC pili, while requiring lower unwinding forces that are more similar to those of Class 5 ETEC pili.
|
|
| 3. |
- Baker, Joseph, et al.
(författare)
-
Unveiling the Contributions of Secondary Structure and Disulfide Bonds for Bacterial Adhesion Pili Extension using a Multiscale Approach
- 2021
-
Ingår i: Biophysical Journal. - : Elsevier BV. - 0006-3495.
-
Konferensbidrag (övrigt vetenskapligt/konstnärligt)abstract
- Bacterial adhesion pili are essential virulence factors for many pathogenic Escherichia coli, including bacteria that cause urinary tract infections (UPEC) and diarrheal diseases (ETEC). To sustain adhesion under forces similar to those in the fluid environments of the urinary tract and gastrointestinal tract, these pili (also called fimbriae) can extend to over seven times their original length. Both UPEC and ETEC can uncoil their quaternary structure under pulling force and re-coil to their helical form when the force is reduced, as observed using optical tweezers. However, after extension to a linear polymer UPEC undergo an additional reversible conformational change, that is not seen in ETEC. The mechanism for this conformational change in UPEC is not known. Therefore, to obtain a comprehensive picture of pilus extension we have taken a synergistic approach that combines optical tweezer experiments, structural data from cryo-EM, and steered molecular dynamics simulations to investigate the response of pilin subunits to force.Our multi-faceted approach provides novel molecular-scale insights into the structural changes that occur in UPEC and ETEC pili under pulling forces. We find that the conformational change observed in UPEC pili in optical tweezer experiments is correlated with the presence of an alpha helix. In addition, structural analysis and steered molecular dynamics simulations show that there is a disulfide bond that provides additional stability of UPEC pilin subunits that is not observed in ETEC pilins, which lack cysteine residues. Together, these results suggest that the mechanism of extension of bacterial adhesion pili is related to their environmental niche, and the magnitude of fluid forces in the urinary tract versus the GI tract.
|
|
| 4. |
- Dahlberg, Joen, et al.
(författare)
-
Capacity-Driven Automatic Design of Dynamic Aircraft Arrival Routes
- 2018
-
Ingår i: 2018 IEEE/AIAA 37TH DIGITAL AVIONICS SYSTEMS CONFERENCE (DASC). - : IEEE. - 9781538641125 ; , s. 1194-1202
-
Konferensbidrag (refereegranskat)abstract
- We present a Mixed-Integer Programming framework for the design of aircraft arrival routes in a Terminal Maneuvering Area (TMA) that guarantee temporal separation of aircraft. The output routes constitute operationally feasible merge trees, and guarantee that the overall traffic pattern in the TMA can be monitored by air traffic controllers; in particular, we ensure that all aircraft on the arrival routes are separated in time and all merge points are spatially separated. We present a proof of concept of our approach, and demonstrate its feasibility by experiments for arrival routes during one hour at Stockholm TMA.
|
|
| 5. |
|
|
| 6. |
- Dahlberg, Rasmus, et al.
(författare)
-
Aggregation-Based Certificate Transparency Gossip
- 2019
-
Ingår i: Proceedings of the The Thirteenth International Conference on Emerging Security Information, Systems and Technologies - SECURWARE 2019, October 27, 2019 to October 31, 2019 - Nice, France. - : International Academy, Research and Industry Association (IARIA). - 9781713800521
-
Konferensbidrag (refereegranskat)abstract
- Certificate Transparency (CT) requires that every certificate which is issued by a certificate authority must be publicly logged. While a CT log can be untrusted in theory, it relies on the assumption that every client observes and cryptographically verifies the same log. As such, some form of gossip mechanism is needed in practice. Despite CT being adopted by several major browser vendors, no gossip mechanism is widely deployed. We suggest an aggregation-based gossip mechanism that passively observes cryptographic material that CT logs emit in plain text, aggregating at packet processors (such as routers and switches) to periodically verify log consistency off-path. In other words, gossip is provided as-a-service by the network. Our proposal can be implemented for a variety of programmable packet processors at line-speed without aggregation distinguishers (throughput), and, based on 20 days of RIPE Atlas measurements that represent clients from 3500 autonomous systems, we show that significant protection against split-viewing CT logs can be achieved with a realistic threat model and an incremental deployment scenario.
|
|
| 7. |
- Dahlberg, Rasmus, et al.
(författare)
-
Efficient Sparse Merkle Trees : Caching Strategies and Secure (Non-)Membership Proofs
- 2016
-
Ingår i: Secure IT Systems. - Cham : Springer. - 9783319475592 ; , s. 199-215
-
Konferensbidrag (refereegranskat)abstract
- A sparse Merkle tree is an authenticated data structure based on a perfect Merkle tree of intractable size. It contains a distinct leaf for every possible output from a cryptographic hash function, and can be simulated efficiently because the tree is sparse (i.e., most leaves are empty). We are the first to provide complete, succinct, and recursive definitions of a sparse Merkle tree and related operations. We show that our definitions enable efficient space-time trade-offs for different caching strategies, and that verifiable audit paths can be generated to prove (non-)membership in practically constant time (<4 ms) when using SHA-512/256. This is despite a limited amount of space for the cache—smaller than the size of the underlying data structure being authenticated—and full (concrete) security in the multi-instance setting.
|
|
| 8. |
- Dahlberg, Rasmus
(författare)
-
On Certificate Transparency Verification and Unlinkability of Websites Visited by Tor Users
- 2023
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Certificate Transparency is an ecosystem of logs, monitors, and auditors that hold certificate authorities accountable while issuing certificates. We show how the amount of trust that TLS clients and domain owners need to place in Certificate Transparency can be reduced, both in the context of existing gradual deployments and the largely unexplored area of Tor. Our contributions include improved third-party monitoring, a gossip protocol plugging into Certificate Transparency over DNS, an incrementally deployable gossip-audit model tailored for Tor Browser, and using certificates with onion addresses. The methods used range from proof sketches to Internet measurements and prototype evaluations. An essential part of our evaluation in Tor is to assess how the protocols used during website visits—such as requesting an inclusion proof from a Certificate Transparency log—affect unlinkability between senders and receivers. We find that most false positives in website fingerprinting attacks can be eliminated for all but the most frequently visited sites. This is because the destination anonymity set can be reduced due to how Internet protocols work: communication is observable and often involves third-party interactions. Some of the used protocols can further be subject to side-channel analysis. For example, we show that remote (timeless) timing attacks against Tor’s DNS cache reliably reveal the timing of past exit traffic. The severity and practicality of our extension to website fingerprinting pose threats to the anonymity provided by Tor. We conclude that access to a so-called website oracle should be an assumed attacker capability when evaluating website fingerprinting defenses.
|
|
| 9. |
- Dahlberg, Rasmus, et al.
(författare)
-
Privacy-Preserving & Incrementally-Deployable Support for Certificate Transparency in Tor
- 2021
-
Ingår i: Proceedings on Privacy Enhancing Technologies Symposium. - : Sciendo. - 2299-0984. ; , s. 194-213
-
Konferensbidrag (refereegranskat)abstract
- The security of the web improved greatly throughout the last couple of years. A large majority of the web is now served encrypted as part of HTTPS, and web browsers accordingly moved from positive to negative security indicators that warn the user if a connection is insecure. A secure connection requires that the server presents a valid certificate that binds the domain name in question to a public key. A certificate used to be valid if signed by a trusted Certificate Authority (CA), but web browsers like Google Chrome and Apple's Safari have additionally started to mandate Certificate Transparency (CT) logging to overcome the weakest-link security of the CA ecosystem. Tor and the Firefox-based Tor Browser have yet to enforce CT.In this paper, we present privacy-preserving and incrementally-deployable designs that add support for CT in Tor. Our designs go beyond the currently deployed CT enforcements that are based on blind trust: if a user that uses Tor Browser is man-in-the-middled over HTTPS, we probabilistically detect and disclose cryptographic evidence of CA and/or CT log misbehavior. The first design increment allows Tor to play a vital role in the overall goal of CT: detect mis-issued certificates and hold CAs accountable. We achieve this by randomly cross-logging a subset of certificates into other CT logs. The final increments hold misbehaving CT logs accountable, initially assuming that some logs are benign and then without any such assumption. Given that the current CT deployment lacks strong mechanisms to verify if log operators play by the rules, exposing misbehavior is important for the web in general and not just Tor. The full design turns Tor into a system for maintaining a probabilistically-verified view of the CT log ecosystem available from Tor's consensus. Each increment leading up to it preserves privacy due to and how we use Tor.
|
|
| 10. |
- Dahlberg, Rasmus, et al.
(författare)
-
Standardized Syslog Processing : Revisiting Secure Reliable Data Transfer and Message Compression
- 2016
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- Today's computer logs are like smoking guns and treasure maps in case of suspicious system activities: they document intrusions, and log crucial information such as failed system updates and crashed services. An adversary thus has a clear motive to observe, alter, and delete log entries, considering that she could (i) start by using the log's content to identify new security vulnerabilities, and (ii) exploit them without ever being detected. With this in mind we consider syslog standards and open source projects that safeguard events during the storage and transit phases, and examine how data compression effects security. We conclude that there are syslog standards in place that satisfy security on a hop-by-hop basis, that there are no such standards for secure storage, and that message compression is not recommended during transit.
|
|
