Aħjar għasfur f’idi...

Ġabra ta’ poeżiji u proża li tinkludi: Ftit biss! ta’ Alfred Degabriele – Lil Ninu Cremona ta’ Alfred M. Previ – Lil Ninu Cremona żagħżugħ ta’ 85 ta’ Ġużè Cardona – Triq imdawla! ta’ Alfred Degabriele – Aħjar għasfur f’idi... ta’ Vic. Apap.peer-reviewe

On the Gold Standard for Security of Universal Steganography

While symmetric-key steganography is quite well understood both in the information-theoretic and in the computational setting, many fundamental questions about its public-key counterpart resist persistent attempts to solve them. The computational model for public-key steganography was proposed by von Ahn and Hopper in EUROCRYPT 2004. At TCC 2005, Backes and Cachin gave the first universal public-key stegosystem - i.e. one that works on all channels - achieving security against replayable chosen-covertext attacks (SS-RCCA) and asked whether security against non-replayable chosen-covertext attacks (SS-CCA) is achievable. Later, Hopper (ICALP 2005) provided such a stegosystem for every efficiently sampleable channel, but did not achieve universality. He posed the question whether universality and SS-CCA-security can be achieved simultaneously. No progress on this question has been achieved since more than a decade. In our work we solve Hopper's problem in a somehow complete manner: As our main positive result we design an SS-CCA-secure stegosystem that works for every memoryless channel. On the other hand, we prove that this result is the best possible in the context of universal steganography. We provide a family of 0-memoryless channels - where the already sent documents have only marginal influence on the current distribution - and prove that no SS-CCA-secure steganography for this family exists in the standard non-look-ahead model.Comment: EUROCRYPT 2018, llncs styl

Subverting Decryption in AEAD

This work introduces a new class of Algorithm Substitution Attack (ASA) on Symmetric Encryption Schemes. ASAs were introduced by Bellare, Paterson and Rogaway in light of revelations concerning mass surveillance. An ASA replaces an encryption scheme with a subverted version that aims to reveal information to an adversary engaged in mass surveillance, while remaining undetected by users. Previous work posited that a particular class of AEAD scheme (satisfying certain correctness and uniqueness properties) is resilient against subversion. Many if not all real-world constructions – such as GCM, CCM and OCB – are members of this class. Our results stand in opposition to those prior results. We present a potent ASA that generically applies to any AEAD scheme, is undetectable in all previous frameworks and which achieves successful exfiltration of user keys. We give even more efficient non-generic attacks against a selection of AEAD implementations that are most used in practice. In contrast to prior work, our new class of attack targets the decryption algorithm rather than encryption. We argue that this attack represents an attractive opportunity for a mass surveillance adversary. Our work serves to refine the ASA model and contributes to a series of papers that raises awareness and understanding about what is possible with ASAs

Security in the Presence of Key Reuse: Context-Separable Interfaces and their Applications

Key separation is often difficult to enforce in practice. While key reuse can be catastrophic for security, we know of a number of cryptographic schemes for which it is provably safe. But existing formal models, such as the notions of joint security (Haber-Pinkas, CCS ’01) and agility (Acar et al., EUROCRYPT ’10), do not address the full range of key-reuse attacks—in particular, those that break the abstraction of the scheme, or exploit protocol interactions at a higher level of abstraction. This work attends to these vectors by focusing on two key elements: the game that codifies the scheme under attack, as well as its intended adversarial model; and the underlying interface that exposes secret key operations for use by the game. Our main security experiment considers the implications of using an interface (in practice, the API of a software library or a hardware platform such as TPM) to realize the scheme specified by the game when the interface is shared with other unspecified, insecure, or even malicious applications. After building up a definitional framework, we apply it to the analysis of two real-world schemes: the EdDSA signature algorithm and the Noise protocol framework. Both provide some degree of context separability, a design pattern for interfaces and their applications that aids in the deployment of secure protocols

Cryptanalysis of GlobalPlatform Secure Channel Protocols

GlobalPlatform (GP) card specifications are the de facto standards for the industry of smart cards. Being highly sensitive, GP specifications were defined regarding stringent security requirements. In this paper, we analyze the cryptographic core of these requirements; i.e. the family of Secure Channel Protocols (SCP). Our main results are twofold. First, we demonstrate a theoretical attack against SCP02, which is the most popular protocol in the SCP family. We discuss the scope of our attack by presenting an actual scenario in which a malicious entity can exploit it in order to recover encrypted messages. Second, we investigate the security of SCP03 that was introduced as an amendment in 2009. We find that it provably satisfies strong notions of security. Of particular interest, we prove that SCP03 withstands algorithm substitution attacks (ASAs) defined by Bellare et al. that may lead to secret mass surveillance. Our findings highlight the great value of the paradigm of provable security for standards and certification, since unlike extensive evaluation, it formally guarantees the absence of security flaws

Cliptography: Clipping the Power of Kleptographic Attacks

Kleptography, introduced 20 years ago by Young and Yung [Crypto ’96], considers the (in)security of malicious implementations (or instantiations) of standard cryptographic prim- itives that embed a “backdoor” into the system. Remarkably, crippling subliminal attacks are possible even if the subverted cryptosystem produces output indistinguishable from a truly secure “reference implementation.” Bellare, Paterson, and Rogaway [Crypto ’14] recently initiated a formal study of such attacks on symmetric key encryption algorithms, demonstrating a kleptographic attack can be mounted in broad generality against randomized components of cryptographic systems. We enlarge the scope of current work on the problem by permitting adversarial subversion of (randomized) key generation; in particular, we initiate the study of cryptography in the complete subversion model, where all relevant cryptographic primitives are subject to kleptographic attacks. We construct secure one-way permutations and trapdoor one-way permutations in this “complete subversion” model, describing a general, rigorous immunization strategy to clip the power of kleptographic subversions. Our strategy can be viewed as a formal treatment of the folklore “nothing up my sleeve” wisdom in cryptographic practice. We also describe a related “split program” model that can directly inform practical deployment. We additionally apply our general immunization strategy to directly yield a backdoor-free PRG. This notably amplifies previous results of Dodis, Ganesh, Golovnev, Juels, and Ristenpart [Eurocrypt ’15], which require an honestly generated random key. We then examine two standard applications of (trapdoor) one-way permutations in this complete subversion model and construct “higher level” primitives via black-box reductions. We showcase a digital signature scheme that preserves existential unforgeability when all algorithms (including key generation, which was not considered to be under attack before) are subject to kleptographic attacks. Additionally, we demonstrate that the classic Blum– Micali pseudorandom generator (PRG), using an “immunized” one-way permutation, yields a backdoor-free PRG. Alongside development of these secure primitives, we set down a hierarchy of kleptographic attack models which we use to organize past results and our new contributions; this taxonomy may be valuable for future work

Subvert KEM to Break DEM: Practical Algorithm-Substitution Attacks on Public-Key Encryption

Motivated by the currently widespread concern about mass surveillance of encrypted communications, Bellare \emph{et al.} introduced at CRYPTO 2014 the notion of Algorithm-Substitution Attack (ASA) where the legitimate encryption algorithm is replaced by a subverted one that aims to undetectably exfiltrate the secret key via ciphertexts. Practically implementable ASAs on various cryptographic primitives (Bellare \emph{et al.}, CRYPTO\u2714 \& ACM CCS\u2715; Ateniese \emph{et al.}, ACM CCS\u2715; Berndt and Liśkiewicz, ACM CCS\u2717) have been constructed and analyzed, leaking the secret key successfully. Nevertheless, in spite of much progress, the practical impact of ASAs (formulated originally for symmetric key cryptography) on public-key (PKE) encryption operations remains unclear, primarily since the encryption operation of PKE does not involve the secret key, and also previously known ASAs become relatively inefficient for leaking the plaintext due to the logarithmic upper bound of exfiltration rate (Berndt and Liśkiewicz, ACM CCS\u2717). In this work, we formulate a practical ASA on PKE encryption algorithm which, perhaps surprisingly, turns out to be much more efficient and robust than existing ones, showing that ASAs on PKE schemes are far more effective and dangerous than previously believed. We mainly target PKE of hybrid encryption which is the most prevalent way to employ PKE in the literature and in practice. The main strategy of our ASA is to subvert the underlying key encapsulation mechanism (KEM) so that the session key encapsulated could be efficiently extracted, which, in turn, breaks the data encapsulation mechanism (DEM) enabling us to learn the plaintext itself. Concretely, our non-black-box yet quite general attack enables recovering the plaintext from only two successive ciphertexts and minimally depends on a short state of previous internal randomness. A widely used class of KEMs is shown to be subvertible by our powerful attack. Our attack relies on a novel identification and formalization of certain properties that yield practical ASAs on KEMs. More broadly, it points at and may shed some light on exploring structural weaknesses of other ``composed cryptographic primitives,\u27\u27 which may make them susceptible to more dangerous ASAs with effectiveness that surpasses the known logarithmic upper bound (i.e., reviewing composition as an attack enabler)

Humour processing in frontotemporal lobar degeneration: A behavioural and neuroanatomical analysis.

Humour is a complex cognitive and emotional construct that is vulnerable in neurodegenerative diseases, notably the frontotemporal lobar degenerations. However, humour processing in these diseases has been little studied. Here we assessed humour processing in patients with behavioural variant frontotemporal dementia (n = 22, mean age 67 years, four female) and semantic dementia (n = 11, mean age 67 years, five female) relative to healthy individuals (n = 21, mean age 66 years, 11 female), using a joint cognitive and neuroanatomical approach. We created a novel neuropsychological test requiring a decision about the humorous intent of nonverbal cartoons, in which we manipulated orthogonally humour content and familiarity of depicted scenarios. Structural neuroanatomical correlates of humour detection were assessed using voxel-based morphometry. Assessing performance in a signal detection framework and after adjusting for standard measures of cognitive function, both patient groups showed impaired accuracy of humour detection in familiar and novel scenarios relative to healthy older controls (p < .001). Patient groups showed similar overall performance profiles; however the behavioural variant frontotemporal dementia group alone showed a significant advantage for detection of humour in familiar relative to novel scenarios (p = .045), suggesting that the behavioural variant syndrome may lead to particular difficulty decoding novel situations for humour, while semantic dementia produces a more general deficit of humour detection that extends to stock comedic situations. Humour detection accuracy was associated with grey matter volume in a distributed network including temporo-parietal junctional and anterior superior temporal cortices, with predominantly left-sided correlates of processing humour in familiar scenarios and right-sided correlates of processing novel humour. The findings quantify deficits of core cognitive operations underpinning humour processing in frontotemporal lobar degenerations and suggest a candidate brain substrate in cortical hub regions processing incongruity and semantic associations. Humour is a promising candidate tool with which to assess complex social signal processing in neurodegenerative disease

Comparative physiology of Australian quolls (Dasyurus; Marsupialia)

Quolls (Dasyurus) are medium-sized carnivorous dasyurid marsupials. Tiger (3,840 g) and eastern quolls (780 g) are mesic zone species, northern quolls (516 g) are tropical zone, and chuditch (1,385 g) were once widespread through the Australian arid zone. We found that standard physiological variables of these quolls are consistent with allometric expectations for marsupials. Nevertheless, inter-specific patterns amongst the quolls are consistent with their different environments. The lower T ^sub b^ of northern quolls (34°C) may provide scope for adaptive hyperthermia in the tropics, and they use torpor for energy/water conservation, whereas the larger mesic species (eastern and tiger quolls) do not appear to. Thermolability varied from little in eastern (0.035°C °C^sup -1^) and tiger quolls (0.051°C ºC^sup -1^) to substantial in northern quolls (0.100°C ºC^sup -1^) and chuditch (0.146°C ºC^sup -1^), reflecting body mass and environment. Basal metabolic rate was higher for eastern quolls (0.662 ± 0.033 ml O^sub 2^ g^sup -1^ h^sup -1^), presumably reflecting their naturally cool environment. Respiratory ventilation closely matched metabolic demand, except at high ambient temperatures where quolls hyperventilated to facilitate evaporative heat loss; tiger and eastern quolls also salivated. A higher evaporative water loss for eastern quolls (1.43 ± 0.212 mg H^sub 2^O g^sup -1^ h^sup -1^) presumably reflects their more mesic distribution. The point of relative water economy was low for tiger (-1.3°C), eastern (-12.5°C) and northern (+3.3) quolls, and highest for the chuditch (+22.6°C). We suggest that these differences in water economy reflect lower expired air temperatures and hence lower respiratory evaporative water loss for the arid-zone chuditch relative to tropical and mesic quolls

Kualitas Hidup Pasien Diabetes Melitus Tipe 2 di Puskesmas Se Kota Kupang

Diabetes Mellitus is well known as a chronic disease which can lead to a decrease in quality of life in all domains. The study aims to explore the diabetic type 2 patient\u27s quality of life and find out the factors affecting in type 2 diabetic mellitus patients. The cross-sectional study design is used that included 65 patient with type 2 diabetes mellitus, in 11 public health centers of Kupang City. Data were collected by using Short Form Survey (SF-36) that assessed 8-scale health profile. Independent sample t-test is used to analyze the correlation between the factors affecting and the quality of life. the study showed that the QoL of DM patients decreased in all 8- health profile including physical functioning, social functioning, mental health, general health, pain, change in the role due to physical problems and emotional problems. The Study also showed there was a relationship between gender, duration of suffering from Diabetes mellitus, and complications to the quality of life. Male perceived a better quality of life than female