Implementing a protected zone in a reconfigurable processor for isolated execution of cryptographic algorithms

We design and realize a protected zone inside a reconfigurable and extensible embedded RISC processor for isolated execution of cryptographic algorithms. The protected zone is a collection of processor subsystems such as functional units optimized for high-speed execution of integer operations, a small amount of local memory, and general and special-purpose registers. We outline the principles for secure software implementation of cryptographic algorithms in a processor equipped with the protected zone. We also demonstrate the efficiency and effectiveness of the protected zone by implementing major cryptographic algorithms, namely RSA, elliptic curve cryptography, and AES in the protected zone. In terms of time efficiency, software implementations of these three cryptographic algorithms outperform equivalent software implementations on similar processors reported in the literature. The protected zone is designed in such a modular fashion that it can easily be integrated into any RISC processor; its area overhead is considerably moderate in the sense that it can be used in vast majority of embedded processors. The protected zone can also provide the necessary support to implement TPM functionality within the boundary of a processor

MACsec Layer 2 Security in HSR Rings in Substation Automation Systems

The smart-grid concept takes the communications from the enclosed and protected environment of a substation to the wider city or nationwide area. In this environment, cyber security takes a key role in order to secure the communications. The challenge is to be able to secure the grid without impacting the latency while, at the same time, maintaining compatibility with older devices and non secure services. At the lower level, added security must not interfere with the redundancy and the latency required for the real-time substation automation communications. This paper studies how to integrate IEEE MAC Security standard (MACsec) in the substation environment, especially when used in substation system communications that have stringent response time requirements and zero recovery time as defined in IEC 62439-3.This work has been supported by the Ministerio de Economia y Competitividad of Spain within the project TEC2014-53785-R, and it has been carried out inside the Research and Education Unit UFI11/16 of the UPV/EHU and partially supported by the Basque Government within the funds for research groups of the Basque University system IT978-16 and within the project TFactory ER-2014/0016. In addition, FEDER funds and UPV/EHU Ph.D. scholarship funding are acknowledged

Enhancing an embedded processor core for efficient and isolated execution of cryptographic algorithms

We propose enhancing a reconfigurable and extensible embedded RISC processor core with a protected zone for isolated execution of cryptographic algorithms. The protected zone is a collection of processor subsystems such as functional units optimized for high-speed execution of integer operations, a small amount of local memory for storing sensitive data during cryptographic computations, and special-purpose and cryptographic registers to execute instructions securely. We outline the principles for secure software implementations of cryptographic algorithms in a processor equipped with the proposed protected zone. We demonstrate the efficiency and effectiveness of our proposed zone by implementing the most-commonly used cryptographic algorithms in the protected zone; namely RSA, elliptic curve cryptography, pairing-based cryptography, AES block cipher, and SHA-1 and SHA-256 cryptographic hash functions. In terms of time efficiency, our software implementations of cryptographic algorithms running on the enhanced core compare favorably with equivalent software implementations on similar processors reported in the literature. The protected zone is designed in such a modular fashion that it can easily be integrated into any RISC processor. The proposed enhancements for the protected zone are realized on an FPGA device. The implementation results on the FPGA confirm that its area overhead is relatively moderate in the sense that it can be used in many embedded processors. Finally, the protected zone is useful against cold-boot and micro-architectural side-channel attacks such as cache-based and branch prediction attacks

Nitric oxide modulates expression of extracellular matrix genes linked to fibrosis in kidney mesangial cells

Mesangial cells are thought to be important mediators of glomerular inflammation and fibrosis. Studies have established a direct role for nitric oxide (NO) in the regulation of gene expression in mesangial cells. Representational difference analysis was used to investigate changes in gene expression elicited by the treatment of S-nitroso-L-glutathione in rat mesangial cells. Seven upregulated and 11 downregulated genes were identified. Four out of 11 downregulated genes (connective tissue growth factor, thrombospondin-1, collagen type I all and collagen type I alpha 2) are known to be linked to inflammation and fibrosis. Results were verified across species in mesangial cells treated with a series of NO donors using Northern blot analysis, quantitative real-time PCR and protein analysis methods. Induction of endogenous NO production by cytokine stimulation also triggered regulation of the genes. One example gene, connective tissue growth factor, was studied at the promoter level. Promoter-reporter gene studies in mesangial cells demonstrated that NO acts at the transcriptional level to suppress gene expression. Our results reveal a complex role of NO in regulating gene expression in mesangial cells and suggest an antifibrotic potential for NO

Three concurrent variations of the aberrant right subclavian artery, the non-recurrent laryngeal nerve and the right thoracic duct

We herein report a case showing three anatomical variations including the aberrant right subclavian artery (ARSA), the non-recurrent laryngeal nerve (NRLN) and the right thoracic duct in a 59-year-old male cadaver. The right subclavian artery (RSA) arose from the descending aorta next to the left subclavian artery and coursed in between the oesophagus and the thoracic vertebrae. The recurrent laryngeal nerve did not coil around the RSA but directly entered the larynx. Lastly the thoracic duct terminated into the right brachiocephalic vein. This study makes an embryological assumption that the abnormal development of the RSA had happened first and subsequently caused NRLN and the thoracic duct drainage variation. As to our knowledge, only two reports have been made previously concerning such concurrent variations. Therefore, this case report alerts anatomists and clinicians to the possibility of simultaneous occurrence of ARSA, NRLN and the right thoracic duct

Detection of phenotype-specific therapeutic vulnerabilities in breast cells using a CRISPR loss-of-function screen

publishedVersio

Identity-based data storage in cloud computing

Identity-based proxy re-encryption schemes have been proposed to shift the burden of managing numerous files from the owner to a proxy server. Nevertheless, the existing solutions suffer from several drawbacks. First, the access permission is determined by the central authority, which makes the scheme impractical. Second, they are insecure against collusion attacks. Finally, only queries from the same domain (intra-domain) are considered. We note that one of the main applications of identity-based proxy re-encryption schemes is in the cloud computing scenario. Nevertheless, in this scenario, users in different domains can share files with each other. Therefore, the existing solutions do not actually solve the motivating scenario, when the scheme is applicable for cloud computing. Hence, it remains an interesting and challenging research problem to design an identity-based data storage scheme which is secure against collusion attacks and supports intra-domain and inter-domain queries. In this paper, we propose an identity-based data storage scheme where both queries from the intra-domain and inter-domain are considered and collusion attacks can be resisted. Furthermore, the access permission can be determined by the owner independently. © 2012 Elsevier B.V. All rights reserved