Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials

Personal cryptographic keys are the foundation of many secure services, but storing these keys securely is a challenge, especially if they are used from multiple devices. Storing keys in a centralized location, like an Internet-accessible server, raises serious security concerns (e.g. server compromise). Hardware-based Trusted Execution Environments (TEEs) are a well-known solution for protecting sensitive data in untrusted environments, and are now becoming available on commodity server platforms. Although the idea of protecting keys using a server-side TEE is straight-forward, in this paper we validate this approach and show that it enables new desirable functionality. We describe the design, implementation, and evaluation of a TEE-based Cloud Key Store (CKS), an online service for securely generating, storing, and using personal cryptographic keys. Using remote attestation, users receive strong assurance about the behaviour of the CKS, and can authenticate themselves using passwords while avoiding typical risks of password-based authentication like password theft or phishing. In addition, this design allows users to i) define policy-based access controls for keys; ii) delegate keys to other CKS users for a specified time and/or a limited number of uses; and iii) audit all key usages via a secure audit log. We have implemented a proof of concept CKS using Intel SGX and integrated this into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation performs approximately 6,000 signature operations per second on a single desktop PC. The latency is in the same order of magnitude as using locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on Security, Privacy, and Identity Management in the Cloud (SECPID) 201

Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization

Intel Software Guard Extensions (SGX) is a promising hardware-based technology for protecting sensitive computations from potentially compromised system software. However, recent research has shown that SGX is vulnerable to branch-shadowing -- a side channel attack that leaks the fine-grained (branch granularity) control flow of an enclave (SGX protected code), potentially revealing sensitive data to the attacker. The previously-proposed defense mechanism, called Zigzagger, attempted to hide the control flow, but has been shown to be ineffective if the attacker can single-step through the enclave using the recent SGX-Step framework. Taking into account these stronger attacker capabilities, we propose a new defense against branch-shadowing, based on control flow randomization. Our scheme is inspired by Zigzagger, but provides quantifiable security guarantees with respect to a tunable security parameter. Specifically, we eliminate conditional branches and hide the targets of unconditional branches using a combination of compile-time modifications and run-time code randomization. We evaluated the performance of our approach by measuring the run-time overhead of ten benchmark programs of SGX-Nbench in SGX environment

Casual Sexual Scripts on the Screen

While existing content analyses have provided insightful information in terms of contextual factors and frequency of sexual behaviors, not much is known about the relational context in which sexual depictions generally occur. The current study addresses this void by employing content analytic methods to measure the frequency and context o

A tale of two worlds:assessing the vulnerability of enclave shielding runtimes

status: publishe

A label-free biosensor based on graphene and reduced graphene oxide dual-layer for electrochemical determination of beta-amyloid biomarkers

A label-free biosensor is developed for the determination of plasma-based Aβ1–42 biomarker in Alzheimer’s disease (AD). The platform is based on highly conductive dual-layer of graphene and electrochemically reduced graphene oxide (rGO). The modification of dual-layer with 1-pyrenebutyric acid N-hydroxysuccinimide ester (Pyr-NHS) is achieved to facilitate immobilization of H31L21 antibody. The effect of these modifications were studied with morphological, spectral and electrochemical techniques. The response of the biosensor was evaluated using differential pulse voltammetry (DPV). The data was acquired at a working potential of ~ 180 mV and a scan rate of 50 mV s−1. A low limit of detection (LOD) of 2.398 pM is achieved over a wide linear range from 11 pM to 55 nM. The biosensor exhibits excellent specificity over Aβ1–40 and ApoE ε4 interfering species. Thus, it provides a viable tool for electrochemical determination of Aβ1–42. Spiked human and mice plasmas were used for the successful validation of the sensing platform in bio-fluidic samples. The results obtained from mice plasma analysis concurred with the immunohistochemistry (IHC) and magnetic resonance imaging (MRI) data obtained from brain analysis.This work was financially supported by H2020 MSCA-ITN-ETN BBDiag project under grant no. 721281.Peer reviewe

Consumption patterns and living conditions inside Het Steen, the late medieval prison of Malines (Mechelen, Belgium)

Excavations at the Main Square (Grote Markt) of Malines (Mechelen, Belgium) have unearthed the building remains of a tower, arguably identifiable as the former town prison: Het Steen. When this assumption is followed, the contents of the fills of two cesspits dug out in the cellars of the building illustrate aspects of daily life within the early 14th-century prison. An integrated approach of all find categories, together with the historical context available, illuminates aspects of the material culture of the users of the cesspits, their consumption patterns and the living conditions within the building

Working elements of alcohol interventions to prevent and reduce (problematic) alcohol use among people aged 55 and older: A systematic review

IntroductionProblematic alcohol use has been increasing in older adults (55+). Many of the interventions that are available to prevent or reduce alcohol consumption are aimed at adults in general. It is unclear whether these interventions also work for older adults. The objective of this review was to understand in what way (i.e., which elements), in which context and why interventions (which mechanisms) are successful in preventing or reducing (problematic) alcohol consumption among older adults.MethodsA systematic review of articles published between 2000 and 2022 was performed using PubMed, PsycINFO, Web of Science and CINAHL. A realist evaluation approach was used to analyze the data.ResultsWe found 61 studies on interventions aimed at preventing or reducing (problematic) alcohol use, of which most interventions were not specifically designed for older adults. Three major effective elements of interventions were found: 1) providing information on the consequences of alcohol consumption; 2) personalized feedback about drinking behavior; and 3) being in contact with others and communicating with them about (alcohol) problems. The first two elements were used in interventions designed for older adults.ConclusionMore research is needed on interventions aimed at preventing or reducing (problematic) alcohol use among older adults and on how older adults can be provided help in making contacts with people who support their decision to reduce alcohol consumption

ROBO2 is a stroma suppressor gene in the pancreas and acts via TGF-β signalling.

Whereas genomic aberrations in the SLIT-ROBO pathway are frequent in pancreatic ductal adenocarcinoma (PDAC), their function in the pancreas is unclear. Here we report that in pancreatitis and PDAC mouse models, epithelial Robo2 expression is lost while Robo1 expression becomes most prominent in the stroma. Cell cultures of mice with loss of epithelial Robo2 (Pdx1Cre;Robo2F/F) show increased activation of Robo1+ myofibroblasts and induction of TGF-β and Wnt pathways. During pancreatitis, Pdx1Cre;Robo2F/F mice present enhanced myofibroblast activation, collagen crosslinking, T-cell infiltration and tumorigenic immune markers. The TGF-β inhibitor galunisertib suppresses these effects. In PDAC patients, ROBO2 expression is overall low while ROBO1 is variably expressed in epithelium and high in stroma. ROBO2low;ROBO1high patients present the poorest survival. In conclusion, Robo2 acts non-autonomously as a stroma suppressor gene by restraining myofibroblast activation and T-cell infiltration. ROBO1/2 expression in PDAC patients may guide therapy with TGF-β inhibitors or other stroma /immune modulating agents

Television viewing and sleep are associated with overweight among urban and semi-urban South Indian children

This is an Open Access article distributed under the terms of the Creative Commons Attribution Licens

ROBO2 is a stroma suppressor gene in the pancreas and acts via TGF-β signalling

Whereas genomic aberrations in the SLIT-ROBO pathway are frequent in pancreatic ductal adenocarcinoma (PDAC), their function in the pancreas is unclear. Here we report that in pancreatitis and PDAC mouse models, epithelial Robo2 expression is lost while Robo1 expression becomes most prominent in the stroma. Cell cultures of mice with loss of epithelial Robo2 (Pdx1 ;Robo2 ) show increased activation of Robo1 myofibroblasts and induction of TGF-β and Wnt pathways. During pancreatitis, Pdx1 ;Robo2 mice present enhanced myofibroblast activation, collagen crosslinking, T-cell infiltration and tumorigenic immune markers. The TGF-β inhibitor galunisertib suppresses these effects. In PDAC patients, ROBO2 expression is overall low while ROBO1 is variably expressed in epithelium and high in stroma. ROBO2 ;ROBO1 patients present the poorest survival. In conclusion, Robo2 acts non-autonomously as a stroma suppressor gene by restraining myofibroblast activation and T-cell infiltration. ROBO1/2 expression in PDAC patients may guide therapy with TGF-β inhibitors or other stroma /immune modulating agents