faulTPM: Exposing AMD fTPMs' Deepest Secrets

Trusted Platform Modules constitute an integral building block of modern security features. Moreover, as Windows 11 made a TPM 2.0 mandatory, they are subject to an ever-increasing academic challenge. While discrete TPMs - as found in higher-end systems - have been susceptible to attacks on their exposed communication interface, more common firmware TPMs (fTPMs) are immune to this attack vector as they do not communicate with the CPU via an exposed bus. In this paper, we analyze a new class of attacks against fTPMs: Attacking their Trusted Execution Environment can lead to a full TPM state compromise. We experimentally verify this attack by compromising the AMD Secure Processor, which constitutes the TEE for AMD's fTPMs. In contrast to previous dTPM sniffing attacks, this vulnerability exposes the complete internal TPM state of the fTPM. It allows us to extract any cryptographic material stored or sealed by the fTPM regardless of authentication mechanisms such as Platform Configuration Register validation or passphrases with anti-hammering protection. First, we demonstrate the impact of our findings by - to the best of our knowledge - enabling the first attack against Full Disk Encryption solutions backed by an fTPM. Furthermore, we lay out how any application relying solely on the security properties of the TPM - like Bitlocker's TPM- only protector - can be defeated by an attacker with 2-3 hours of physical access to the target device. Lastly, we analyze the impact of our attack on FDE solutions protected by a TPM and PIN strategy. While a naive implementation also leaves the disk completely unprotected, we find that BitLocker's FDE implementation withholds some protection depending on the complexity of the used PIN. Our results show that when an fTPM's internal state is compromised, a TPM and PIN strategy for FDE is less secure than TPM-less protection with a reasonable passphrase.Comment: *Both authors contributed equally. We publish all code necessary to mount the attack under https://github.com/PSPReverse/ftpm_attack. The repository further includes several intermediate results, e.g., flash memory dumps, to retrace the attack process without possessing the target boards and required hardware tool

EM-Fault It Yourself: Building a Replicable EMFI Setup for Desktop and Server Hardware

EMFI has become a popular fault injection (FI) technique due to its ability to inject faults precisely considering timing and location. Recently, ARM, RISC-V, and even x86 processing units in different packages were shown to be vulnerable to electromagnetic fault injection (EMFI) attacks. However, past publications lack a detailed description of the entire attack setup, hindering researchers and companies from easily replicating the presented attacks on their devices. In this work, we first show how to build an automated EMFI setup with high scanning resolution and good repeatability that is large enough to attack modern desktop and server CPUs. We structurally lay out all details on mechanics, hardware, and software along with this paper. Second, we use our setup to attack a deeply embedded security co-processor in modern AMD systems on a chip (SoCs), the AMD Secure Processor (AMD-SP). Using a previously published code execution exploit, we run two custom payloads on the AMD-SP that utilize the SoC to different degrees. We then visualize these fault locations on SoC photographs allowing us to reason about the SoC's components under attack. Finally, we show that the signature verification process of one of the first executed firmware parts is susceptible to EMFI attacks, undermining the security architecture of the entire SoC. To the best of our knowledge, this is the first reported EMFI attack against an AMD desktop CPU.Comment: This is the authors' version of the article accepted for publication at IEEE International Conference on Physical Assurance and Inspection of Electronics (PAINE 2022

Chemokine ligand-receptor interactions critically regulate cutaneous wound healing

Background: Wound healing represents a dynamic process involving directional migration of different cell types. Chemokines, a family of chemoattractive proteins, have been suggested to be key players in cell-to-cell communication and essential for directed migration of structural cells. Today, the role of the chemokine network in cutaneous wound healing is not fully understood. Unraveling the chemokine-driven communication pathways in this complex process could possibly lead to new therapeutic strategies in wound healing disorders. Methods: We performed a systematic, comprehensive time-course analysis of the expression and function of a broad variety of cytokines, growth factors, adhesion molecules, matrixmetalloproteinases and chemokines in a murine cutaneous wound healing model. Results: Strikingly, chemokines were found to be among the most highly regulated genes and their expression was found to coincide with the expression of their matching receptors. Accordingly, we could show that resting and activated human primary keratinocytes (CCR3, CCR4, CCR6, CXCR1, CXCR3), dermal fibroblasts (CCR3, CCR4, CCR10) and dermal microvascular endothelial cells (CCR3, CCR4, CCR6, CCR8, CCR9, CCR10, CXCR1, CXCR2, CXCR3) express a distinct and functionally active repertoire of chemokine receptors. Furthermore, chemokine ligand-receptor interactions markedly improved the wound repair of structural skin cells in vitro. Conclusion: Taken together, we here present the most comprehensive analysis of mediators critically involved in acute cutaneous wound healing. Our findings suggest therapeutic approaches for the management of wound closure by targeting the chemokine network

A genome-wide association study of anorexia nervosa

Anorexia nervosa (AN) is a complex and heritable eating disorder characterized by dangerously low body weight. Neither candidate gene studies nor an initial genome wide association study (GWAS) have yielded significant and replicated results. We performed a GWAS in 2,907 cases with AN from 14 countries (15 sites) and 14,860 ancestrally matched controls as part of the Genetic Consortium for AN (GCAN) and the Wellcome Trust Case Control Consortium 3 (WTCCC3). Individual association analyses were conducted in each stratum and meta-analyzed across all 15 discovery datasets. Seventy-six (72 independent) SNPs were taken forward for in silico (two datasets) or de novo (13 datasets) replication genotyping in 2,677 independent AN cases and 8,629 European ancestry controls along with 458 AN cases and 421 controls from Japan. The final global meta-analysis across discovery and replication datasets comprised 5,551 AN cases and 21,080 controls. AN subtype analyses (1,606 AN restricting; 1,445 AN binge-purge) were performed. No findings reached genome-wide significance. Two intronic variants were suggestively associated: rs9839776 (P=3.01×10−7) in SOX2OT and rs17030795 (P=5.84×10−6) in PPP3CA. Two additional signals were specific to Europeans: rs1523921 (P=5.76×10−6) between CUL3 and FAM124B and rs1886797 (P=8.05×10−6) near SPATA13. Comparing discovery to replication results, 76% of the effects were in the same direction, an observation highly unlikely to be due to chance (P= 4×10−6), strongly suggesting that true findings exist but that our sample, the largest yet reported, was underpowered for their detection. The accrual of large genotyped AN case-control samples should be an immediate priority for the field

Resourcenkontroll-Angriffe auf verschlüsselte virtuelle Maschinen

The rise of cloud computing as the standard deployment model for internet-based applications introduced new risks for confidential data processed in the cloud. The cloud provider has full access to all applications that use its infrastructure; hence, it is necessary to fully trust the cloud provider and its security measures. The AMD Secure Encrypted Virtualization (SEV) technology is the first commercially available technology aiming to protect complete virtual machines from adversaries with higher privileges such as cloud providers. With SEV, a virtual machine’s memory and, optionally, its register content is encrypted with a key not accessible to the higher-privileged hypervisor, thereby removing the cloud provider from the trusted computing base of the virtual machine. However, the higher-privileged hypervisor is still responsible for managing the resources of a virtual machine, such as the memory and CPU time. Furthermore, the cloud provider has full access to the physical systems that host the virtual machines. This dissertation presents an extensive security analysis of the SEV technologies to assess their security properties when faced with a higher-privileged adversary. We analyze whether a cloud provider’s control over a virtual machine’s resources is an enabler for attacks against SEV-protected virtual machines. First, we analyze SEV’s runtime protection of virtual machines by implementing proof-of-concept attacks against SEV-protected virtual machines. We show that we can break SEV’s security properties by manipulating the virtual machine’s register content. The exposed register state allows a higher-privileged adversary to decrypt a virtual machine’s memory. Furthermore, we show that we can leverage the hypervisor’s control over a virtual machine’s memory layout to replay authentication states of SSH connections and thereby getting access to the victim virtual machine. Next, we analyze SEV’s remote attestation feature that allows customers of cloud systems to validate the correct deployment of their virtual machines. We implement attacks against the AMD Secure Processor, a crucial component in the SEV ecosystem. The AMD Secure Processor is responsible for hosting a firmware component that implements the SEV remote attestation protocol. We show how an adversary can use firmware issues to gain access to critical endorsement keys that enable the adversary to pose as a valid SEV migration target or decrypt a virtual machine’s memory. Finally, we analyze the susceptibility of the SEV technologies towards physical attacks. We present a voltage glitching attack that allows an attacker to execute custom payloads on the AMD Secure Processor. Our voltage fault injection attack enables an adversary with physical access, e.g., a cloud provider’s administrator, to extract SEV endorsement keys and directly access a virtual machine’s memory. With our findings, we prove that SEV cannot adequately protect confidential data in cloud environments from insider attackers, such as rogue administrators in its current state. Our results pave the way for improvements for future SEV generations and related technologies.Der Aufstieg des Cloud Computings zum Standardmodell für internetbasierte Anwendungen hat neue Risiken für vertrauliche Daten, die in der Cloud verarbeitet werden, mit sich gebracht. Der Cloud-Anbieter hat vollen Zugriff auf alle Anwendungen, die seine Infrastruktur nutzen; daher ist es notwendig, dem Cloud-Anbieter und seinen Sicherheitsmaßnahmen voll zu vertrauen. Die AMD Secure Encrypted Virtualization (SEV) Technologie ist die erste kommerziell verfügbare Technologie, die darauf abzielt, komplette virtuelle Maschinen vor Angreifern mit höheren Privilegien zu schützen. Mit SEV werden der Speicher einer virtuellen Maschine und optional ihr Registerinhalt mit einem Schlüssel verschlüsselt, auf den der Hypervisor mit höheren Privilegien keinen Zugriff hat, wodurch der Cloud-Anbieter aus der Trusted Computing Base der virtuellen Maschine entfernt wird. Der Hypervisor ist jedoch nach wie vor für die Verwaltung der Ressourcen einer virtuellen Maschine, z. B. Arbeitsspeicher und CPU-Zeit, zuständig. Außerdem hat der Cloud-Anbieter vollen Zugriff auf die physischen Systeme, die die virtuellen Maschinen hosten. In dieser Dissertation wird eine umfassende Sicherheitsanalyse der SEV-Technologien durchgeführt, um ihre Sicherheitseigenschaften gegenüber Angreifern mit höheren Privilegien zu bewerten. Wir analysieren, ob die Kontrolle eines Cloud-Anbieters über die Ressourcen einer virtuellen Maschine Angriffe auf SEV-geschützte virtuelle Maschinen ermöglicht. Zunächst analysieren wir den SEV-Laufzeitschutz virtueller Maschinen durch die Implementierung von Proof-of-Concept-Angriffen auf SEV-geschützte virtuelle Maschinen. Wir zeigen, dass wir die Sicherheitseigenschaften von SEV brechen können, indem wir den Registerinhalt der virtuellen Maschine manipulieren. Der offengelegte Registerinhalt ermöglicht es einem Angreifer mit höheren Privilegien, den Speicher einer virtuellen Maschine Kontrolle des Hypervisors über das Speicherlayout einer virtuellen Maschine ausnutzen können, um den Authentifizierungsstatus von SSH-Verbindungen wieder einzuspielen und so Zugriff auf die virtuelle Maschine zu erhalten. Als nächstes analysieren wir den SEV Remote Attestation Mechanismus, der es Kunden von Cloud-Systemen ermöglicht, die korrekte Bereitstellung ihrer virtuellen Maschinen zu überprüfen. Wir implementieren Angriffe auf den AMD Secure Processor, eine wichtige Komponente im SEV-Ökosystem. Der AMD Secure Processor ist für das Hosting einer Firmware-Komponente verantwortlich, die das SEV-Protokoll für die Remote Attestation implementiert. Wir zeigen, wie ein Angreifer Firmware-Probleme nutzen kann, um Zugang zu kritischen Endorsement-Schlüsseln zu erhalten, die es dem Angreifer ermöglichen, sich als gültiges SEV-Migrationsziel auszugeben, oder den Speicher einer virtuellen Maschine zu entschlüsseln. Schließlich analysieren wir die Anfälligkeit der SEV-Technologien für physische Angriffe. Wir präsentieren einen Angriff durch Voltage Fault Injection, der es einem Angreifer ermöglicht, benutzerdefinierte Nutzdaten auf dem AMD Secure Processor auszuführen. Unser Voltage Fault Injection-Angriff ermöglicht es einem Angreifer mit physischem Zugriff, z. B. dem Administrator eines Cloud-Anbieters, SEV Endorsement-Schlüssel zu extrahieren und direkt auf den Speicher einer virtuellen Maschine zuzugreifen. Mit unseren Ergebnissen beweisen wir, dass SEV in seinem derzeitigen Zustand vertrauliche Daten in Cloud-Umgebungen nicht ausreichend vor Insider-Angreifern, wie z. B. System Administratoren, schützen kann. Unsere Ergebnisse ebnen den Weg für Verbesserungen für Zukünftige SEV-Generationen und verwandte Technologien

Chemokine ligand-receptor interactions critically regulate cutaneous wound healing.

BackgroundWound healing represents a dynamic process involving directional migration of different cell types. Chemokines, a family of chemoattractive proteins, have been suggested to be key players in cell-to-cell communication and essential for directed migration of structural cells. Today, the role of the chemokine network in cutaneous wound healing is not fully understood. Unraveling the chemokine-driven communication pathways in this complex process could possibly lead to new therapeutic strategies in wound healing disorders.MethodsWe performed a systematic, comprehensive time-course analysis of the expression and function of a broad variety of cytokines, growth factors, adhesion molecules, matrixmetalloproteinases and chemokines in a murine cutaneous wound healing model.ResultsStrikingly, chemokines were found to be among the most highly regulated genes and their expression was found to coincide with the expression of their matching receptors. Accordingly, we could show that resting and activated human primary keratinocytes (CCR3, CCR4, CCR6, CXCR1, CXCR3), dermal fibroblasts (CCR3, CCR4, CCR10) and dermal microvascular endothelial cells (CCR3, CCR4, CCR6, CCR8, CCR9, CCR10, CXCR1, CXCR2, CXCR3) express a distinct and functionally active repertoire of chemokine receptors. Furthermore, chemokine ligand-receptor interactions markedly improved the wound repair of structural skin cells in vitro.ConclusionTaken together, we here present the most comprehensive analysis of mediators critically involved in acute cutaneous wound healing. Our findings suggest therapeutic approaches for the management of wound closure by targeting the chemokine network

MOESM2 of Chemokine ligand–receptor interactions critically regulate cutaneous wound healing

Additional file 2: Figure S2. Human primary dermal fibroblasts expressing CCR3, CCR4 and CCR10 on their surface. Flow cytometric analysis of chemokine receptor repertoire in cultured human primary dermal fibroblasts. Representative results from one of at least three different donors

Medulloblastoma can be initiated by deletion of Patched in lineage-restricted progenitors or stem cells

Medulloblastoma is the most common malignant brain tumor in children, but the cells from which it arises remain unclear. Here we examine the origin of medulloblastoma resulting from mutations in the Sonic hedgehog (Shh) pathway. We show that activation of Shh signaling in neuronal progenitors causes medulloblastoma by 3 months of age. Shh pathway activation in stem cells promotes stem cell proliferation but only causes tumors after commitment to-and expansion of-the neuronal lineage. Notably, tumors initiated in stem cells develop more rapidly than those initiated in progenitors, with all animals succumbing by 3-4 weeks. These studies suggest that medulloblastoma can be initiated in progenitors or stem cells but that Shh-induced tumorigenesis is associated with neuronal lineage commitment