TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors (Technical Report)

Platforms are nowadays typically equipped with tristed execution environments (TEES), such as Intel SGX and ARM TrustZone. However, recent microarchitectural attacks on TEEs repeatedly broke their confidentiality guarantees, including the leakage of long-term cryptographic secrets. These systems are typically also equipped with a cryptographic coprocessor, such as a TPM or Google Titan. These coprocessors offer a unique set of security features focused on safeguarding cryptographic secrets. Still, despite their simultaneous availability, the integration between these technologies is practically nonexistent, which prevents them from benefitting from each other's strengths. In this paper, we propose TALUS, a general design and a set of three main requirements for a secure symbiosis between TEEs and cryptographic coprocessors. We implement a proof-of-concept of TALUS based on Intel SGX and a hardware TPM. We show that with TALUS, the long-term secrets used in the SGX life cycle can be moved to the TPM. We demonstrate that our design is robust even in the presence of transient execution attacks, preventing an entire class of attacks due to the reduced attack surface on the shared hardware.Comment: In proceedings of Financial Cryptography 2023. This is the technical report of the published pape

Poster: simFIDO – FIDO2 User Authentication with simTPM

WebAuthn as part of FIDO2 is a new standard for two-factor and even password-less user authentication to web-services. Leading browsers, like Google Chrome, Microsoft Edge, and Mozilla Firefox, support the WebAuthn API. Unfortunately, the availability of hardware authenticators that support FIDO2 authentication is still focused heavily on desktop computers, while for mobile devices, only a limited choice of suitable authenticators is available to users (few roaming authenticators with wireless connectivity and even fewer built-in platform authenticators on mobile devices). This creates a void for users, in particular users of older device generations that lack platform authenticators and the right connectivity, to authenticate themselves with WebAuthn to web-services. In this poster, we present the idea of simFIDO, a FIDO2 setup using a recently developed simTPM as (platform) authenticator for mobile devices and even as roaming authenticator offered by mobile devices to connected computers. The move-ability property of the key storage of simTPM makes the users’ lives easier for credential portability between devices. In particular, a seamless integration of simTPM with non-mobile devices through phones will help to create a kind of universal authentication setup using FIDO2. Although we present the concrete design and implementation of a SIM card-based FIDO2 authenticator, we hope this poster will contribute to the discussion about how and in which form hardware authenticators can be made available to users

simTPM: User-centric TPM for Mobile Devices

Trusted Platform Modules are valuable building blocks for security solutions and have also been recognized as beneficial for security on mobile platforms, like smartphones and tablets. However, strict space, cost, and power constraints of mobile devices prohibit an implementation as dedicated on-board chip and the incumbent implementations are software TPMs protected by Trusted Execution Environments. In this paper, we present simTPM, an alternative implementation of a mobile TPM based on the SIM card available in mobile platforms. We solve the technical challenge of implementing a TPM2.0 in the resource-constrained SIM card environment and integrate our simTPM into the secure boot chain of the ARM Trusted Firmware on a HiKey960 reference board. Most notably, we address the challenge of how a removable TPM can be bound to the host device’s root of trust for measurement. As such, our solution not only provides a mobile TPM that avoids additional hardware while using a dedicated, strongly protected environment, but also offers promising synergies with co-existing TEE-based TPMs. In particular, simTPM offers a user-centric trusted module. Using performance benchmarks, we show that our simTPM has competitive speed with a reported TEE-based TPM and a hardware-based TPM

TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors

Platforms are nowadays typically equipped with trusted execution environments (TEEs), such as Intel SGX or ARM TrustZone. However, recent microarchitectural attacks on TEEs repeatedly broke their confidentiality guarantees, including the leakage of long-term cryptographic secrets. These systems are typically also equipped with a cryptographic coprocessor, such as a TPM or Google Titan. These coprocessors offer a unique set of security features focused on safeguarding cryptographic secrets. Still, despite their simultaneous availability, the integration between these technologies is practically nonexistent, which prevents them from benefitting from each other’s strengths. In this paper, we propose TALUS , a general design and a set of three main requirements for a secure symbiosis between TEEs and cryptographic coprocessors. We implement a proof-of-concept of TALUS based on Intel SGX and a hardware TPM. We show that with TALUS, the long-term secrets used in the SGX life cycle can be moved to the TPM. We demonstrate that our design is robust even in the presence of transient execution attacks, preventing an entire class of attacks due to the reduced attack surface on the shared hardware

Poster: TGX: Secure SGX enclave management using TPM

Intel SGX provides a trusted execution environment on commodity computing platforms. Recent micro-architectural attacks like Spectre, Meltdown, or Foreshadow, however, raise doubts about the promised isolation of SGX-protected code and data, including some of the necessary cryptographic operations and credentials, e.g., for attestation. In this poster we present TGX, a combination of SGX and TPM working together to provide stronger isolation of crucial cryptographic operations of SGX and a way to circumvent microarchitectural attacks against SGX. TGX enables SGX to move its signing and verification mechanism from processor to TPM making the security sensitive information never available outside TPM, removing, for instance, the possibilities of stealing them from L1 cache. In particular, TGX should motivate that SGX and TPM can form a beneficial symbiosis

Review of Top Quark Physics

We present an overview of Top Quark Physics - from what has been learned so far at the Tevatron, to the searches that lie ahead at present and future colliders. We summarize the richness of the measurements and discuss their possible impact on our understanding of the Standard Model by pointing out their key elements and limitations. When possible, we discuss how the top quark may provide a connection to new or unexpected physics.Comment: 84 pp. With permission from the Annual Review of Nuclear & Particle Science. Final version of this material is scheduled to appear in the Annual Review of Nuclear & Particle Science Vol. 53, to be published in December 2003 by Annual Reviews (http://www.annualreviews.org

Hydrogel composite containing azelaic acid and tea tree essential oil as a therapeutic strategy for Propionibacterium and testosterone-induced acne.

Azelaic acid (AzA) is a USFDA bioactive prescribed against acne vulgaris. It possesses delivery challenges like poor aqueous solubility, low skin-penetrability, and dose-dependent side effects, which could be overcome by its synergistic combination with tea tree oil (TTO) as a microemulsion (ME)-based hydrogel composite. AzA-TTO ME was prepared to employ pseudo-ternary phase diagram construction. The best AzA-TTO ME was of uniform size (polydispersity index  90%), and negative zeta potential (-1.42 ± 0.25% mV) values. ME hydrogel composite with optimum rheological and textural attributes showed better permeation, retention, and skin-compliant characteristics, vis-a-vis marketed formulation (Aziderm™) when evaluated in Wistar rat skin. In vitro antibacterial efficacy in bacterial strains, i.e., Staphylococcus aureus, Propionibacterium acne, and Staphylococcus epidermidis, was evaluated employing agar well plate diffusion and broth dilution assay. ME hydrogel has shown an increase in zone of inhibition by two folds and a decrease in minimum inhibitory concentration (MIC) by eightfold against P. acnes vis-a-vis AzA. Finally, ME hydrogel composite exhibited a better reduction in the papule density (93.75 ± 1.64%) in comparison to Aziderm™ 72.69 ± 4.67%) on acne as developed in rats by inducing testosterone. Thus, the developed AzA-TTO ME hydrogel composite promises an efficacious and comparatively safer drug delivery system for the topical therapy of acne vulgaris

Search for dark matter produced in association with bottom or top quarks in √s = 13 TeV pp collisions with the ATLAS detector

A search for weakly interacting massive particle dark matter produced in association with bottom or top quarks is presented. Final states containing third-generation quarks and miss- ing transverse momentum are considered. The analysis uses 36.1 fb−1 of proton–proton collision data recorded by the ATLAS experiment at √s = 13 TeV in 2015 and 2016. No significant excess of events above the estimated backgrounds is observed. The results are in- terpreted in the framework of simplified models of spin-0 dark-matter mediators. For colour- neutral spin-0 mediators produced in association with top quarks and decaying into a pair of dark-matter particles, mediator masses below 50 GeV are excluded assuming a dark-matter candidate mass of 1 GeV and unitary couplings. For scalar and pseudoscalar mediators produced in association with bottom quarks, the search sets limits on the production cross- section of 300 times the predicted rate for mediators with masses between 10 and 50 GeV and assuming a dark-matter mass of 1 GeV and unitary coupling. Constraints on colour- charged scalar simplified models are also presented. Assuming a dark-matter particle mass of 35 GeV, mediator particles with mass below 1.1 TeV are excluded for couplings yielding a dark-matter relic density consistent with measurements

Guidelines for the use and interpretation of assays for monitoring autophagy (4th edition)1.

In 2008, we published the first set of guidelines for standardizing research in autophagy. Since then, this topic has received increasing attention, and many scientists have entered the field. Our knowledge base and relevant new technologies have also been expanding. Thus, it is important to formulate on a regular basis updated guidelines for monitoring autophagy in different organisms. Despite numerous reviews, there continues to be confusion regarding acceptable methods to evaluate autophagy, especially in multicellular eukaryotes. Here, we present a set of guidelines for investigators to select and interpret methods to examine autophagy and related processes, and for reviewers to provide realistic and reasonable critiques of reports that are focused on these processes. These guidelines are not meant to be a dogmatic set of rules, because the appropriateness of any assay largely depends on the question being asked and the system being used. Moreover, no individual assay is perfect for every situation, calling for the use of multiple techniques to properly monitor autophagy in each experimental setting. Finally, several core components of the autophagy machinery have been implicated in distinct autophagic processes (canonical and noncanonical autophagy), implying that genetic approaches to block autophagy should rely on targeting two or more autophagy-related genes that ideally participate in distinct steps of the pathway. Along similar lines, because multiple proteins involved in autophagy also regulate other cellular pathways including apoptosis, not all of them can be used as a specific marker for bona fide autophagic responses. Here, we critically discuss current methods of assessing autophagy and the information they can, or cannot, provide. Our ultimate goal is to encourage intellectual and technical innovation in the field