Tesi sul tema "Auxiliary channels"

Voltage-gated sodium channels auxiliary subunits evolutionary emerged nearly 500 million years ago during the Cambrian explosion. These subunits alter one the most important ion channels to electrical signaling, the voltage-gated sodium channels support the propagation of electric impulses in animals. The mechanism for the auxiliary subunits effects on the channels is poorly understand, as is the stoichiometry between the auxiliary subunit and the channel. The focus of my thesis is to generate assays and to use these approaches to understand the interactions different types of voltage-gated channels and their auxiliary subunits. A biochemical approach was taken to identify novel interactions between the eukaryotic sodium channel auxiliary subunits and a prokaryotic voltage-gated sodium channel, a protein that diverged from the eukaryotic voltage-gated sodium channels billions of years ago. These interactions between the auxiliary subunits and channels were probed with chemical and photochemical crosslinkers in search of interaction surfaces and similarity to explain the mechanisms of interaction. The work in this thesis identified novel interactions between the voltage-gated sodium channel auxiliary subunits and voltage-gated channels that are distantly related to the voltage-gated sodium channels principally thought to be modulated by the auxiliary subunits. From this work a rudimentary concept can be theorized that the voltage-gated sodium channel β-subunits and not only β1 have a more primary role in electrophysiology by associating with multiple different types of ion channels.

Ca2+ entry through voltage-gated calcium channels (CaVs) triggers a range of physiological events, including synaptic neurotransmission and muscular excito-contraction coupling. CaVs are often localised to discrete membrane microdomains and are required to be targeted to such fine structures in order to perform their cellular functions. CaVs are multi-subunit protein complexes that consist of a core, pore-forming α1 subunit and auxiliary β and α2/δ subunits. The α2/δ subunit is required for the optimal cell surface expression and function of CaVs and is itself localised to cholesterol-rich membrane microdomains called lipid rafts. What is unclear is whether the α2/δ subunit is required for whole CaV complexes to be localised to lipid rafts and what effects lipid raft association has on the cell surface distribution and function of CaVs. By a combination of cellular imaging, biochemistry and electrophysiology, this project shows that the auxiliary α2/δ-1 subunit is both necessary and sufficient to target CaV2.2 to lipid rafts in the COS-7 cell heterologous expression system (Robinson et al, 2010). In addition, α2/δ is localised at the cell surface in discrete puncta and co-localises with two endogenous lipid raft resident proteins, caveolin and flotillin-1. While the punctate cell surface distribution of α2/δ is co-incident with that of caveolin and flotillin-1, its distribution is not dependent on cellular cholesterol, but rather the integrity of the actin cytoskeleton. Additional structure-function analysis by employment of the pIN-α2/δ series of deletion and substitution mutants has shown that the association of α2/δ with lipid rafts is bestowed by an extracellular region of the delta peptide, contrary to other evidence supporting the notion that α2/δ may be a GPI-anchored protein. The exact physiological and functional significance of α2/δ and CaV association with lipid rafts remains poorly understood, but the fact that CaVs are enriched within these fine structures provides a potential mechanism for targeting and access to lipid raft associated signalling pathways.

Les canaux Na dépendants du voltage sont responsables de la phase ascendante des potentiels d’action. Ils sont formés d’une sous-unité principale  et d’une ou plusieurs sous-unités secondaire . La sous-unité  seule est suffisante pour former un canal fonctionnel cependant, les sous-unités  modulent la location, l’expression ainsi que les propriétés fonctionnelles de la sous-unité . Ma thèse ce concentre sur 3 canaux Na neuronaux (Nav1.6, Nav1.7 et Nav1.8) ainsi qu’un canal sodique du muscle squelettique (Nav1.4). Les canaux Na neuronaux sont importants pour la propagation de l’influx électrique tout au long de l’axone. Nav1.7 et Nav1.8 sont les principales sous-unités exprimées dans les ganglions dorsaux. L’altération de l’expression et de la modulation de ces canaux suite à une lésion ou à l’inflammation, joue un rôle important dans la nociception et dans les douleurs chroniques. Nav1.6 est fortement concentré aux nœuds da Ranvier, il y tient un rôle important dans la conduction saltatoire et dans la répétition des potentiels d’action à hautes fréquences. Des mutations sur le canal Nav1.4 provoquent des canalopathies du muscle squelettique. Voici les questions qui ont guidé notre étude : 1) De quel façon les sous-unités  régulent les canaux Na neuronaux Nav1.7 et Nav1.8? 2) Quel anomalie biophysique est provoquée par la mutation M1476I, une mutation liée à l’effet fondateur sur le gène SCN4A qui provoque une myotonie douloureuse induite par le froid chez des Canadiens français? 3) Quels sont les propriétés biophysiques du courant persistant de Nav1.6? 4) Quel est le patron d’expression des sous-unités  et comment celles-ci régulent Nav1.7 dans les neurones de ganglions dorsaux? Afin de répondre à ces questions, plusieurs techniques ont été utilisées, notamment la technique du patch-clamp en configuration cellule entière et l’enregistrement des canaux unitaire sur des systèmes d’expression hétérologue, de la RT-PCR sur les cellules uniques, immunohistochimie et l’immunoprécipitations dans les neurones de ganglions dorsaux. Premièrement, nous avons utilisé la RT-PCR sur les cellules uniques sur des neurones dissociés de ganglions dorsaux pour identifier l’expression des sous unités 1-4 dans les neurones sensitifs de petits diamètres. Nos résultats indiques que les neurones expriment largement Nav1.6 et Nav1.8 et les sous unités 1-3. Pour étudier la régulation par les sous-unités , nous avons co-exprimés les canaux Na avec les sous-unités . La sous-unités 1 provoque une augmentation de la densité de courant de Nav1.8 lorsque co-exprimée dans des cellules HEK293 mais elle n’affecte pas la densité de courant de Nav1.6. Le domaine C-terminale de la sous-unité 1 est fortement impliqué dans la modulation de Nav1.8. Ces résultats proviennent de l’étude de l’effet de chimère 1/2 conservant différentes régions de la sous-unité 1 et de la sous-unité 2. Deuxièmement, nous avons étudié les anomalies biophysiques provoquées par la mutation M1471I de Nav1.4 en utilisant la technique du patch-clamp en mode configuration cellule entière sur des cellules tsA-201. La mutation provoque des effets similaires à d’autres mutations qui provoquent une myotonie aggravé par le potassium, incluant une augmentation du courant persistant, un ralentissement de la décroissance du courant, une dépolarisation de l’inactivation et une accélération de la récupération de l’état inactivé. Un abaissement de la température ralentit les cinétiques pour les canaux mutants et les canaux sauvages, mais il empire le défaut de l’inactivation de la mutation M1476I en augmentant l’amplitude du courant persistant. La mexiletine aide à soulager la myotonie causée par cette mutation en supprimant l’augmentation du courant persistant. Cependant, la mexiletine à une efficacité réduite sur le bloque utilisation-dpendant des canaux mutés M1476I et elle est associée à une récupération plus rapide du bloque provoqué par la mexiletine sur les canaux mutants. Troisièmement, nous avons caractérisé les propriétés du courant persistant de Nav1.6 en mode cellule entière et en courant unitaire dans des cellules HEK293 exprimant ce canal. Nous avons noté que le courant persistant de Nav1.6 est sensible à la composition du milieu intracellulaire et que l’utilisation de CsF au lieu de CsCl rendait ce courant rarement détectable. En substituant le CsF par du CsCl, nous avons montré que l’amplitude du courant persistant de Nav1.6 en mode cellule entière est de 3 à 5% du courant transitoire. Cette amplitude est similaire au ratio observé entre le maximum de probabilité d’ouverture et la probabilité d’ouverture du courant persistant observé en enregistrement de courant unitaire. L’occurrence de la réouverture des canaux explique le courant sodique persistant typique de Nav1.6. Finalement, nous avons utilisé une combinaison des techniques de RT-PCR sur les cellules uniques, immunohistochimie et d’immunoprécipitation pour étudier l’expression des sous-unités  dans différentes sous-population de neurones sensitifs. Les sous-unités  sont différentiellement exprimés dans la population de neurones de petits diamètres des ganglions dorsaux (2, 3) et dans la population de neurones de grands diamètres des ganglions dorsaux (1, 2). L’ARNm de Nav1.7 était significativement co-exprimé avec les sous-unités 2 et 3 dans la même population de neurones de petits diamètres des ganglions dorsaux. Ils forment un complexe protéine-protéine stable et sont colocalisés dans la membrane plasmatique des neurones. Lorsque les sous-unités 3 et 1 sont coexprimés avec Nav1.7, on observe un déplacement de la courbe d’activation et de la courbe d’inactivation ainsi qu’une augmentation marqués du courant de fenêtre. Nos données indiques une expression préférentielle des sous-unités  dans les neurones de petit et de grands diamètres ainsi qu’une régulation spécifique de Nav1.7 dans ces sous populations de neurones sensitifs.
Voltage-gated Na channels are responsible for the rising phase of action potentials, and consist of a pore-forming α subunit and one or more auxiliary β subunits. The α subunit alone is sufficient for the functional expression of Na channels, however, β subunits modulate the location, expression and functional properties of α subunits. My thesis will focus on three neuronal Na channels (Nav1.6, Nav1.7 and Nav1.8) and one skeletal muscle Na channel (Nav1.4). Neuronal Na channel are key players in the impulse propagation along axon. Nav1.7 and Nav1.8 are the main Na channels expressed in DRG neurons, and their altered expression and modulation following injury and inflammation play a major role in nociception and chronic pain. Nav1.6 is highly concentrated at nodes of Ranvier, and has a critical role not only in saltatory conduction but also in high-frequency repetitive firing. Skeletal muscle Na channel Nav1.4 is the initiator of muscle contraction. Mutations in Nav1.4 cause skeletal muscle channelopathies. Guiding questions for our investigations were: 1) How do auxiliary β subunits regulate peripheral nerve Na channel Nav1.6 and Nav1.8? 2) What is the underlying biophysical defect of M1476I, a novel founder SCN4A mutation associated with painful cold-induced myotonia in French Canadians? 3) What is the biophysical characterization of the Nav1.6 persistent current? 4) What is the expression pattern of auxiliary  subunits, and how do β subunits regulate Nav1.7 in DRG neurons? We addressed these questions by multiple approaches including patch clamp techniques for whole-cell and single-channel recordings in heterologous expression systems; immunohistochemistry, single-cell RT-PCR and immunoprecipitation in DRG neurons. Firstly, we employed single-cell RT-PCR of acutely dissociated DRG neurons to identify the expression of β1-4 subunits in small-diameter sensory neurons. Our results indicated that small-diameter DRG neurons widely expressed Nav1.6 and Nav1.8 channels and β1-β3 subunits. Co-expression studies were used to assess the regulation of Nav1.6 and Nav1.8 by β subunits. The β1 subunit induced a significant increase in the current density of Nav1.8 when co-expressed in HEK293 cells, but had no effect on that of Nav1.6. In addition, the C-terminal domain of β1 was involved in the modulation of Nav1.8 channel based on the results of experiments with β1/β2 chimeras harboring various regions of the strongly regulating β1 together with the weakly regulating β2 subunit. Secondly, we investigated the biophysical defects of M1476I mutation in Nav1.4 channels using whole-cell patch-clamp technique in tsA201 cells. M1476I mutant channel exhibited similar biophysical defects compared with other PAM-causing mutations, including an increased persistent current of Nav1.4, a slower current decay, a positive shift of fast inactivation, and an accelerated recovery from fast inactivation. Lowering the temperature slowed the kinetics for both wide-type and mutant channels, and worsened the defective fast inactivation of M1476I channels by further increasing the amplitude of the persistent current. Mexiletine helps relieve myotonia in M1476I carriers by effectively suppressing the increased persistent current, except for the use-dependent block. However, mexiletine had a reduced effectiveness on the use-dependent block of M1476I channels, and that was associated with a faster recovery from mexiletine block of mutant channels. Thirdly, we characterized the whole-cell and single-channel properties of Nav1.6 persistent currents expressed in HEK293 cells. We noted that Nav1.6 persistent current was highly sensitive to the composition of the internal solution, and persistent current was rarely detectable when CsF instead of CsCl was used. By substituting CsF for CsCl in the intracellular solution, we showed that Nav1.6 persistent current in the whole-cell configuration was 3–5% of the peak transient current. This amplitude of persistent current was similar to the ratio between peak and persistent open probability observed in the single-channel recording, indicating that the occurrence of late channel reopenings accounts for the persistent macroscopic Na current typical of Nav1.6. Finally, we employed a combination of single-cell RT-PCR, immunocytochemistry and immunoprecipitation to investigate  subunit expression in subpopulations of sensory neurons.  subunits were differentially expressed in small (2, 3) and large (1, 2) DRG neurons. Nav1.7 mRNA was significantly co-expressed with the 2 and 3 subunits in the same population of small-diameter DRG neurons. They formed stable protein-protein interactions and co-localized within the plasma membranes of neurons.When co-expressed in HEK293 cells, 3 and 1 subunits shifted activation and inactivation curves respectively and induced a marked increase in Nav1.7 window current. Our data indicated a preferential expression of  subunits in small and large DRG neurons and a subunit-specific Nav1.7 regulation in these subpopulations of sensory neurons.
Tableau d'honneur de la FÉSP

In neurons, hyperpolarization-activated cyclic nucleotide-regulated (HCN1-4) channels are the molecular determinants of the Ih current, which controls several cognitive processes. Unique among the voltage-gated ion channel superfamily, HCN channels are modulated by the direct binding of cAMP to their cytoplasmic cyclic nucleotide binding domain (CNBD). Thus, cyclic nucleotide-dependent conformational changes of CNBD are determinant in the regulation of HCN channel opening. The rearrangements induced by cAMP in HCN CNBD are not yet elucidated, since for this protein is known only the cAMP-bound form. HCN channels are further regulated by their association with the auxiliary protein TRIP8b, which preferentially binds to the cAMP-unbound CNBD and opposes cAMP regulation. Recently, we proposed a cyclic allosteric model to explain the mutual antagonistic effect of TRIP8b and cAMP. Here, to validate this model, we first determined the model structure of the human HCN2 CNBD in the cAMP-unbound form using NMR methodologies. By comparing the cAMP-unbound and cAMP-bound structures we highlighted all the conformational changes allosterically coupled to the channel opening transition. Subsequently, we mapped the TRIP8b binding site onto the cAMP-unbound CNBD. Our results show that cAMP and TRIP8b do not compete for the same binding region, and support our allosteric antagonistic model for the dual regulation of HCN channels by cAMP and TRIP8b.

The putative CACHD1 gene was identified following a systematic search for ligand-binding proteins as novel drug targets. The CACHD1 gene encodes CACHD1 and has a predicted protein structure similar to that of the [alpha]2[delta] family of voltage-gated Ca2+ channel (VGCC) auxiliary subunits, which modulates the biophysical properties and plasma membrane expression of VGCCs. On this basis, the hypothesis that CACHD1 represents a novel [alpha]2[delta]-like VGCC auxiliary subunit was tested.

L’expression anormale du canal sodique Nav1.5 dans le cancer du sein est corrélée au développement métastatique et à une mortalité augmentée. Le canal Nav1.5 est localisé dans les invadopodes des cellules cancéreuses mammaires humaines MDA-MB-231 et augmente leur activité protéolytique par une modulation allostérique de l’échangeur NHE-1 et l’activation de protéases acides. In vivo, dans un modèle de xénogreffe sur souris NMRI nude, l’expression de Nav1.5 potentialise la colonisation des poumons par les cellules cancéreuses mammaires humaines. Cette colonisation métastatique est inhibée par un traitement à la ranolazine, un inhibiteur pharmacologique des canaux Nav1.5. La sous-unité β4, auxiliaire des canaux Nav, voit son expression diminuer au cours de la progression cancéreuse, ce qui est associé in vitro à une augmentation de l’invasivité cellulaire. Cette augmentation d’invasivité semble indépendante du canal Nav1.5 et pourrait être associée à une transition des cellules vers un phénotype amiboïde. En conclusion, l’expression de Nav1.5 et la perte d’expression de β4 semblent jouer des rôles complémentaires dans l’invasivité des cellules cancéreuses
The abnormal expression of sodium channel Nav1.5 in breast cancer is correlated with metastatic development and an increased mortality. The Nav1.5 channel is located in invadopodia in human breast cancer cells MDA-MB-231, where it increases proteolytic activity by allosteric modulation of exchanger NHE-1 and activation of acidic proteases. In vivo, in a xenograft model in nude NMRI mice, the expression of Nav1.5 potentiates lung colonization by human breast cancer cells. Metastatic colonization is inhibited by treatment with ranolazine, a pharmacological inhibitor of Nav1.5. The β4 subunit, an auxiliary subunit of Nav channels, is expressed at low levels or lost when tumors are more aggressive, and its suppression in vitro increases celI invasiveness. This increase seems to be independent of Nav1.5 and could be associated with the transition of cells to an amoeboid phenotype. In conclusion, Nav1.5 expression and the loss of β4 expression seem to play complementary roles in the invasiveness of cancer cells

Dans le paysage technologique actuel, l'internet des objets (IoT) a émergé comme un élément omniprésent, engendrant néanmoins des défis majeurs en matière de sécurité. Les attaques par injection de fautes et par canaux auxiliaires sont particulièrement préoccupantes. Les processeurs, étant les pierres angulaires des systèmes informatiques, sont cruciaux pour la sécurisation de l'IoT.Cette thèse se focalise sur la sécurisation du pipeline des processeurs pour contrer ces menaces. L'importance de cette recherche est mise en évidence par la nécessité d'élaborer des mécanismes de sécurité robustes au niveau du processeur, le noyau de tout calcul et contrôle. Plusieurs contre-mesures sont proposées.Pour sécuriser le chemin de données, une méthode de tag d'intégrité est proposée. Compatible avec les techniques de masquage traditionnelles, cette méthode vise à garantir l'intégrité des données tout au long du pipeline du processus, et ce, avec un surcoût réduit.Pour le chemin d'instructions, un mécanisme de masquage de l'instruction en cours est proposé, où un masque est généré en fonction de l'instruction précédente. Cette technique innovante permet une sécurisation efficace des instructions avec un surcoût très faible.Quant au procédé de désynchronisation, il introduit une méthode robuste permettant d'insérer des instructions factices de manière plus efficace que les techniques actuelles.Ces contre-mesures, en ciblant les composantes clés du processeur, contribuent à une amélioration notable de la sécurité des systèmes IoT. Elles s'attaquent aux racines des vulnérabilités, offrant ainsi un niveau de protection renforcé contre une gamme variée d'attaques
In today's technological landscape, the Internet of Things (IoT) has emerged as a ubiquitous element, yet it brings major security challenges. Fault injection and side-channel attacks are of particular concern, targeting systemic weaknesses and compromising data integrity and confidentiality. Processors, as the cornerstones of computing systems, are crucial in securing the IoT.This thesis focuses on securing the processor pipeline to counter these threats. The significance of this research is highlighted by the need to develop robust security mechanisms at the processor level, the core of all computation and control. Several countermeasures are proposed to enhance the resilience of different parts of the processor against attacks.To secure the data path, an integrity tagging method is proposed. Compatible with traditional masking techniques, this method aims to ensure data integrity throughout the processing pipeline, with minimal overhead.For the instruction path, a mechanism for masking the current instruction is proposed, where a mask is generated based on the previous instruction. This innovative technique enables effective instruction security with very low overhead.Regarding the desynchronization process, it introduces a robust method for inserting dummy instructions more efficiently than current techniques.These countermeasures, by targeting key components of the processor, contribute to a notable improvement in the security of IoT systems. They address the roots of vulnerabilities, thus providing enhanced protection against a wide range of attacks

Le syndrome de Brugada (BrS) est une cardiopathie héréditaire à transmission autosomique dominante, se manifestant par une anomalie de l'ECG et un risque accru de mort subite. Les mutations retrouvées dans la sous-unité α du canal sodique cardiaque Nav1.5 chez certains patients entraînent un défaut d'adressage membranaire de ces canaux. Ceux-ci restent alors séquestrés dans des compartiments intracellulaires. L'étude de ces mutants se réduisant souvent à l'utilisation de traitements correcteurs, les mécanismes de rétention impliqués restent encore méconnus. L'objectif de ce travail est d'étudier des mutants Nav1.5 présentant un défaut d'adressage en tenant compte non seulement de l'hétérozygotie des patients BrS mais également de la présence de la sous unité régulatrice β1 prédominante dans le cœur. Des études fonctionnelles et biochimiques mettent en évidence un effet dominant négatif exercé par les mutants R1432G, L325R et S910L sur la densité de courant INa sauvage (WT). Cet effet nécessite la présence de la sous-unité β1 et passe par l'altération de l'adressage membranaire des formes WT. Ceci est la conséquence d'une interaction physique entre des sous-unités α mutantes et WT. D'autre part, les mutants étudiés présentent un profil de maturation lié aux N-glycosylations qui différent de celui des canaux WT. Nos données suggèrent que ces canaux peuvent emprunter (i) la voie classique d'adressage dans leur forme mature (ii) la voie dite non conventionnelle lorsqu'ils sont partiellement glycosylés. En conclusion, ces travaux mettent en évidence le rôle de la sous-unité β1 ainsi que l'implication des N-glycosylations dans la modulation de l'adressage des canaux Nav1.5
Brugada syndrome (BrS) is an inherited autosomal dominant cardiac channelopathy characterized by abnormal ECG pattern and an increased risk of sudden cardiac death. Several mutations on the cardiac sodium channel Nav1.5 which are responsible for BrS lead to misfolded proteins that do not traffic properly to the plasma membrane and are instead retained in intracellular compartments. Although pharmacological rescue is commonly used to characterize misfolded mutants, underlying cellular retention mechanisms remain unclear. The aim of this work is to investigate trafficking defective Nav1.5 mutants considering BrS patient heterozygosity and the presence of the regulatory β1-subunit which is largely expressed in cardiac tissue. By combining electrophysiology and biochemical approaches, we show that three distinct mutants, R1432G, L325R and S910L, exert a strong dominant negative effect upon wild-type (WT) sodium current density. Our data indicate that this effect requires the presence of the β1-subunit and is mediated by disruption of membrane trafficking of WT channels. Co-immunoprecipitation experiments demonstrate a physical interaction between mutant and WT α-subunits occurring only when the β1-subunit was present. Furthermore, we investigate the maturation pattern of Na channels. Our data show distinct N-glycosylated states between WT and mutant channels, suggesting that Nav1.5 α-subunits traffic (i) via unconventional secretion pathway as a partially glycosylated product, (ii) through the classical secretory pathway for mature fully-glycosylated form. This work highlights that β1-subunit and N-linked glycosylation process play key roles in modulating Nav1.5 trafficki

Voltage-gated calcium channels (CaV) are key regulators of cellular excitability; they translate electrical information into biochemical responses in excitable cells such as nerve and muscle cells. CaV are separated in three families: CaV1, CaV2 and CaV3. CaV1 and CaV2 typically comprise a pore-forming alpha1 with auxiliary β and alpha2delta subunits. The alpha2delta enhances surface expression and modulates the biophysical properties of CaV. It has been implicated in pain and epilepsy, and the target for anti-epileptic and anti-nociceptive gabapentinoid drugs. Despite its clinical significance, the relationship between the structure and function of this subunit remains poorly understood. Fitzgerald and co-workers recently showed that the N-terminal region of alpha2delta-1, termed the R domain (Rd), is both necessary and sufficient to replicate the effects of full-length alpha2delta on CaV2.2 channels. In order to understand the functional role(s) of Rd and the regions downstream of it, the biochemical and cell biological properties of alpha2delta were explored producing a set of alpha2delta-truncated proteins, in which the delta protein was inserted into an inert type-1 transmembrane reporter protein (PIN-G). The construct was then extended towards the N-terminal of the alpha2delta-1 (C- to N- PIN-constructs). Other sets of constructs, lacking the delta protein, were prepared after successive additions of stop codons (TGA) in the alpha2delta (N- to C- PIN-constructs). The MIDAS motif within the VWA domain of alpha2delta-1/-2 has been suggested to be critical for trafficking of alpha2delta to the cell surface. Whilst the present study supports a role for MIDAS in surface expression of alpha2delta, it is the Rd that appears essential. Mutation of MIDAS reduced expression, whereas the removal of Rd completely abolished the presence of alpha2delta at the cell surface. Examination of the electrophysiological effects of N- to C- terminal truncated constructs (PIN-Rd, PIN-Rd-VWA and PIN-alpha2) on CaV2.2/β1b channels revealed that, in contrast to the full functionality of Rd alone, extension to the end of the VWA domain, or the alpha2 region, abolished typical alpha2delta-mediated current enhancement. Nevertheless, both constructs increased rate of voltage-dependent inactivation, indicating that they interact with the channel via Rd. Thus, Rd appears to contain all the machinery required to support the electrophysiological and trafficking effects of alpha2delta. Preliminary work has generated tools that could be used to conduct competition-based assays to identify the extracellular loops of the CaV2.2 alpha1 subunit that interact with the Rd. Such an approach could be applied to other alpha1 subtypes to determine discrete alpha2-Rd interactions, information that is critical for further therapeutic exploitation of alpha2delta. Finally, the data from this thesis and the existing literature have been used to propose a revised model of how alpha2delta interacts with CaV.

The voltage gated sodium channel is of great importance to living organisms allowing neurotransmission and muscle contraction to occur with great speed. The channel in CNS comprises a large α subunit forming the pore, ion selectivity filter and voltage sensor. Coupled to this are the smaller Na_vβ2.1 (absent in PNS) and either Na_vβ1.1 or Na_vβ3.1 subunits. The extracellular domain of Na_vβ3.1 based on sequence homology to myelin P0, is predicted to form a V-type immunoglobulin fold and a short intracellular domain contains a potential YXXΦ signal for internalisation by clathrin coated pits. Recombinant Na_vβ3.1 extracellular domain was used in electrophysiological experiments in which Xenopus oocytes were injected with cRNA encoding Na_v1.3 or Na_v1.4 with or without Na_vβ3.1. Those expressing α alone were incubated with Na_vβ3.1 recombinant extracellular domain and the currents recorded. Recombinant extracellular domain was used as an antigen to make monoclonal antibodies which were epitope mapped using mutated recombinant protein. Circular Dichroism (CD) and Fourier Transform Infra-Red (FTIR) spectra were obtained to assess the secondary structure of the extracellular domain protein. The results showed a predominantly β-sheet secondary structure within the extracellular domain which was able to modify the gating kinetics of the alpha subunit. Antibody production was unsuccessful. Although an antibody was produced and mutagenised extracellular domain protein was used in epitope mapping studies, the antibody had poor specificity. The intracellular domain was investigated using the yeast-2-hybrid system with the m adaptor subunits of clathrin coated pits to ascertain which it interacted with. The YLAI signal of the intracellular domain was able to interact with the m3 subunits of the adaptor complexes, suggesting that this may act as a pathway for internalisation of this protein.

Les systèmes embarqués sont constamment menacés par diverses attaques, notamment les attaques side-channel. Pour garantir un certain niveau de sécurité, les implémentations cryptographiques doivent valider des tests d’évaluation recommandés par les standards de certifications, et ainsi répondre aux besoins du marché. Pour cette raison, il est nécessaire d’implémenter des contremesures fiables pour contrer ce type d’attaques. Néanmoins, une fois ces contremesures implémentées, les tests de vérification et de validation peuvent s’avérer très coûteux en temps et en argent. Ainsi, minimiser le nombre d’allers-retours, entre l’étape de conception et l’étape d’évaluation est primordial. Nous allons explorer une classe très large d’attaques existantes (passives et actives), et proposer des méthodes d’évaluations au niveau pré-silicium, permettant d’un côté, de détecter les différents types de fuites qu’un attaquant donné pourrait exploiter, et de l’autre, exposer des techniques de protection permettant de contrer ces attaques, tout en respectant l’aspect performance et taille en silicium. Nous nous basons dans nos analyses sur des méthodes formelles et empiriques, pour tracer l’impact de chaque vulnérabilité sur les différents niveaux d’abstraction du circuit, et ainsi proposer des contremesures optimales
Embedded systems are constantly threatened by various attacks, including side-channel attacks. To guarantee a certain level of security, cryptographic implementations must validate evaluation tests recommended by the certification standards, and thus meet the market needs. For this reason, it is necessary to implement reliable countermeasures to counter this type of attacks. However, once these countermeasures are implemented, verification and validation tests can be very costly in terms of time and money. Thus, optimizing the lifecycle of the circuit, between the design stage and the evaluation stage is paramount. We will explore a very broad class of existing attacks (passive and active), and propose methods of pre-silicon level assessments, allowing on the one hand, to detect the different types of leakages that a given attacker can exploit, and on the other hand, expose different techniques to counter these attacks, while respecting the performance and area aspect. In our analyses, we apply formal and empirical methods to track the impact of each vulnerability on the different abstraction levels of the circuit, and thus propose optimal countermeasures

Les attaques par canaux auxiliaires sont une menace pour la confidentialité des données, en particulier sur les systèmes embarqués. La contre-mesure de masquage constitue une approche de protection sûre et prouvée. Néanmoins, des réalités physiques réduisent les garanties de sécurité prouvées. En particulier, dans le contexte logiciel, le jeu d'instructions (ISA) supporté par un processeur cache au concepteur du schéma de masquage l'une des causes de cette réduction de la sécurité : la micro-architecture. Ainsi, le concepteur ne peut pas déterminer les sources de fuite induites par la micro-architecture et leur impact sur la sécurité d'une implémentation logicielle. Des informations peuvent fuir, par exemple, lors des transitions d'état dans les registres cachés, ou si les signaux dans des éléments combinatoires ont des temps de propagation différents. À cela s'ajoutent les effets de mécanismes spéculatifs potentiels et de la structuration du système mémoire. Plusieurs méthodologies permettent d'atténuer l'impact de la micro-architecture sur les implémentations logicielles masquées, mais ces travaux requièrent une connaissance fine de la micro-architecture, ce qui a plusieurs inconvénients : portabilité limitée des garanties de sécurité entre différentes micro-architectures, connaissance souvent incomplète de la micro-architecture, complexité des micro-architectures. On peut donc se demander s'il existe des approches moins dépendantes de la micro-architecture sous-jacente. Dans cette thèse, nous abordons, selon deux axes, la problématique du développement de logiciels masqués sécurisés en pratique contre les attaques par canal auxiliaire. Le premier axe vise le développement automatisé de logiciel masqué résistant aux fuites en transitions. Nous proposons une méthodologie qui tire parti des compilateurs optimisants : étant donné une implémentation logicielle, annotée avec des informations relatives aux données sensibles et une description de la micro-architecture cible, nous montrons comment l'ordonnancement des instructions et l'allocation des registres peut atténuer les fuites basées sur les transitions de manière automatisée. Le deuxième axe vise une approche indépendante de l'architecture cible. Dans la littérature, les travaux se concentrent en majorité sur l'atténuation de l'impact de la micro-architecture sur les implémentations logicielles protégées par le schéma de masquage Booléen. D'autres types de schémas de masquage ont été montrés plus résistants aux fuites en transition en théorie, et donc potentiellement aux effets de la micro-architecture de la cible. Cependant, leur résistance en pratique n'a pas été étudiée. De plus, l'exploitation potentielle d'informations provenant du parallélisme des données potentiellement induit par la micro-architecture n'a pas été étudié pour les implémentations logicielles. Nous étudions ainsi la sécurité en pratique offerte par les schémas de masquage de premier ordre Booléen, arithmétique et produit scalaire contre les fuites induites par la micro-architecture, y compris le parallélisme des données. D'abord, nous montrons que le parallélisme de données se manifeste même sur de simples micro-architectures scalaires. Ensuite, nous étudions l'impact des fuites en transition et du parallélisme de données sur les valeurs masquées avec les schémas de masquage étudiés. Enfin, nous étudions l'impact de ces fuites sur des implémentations masquées du cryptosystème AES-128. Nous montrons qu'aucun des schémas de masquage étudiés n'apporte de protection parfaite face aux fuites micro-architecturales considérées, bien que leur résistance soit très hétérogène
Side-channels attacks are recognized as a threat for the confidentiality of data, in particular on embedded systems. The masking countermeasure constitutes a provably secure protection approach. Nonetheless, physical non-idealities reduce its proven security guarantees. In particular, in the software implementations, the Instruction Set Architecture (ISA) supported by a processor hides to the masking scheme designer one cause of such physical non-idealities: the micro-architecture. As such, the designer is not aware of the actual micro-architecture-induced side-channel sources and their security impact on a software implementation. Information can leak, for instance, during the state transition of hidden registers, or in the case signals of combinatorial elements exhibit different propagation times. Furthermore, speculative features and the memory subsystems can play a role in such information leakage. Several methodologies allow the mitigation of the impact of the micro-architecture on masked software implementations, but these approaches depend on the detailed knowledge of the micro-architecture, which implies several shortcomings: limited portability of the security guarantees between different micro-architectures, incomplete knowledge of the microarchitecture, complexity of the micro-architecture design. Thus, one might wonder whether there exist approaches less dependent on the underlying micro-architecture. With this thesis, we address, along two axes, the problem of developing practically secure masked software. The first axis targets the automated development of masked software resilient to transition-based leakages. We propose a methodology that takes advantage of optimizing compilers: given in input a software implementation, annotated with sensitive-data-related information, and a description of the target micro-architecture, we show how to exploit the instruction scheduling and register allocation tools to mitigate transition-based leakages in an automated manner. The second axis targets an architecture-independent approach. In literature, most of the works focuses on mitigating the impact of the micro-architecture on software implementations protected with the so-called Boolean masking scheme. Theoretical studies show the better resilience of alternative types masking schemes against transition-based leakages, suggesting their employment against micro-architectural leakage. Yet, their practical resilience has not been explored. Furthermore, the potential exploitation of the information leaked by data parallelism, potentially induced by the micro-architecture, has not been studied for software implementations. As such, we study the practical security offered by first-order Boolean, arithmetic and Inner-Product masking against micro-architecture-induced leakage, encompassing data parallelism as well. We first show that data parallelism can manifest also on simple scalar micro-architectures. Then, we evaluate the impact of transition-based leakage and data parallelism on values masked with the studied masking schemes. Eventually, we evaluate the impact of such information leakages on different masked implementations of the AES-128 cryptosystem. We show that, although their different leakage resilience, none of the studied masking schemes can perfectly mitigate the considered micro-architectural leakages

Les implémentations cryptographiques sont vulnérables aux attaques physiques, et ont donc besoin d'en être protégées. Bien sûr, des protections défectueuses sont inutiles. L'utilisation des méthodes formelles permet de développer des systèmes tout en garantissant leur conformité à des spécifications données. Le premier objectif de ma thèse, et son aspect novateur, est de montrer que les méthodes formelles peuvent être utilisées pour prouver non seulement les principes des contre-mesures dans le cadre d'un modèle, mais aussi leurs implémentations, étant donné que c'est là que les vulnérabilités physiques sont exploitées. Mon second objectif est la preuve et l'automatisation des techniques de protection elles-même, car l'écriture manuelle de code est sujette à de nombreuses erreurs, particulièrement lorsqu'il s'agit de code de sécurité
Implementations of cryptosystems are vulnerable to physical attacks, and thus need to be protected against them. Of course, malfunctioning protections are useless. Formal methods help to develop systems while assessing their conformity to a rigorous specification. The first goal of my thesis, and its innovative aspect, is to show that formal methods can be used to prove not only the principle of the countermeasures according to a model, but also their implementations, as it is where the physical vulnerabilities are exploited. My second goal is the proof and the automation of the protection techniques themselves, because handwritten security code is error-prone

La sécurité des systèmes embarqués contenant des données sensibles est un enjeu crucial. La disponibilité de ces objets en fait une cible privilégiée pour les attaques physiques, nécessitant l'ajout de protections matérielles et logicielles. La recherche de réduction des coûts de développement pousse les industriels à opter pour du déploiement automatique de protections. L'objet de la thèse consiste à étudier l'intégration de contre-mesures logicielles contre les attaques par faute dans les outils de développement, en particulier dans le compilateur, afin d'automatiser l'application de contre-mesures variées. Pour cela, nous proposons deux schémas de protection génériques et automatiquement déployables contre ces attaques : un dédié à la sécurisation des boucles et le deuxième à la sécurisation du graphe d'appel. Ces schémas spécifiques, intégrés dans un même compilateur (LLVM) permettent la sécurisation de parties sensibles et choisies du code limitant ainsi leur surcoût en performances. Les fautes exploitables variant d'un composant à l'autre, nous proposons également une caractérisation des effets des fautes au niveau du jeu d'instructions sur une plateforme intégrant un processeur superscalaire typique des téléphones mobiles. Ces travaux montrent la nécessité d'étudier les injections de faute sur des plateformes complexes, de concevoir de nouveaux schémas de protection adaptés, et de continuer à intégrer dans un même compilateur plus de schémas de sécurisation
The security of embedded systems containing sensitive data has become a main concern. These widely deployed devices are subject to physcial attacks, requiring protections both in hardware and software. The race for higher productivity and shorter time to market in the deployment of secure systems pushes for automatic solutions. This thesis studies the integration of software countermeasures against fault attacks in development tools, with a special focus on the compiler. The goal is to enable the automatic application, at compilation time, of a wide range of countermeasures. We propose two protection schemes against these attacks which can be automatically deployed: one scheme dedicated to loop control flow and the second dedicated to the protection of the call graph. These schemes, integrated in the LLVM compiler framework, allow to focus security application on sensitive areas of the targeted code, thus limitating the overhead. Faults that can be exploited are different from a device to another, we thus also provide an ISA-level characterization of fault effects on a superscalar processor representative of mobile phones. This work highlights the need of studying fault effects on more complex platforms, leading to the design of new protection schemes and automating their compilation-time application

Dans un environnement virtualisé, l'hyperviseur fournit l'isolation au niveau logiciel, mais l'infrastructure partagée rend possible des attaques au niveau matériel. Les attaques par canaux auxiliaires ainsi que les canaux cachés sont des problèmes bien connus liés aux infrastructures partagées, et en particulier au partage du processeur. Cependant, ces attaques reposent sur des caractéristiques propres à la microarchitecture qui change avec les différentes générations de matériel. Ces dernières années ont vu la progression des calculs généralistes sur processeurs graphiques (aussi appelés GPUs), couplés aux environnements dits cloud. Cette thèse explore ces récentes évolutions, ainsi que leurs conséquences en termes de fuites d'information dans les environnements virtualisés. Premièrement, nous investiguons les microarchitectures des processeurs récents. Notre première contribution est C5, un canal caché sur le cache qui traverse les coeurs d'un processeur, évalué entre deux machines virtuelles. Notre deuxième contribution est la rétro-ingénierie de la fonction d'adressage complexe du dernier niveau de cache des processeurs Intel, rendant la classe des attaques sur les caches facilement réalisable en pratique. Finalement, dans la dernière partie nous investiguons la sécurité de la virtualisation des GPUs. Notre troisième contribution montre que les environnements virtualisés sont susceptibles aux fuites d'informations sur la mémoire d'un GPU
In a virtualized environment, the hypervisor provides isolation at the software level, but shared infrastructure makes attacks possible at the hardware level. Side and covert channels are well-known issues of shared hardware, and in particular shared processors. However, they rely on microarchitectural features that are changing with the different generations of hardware. The last years have also shown the rise of General-Purpose computing on Graphics Processing Units (GPGPU), coupled to so-called cloud environments. This thesis explores these recent evolutions and their consequences in terms of information leakage in virtualized environments. We first investigate the recent processor microarchitectures. Our first contribution is C5, a cross-core cache covert channel, evaluated between virtual machines. Following this work, our second contribution is the reverse engineering of the complex addressing function of the last-level cache of Intel processors, rendering the class of cache attacks highly practical. In the last part, we investigate the security of GPU virtualization. Our third contribution shows that virtualized environments are susceptible to information leakage from the GPU memory

This PhD thesis focuses on the study, the hardware design, the theoretical and practical validation, and eventually the comparison of different arithmetic operators for cryptosystems based on elliptic curves (ECC). Provided solutions must be robust against some side-channel attacks, and efficient at a hardware level (execution speed and area). In the case of ECC, we want to protect the secret key, a large integer, used in the scalar multiplication. Our protection methods use representations of numbers, and behaviour of algorithms to make more difficult some attacks. For instance, we randomly change some representations of manipulated numbers while ensuring that computed values are correct. Redundant representations like signed-digit representation, the double- (DBNS) and multi-base number system (MBNS) have been studied. A proposed method provides an on-the-fly MBNS recoding which operates in parallel to curve-level operations and at very high speed. All recoding techniques have been theoretically validated, simulated extensively in software, and finally implemented in hardware (FPGA and ASIC). A side-channel attack called template attack is also carried out to evaluate the robustness of a cryptosystem using a redundant number representation. Eventually, a study is conducted at the hardware level to provide an ECC cryptosystem with a regular behaviour of computed operations during the scalar multiplication so as to protect against some side-channel attacks.

Les implémentations cryptographiques sont vulnérables aux attaques physiques, et ont donc besoin d'en être protégées. Bien sûr, des protections défectueuses sont inutiles. L'utilisation des méthodes formelles permet de développer des systèmes tout en garantissant leur conformité à des spécifications données. Le premier objectif de ma thèse, et son aspect novateur, est de montrer que les méthodes formelles peuvent être utilisées pour prouver non seulement les principes des contre-mesures dans le cadre d'un modèle, mais aussi leurs implémentations, étant donné que c'est là que les vulnérabilités physiques sont exploitées. Mon second objectif est la preuve et l'automatisation des techniques de protection elles-même, car l'écriture manuelle de code est sujette à de nombreuses erreurs, particulièrement lorsqu'il s'agit de code de sécurité
Implementations of cryptosystems are vulnerable to physical attacks, and thus need to be protected against them. Of course, malfunctioning protections are useless. Formal methods help to develop systems while assessing their conformity to a rigorous specification. The first goal of my thesis, and its innovative aspect, is to show that formal methods can be used to prove not only the principle of the countermeasures according to a model, but also their implementations, as it is where the physical vulnerabilities are exploited. My second goal is the proof and the automation of the protection techniques themselves, because handwritten security code is error-prone

Les analyses par canaux auxiliaires exploitent les fuites physiques des systèmes embarqués. Ces attaques représentent une réelle menace; c’est pourquoi différentes contre-mesures ont été développées. Cette thèse s’intéresse à la sécurité fournie par ces contre-mesures. Nous étudions leur sécurité dans le contexte où de multiples fuites sont présentes. Il arrive que plusieurs fuites de plusieurs variables puissent être exploitées lors d’analyses par canaux auxiliaires. Dans cette thèse nous présentons la méthode optimale pour exploiter les fuites d’une unique variable. Nous étudions ensuite comment de telles méthodes de réduction de dimensionnalité peuvent être appliquées dans le cas d’implémentations protégées. Nous montrons que ces méthodes voient leur efficacité augmentée avec le niveau de sécurité de l’implémentation. Nous montrons dans cette thèse comment exploiter les fuites de multiples variables pour améliorer les résultats d’analyses par canaux auxiliaires. Nous améliorons en particulier les attaques contre les schémas de masquage avec recalcul de table. Dans ce contexte nous présentons l’attaque optimale. Dans le cas où les schémas avec recalcul de table sont protégés nous montrons que le principal paramètre pour évaluer la sécurité des schémas de masquage, c’est-à-dire l’ordre n’est pas suffisant. Pour finir nous étudions de façon théorique la meilleure attaque possible en présence de masquage et de « shuffling » ce qui généralise le précédent cas d’étude. Dans ce cas nous montrons que l’attaque optimale n’est pas calculable. Pour y remédier, nous présentons une version tronquée de l’attaque optimale avec une meilleure efficacité calculatoire
Side Channel Attacks are a classical threat against cryptographic algorithms in embedded systems. They aim at exploiting the physical leakages unintentionally emitted by the devices during the execution of their embedded programs to recover sensitive data. As such attacks represent a real threat against embedded systems different countermeasures have been developed. In thesis we investigate their security in presence of multiple leakages. Indeed there often are in the leakage measurements several variables which can be exploited to mount Side Channel Attacks. In particular we show in this thesis the optimal way to exploit multiple leakages of a unique variable. This dimensionality reduction comes with no loss on the overall exploitable information. Based on this result we investigate further how such dimensionality reduction methodscan be applied in the case of protected implementations. We show that the impact of such methods increases with the security “level” of the implementation. We also investigate how to exploit the leakages of multiplevariables in order to improve the results of Side Channel Analysis. We start by improving the attacks against masking schemes, with a precomputed table recomputation step. Some protections have been developed to protect such schemes. As a consequence we investigate the security provided by these protections. In this context we present results which show that the main parameter to evaluate the security of the masking schemes is not sufficient to estimate the global security of the implementation. Finally we show that in the context of masking scheme with shuffling the optimal attack is not computable. As a consequence we present a truncated version of this attack with a better effectiveness

Dans un environnement virtualisé, l'hyperviseur fournit l'isolation au niveau logiciel, mais l'infrastructure partagée rend possible des attaques au niveau matériel. Les attaques par canaux auxiliaires ainsi que les canaux cachés sont des problèmes bien connus liés aux infrastructures partagées, et en particulier au partage du processeur. Cependant, ces attaques reposent sur des caractéristiques propres à la microarchitecture qui change avec les différentes générations de matériel. Ces dernières années ont vu la progression des calculs généralistes sur processeurs graphiques (aussi appelés GPUs), couplés aux environnements dits cloud. Cette thèse explore ces récentes évolutions, ainsi que leurs conséquences en termes de fuites d'information dans les environnements virtualisés. Premièrement, nous investiguons les microarchitectures des processeurs récents. Notre première contribution est C5, un canal caché sur le cache qui traverse les coeurs d'un processeur, évalué entre deux machines virtuelles. Notre deuxième contribution est la rétro-ingénierie de la fonction d'adressage complexe du dernier niveau de cache des processeurs Intel, rendant la classe des attaques sur les caches facilement réalisable en pratique. Finalement, dans la dernière partie nous investiguons la sécurité de la virtualisation des GPUs. Notre troisième contribution montre que les environnements virtualisés sont susceptibles aux fuites d'informations sur la mémoire d'un GPU
In a virtualized environment, the hypervisor provides isolation at the software level, but shared infrastructure makes attacks possible at the hardware level. Side and covert channels are well-known issues of shared hardware, and in particular shared processors. However, they rely on microarchitectural features that are changing with the different generations of hardware. The last years have also shown the rise of General-Purpose computing on Graphics Processing Units (GPGPU), coupled to so-called cloud environments. This thesis explores these recent evolutions and their consequences in terms of information leakage in virtualized environments. We first investigate the recent processor microarchitectures. Our first contribution is C5, a cross-core cache covert channel, evaluated between virtual machines. Following this work, our second contribution is the reverse engineering of the complex addressing function of the last-level cache of Intel processors, rendering the class of cache attacks highly practical. In the last part, we investigate the security of GPU virtualization. Our third contribution shows that virtualized environments are susceptible to information leakage from the GPU memory

Une classe d'attaque par canal auxiliaire particulièrement efficace est celle des attaques caches, qui exploitent une différence de temps entre les mémoires caches et la mémoire principale, qui sont considérées dans cette thèse d'un point de vue cryptographique. Un des objectifs de cette thèse est alors de mieux comprendre ces attaques. D'un autre côté, l'attaque Rowhammer est une attaque par faute qui induit des perturbations dans les condensateurs des modules DRAM dans le but de créer des erreurs appelées aussi fautes qui sont aussi considérées dans cette thèse d'un point de vue cryptographique. Cette thèse explore différentes fonctionnalités micro-architecturales en relation avec les attaques temporelles utilisant les mémoires caches et des attaques par fautes proches de l'attaque Rowhammer. Par la suite, cette thèse est ensuite divisée en deux parties.La première partie porte sur les attaques temporelles utilisant les mémoires caches. Cette partie décrit aussi les fonctionnalités matérielles et logicielles devant être considérées pour effectuer des mesures de temps précis. Ces fonctionnalités ont été utilisées pour améliorer une attaque existante. Un résultat de cette thèse fournit le lien entre des techniques générales d'attaques sur les mémoires caches et l'exploitation d'une vulnérabilité en détaillant une méthode de recherche de vulnérabilités dans un fichier binaire grâce à l'analyse dynamique. Dans la seconde partie de cette thèse, les attaques par fautes proches de l'attaque Rowhammer seront étudiées. Une méthode d'analyse logicielle est proposée. Finalement, une étude et une amélioration d'une attaque connue sous le nom de fautes persistantes sont proposées. Cette thèse se concentre essentiellement sur les améliorations d'attaques existantes et sur de nouvelles approches pour effectuer des analyses d'attaques temporelles utilisant les mémoires caches et des analyses des attaques en lien avec l'attaque Rowhammer dans l'objectif de répondre à un besoin réel des industriels de protéger leurs produits de ces attaques
A particularly efficient attack class is the class of cache timing attacks, that exploit the difference of time between cache memories and main memory, and are considered in this thesis with a cryptographic point of view. One aim of this thesis is to understand better such attacks.In other hand, the Rowhammer attack that induces perturbations in the capacitors of the DRAM modules in order to create an error called a fault that are also considered in this thesis with a cryptographic point of view.This thesis explores different microarchitectures features before exploring cache timing attacks and fault attack with the Rowhammer attack in mind. Based on the knowledge about these features, the thesis is split in two parts.The first part is about cache timing attacks. It gathers useful hardware and software features that should be considered to perform precise timing measurements. Those considerations were used to improve an existing attack on ECDSA on a known vulnerability.One result of this thesis will fill the gap between the general techniques used for the attacks and the exploitation of a vulnerability by searching such vulnerability in a binary by using dynamic analysis.In the second part of this thesis, fault attacks closed of the Rowhammer attack are considered. Like the first part, a way to perform software analysis is given.Eventually, in the second part a result about a so called persistent fault attack is improved.This thesis mainly focuses on improving existing attacks and on new ways to perform software analysis of cache timing attacks and attacks related to the Rowhammer attack in order to fill the needs of manufacturers to protect theirs products against those attacks

Les analyses par canaux auxiliaires exploitent les fuites physiques des systèmes embarqués. Ces attaques représentent une réelle menace; c’est pourquoi différentes contre-mesures ont été développées. Cette thèse s’intéresse à la sécurité fournie par ces contre-mesures. Nous étudions leur sécurité dans le contexte où de multiples fuites sont présentes. Il arrive que plusieurs fuites de plusieurs variables puissent être exploitées lors d’analyses par canaux auxiliaires. Dans cette thèse nous présentons la méthode optimale pour exploiter les fuites d’une unique variable. Nous étudions ensuite comment de telles méthodes de réduction de dimensionnalité peuvent être appliquées dans le cas d’implémentations protégées. Nous montrons que ces méthodes voient leur efficacité augmentée avec le niveau de sécurité de l’implémentation. Nous montrons dans cette thèse comment exploiter les fuites de multiples variables pour améliorer les résultats d’analyses par canaux auxiliaires. Nous améliorons en particulier les attaques contre les schémas de masquage avec recalcul de table. Dans ce contexte nous présentons l’attaque optimale. Dans le cas où les schémas avec recalcul de table sont protégés nous montrons que le principal paramètre pour évaluer la sécurité des schémas de masquage, c’est-à-dire l’ordre n’est pas suffisant. Pour finir nous étudions de façon théorique la meilleure attaque possible en présence de masquage et de « shuffling » ce qui généralise le précédent cas d’étude. Dans ce cas nous montrons que l’attaque optimale n’est pas calculable. Pour y remédier, nous présentons une version tronquée de l’attaque optimale avec une meilleure efficacité calculatoire
Side Channel Attacks are a classical threat against cryptographic algorithms in embedded systems. They aim at exploiting the physical leakages unintentionally emitted by the devices during the execution of their embedded programs to recover sensitive data. As such attacks represent a real threat against embedded systems different countermeasures have been developed. In thesis we investigate their security in presence of multiple leakages. Indeed there often are in the leakage measurements several variables which can be exploited to mount Side Channel Attacks. In particular we show in this thesis the optimal way to exploit multiple leakages of a unique variable. This dimensionality reduction comes with no loss on the overall exploitable information. Based on this result we investigate further how such dimensionality reduction methodscan be applied in the case of protected implementations. We show that the impact of such methods increases with the security “level” of the implementation. We also investigate how to exploit the leakages of multiplevariables in order to improve the results of Side Channel Analysis. We start by improving the attacks against masking schemes, with a precomputed table recomputation step. Some protections have been developed to protect such schemes. As a consequence we investigate the security provided by these protections. In this context we present results which show that the main parameter to evaluate the security of the masking schemes is not sufficient to estimate the global security of the implementation. Finally we show that in the context of masking scheme with shuffling the optimal attack is not computable. As a consequence we present a truncated version of this attack with a better effectiveness

Dans cette thèse, j’étudie une primitive cryptographique appelée distribution quantique de clés. La distribution quantique de clés permet à deux parties distantes de partager une clé secrète en présence d’une espion, dont la puissance est seulement limité par les lois de la physique quantique. J’ai concentré mon travail de thèse sur la distribution quantique de clés à variables continues et en particulier, sur l’étude pratique d’implémentations. J’ai proposé et étudié théoriquement une attaque par canaux cachés originale, visant les détecteurs : l’attaque par saturation. Nous avons de plus démontré expérimentalement la faisabilité de cette attaque sur un système de la distribution quantique de clés à variables continues dans notre laboratoire. Enfin, nous avons en outre démontré expérimentalement pour la première fois la faisabilité du déploiement d’un système de la distribution quantique de clés à variables continues dans un réseau optique du multiplexage en longueur d’onde dense
In this thesis, I study a cryptographic primitive called quantum key distribution which allows two remote parties to share a secret key, in the presence of an eavesdropper, whose power is only limited by the laws of quantum physics. I focus my study on the implementation and the practical security of continuousvariable protocols. For the first time, I have proposed and studied a detector-based side channel attack on a continuous-variable system : saturation attack. This attack opens a new security loophole that we have characterized experimentally in our laboratory, on a real continuous-variable system. Finally, we have demonstrated experimentally for the first time the feasibility of a continuous-variable system deployment in a Dense Wavelength Division Multiplexing network, where quantum signals coexist with intense classical signals in a same fiber

Le premier protocole cryptographique basé sur les codes correcteurs d'erreurs a été proposé en 1978 par Robert McEliece. La cryptographie basée sur les codes est dite post-quantique car il n'existe pas à l'heure actuelle d'algorithme capable d'attaquer ce type de protocoles en temps polynomial, même en utilisant un ordinateur quantique, contrairement aux protocoles basés sur des problèmes de théorie des nombres. Toutefois, la sécurité du cryptosystème de McEliece ne repose pas uniquement sur des problèmes mathématiques. L'implantation, logicielle ou matérielle, a également un rôle très important pour sa sécurité et l'étude de celle-ci face aux attaques par canaux auxiliaires/cachés n'a débuté qu'en 2008. Des améliorations sont encore possibles. Dans cette thèse, nous proposons de nouvelles attaques sur le déchiffrement du cryptosystème de McEliece, utilisé avec les codes de Goppa classiques, ainsi que des contre-mesures correspondantes. Les attaques proposées sont des analyses de temps d'exécution ou de consommation d'énergie. Les contre-mesures associées reposent sur des propriétés mathématiques et algorithmiques. Nous montrons qu'il est essentiel de sécuriser l'algorithme de déchiffrement en le considérant dans son ensemble et non pas seulement étape par étape
The first cryptographic protocol based on error-correcting codes was proposed in 1978 by Robert McEliece. Cryptography based on codes is called post-quantum because until now, no algorithm able to attack this kind of protocols in polynomial time, even using a quantum computer, has been proposed. This is in contrast with protocols based on number theory problems like factorization of large numbers, for which efficient Shor's algorithm can be used on quantum computers. Nevertheless, the McEliece cryptosystem security is based not only on mathematical problems. Implementation (in software or hardware) is also very important for its security. Study of side-channel attacks against the McEliece cryptosystem have begun in 2008. Improvements can still be done. In this thesis, we propose new attacks against decryption in the McEliece cryptosystem, used with classical Goppa codes, including corresponding countermeasures. Proposed attacks are based on evaluation of execution time of the algorithm or its power consumption analysis. Associate countermeasures are based on mathematical and algorithmic properties of the underlying algorithm. We show that it is necessary to secure the decryption algorithm by considering it as a whole and not only step by step

La thèse étudie la sécurité de la technologie ARM TrustZone dans le cadre des SoCs complexes hétérogènes. La thèse présente des attaques matérielles qui touchent des éléments de l’architecture des SoCs et elle présente aussi des stratégies de contremesure
The thesis studies the security of the ARM TrustZone technology in the context of complex heterogeneous SoCs. The thesis presents hardware attacks that affect elements of the SoCs architecture and it also presents countermeasure strategies

Pen-based interactions are becoming widely popular on a variety of devices, including tabletPCs, mobile devices and tabletop systems. The digital pens and tablets have evolved considerably and served users in creative industries. A digital pen can sense various auxiliary inputs, such as tilt, pressure and roll. Researchers have explored properties of each channel in isolation of another. Since the human wrist and fingers can operate multiple input channels simultaneously, a natural progression warrants examination of controllability when these channels are operated simultaneously. In this thesis, I explore a class of interaction techniques, a-coord input, which requires users to control two auxiliary channels simultaneously. Through experiments, I explore the design space of a-coord input and investigate the effect of changing the order in which the channels are combined. Furthermore, I investigate its effectiveness for discrete and continuous selection tasks. Finally, this thesis shows the value of a-coord input through several applications.

Indiana University-Purdue University Indianapolis (IUPUI)
Increased electrical activity in peripheral sensory neurons contributes to pain. A unique type of sodium current, fast resurgent current, is proposed to increase nerve activity and has been associated with pain pathologies. While sodium channel isoform Nav1.6 has been identified as the main carrier of fast resurgent currents, our understanding of how resurgent currents are modulated in sensory neurons is fairly limited. Thus the goal of this dissertation was to identify resurgent current modulators. In particular, we focused on sodium channel beta subunits (Navβs) and fibroblast growth factor homologous factors (FHFs) in dorsal root ganglion (DRG) neurons. We hypothesized that Navβ4 and FHF2B act as positive regulators by mediating resurgent currents and modulating Nav1.6 inactivation, respectively. In contrast, we hypothesized FHF2A negatively regulates resurgent current by increasing the probability of channels in inactivated states. Thus, the aims of this dissertation were to 1) determine if Navβ4 regulates fast resurgent currents in DRG neurons, 2) examine the effects of Navβ4 knockdown on resurgent currents, firing frequency and pain associated behavior in an inflammatory pain model and 3) determine if FHF2A and FHF2B functionally regulate Nav1.6 currents, including resurgent currents in DRG neurons. To examine the aims, we used biochemical, electrophysiological and behavioral assays. Our results suggest that Navβ4 is a positive regulator of resurgent currents: in particular, the C-terminus likely mediates these currents. Localized knockdown of Navβ4 decreased inflammation-induced enhancement of resurgent currents and neuronal excitability, and prevented the development of persistent pain associated behavior in an inflammatory pain model. FHF2B increased resurgent currents and delayed inactivation. In contrast, FHF2A limited resurgent currents; an effect that is mainly contributed by FHF2A's N-terminus activity that increased accumulation of channels in inactivated states. Interestingly, in an inflammatory pain model FHF2B was upregulated and FHFA isoforms were downregulated. Together these results suggest that FHF2A/B modulation might contribute to enhanced resurgent currents and increased neuronal excitability observed in the inflammatory pain model. Overall, our work has identified three resurgent current modulators FHF2A, FHF2B and Navβ4. Manipulation of these proteins or their activity might result in novel strategies for the study and treatment of pain.

L-type voltage-dependent calcium (Ca2+) channels (CaV1.2) initiate cardiac excitation-contraction coupling producing a rapid Ca2+ current (peak ICa,L) that triggers Ca2+ release from the intracellular stores, and a persistent current (late ICa,L) that flows towards the end of the action potential (AP). Peak and late ICa,L shape the plateau phase of the AP, counterbalancing potassium currents. An exaggerated activation of the late ICa,L during AP repolarization can cause transient membrane potential depolarizations called Early Afterdepolarizations (EADs), that can trigger lethal arrhythmias. Therefore, CaV1.2 channels represent a highly promising therapeutic target to abolish EADs. Current anti-arrhythmic drugs that operate on CaV channels (Class IV antiarrhythmics) reduce peak ICa,L, causing a negative inotropic effect. Based on the discovery that a small reduction of the late ICa,L can potently suppress EAD occurrence, we hypothesized that drugs selectively targeting this late component should efficiently suppress EADs preserving contractility. To test this hypothesis, we used roscovitine, a purine analog that reduces the late (non-inactivating) ICa,L over “peak”, accelerating the voltage-dependent inactivation of CaV1.2 channels. We proved that decrease of late ICa,L by roscovitine, verified both in native and cloned CaV1.2 channels, abolished EADs in rabbit ventricular myocytes preserving contraction efficiency. Moreover, this reduction suppressed and prevented EAD-mediated ventricular fibrillation in rabbit and rat hearts. In both isolated myocyte and heart experiments, the effect was independent from the mechanism chosen to induce EADs (hypokalemia and/or oxidative stress). These results suggest that 1) limiting anomalous Ca2+ channels action during the plateau phase is an effective and safe antiarrhythmic strategy and that 2) roscovitine can be considered as a potential pilot compound for a new class of antiarrhythmics that likely would not compromise heart contractility. Cav1.2 channels derive their voltage dependence properties from the structural asset of the α1 pore-forming subunit which comprises 4 positively charged modules, called voltage-sensing domains (VSD I-IV), that undergo a conformational change upon membrane depolarization, opening the channel. The voltage-dependent properties of these four VSDs are modulated by several auxiliary subunits (such as α2δ and β) interacting with the α1 subunit. Specifically, α2δ subunit, by remodelling the voltage-dependent properties of 3 out of 4 cardiac VSDs, allows CaV1.2 channels to operate at physiological membrane potentials producing the typical fast-activating current. Interestingly, the same auxiliary subunit produces opposite effects on the close relative CaV1.1 channels which regulate the excitation-contraction coupling in the skeletal muscle. Here, the α2δ subunit slows down CaV1.1 activation kinetics and leaves almost unperturbed the voltage-dependent activation of the pore. The molecular mechanism by which the α2δ subunit differently modulates CaV1.1 channels compared to CaV1.2 isoform is still unknown. To gain a mechanistic insight, we expressed in Xenopus oocytes CaV1.1 channels (α1S and the auxiliary subunit β1a) with or without α2δ. Using the voltage clamp fluorometry technique, we tracked the voltage-dependent conformational rearrangement of each VSD in conducting channels to derive pore and VSD voltage-dependent relationships. Analogously to CaV1.2, each CaV1.1 VSD had unique biophysical properties that might reveal different functional roles. The presence of α2δ remodelled only VSD I voltage-dependent properties, shifting its activation ~ 20 mV to more negative membrane potentials, may accounting for the ~ 10 mV-hyperpolarizing shift of pore opening observed with the accessory subunit. As opposite to CaV1.2, α2δ slowed down CaV1.1 activation kinetics and accelerated the rate of channel closure, contributing to reduce Ca2+ influx during depolarization.

Thèse (Ph. D.)--Université Laval, 2004.
Sur la p. de t., les "v" de Nav1.7 et Nav1.8 apparaissent en indice. Le "B" de B-subunits est le bêta de l'alphabet grec. Bibliogr. Publié aussi en version électronique.

碩士
國立陽明大學
神經科學研究所
103
Kv4 channels evoke subthreshold A-type K+ currents, which play a critical role in regulating neuronal excitability. Native Kv4 channels function in ternary complex comprising Kv4 pore-forming subunits and two types of auxiliary subunits: cytosolic K+ channel interacting proteins (KChIPs) and transmembrane dipeptidyl peptidase like proteins (DPPLs). When coexpressed with KChIP or DPPL in heterologous systems, Kv4-mediated A-type K+ currents increase several to more than 10 folds. Kv4.3 is highly expressed in a subset of pain-sensing neurons (= nociceptors) whose somata are located in the dorsal root ganglion (DRG), and reduced Kv4.3 expression in nociceptors results in mechanical hypersensitivity, a major symptom of pain. Furthermore, KChIP1, KChIP2 and DPP10 are coexpressed with Kv4.3 in the same subset of nociceptors. In this study, we test whether reducing Kv4 auxiliary subunit expression in nociceptors can also induce pain. KChIP1, KChIP2 and DPP10 protein levels in nociceptors were greatly decreased in the ipsilateral lumbar (L)5 DRG of rats after L5/L6 spinal nerve ligation. Intrathecal injections of Kv4.3 antisense oligodeoxynucleotide (ODN) effectively suppressed Kv4.3, KChIP1, KChIP2 and DPP10 protein expression in the nociceptors of bilateral L5 DRGs. Bilateral mechanical hypersensitivity was induced in the hindpaws of naïve rats following intrathecal injections of gene-specific antisense ODN for KChIP1, KChIP2 or DPP10. KChIP1 or KChIP2 antisense ODN effectively suppressed Kv4.3, KChIP1 and KChIP2 but not DPP10 protein expression in the nociceptors. By contrast, DPP10 antisense ODN suppressed Kv4.3 and DPP10 but not KChIP1 and KChIP2 protein expression in the nociceptors. The protein levels of KChIP1, KChIP2 and DPP10 in the spinal cord were not affected by either L5/L6 spinal nerve ligation or antisense ODN injections. Furthermore, DPP10 antibody could coimmunoprecipitate Kv4.3 but not KChIP1 proteins in the rough endoplasmic reticulum (ER) of rat brain. Based on these results, we raise the following hypothesis: Kv4.3 proteins complex with KChIP1 (as a representative of KChIP1 and KChIP2) and DPP10 proteins respectively in the rough ER soon after being synthesized, then Kv4.3/KChIP1 and Kv4.3/DPP10 binary complexes traffic to the plasma membrane separately, and finally Kv4.3/KChIP1/DPP10 ternary complexes are assembled on the cell surface. Together, this study demonstrates that KChIP1, KChIP2 and DPP10 can modulate total Kv4.3 protein level in a subset of nociceptors respectively, suggesting that these Kv4 auxiliary subunits are potential targets for pain therapy.

碩士
國立陽明大學
神經科學研究所
102
Subthreshold A-type K+ currents (ISAs) have been recorded from the cell bodies of hippocampal and cortical interneurons, cortical pyramidal neurons, spinal lamina II excitatory interneurons and nociceptors. Kv4 channels are responsible for the somatodendritic ISAs. It has been proposed that Kv4 channels in neurons are ternary complexes, including pore forming -subunits of the Kv4 subfamily and two types of auxiliary -subunits: the K+ channel-interacting proteins (KChIPs) and dipeptidyl peptidase-like proteins (DPPLs). However, colocalization evidence was still lacking. The protein distribution of Kv4 -subunits in the rat nervous system has been reported but the expression of Kv4 -subunits remains unclear. To understand the distribution of Kv4 -subunits in the nervous system, we mapped the protein distribution of DPP10 in the rat nervous system as well as KChIP1-3 in the spinal cord and dorsal root ganglion (DRG) by immunohistochemistry, and compared them to the localization of Kv4 -subunits. DPP10 is colocalized with Kv4.3 and KChIP1 in the somata of most somatostatin(+) hippocampal and all cortical interneurons. DPP10 is also colocalized with Kv4.2, Kv4.3, and KChIP3 in the somata of cortical layer 5 pyramidal neurons. In the dorsal spinal cord, DPP10 is present in the projection neurons, whereas KChIP1 and KChIP2 are expressed in the somatodendrtic compartment of a subset of lamina II excitatory interneurons, which also express Kv4.2 and Kv4.3. In the DRG, Kv4.3, KChIP1, KChIP2, and DPP10 are coexpressed in a subset of nonpeptidergic nociceptors, whereas KChIP3 is expressed in some peptidergic nociceptors. These results support that Kv4/KChIP/DPPL form ternary complexes in some ISA-expressing neurons, and these four Kv4 auxiliary subunits may be involved in pain signaling.

Les canaux calciques de type L CaV1.2 sont principalement responsables de l’entrée des ions calcium pendant la phase plateau du potentiel d’action des cardiomyocytes ventriculaires. Cet influx calcique est requis pour initier la contraction du muscle cardiaque. Le canal CaV1.2 est un complexe oligomérique qui est composé de la sous-unité principale CaVα1 et des sous-unités auxiliaires CaVβ et CaVα2δ1. CaVβ joue un rôle déterminant dans l’adressage membranaire de la sous-unité CaVα1. CaVα2δ1 stabilise l’état ouvert du canal mais le mécanisme moléculaire responsable de cette modulation n’a pas été encore identifié. Nous avons récemment montré que cette modulation requiert une expression membranaire significative de CaVα2δ1 (Bourdin et al. 2015). CaVα2δ1 est une glycoprotéine qui possède 16 sites potentiels de glycosylation de type N. Nous avons donc évalué le rôle de la glycosylation de type-N dans l’adressage membranaire et la stabilité de CaVα2δ1. Nous avons d’abord confirmé que la protéine CaVα2δ1 recombinante, telle la protéine endogène, est significativement glycosylée puisque le traitement à la PNGase F se traduit par une diminution de 50 kDa de sa masse moléculaire, ce qui est compatible avec la présence de 16 sites Asn. Il s’est avéré par ailleurs que la mutation simultanée de 6/16 sites (6xNQ) est suffisante pour 1) réduire significativement la densité de surface de! CaVα2δ1 telle que mesurée par cytométrie en flux et par imagerie confocale 2) accélérer les cinétiques de dégradation telle qu’estimée après arrêt de la synthèse protéique et 3) diminuer la modulation fonctionnelle des courants générés par CaV1.2 telle qu’évaluée par la méthode du « patch-clamp ». Les effets les plus importants ont toutefois été obtenus avec les mutants N663Q, et les doubles mutants N348Q/N468Q, N348Q/N812Q, N468Q/N812Q. Ensemble, ces résultats montrent que Asn663 et à un moindre degré Asn348, Asn468 et Asn812 contribuent à la biogenèse et la stabilité de CaVα2δ1 et confirment que la glycosylation de type N de CaVα2δ1 est nécessaire à la fonction du canal calcique cardiaque de type L.
L-type CaV1.2 channels play a key role in the excitation-contraction coupling in the heart. They are formed of a pore-forming CaVα1 subunit in complex with the intracellular CaVβ and the disulfur-linked CaVα2δ accessory subunits. CaVα2δ significantly increases peak current densities of CaV1.2. The mechanism underlying this effect is still under study but requires that CaVα2δ be trafficked at the cell surface. CaVα2δ contains 16 putative N-glycosylation sites. A study was carried out to identify the role of N-glycosylation in the trafficking and protein stability of the subunit CaVα2δ. Herein we show that enzymatic removal of N-glycans produced a 50 kDa shift in the mobility of cardiac and recombinant CaVα2δ1 proteins. Simultaneous mutation of the 16 Asn sites was required to fully account for this change in protein mobility. Nonetheless, the mutation of only 6/16 sites was sufficient to 1) significantly reduce the steady-state cell surface fluorescence of CaVα2δ1 as characterized by two-color flow cytometry assays and confocal imaging; 2) accelerate the degradation kinetics estimated from cycloheximide chase assays; and 3) prevent the CaVα2δ1-mediated increase in peak current density and voltage-dependent gating of CaV1.2. Reversing the N348Q and N812Q mutations in the non-operational 6 Asn mutant functionally rescued CaVα2δ1. Single mutation N663Q and double mutations N348Q/ N468Q, N348Q/ N812Q, N468Q/N812Q decreased protein stability/synthesis and abolished steady-state cell surface density as well as upregulation of L-type currents. These results demonstrate that Asn663, and to a lesser extent Asn348, Asn468, and Asn812 contribute to the stability of CaVα2δ1 function and furthermore that N- glycosylation of CaVα2δ1 is essential to produce functional L-type Ca2+ channels.

Due to the fierce competition inherent in the aviation industry combined with low profitability and high operating costs, airlines are called upon to pursue additional revenue in order to be financially sustainable. This research work examines the offer of the airlines seeking to understand the needs of passengers and the opportunities that potentially arise from them. In collaboration with TAP Air Portugal, the path is to innovate in the areas of ancillary services by improving the value proposition offered to passengers and by selling more through direct channels. Passenger’s travelling journey is analyzed trying to understand passenger preferences along this process. The relationship between the passenger and the airline specifically on passenger trust, airline reliability and acceptance of new products and services are explored. Lastly, it is also analyzed the possibility of airlines in reselling the airplane tickets. Through the design and execution of an online survey, primary data was collected from the responses of 300 air passengers in order to explore passenger needs and the potential of innovative airline products and services. Therefore, through statistical analysis, it was found the reasons that make passengers not to acquire their airplane ticket directly with the airline. It was found that passengers are not satisfied with the information obtained and that they feel the need of being well advised to properly plan and make their trips. It was also found that passengers demonstrate a positive acceptance to exchange their airplane ticket, to a similar date, as long as they are refunded for doing so.
Devido à forte concorrência inerente à indústria da aviação, combinada com baixos lucros e custos operacionais significativos, as companhias aéreas necessitam captar receitas adicionais para serem financeiramente sustentáveis. Este trabalho de pesquisa examina as companhias aéreas procurando perceber as necessidades dos passageiros e as oportunidades que daí surjam. Em colaboração com a TAP Air Portugal, o caminho passa pela inovação na venda de "ancillaries" aumentando a proposta de valor ao cliente e vendendo mais nos canais diretos. Assim, a jornada de viagem do passageiro é analisada tentando perceber as suas preferências ao longo deste processo. A relação do passageiro com as companhias aéreas nomeadamente aos níveis de confiança, fiabilidade e aceitação de novos produtos e serviços são explorados. Por último, foi também analisada a possibilidade de as companhias aéreas revenderem os bilhetes de avião. Através da criação e execução de um inquérito online foram obtidos dados relativamente a 300 passageiros que usualmente viajam de avião de modo a explorar as suas necessidades e potenciais inovações em produtos e serviços. Assim, através de analises estatísticas, foram apuradas as razões que levam os passageiros a não adquirir o seu bilhete de avião diretamente com a companhia aérea. Foi apurado que os passageiros não estão satisfeitos com a informação que obtêm e que sentem a necessidade em serem devidamente aconselhados ao fazerem as suas viagens. Foi também apurado que os passageiros demonstram um nível positivo de aceitação para trocarem o seu bilhete de avião, para uma data próxima, se forem reembolsados para o fazer.