Ligand-induced unfolding mechanism of an RNA G-quadruplex

The cationic porphyrin, TMPyP4, is a well-established DNA G-quadruplex (G4) binding ligand that can stabilize different topologies via multiple binding modes. However, TMPyP4 has completely opposite destabilizing and unwinding effect on RNA G4 structures. The structural mechanisms that mediate RNA G4 unfolding remains unknown. Here, we report on the TMPyP4-induced RNA G4 unfolding mechanism studied by well-tempered metadynamics (WT-MetaD) with supporting biophysical experiments. The simulations predict a two-state mechanism of TMPyP4 interaction via a groove-bound and a top-face bound conformation. The dynamics of TMPyP4 stacking on the top tetrad disrupts Hoogsteen H-bonds between guanine bases resulting in the consecutive TMPyP4 intercalation from top-to-bottom G-tetrads. The results reveal a striking correlation between computational and experimental approaches and validate WT-MetaD simulations as a powerful tool for studying RNA G4-ligand interactions

daa protocol analysis and verification

Direct Anonymous Attestation (DAA) is a popular trusted computing protocol for the anonymous authentication designed for TPM or other embedding devices. Many DAA schemes give out detailed cryptographic proof, however, their security properties has not been yet automatically analyzed and verified particularly against the intruder's or the malicious participant's attack. It is proposed that a DAA analysis model focusing on the intruder's attacks in this paper. The analysis method is the good supplements to the DAA cryptographic proof, though the intruder's capability is not completely assumed. According to DAA protocol status analysis, we find out some attacks like rudolph attack, masquerading attack by using the Murphi tool. At last the paper gives out the reasons for these attacks, and also presents the recommendation solutions against these attacks. From our study, we propose that DAA protocol must be carefully analyzed from the intruder attacking point of view in the DAA system design and implementation. © 2012 Springer-Verlag.Beijing Institute of Technology; ONETS Wireless and Internet Security Company; Singapore Management University; Administrative Committee of Zhongguangcun Haidian Science ParkDirect Anonymous Attestation (DAA) is a popular trusted computing protocol for the anonymous authentication designed for TPM or other embedding devices. Many DAA schemes give out detailed cryptographic proof, however, their security properties has not been yet automatically analyzed and verified particularly against the intruder's or the malicious participant's attack. It is proposed that a DAA analysis model focusing on the intruder's attacks in this paper. The analysis method is the good supplements to the DAA cryptographic proof, though the intruder's capability is not completely assumed. According to DAA protocol status analysis, we find out some attacks like rudolph attack, masquerading attack by using the Murphi tool. At last the paper gives out the reasons for these attacks, and also presents the recommendation solutions against these attacks. From our study, we propose that DAA protocol must be carefully analyzed from the intruder attacking point of view in the DAA system design and implementation. © 2012 Springer-Verlag

The theory and practice in the evolution of trusted computing

Trusted computing (TC) is an emerging technology to enhance the security of various computing platforms by a dedicated secure chip (TPM/TCM), which is widely accepted by both the industrial and academic world. This paper attempts to sketch the evolution of TC from the view of our theoretical and engineering work. In theory, we focus on protocol design and security analysis. We have proposed the first ECDAA protocol scheme based on q-SDH assumption, which highlights a new way to design direct anonymous attestation scheme. In technical evolution, we discuss the key technologies of trust chain, trusted network connection and TC testing and evaluation. We break through several key technologies such as trusted boot, OS measurement and remote attestation, and implement a TC system from TPM/TCM to network. We also design and implement a testing and evaluation system of TC platform, which is the first one put into practical application in China. Finally, with the rapid development of cloud computing and mobile applications, TC is moving toward some new directions, such as the trust in cloud and mobile environments, new TPM standard, and flexible trust execution environment trust establishment method.Trusted computing (TC) is an emerging technology to enhance the security of various computing platforms by a dedicated secure chip (TPM/TCM), which is widely accepted by both the industrial and academic world. This paper attempts to sketch the evolution of TC from the view of our theoretical and engineering work. In theory, we focus on protocol design and security analysis. We have proposed the first ECDAA protocol scheme based on q-SDH assumption, which highlights a new way to design direct anonymous attestation scheme. In technical evolution, we discuss the key technologies of trust chain, trusted network connection and TC testing and evaluation. We break through several key technologies such as trusted boot, OS measurement and remote attestation, and implement a TC system from TPM/TCM to network. We also design and implement a testing and evaluation system of TC platform, which is the first one put into practical application in China. Finally, with the rapid development of cloud computing and mobile applications, TC is moving toward some new directions, such as the trust in cloud and mobile environments, new TPM standard, and flexible trust execution environment trust establishment method

benchmarking for steganography by kernel fisher discriminant criterion

In recent years, there have been many steganographic schemes designed by different technologies to enhance their security. And a benchmarking scheme is needed to measure which one is more detectable. In this paper, we propose a novel approach of benchmarking for steganography via Kernel Fisher Discriminant Criterion (KFDC), independent of the techniques in steganalysis. In KFDC, besides between-class variance resembles what Maximum Mean Discrepancy (MMD)merely concentrated on, within-class variance plays another important role. Experiments show that KFDC is qualified for the indication of the detectability of steganographic algorithms. Then, we use KFDC to illustrate detailed analysis on the security of JPEG and spatial steganographic algorithms. © 2012 Springer-Verlag Berlin Heidelberg.In recent years, there have been many steganographic schemes designed by different technologies to enhance their security. And a benchmarking scheme is needed to measure which one is more detectable. In this paper, we propose a novel approach of benchmarking for steganography via Kernel Fisher Discriminant Criterion (KFDC), independent of the techniques in steganalysis. In KFDC, besides between-class variance resembles what Maximum Mean Discrepancy (MMD)merely concentrated on, within-class variance plays another important role. Experiments show that KFDC is qualified for the indication of the detectability of steganographic algorithms. Then, we use KFDC to illustrate detailed analysis on the security of JPEG and spatial steganographic algorithms. © 2012 Springer-Verlag Berlin Heidelberg

a drtm-based method for trusted network connection

Trusted Network Connection (TNC for short) can prevent insecure terminal from accessing protected network and thus strengthen the security of network. Existing TNC solutions face a serious problem called lying endpoint problem (LEP for short). If an attacker modifies the terminal agent software which is responsible for collecting the integrity state of an endpoint platform, Trusted Network Connection will lose its meanings. Trusted Computing Group (TCG) adds the functionality of trusted computing to prevent lying endpoint problem, but TCG's TNC relies on the traditional Static Root of Trust for Measurement (SRTM) which has too big TCB (Trusted Computing Base) and has been proved unsafe. In this paper, we design and implement an improved TNC scheme with high reliability and scalability based on trusted integrity status of terminal. While focusing on LEP problem under the context of Network Access Control (NAC), we leverage Dynamic Root of Trust for Measurement (DRTM) technology to realize desired security requirements such as smaller TCB. We also use the Logic of Secure Systems (LS2) to prove the security properties of our improved TNC system. Our experimental evaluation demonstrates that our method is feasible. © 2011 IEEE.IEEE TCSC; Central South University; National Natural Science Foundation of China (NSFC); StFX University; Zhejiang UniversityTrusted Network Connection (TNC for short) can prevent insecure terminal from accessing protected network and thus strengthen the security of network. Existing TNC solutions face a serious problem called lying endpoint problem (LEP for short). If an attacker modifies the terminal agent software which is responsible for collecting the integrity state of an endpoint platform, Trusted Network Connection will lose its meanings. Trusted Computing Group (TCG) adds the functionality of trusted computing to prevent lying endpoint problem, but TCG's TNC relies on the traditional Static Root of Trust for Measurement (SRTM) which has too big TCB (Trusted Computing Base) and has been proved unsafe. In this paper, we design and implement an improved TNC scheme with high reliability and scalability based on trusted integrity status of terminal. While focusing on LEP problem under the context of Network Access Control (NAC), we leverage Dynamic Root of Trust for Measurement (DRTM) technology to realize desired security requirements such as smaller TCB. We also use the Logic of Secure Systems (LS2) to prove the security properties of our improved TNC system. Our experimental evaluation demonstrates that our method is feasible. © 2011 IEEE

combined public-key schemes: the case of abe and abs

In the context of public key cryptography, combined encryption and signature schemes have attractive properties and are sometimes used in practice. The topic of joint security of signature and encryption schemes has a fairly extensive history. In this paper, we focus on the combined public-key schemes in attribute-based setting. We present a security model for combined CP-ABE and ABS schemes in the joint security setting. An efficient concrete construction of CP-ABE and ABS based on Waters's CP-ABE scheme is proposed. Our scheme is proved to be selectively jointly secure in standard model under reasonable assumptions. Moreover, we consider the problem of how to build attribute-based signcryption (ABSC) and obtain an ABSC scheme and show that it is secure. We also give a general construction of combined ABSC, CP-ABE and ABS schemes from combined CP-ABE and ABS schemes. © 2012 Springer-Verlag.University of Electronic Science and Technology of China (UESTC)In the context of public key cryptography, combined encryption and signature schemes have attractive properties and are sometimes used in practice. The topic of joint security of signature and encryption schemes has a fairly extensive history. In this paper, we focus on the combined public-key schemes in attribute-based setting. We present a security model for combined CP-ABE and ABS schemes in the joint security setting. An efficient concrete construction of CP-ABE and ABS based on Waters's CP-ABE scheme is proposed. Our scheme is proved to be selectively jointly secure in standard model under reasonable assumptions. Moreover, we consider the problem of how to build attribute-based signcryption (ABSC) and obtain an ABSC scheme and show that it is secure. We also give a general construction of combined ABSC, CP-ABE and ABS schemes from combined CP-ABE and ABS schemes. © 2012 Springer-Verlag

RIPTE: Runtime Integrity Protection Based on Trusted Execution for IoT Device

Software attacks like worm, botnet, and DDoS are the increasingly serious problems in IoT, which had caused large-scale cyber attack and even breakdown of important information infrastructure. Software measurement and attestation are general methods to detect software integrity and their executing states in IoT. However, they cannot resist TOCTOU attack due to their static features and seldom verify correctness of control flow integrity. In this paper, we propose a novel and practical scheme for software trusted execution based on lightweight trust. Our scheme RIPTE combines dynamic measurement and control flow integrity with PUF device binding key. Through encrypting return address of program function by PUF key, RIPTE can protect software integrity at runtime on IoT device, enabling to prevent the code reuse attacks. The results of our prototype’s experiment show that it only increases a small size TCB and has a tiny overhead in IoT devices under the constraint on function calling. In sum, RIPTE is secure and efficient in IoT device protection at runtime