Evaluierung von Risikofaktoren für das Auftreten von Früh- und Spätrezidiven des hepatozellulären Karzinoms nach einer Lebertransplantation

Einleitung: Das hepatozelluläre Karzinom (HCC) stellt weltweit einen häufigen Tumor mit einer hohen Mortalitätsrate und zunehmender Inzidenz dar. Als potentiell kurative Therapie steht unter anderem die Lebertransplantation zur Verfügung. Wird bei Diagnose eines HCCs eine Lebertransplantation durchgeführt und es tritt in weiterer Folge ein Rezidiv des Tumors auf, so ist die Prognose äußerst ungünstig. Mit einer besonders schlechten prognostischen Bedeutung ist dabei das Frührezidiv assoziiert. Um ein langes rezidivfreies Überleben nach einer Lebertransplantation sicherzustellen und um optimale Therapieentscheidungen prä- und postoperativ zu treffen, ist es wichtig, Faktoren zu identifizieren, die den Rezidivauftritt, insbesondere den des Frührezidivs, begünstigen. Methodik: Von 1989 bis 2015 wurden 487 HCC-Patienten der Chirurgischen Klinik, Campus Charité Mitte und Campus Virchow Klinikum, der Medizinischen Fakultät Charité Universitätsmedizin Berlin bei Diagnose eines HCCs lebertransplantiert und bis Mai 2016 nachbeobachtet. 444 der Patienten konnten in die vorliegende Studie eingeschlossen werden. Die Patienten wurden in zwei Gruppen eingeteilt: Patienten, bei denen kein Rezidiv aufgetreten ist, und Patienten, bei denen es zu einem Rezidivauftritt kam. Die Rezidivgruppe wurde anschließend unterteilt in Patienten, die ein Frührezidiv entwickelt haben (unter zwei Jahren), und Patienten, die ein Spätrezidiv entwickelt haben (nach zwei Jahren). Es wurden klinisch- pathologische Eigenschaften dieser Gruppen untersucht und verglichen. Ergebnisse: Von den 444 Patienten entwickelten 95 (21,4%) ein Rezidiv, wobei dieses in 64 Fällen (14,4%) als Frührezidiv zu klassifizieren war. Patienten mit einem Frührezidiv hatten eine 1-3-5-Jahresüberlebensrate von 75,0%-18,3%-6,7%, Patienten mit einem Spätrezidiv haben eine 1-3-5-Jahresüberlebensrate von 100%-100%-77,4%. In der multivariaten Analyse konnte ein Alpha-Fetoprotein-Wert (AFP), der präoperativ über 400ng/ml lag, mit p=0,037 sowie eine makrovaskuläre Invasion des Tumors mit p=0,044 als unabhängiger Risikofaktor für das Auftreten eines Frührezidivs identifiziert werden. 8 Schlussfolgerung: Vor allem im Hinblick auf den schlechten Outcome von früh aufgetretenen Rezidiven innerhalb der ersten zwei Jahre nach Lebertransplantation ist zu überlegen eine individuelle Tumornachsorge in Form von engerer bildmorphologischer Überwachung und Tumormarkererhebung durchzuführen. Dies sollte vor allem bei Patienten mit hohen präoperativen AFP-Werten und einer postoperativ diagnostizierten makrovaskulären Invasion in Erwägung gezogen werden.Introduction: Hepatocellular carcinoma (HCC) is among the most common types of cancer with a high mortality rate and an increasing incidence. Among others, liver transplantation is available as a potentially curative therapy. While tumor recurrence is typically associated with poorer prognosis, post- liver transplant patients with early recurrences have, unfortunately, an even lower prognosis rate. Identifying factors that promote recurrence, especially early recurrence, it is imperative to make optimal treatment decisions pre- and postoperatively. Methods: A retrospective evaluation of clinical and histological data of 487 patients, who underwent liver transplantation for HCC between 1989 and 2015 was performed. Based on inclusion- and exclusion criteria, 444 of the 487 patients were included in the current study. The patients were divided into two groups: patients who did and did not develop disease recurrence. The recurrence group was then subdivided into patients who developed early recurrence (within two years) and patients who developed a late recurrence (after two years). Clinical and histological parameters of these groups were investigated and compared. Results: Of the 444 patients, 95 (21.4%) developed recurrences, whereas in 64 cases (14.4%) this was classified as early recurrences. Patients with an early recurrence had survival rates at 1-, 3- and 5-years of 75%-18%-6.7%, respectively. In the late recurrence group, survival rates at 1-, 3-, and 5- years were 100%-100%- 77.4%, respectively. In multivariate analysis, Alpha-fetoprotein values (AFP) preoperatively higher than 400ng/ml (p=0.037), and a macrovascular infiltration (p=0.044) could be identified as an independent risk factor for the manifestation of early recurrence. Conclusion: In view of the poor outcome of early recurrences after liver transplantation, it is to be considered that patients with high preoperative AFP values and macrovascular infiltration, would benefit of an individualized postoperative tumor surveillance

Efficient Pairings and ECC for Embedded Systems

The research on pairing-based cryptography brought forth a wide range of protocols interesting for future embedded applications. One significant obstacle for the widespread deployment of pairing-based cryptography are its tremendous hardware and software requirements. In this paper we present three side-channel protected hardware/software designs for pairing-based cryptography yet small and practically fast: our plain ARM Cortex-M0+-based design computes a pairing in less than one second. The utilization of a multiply-accumulate instruction-set extension or a light-weight drop-in hardware accelerator that is placed between CPU and data memory improves runtime up to six times. With a 10.1 kGE large drop-in module and a 49 kGE large platform, our design is one of the smallest pairing designs available. Its very practical runtime of 162 ms for one pairing on a 254-bit BN curve and its reusability for other elliptic-curve based crypto systems offer a great solution for every microprocessor-based embedded application

Exploiting the Physical Disparity: Side-Channel Attacks on Memory Encryption

Memory and disk encryption is a common measure to protect sensitive information in memory from adversaries with physical access. However, physical access also comes with the risk of physical attacks. As these may pose a threat to memory confidentiality, this paper investigates contemporary memory and disk encryption schemes and their implementations with respect to Differential Power Analysis (DPA) and Differential Fault Analysis (DFA). It shows that DPA and DFA recover the keys of all the investigated schemes, including the tweakable block ciphers XEX and XTS. This paper also verifies the feasibility of such attacks in practice. Using the EM side channel, a DPA on the disk encryption employed within the ext4 file system is shown to reveal the used master key on a Zynq Z-7010 system on chip. The results suggest that memory and disk encryption secure against physical attackers is at least four times more expensive

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption

Differential power analysis (DPA) is a powerful tool to extract the key of a cryptographic implementation from observing its power consumption during the en-/decryption of many different inputs. Therefore, cryptographic schemes based on frequent re-keying such as leakage-resilient encryption aim to inherently prevent DPA on the secret key by limiting the amount of data being processed under one key. However, the original asset of encryption, namely the plaintext, is disregarded. This paper builds on this observation and shows that the re-keying countermeasure does not only protect the secret key, but also induces another DPA vulnerability that allows for plaintext recovery. Namely, the frequent re-keying in leakage-resilient streaming modes causes constant plaintexts to be attackable through first-order DPA. Similarly, constant plaintexts can be revealed from re-keyed block ciphers using templates in a second-order DPA. Such plaintext recovery is particularly critical whenever long-term key material is encrypted and thus leaked. Besides leakage-resilient encryption, the presented attacks are also relevant for a wide range of other applications in practice that implicitly use re-keying, such as multi-party communication and memory encryption with random initialization for the key. Practical evaluations on both an FPGA and a microcontroller support the feasibility of the attacks and thus suggest the use of cryptographic implementations protected by mechanisms like masking in scenarios that require data encryption with multiple keys

Adding Controllable Linkability to Pairing-Based Group Signatures For Free

Group signatures, which allow users of a group to anonymously produce signatures on behalf of the group, are an important cryptographic primitive for privacy-enhancing applications. Over the years, various approaches to enhanced anonymity management mechanisms, which extend the standard feature of opening of group signatures, have been proposed. In this paper we show how pairing-based group signature schemes (PB-GSSs) following the sign-and-encrypt-and-prove (SEP) paradigm that are secure in the BSZ model can be generically transformed in order to support one particular enhanced anonymity management mechanism, i.e., we propose a transformation that turns every such PB-GSS into a PB-GSS with controllable linkability. Basically, this transformation replaces the public key encryption scheme used for identity escrow within a group signature scheme with a modified all-or-nothing public key encryption with equality tests scheme (denoted AoN-PKEET$^*$) instantiated from the respective public key encryption scheme. Thereby, the respective trapdoor is given to the linking authority as a linking key. The appealing benefit of this approach in contrast to other anonymity management mechanisms (such as those provided by traceable signatures) is that controllable linkability can be added to PB-GSSs based on the SEP paradigm for free, i.e., it neither influences the signature size nor the computational costs for signers and verifiers in comparison to the scheme without this feature

Securing Memory Encryption and Authentication Against Side-Channel Attacks Using Unprotected Primitives

Memory encryption is used in many devices to protect memory content from attackers with physical access to a device. However, many current memory encryption schemes can be broken using Differential Power Analysis (DPA). In this work, we present MEAS---the first Memory Encryption and Authentication Scheme providing security against DPA attacks. The scheme combines ideas from fresh re-keying and authentication trees by storing encryption keys in a tree structure to thwart first-order DPA without the need for DPA-protected cryptographic primitives. Therefore, the design strictly limits the use of every key to encrypt at most two different plaintext values. MEAS prevents higher-order DPA without changes to the cipher implementation by using masking of the plaintext values. MEAS is applicable to all kinds of memory, e.g., NVM and RAM, and has memory overhead comparable to existing memory authentication techniques without DPA protection, e.g., 7.3% for a block size fitting standard disk sectors

ISAP – Towards Side-Channel Secure Authenticated Encryption

Side-channel attacks and in particular differential power analysis (DPA) attacks pose a serious threat to cryptographic implementations. One approach to counteract such attacks are cryptographic schemes based on fresh re-keying. In settings of pre-shared secret keys, such schemes render DPA attacks infeasible by deriving session keys and by ensuring that the attacker cannot collect side-channel leakage on the session key during cryptographic operations with different inputs. While these schemes can be applied to secure standard communication settings, current re-keying approaches are unable to provide protection in settings where the same input needs to be processed multiple times. In this work, we therefore adapt the re-keying approach and present a symmetric authenticated encryption scheme that is secure against DPA attacks and that does not have such a usage restriction. This means that our scheme fully complies with the requirements given in the CAESAR call and hence, can be used like other noncebased authenticated encryption schemes without loss of side-channel protection. Its resistance against side-channel analysis is highly relevant for several applications in practice, like bulk storage settings in general and the protection of FPGA bitfiles and firmware images in particular

Concealing Secrets in Embedded Processors Designs

Side-channel analysis (SCA) attacks pose a serious threat to embedded systems. So far, the research on masking as a countermeasure against SCA focuses merely on cryptographic algorithms, and has either been implemented for particular hardware or software implementations. However, the drawbacks of protecting specific implementations are the lack of flexibility in terms of used algorithms, the impossibility to update protected hardware implementations, and long development cycles for protecting new algorithms. Furthermore, cryptographic algorithms are usually just one part of an embedded system that operates on informational assets. Protecting only this part of a system is thus not sufficient for most security critical embedded applications. In this work, we introduce a flexible, SCA-protected processor design based on the open-source V-scale RISC-V processor. The introduced processor design can be synthesized to defeat SCA attacks of arbitrary attack order. Once synthesized, the processor protects the computation on security-sensitive data against side-channel leakage. The benefits of our approach are (1) flexibility and updatability, (2) faster development of SCA-protected systems, (3) transparency for software developers, (4) arbitrary SCA protection level, (5) protection not only for cryptographic algorithms, but against leakage in general caused by processing sensitive data

Identification of evolutionarily conserved genetic regulators of cellular aging

To identify new genetic regulators of cellular aging and senescence, we performed genome-wide comparative RNA profiling with selected human cellular model systems, reflecting replicative senescence, stress-induced premature senescence, and distinct other forms of cellular aging. Gene expression profiles were measured, analyzed, and entered into a newly generated database referred to as the GiSAO database. Bioinformatic analysis revealed a set of new candidate genes, conserved across the majority of the cellular aging models, which were so far not associated with cellular aging, and highlighted several new pathways that potentially play a role in cellular aging. Several candidate genes obtained through this analysis have been confirmed by functional experiments, thereby validating the experimental approach. The effect of genetic deletion on chronological lifespan in yeast was assessed for 93 genes where (i) functional homologues were found in the yeast genome and (ii) the deletion strain was viable. We identified several genes whose deletion led to significant changes of chronological lifespan in yeast, featuring both lifespan shortening and lifespan extension. In conclusion, an unbiased screen across species uncovered several so far unrecognized molecular pathways for cellular aging that are conserved in evolution