faulTPM: Exposing AMD fTPMs' Deepest Secrets

Trusted Platform Modules constitute an integral building block of modern security features. Moreover, as Windows 11 made a TPM 2.0 mandatory, they are subject to an ever-increasing academic challenge. While discrete TPMs - as found in higher-end systems - have been susceptible to attacks on their exposed communication interface, more common firmware TPMs (fTPMs) are immune to this attack vector as they do not communicate with the CPU via an exposed bus. In this paper, we analyze a new class of attacks against fTPMs: Attacking their Trusted Execution Environment can lead to a full TPM state compromise. We experimentally verify this attack by compromising the AMD Secure Processor, which constitutes the TEE for AMD's fTPMs. In contrast to previous dTPM sniffing attacks, this vulnerability exposes the complete internal TPM state of the fTPM. It allows us to extract any cryptographic material stored or sealed by the fTPM regardless of authentication mechanisms such as Platform Configuration Register validation or passphrases with anti-hammering protection. First, we demonstrate the impact of our findings by - to the best of our knowledge - enabling the first attack against Full Disk Encryption solutions backed by an fTPM. Furthermore, we lay out how any application relying solely on the security properties of the TPM - like Bitlocker's TPM- only protector - can be defeated by an attacker with 2-3 hours of physical access to the target device. Lastly, we analyze the impact of our attack on FDE solutions protected by a TPM and PIN strategy. While a naive implementation also leaves the disk completely unprotected, we find that BitLocker's FDE implementation withholds some protection depending on the complexity of the used PIN. Our results show that when an fTPM's internal state is compromised, a TPM and PIN strategy for FDE is less secure than TPM-less protection with a reasonable passphrase.Comment: *Both authors contributed equally. We publish all code necessary to mount the attack under https://github.com/PSPReverse/ftpm_attack. The repository further includes several intermediate results, e.g., flash memory dumps, to retrace the attack process without possessing the target boards and required hardware tool

Integriertes Monitoring als Werkzeug einer nachhaltigen Stadtentwicklung

In Deutschland ist es Aufgabe der Kommunen, die räumliche Entwicklung der verfügbaren Flächen unter sozialen, ökologischen und ökonomischen Aspekten zu koordinieren (vgl. BBR 2000: 12-13). Die zuständigen Planungsämter bewältigen dabei die zielgerichtete, querschnittsorientierte Betrachtung, Analyse und Vernetzung räumlicher Informationen mit dem Ziel, Handlungsbedarfe und -optionen zur zukünftigen Entwicklung der Kommune zu identifizieren. Als bewährte Methodik können Instrumente der Raumbeobachtung diesen Prozess unterstützen, indem räumliche Veränderungen systematisch im Zeitverlaufbeobachtet, anhand von Indikatoren gemessen und so entscheidungsunterstützende Informationen geliefertwerden (vgl. BIRKMANN 2005: 668; GATZWEILER 2005). Im Zuge des fortschreitenden E-Goverments der Verwaltungen steigt in diesem Kontext der kommunale Bedarf an digitalen technischen Lösungen, die nutzergerecht als flexibles, integriertes Entscheidungsunterstützungstool interaktive Darstellungswerkzeuge mit zielgerichteten Analysemethoden verbinden und so den Arbeitsalltag der kommunalen Ämter vereinfachen (vgl. KOKO GDI-DE 2013; KGST 2006). Unter Berücksichtigung europaweiter Entwicklungen zu INSPIRE und Open Data, zwecks einheitlicher und standardisierter (öffentlicher) Bereitstellung der integrierten Daten, können sich zudem Synergieeffekte mit Geodateninfrastrukturen zukunftsfähiger Verwaltungsbehörden ergeben (vgl. ARBEITSGRUPPE NGIS DES LENKUNGSGREMIUM GDI-DE 2015). Auch in der Wissenschaft hat der Diskurs zur Raumbeobachtung um die Jahrtausendwende Aufschwung erhalten. Dabei erfreut sich insbesondere der Begriff Monitoring imKontext der Stadtentwicklung einer zunehmenden Beliebtheit (vgl. STREICH 2011: 189). In der Praxis wird der Begriff jedoch uneinheitlich definiert, sodass vielfältige Anwendungsbeispiele für Monitoringsysteme existieren, welche sich hinsichtlich ihrer Qualität sowie untersuchten Themenfelder zum Teil stark unterscheiden. Erschwerend kommt hinzu, dass die Fragmentierung kommunaler Datenstrukturen in den einzelnen Fachämtern eine große Herausforderung für die umfangreiche Abbildung von Daten in einem integrierten Monitoringsystem darstellt. Im Rahmen des durch das BMBF geförderten Forschungsprojektes „KomMonitor – Kommunales Monitoring zur Raumentwicklung. Demografie, Sozialstruktur, Wohnen und Umwelt“1 wird ein integriertes, kommunales raum-zeitliches Monitoringsystem entwickelt. Als fundierte Grundlage zur Erhebung des Status quo und Entwicklung des Systems wurden u. a. öffentlich zugängliche kommunale Geo-, Statistik-und Monitoringportale systematisch recherchiert und bewertet, um Stärken, Schwächen und Lücken zu identifizieren. Zur Bewertung wurde ein multikriterielles Bewertungsraster konzipiert, das auf literaturgestützen Analysekriterien fußt und kommunale Anforderungen an ein Monitoringsystem berücksichtigt. Hierdurch konnten Best Practice-Beispiele herausgearbeitet und dokumentiert sowie Erfolgsfaktoren und Herausforderungen für die Entwicklung eines anwenderorientierten, kommunalen Monitoringsystems ermittelt werden. Neben den frei verfügbaren Online-Portalen wurden auch die technischen und funktionellen Anforderungen an ein integriertes GIS-basiertes Monitoringsystem seitens der städtischen Praxispartner betrachtet. KomMonitor setzt an den identfizierten Stärken und Schwächen sowie den seitens der Kommunen formulierten Bedarfen an, um ein nachhaltiges und fachämterübergreifendes Werkzeug für den kommunalen Arbeitsalltag zu schaffen. Dieser Beitrag fokussiert insbesondere die Methodik und die Ergebnisse der Erhebung und Bewertung öffentlicher kommunaler Geo-, Statistik-, und Monitoringportale. Aufbauend auf den gewonnenen Rückschlüssen der Auswertung werden anschließend inhaltliche sowie technische Implikationen geschildert, die von dem zu entwickelnden KomMonitor-System erfüllt werden sollen. Im Kontext der Zielsetzung einerdauerhaften Nutzbarmachung des Systems werden außerdem Verstetigungsoptionen vor dem Hintergrund aktueller Fördermechanismen diskutiert, welche einen Handlungsrahmen für KomMonitor bilde

EM-Fault It Yourself: Building a Replicable EMFI Setup for Desktop and Server Hardware

EMFI has become a popular fault injection (FI) technique due to its ability to inject faults precisely considering timing and location. Recently, ARM, RISC-V, and even x86 processing units in different packages were shown to be vulnerable to electromagnetic fault injection (EMFI) attacks. However, past publications lack a detailed description of the entire attack setup, hindering researchers and companies from easily replicating the presented attacks on their devices. In this work, we first show how to build an automated EMFI setup with high scanning resolution and good repeatability that is large enough to attack modern desktop and server CPUs. We structurally lay out all details on mechanics, hardware, and software along with this paper. Second, we use our setup to attack a deeply embedded security co-processor in modern AMD systems on a chip (SoCs), the AMD Secure Processor (AMD-SP). Using a previously published code execution exploit, we run two custom payloads on the AMD-SP that utilize the SoC to different degrees. We then visualize these fault locations on SoC photographs allowing us to reason about the SoC's components under attack. Finally, we show that the signature verification process of one of the first executed firmware parts is susceptible to EMFI attacks, undermining the security architecture of the entire SoC. To the best of our knowledge, this is the first reported EMFI attack against an AMD desktop CPU.Comment: This is the authors' version of the article accepted for publication at IEEE International Conference on Physical Assurance and Inspection of Electronics (PAINE 2022

The role of neoadjuvant and adjuvant treatment for adenocarcinoma of the upper gastrointestinal tract

Both locally advanced adenocarcinoma of the stomach and gastro-esophageal junction are associated with poor prognosis due to the lack of effective treatment. Recently multimodal treatment consisting of neoadjuvant chemotherapy in combination with radiotherapy is reported to improve survival when compared to surgery alone. Neoadjuvant therapy in these locally advanced tumors allows for early tumor responses and the extent of tumor regression that can be achieved is considered a significant prognostic factor. This, in turn, increases the resectability of these tumors. Also due to the high frequency of lymph node metastasis, patients with locally advanced adenocarcinoma should undergo a D2 lymphadenectomy. Postoperative chemoradiation and perioperative chemotherapy have been studied in gastric adenocarcinomas and showed a survival benefit. However, the surgical techniques used in these trials are no longer considered to be standard by today's surgical practice. In addition, there are no standard recommendations for adjuvant chemotherapy or chemoradiation after R0 resection and adequate lymph node dissection

Evaluation of the tissue toxicity of antiseptics by the hen's egg test on the chorioallantoic membrane (HETCAM)

<p>Abstract</p> <p>Background</p> <p>Antiseptics are frequently used for the prophylaxis and treatment of local infections of chronic wounds. Whereas local antiseptics in general have a positive effect on wound healing an uncritical use may impair wound healing due to toxic side effects.</p> <p>Objective</p> <p>We sought to assess the vascular irritation potential of different antiseptic solutions and ointments commonly used for short and long term application as a measure of tissue toxicity.</p> <p>Method</p> <p>The vascular irritation was evaluated by the hen's egg test (HET) on the chorioallantoic membrane (CAM). The effects on the vessels of a mucous membrane were directly assessed by stereomicroscopic observation in vivo.</p> <p>Results</p> <p>Severe CAM irritation was observed after short-term applications of 1% octenidin-2HCl (Octeni sept™), 72% isopropanol (Cutasept™), 0.35% chloroxylenol (Dettol™) and 10% PVP-I ointment (Betaisodona™). Medium irritations were observed for 10% PVP-I solution (Betaisodona™), 3% lysosomal PVP-I ointment (Repithel™), 1.8% cadexomer-iodine ointment (Iodosorb™) and 1% cadexomer-iodine pellets (Iodosorb™). Finally, slight irritations were observed for 1% PVP-I solution (Betaisodona™), 0.1% polyhexanid plus betain (Prontosan™) and 1% silver-sulfadiazine ointment (Flammazine™), whereas 0.04% polyhexanid solution (Lavanid™), washings from sterile maggots of Lucilia sericata and filtrated enzymes from Clostridium histolyticum (Iruxol-N™) showed no effects of irritation. In the long-term approaches, no vascular irritations were found for polyhexanid, washings from Lucilia sericata and enzyme filtrations from Clostridium histolyticum.</p> <p>Conclusion</p> <p>The vascular injuries caused by the studied antiseptics are an indirect indicator of their tissue toxicity. Strikingly, even therapeutic substances, which have been regarded as safe in their application for the treatment of chronic wounds in clinical studies, showed severe irritations on the CAM. We suggest that agents with no or low irritation potential on the CAM should be preferred in the clinical practice in order to obtain optimal results.</p

Correction to: EGFR/Ras-induced CCL20 production modulates the tumour microenvironment

The article ‘EGFR/Ras-induced CCL20 production modulates the tumour microenvironment’, written by Andreas Hippe, Stephan Alexander Braun, Péter Oláh, Peter Arne Gerber, Anne Schorr, Stephan Seeliger, Stephanie Holtz, Katharina Jannasch, Andor Pivarcsi, Bettina Buhren, Holger Schrumpf, Andreas Kislat, Erich Bünemann, Martin Steinhoff, Jens Fischer, Sérgio A. Lira, Petra Boukamp, Peter Hevezi, Nikolas Hendrik Stoecklein, Thomas Hoffmann, Frauke Alves, Jonathan Sleeman, Thomas Bauer, Jörg Klufa, Nicole Amberg, Maria Sibilia, Albert Zlotnik, Anja Müller- Homey and Bernhard Homey, was originally published electronically on the publisher’s internet portal on 30 June 2020 without open access. With the author(s)’ decision to opt for Open Choice the copyright of the article changed on 16 September 2021 to © The Author(s) 2021 and the article is forthwith distributed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/ licenses/by/4.0/. Open Access funding enabled and organized by Projekt DEAL

Chemokine ligand-receptor interactions critically regulate cutaneous wound healing

Background: Wound healing represents a dynamic process involving directional migration of different cell types. Chemokines, a family of chemoattractive proteins, have been suggested to be key players in cell-to-cell communication and essential for directed migration of structural cells. Today, the role of the chemokine network in cutaneous wound healing is not fully understood. Unraveling the chemokine-driven communication pathways in this complex process could possibly lead to new therapeutic strategies in wound healing disorders. Methods: We performed a systematic, comprehensive time-course analysis of the expression and function of a broad variety of cytokines, growth factors, adhesion molecules, matrixmetalloproteinases and chemokines in a murine cutaneous wound healing model. Results: Strikingly, chemokines were found to be among the most highly regulated genes and their expression was found to coincide with the expression of their matching receptors. Accordingly, we could show that resting and activated human primary keratinocytes (CCR3, CCR4, CCR6, CXCR1, CXCR3), dermal fibroblasts (CCR3, CCR4, CCR10) and dermal microvascular endothelial cells (CCR3, CCR4, CCR6, CCR8, CCR9, CCR10, CXCR1, CXCR2, CXCR3) express a distinct and functionally active repertoire of chemokine receptors. Furthermore, chemokine ligand-receptor interactions markedly improved the wound repair of structural skin cells in vitro. Conclusion: Taken together, we here present the most comprehensive analysis of mediators critically involved in acute cutaneous wound healing. Our findings suggest therapeutic approaches for the management of wound closure by targeting the chemokine network