Where's Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code

The continuing use of proprietary cryptography in embedded systems across many industry verticals, from physical access control systems and telecommunications to machine-to-machine authentication, presents a significant obstacle to black-box security-evaluation efforts. In-depth security analysis requires locating and classifying the algorithm in often very large binary images, thus rendering manual inspection, even when aided by heuristics, time consuming. In this paper, we present a novel approach to automate the identification and classification of (proprietary) cryptographic primitives within binary code. Our approach is based on Data Flow Graph (DFG) isomorphism, previously proposed by Lestringant et al. Unfortunately, their DFG isomorphism approach is limited to known primitives only, and relies on heuristics for selecting code fragments for analysis. By combining the said approach with symbolic execution, we overcome all limitations of their work, and are able to extend the analysis into the domain of unknown, proprietary cryptographic primitives. To demonstrate that our proposal is practical, we develop various signatures, each targeted at a distinct class of cryptographic primitives, and present experimental evaluations for each of them on a set of binaries, both publicly available (and thus providing reproducible results), and proprietary ones. Lastly, we provide a free and open-source implementation of our approach, called Where's Crypto?, in the form of a plug-in for the popular IDA disassembler.Comment: A proof-of-concept implementation can be found at https://github.com/wheres-crypto/wheres-crypt

Exploring the Application of NLP in Narrative Patterns of Adult Attachment

The Adult Attachment Interview (AAI) is a protocol-based, semi-structured interview method widely used to measure adults’ states of mind with respect to attachment. Recently, transcripts of this interview have been used to code secure base script knowledge, which is script-like knowledge related to the way parents dealt with their distress during childhood (ie., child went to parent for comfort, parent provided instrumental and emotional support, child went back to play). Manually coding the verbatim transcripts is labor-intensive and requires a lot of centralized training. The potential integration of machine learning and natural language processing (NLP) techniques may automate certain aspects of AAI analysis, potentially optimizing the process. The aim of this research project is to explore the practical application of these technologies in analyzing AAI transcripts.The project uses data from a pooled set of 12 studies originating from four countries. Upon reviewing the 1,410 AAI transcripts in this set (conducted in three languages), notable discrepancies in the administration of the interviews emerged, some of which may affect the suitability of the interview to assess secure base script knowledge. The first focus of this research project is therefore to develop a model to automatically assess the quality of the transcripts, first for English studies and then for all studies and languages. This model will prioritize evaluating interview characteristics, including instances of unintelligibility and non-adherence to the prescribed AAI protocol. As a next step in the project, employing sentiment analysis will enable an investigation into the correlation between participant-provided adjectives and their corresponding narratives. Finally, this research project will explore the possibility of automatically coding secure base script knowledge in AAI transcripts. By combining technological advances with nuanced human insights, this research project not only provides a pathway toward research studies at scale, but also presents an opportunity to achieve a deeper understanding of emotional and cognitive dimensions within attachment narratives.<br/

Polymorphic Encryption and Pseudonymisation for Personalised Healthcare

Polymorphic encryption and Pseudonymisation, abbreviated as PEP, form a novel approach for the management of sensitive personal data, especially in health care. Traditional encryption is rather rigid: once encrypted, only one key can be used to decrypt the data. This rigidity is becoming an every greater problem in the context of big data analytics, where different parties who wish to investigate part of an encrypted data set all need the one key for decryption. Polymorphic encryption is a new cryptographic technique that solves these problems. Together with the associated technique of polymorphic pseudonymisation new security and privacy guarantees can be given which are essential in areas such as (personalised) healthcare, medical data collection via self-measurement apps, and more generally in privacy-friendly identity management and data analytics. The key ideas of polymorphic encryption are: 1. Directly after generation, data can be encrypted in a `polymorphic\u27 manner and stored at a (cloud) storage facility in such a way that the storage provider cannot get access. Crucially, there is no need to a priori fix who gets to see the data, so that the data can immediately be protected. For instance a PEP-enabled self-measurement device will store all its measurement data in polymorphically encrypted form in a back-end data base. 2. Later on it can be decided who can decrypt the data. This decision will be made on the basis of a policy, in which the data subject should play a key role. The user of the PEP-enabled device can, for instance, decide that doctors $X,Y,Z$ may at some stage decrypt to use the data in their diagnosis, or medical researcher groups $A, B, C$ may use it for their investigations, or third parties $U,V,W$ may use it for additional services, etc. 3. This `tweaking\u27 of the encrypted data to make it decryptable by a specific party can be done in a blind manner. It will have to be done by a trusted party who knows how to tweak the ciphertext for whom. This PEP technology can provide the necessary security and privacy infrastructure for big data analytics. People can entrust their data in polymorphically encrypted form, and each time decide later to make (parts of) it available (decryptable) for specific parties, for specific analysis purposes. In this way users remain in control, and can monitor which of their data is used where by whom for which purposes. The polymorphic encryption infrastructure can be supplemented with a pseudonymisation infrastructure which is also polymorphic, and guarantees that each individual will automatically have different pseudonyms at different parties and can only be de-pseudonymised by participants (like medical doctors) who know the original identity. This white paper provides an introduction to Polymorphic Encryption and Pseudonymisation (PEP), at different levels of abstraction, focusing on health care as application area. It contains a general description of PEP, explaining the basic functionality for laymen, supplemented by a clarification of the legal framework provided by the upcoming General Data Protection Regulation (GDPR) of the European Union. The paper also contains a more advanced, mathematically oriented description of PEP, including the underlying cryptographic primitives, key and pseudonym managment, interaction protocols, etc. This second part is aimed at readers with a background in computer security and cryptography. The cryptographic basis for PEP is ElGamal public key encryption, which is well-known since the mid 1980s. It is the way in which this encryption is used --- with re-randomisation, re-keying and re-shuffling --- that is new. The PEP framework is currently elaborated into an open design and open source (prototype) implementation at Radboud University in Nijmegen, The Netherlands. The technology will be used and tested in a real-life medical research project at the Radboud University Medical Center

delta C-13 signatures of organic aerosols:Measurement method evaluation and application in a source study

Analysis of the stable carbon isotope 13C in organic carbon (OC) can give insight into sources and atmospheric processing of carbonaceous aerosols, provided the 13C source signatures are known. However, only few data on 13C signatures of OC emitted by common sources of carbonaceous aerosol are available in Europe. We present and evaluate an improved version of a measurement method to obtain δ13C signatures on organic aerosols desorbed from filter samples at three different desorption temperatures (200 °C, 350 °C and 650 °C) and apply it in a source study. With our calibration approach, the reproducibility of a L-Valine reference material desorbed at a single temperature step of 650 °C shows a standard deviation of 0.19‰ over a period of more than one year. The average δ13C value for this reference material over 248 measurements is −24.10‰, which shows only a slight bias to the nominal value of −24.03‰. Repeated analysis of ambient filter samples desorbed at three temperature steps show typical standard deviations of about 0.3‰ for all temperature steps (200 °C, 350 °C and 650 °C). Isotopic fractionation due to partial thermal desorption during the individual temperature steps was tested on single compound reference materials. It showed significant isotopic fractionation only at temperature steps, in which a very minor fraction of the compound was desorbed. Possible isotope effects caused by charring of organic material were investigated and found to be not significant. The thermal desorption method was applied to various source filter samples from the region of Naples, Italy. We analyzed two different biomass burning sources, exhaust from a city bus and traffic emissions collected in a tunnel and compared these to ambient filter samples from the same region. δ13C signatures of the total OC show values in a narrow range of about −28‰ to −26‰ for all sources, which does not allow a source apportionment only based on 13C. Nevertheless, the results add information to a source inventory of δ13C, where information of 13C in organic aerosol from specific emission sources are rare. City bus emissions show little variation of δ13C over the temperature steps, whereas biomass burning aerosol is enriched in 13C for OC desorbed at 650 °C. For PM10 samples in the urban tunnel an enrichment in δ13C at the 650 °C temperature steps was observed, which is likely caused by the contribution of carbonate carbon to the carbonaceous material desorbed at this temperature step

Recommendations for a step-wise comparative approach to the evaluation of new screening tests for colorectal cancer

BACKGROUND: New screening tests for colorectal cancer continue to emerge, but the evidence needed to justify their adoption in screening programs remains uncertain.METHODS: A review of the literature and a consensus approach by experts was undertaken to provide practical guidance on how to compare new screening tests with proven screening tests.RESULTS: Findings and recommendations from the review included the following: Adoption of a new screening test requires evidence of effectiveness relative to a proven comparator test. Clinical accuracy supported by programmatic population evaluation in the screening context on an intention-to-screen basis, including acceptability, is essential. Cancer-specific mortality is not essential as an endpoint provided that the mortality benefit of the comparator has been demonstrated and that the biologic basis of detection is similar. Effectiveness of the guaiac-based fecal occult blood test provides the minimum standard to be achieved by a new test. A 4-phase evaluation is recommended. An initial retrospective evaluation in cancer cases and controls (Phase 1) is followed by a prospective evaluation of performance across the continuum of neoplastic lesions (Phase 2). Phase 3 follows the demonstration of adequate accuracy in these 2 prescreening phases and addresses programmatic outcomes at 1 screening round on an intention-to-screen basis. Phase 4 involves more comprehensive evaluation of ongoing screening over multiple rounds. Key information is provided from the following parameters: the test positivity rate in a screening population, the true-positive and false-positive rates, and the number needed to colonoscope to detect a target lesion.CONCLUSIONS: New screening tests can be evaluated efficiently by this stepwise comparative approach. Cancer 2016;122:826-39. © 2016 The Authors. Cancer published by Wiley Periodicals, Inc. on behalf of American Cancer Society.</p

A cognitive behavioral based group intervention for children with a chronic illness and their parents: a multicentre randomized controlled trial

<p>Abstract</p> <p>Background</p> <p>Coping with a chronic illness (CI) challenges children's psychosocial functioning and wellbeing. Cognitive-behavioral intervention programs that focus on teaching the active use of coping strategies may prevent children with CI from developing psychosocial problems. Involvement of parents in the intervention program may enhance the use of learned coping strategies in daily life, especially on the long-term. The primary aim of the present study is to examine the effectiveness of a cognitive behavioral based group intervention (called 'Op Koers') <abbrgrp><abbr bid="B1">1</abbr></abbrgrp> for children with CI and of a parallel intervention for their parents. A secondary objective is to investigate why and for whom this intervention works, in order to understand the underlying mechanisms of the intervention effect.</p> <p>Methods/design</p> <p>This study is a multicentre randomized controlled trial. Participants are children (8 to 18 years of age) with a chronic illness, and their parents, recruited from seven participating hospitals in the Netherlands. Participants are randomly allocated to two intervention groups (the child intervention group and the child intervention combined with a parent program) and a wait-list control group. Primary outcomes are child psychosocial functioning, wellbeing and child disease related coping skills. Secondary outcomes are child quality of life, child general coping skills, child self-perception, parental stress, quality of parent-child interaction, and parental perceived vulnerability. Outcomes are evaluated at baseline, after 6 weeks of treatment, and at a 6 and 12-month follow-up period. The analyses will be performed on the basis of an intention-to-treat population.</p> <p>Discussion</p> <p>This study evaluates the effectiveness of a group intervention improving psychosocial functioning in children with CI and their parents. If proven effective, the intervention will be implemented in clinical practice. Strengths and limitations of the study design are discussed.</p> <p>Trial registration</p> <p>Current Controlled Trials <a href="http://www.controlled-trials.com/ISRCTN60919570">ISRCTN60919570</a></p

On the notion of home and the goals of palliative care

The notion of home is well known from our everyday experience, and plays a crucial role in all kinds of narratives about human life, but is hardly ever systematically dealt with in the philosophy of medicine and health care. This paper is based upon the intuitively positive connotation of the term “home.” By metaphorically describing the goal of palliative care as “the patient’s coming home,” it wants to contribute to a medical humanities approach of medicine. It is argued that this metaphor can enrich our understanding of the goals of palliative care and its proper objectives. Four interpretations of “home” and “coming home” are explored: (1) one’s own house or homelike environment, (2) one’s own body, (3) the psychosocial environment, and (4) the spiritual dimension, in particular, the origin of human existence. Thinking in terms of coming home implies a normative point of view. It represents central human values and refers not only to the medical-technical and care aspects of health care, but also to the moral context

S2k guidelines on the management of paraneoplastic pemphigus/paraneoplastic autoimmune multiorgan syndrome initiated by the European Academy of Dermatology and Venereology (EADV).

BACKGROUND Paraneoplastic pemphigus (PNP), also called paraneoplastic autoimmune multiorgan syndrome (PAMS), is a rare autoimmune disease with mucocutaneous and multi-organ involvement. PNP/PAMS is typically associated with lymphoproliferative or haematological malignancies, and less frequently with solid malignancies. The mortality rate of PNP/PAMS is elevated owing to the increased risk of severe infections and disease-associated complications, such as bronchiolitis obliterans. OBJECTIVES These guidelines summarize evidence-based and expert-based recommendations (S2k level) for the clinical characterization, diagnosis and management of PNP/PAMS. They have been initiated by the Task Force Autoimmune Blistering Diseases of the European Academy of Dermatology and Venereology with the contribution of physicians from all relevant disciplines. The degree of consent among all task force members was included. RESULTS Chronic severe mucositis and polymorphic skin lesions are clue clinical characteristics of PNP/PAMS. A complete assessment of the patient with suspected PNP/PAMS, requiring histopathological study and immunopathological investigations, including direct and indirect immunofluorescence, ELISA and, where available, immunoblotting/immunoprecipitation, is recommended to achieve a diagnosis of PNP/PAMS. Detection of anti-envoplakin antibodies and/or circulating antibodies binding to the rat bladder epithelium at indirect immunofluorescence is the most specific tool for the diagnosis of PNP/PAMS in a patient with compatible clinical and anamnestic features. Treatment of PNP/PAMS is highly challenging. Systemic steroids up to 1.5 mg/kg/day are recommended as first-line option. Rituximab is also recommended in patients with PNP/PAMS secondary to lymphoproliferative conditions but might also be considered in cases of PNP/PAMS associated with solid tumours. A multidisciplinary approach involving pneumologists, ophthalmologists and onco-haematologists is recommended for optimal management of the patients. CONCLUSIONS These are the first European guidelines for the diagnosis and management of PNP/PAMS. Diagnostic criteria and therapeutic recommendations will require further validation by prospective studies

In vitro epigenetic reprogramming of human cardiac mesenchymal stromal cells into functionally competent cardiovascular precursors

Adult human cardiac mesenchymal-like stromal cells (CStC) represent a relatively accessible cell type useful for therapy. In this light, their conversion into cardiovascular precursors represents a potential successful strategy for cardiac repair. The aim of the present work was to reprogram CStC into functionally competent cardiovascular precursors using epigenetically active small molecules. CStC were exposed to low serum (5% FBS) in the presence of 5 \ub5M all-trans Retinoic Acid (ATRA), 5 \ub5M Phenyl Butyrate (PB), and 200 \ub5M diethylenetriamine/nitric oxide (DETA/NO), to create a novel epigenetically active cocktail (EpiC). Upon treatment the expression of markers typical of cardiac resident stem cells such as c-Kit and MDR-1 were up-regulated, together with the expression of a number of cardiovascular-associated genes including KDR, GATA6, Nkx2.5, GATA4, HCN4, NaV1.5, and \u3b1-MHC. In addition, profiling analysis revealed that a significant number of microRNA involved in cardiomyocyte biology and cell differentiation/proliferation, including miR 133a, 210 and 34a, were up-regulated. Remarkably, almost 45% of EpiC-treated cells exhibited a TTX-sensitive sodium current and, to a lower extent in a few cells, also the pacemaker I(f) current. Mechanistically, the exposure to EpiC treatment introduced global histone modifications, characterized by increased levels of H3K4Me3 and H4K16Ac, as well as reduced H4K20Me3 and H3s10P, a pattern compatible with reduced proliferation and chromatin relaxation. Consistently, ChIP experiments performed with H3K4me3 or H3s10P histone modifications revealed the presence of a specific EpiC-dependent pattern in c-Kit, MDR-1, and Nkx2.5 promoter regions, possibly contributing to their modified expression. Taken together, these data indicate that CStC may be epigenetically reprogrammed to acquire molecular and biological properties associated with competent cardiovascular precursors

Fibroblasts Express Immune Relevant Genes and Are Important Sentinel Cells during Tissue Damage in Rainbow Trout (Oncorhynchus mykiss)

Fibroblasts have shown to be an immune competent cell type in mammals. However, little is known about the immunological functions of this cell-type in lower vertebrates. A rainbow trout hypodermal fibroblast cell-line (RTHDF) was shown to be responsive to PAMPs and DAMPs after stimulation with LPS from E. coli, supernatant and debris from sonicated RTHDF cells. LPS was overall the strongest inducer of IL-1β, IL-8, IL-10, TLR-3 and TLR-9. IL-1β and IL-8 were already highly up regulated after 1 hour of LPS stimulation. Supernatant stimuli significantly increased the expression of IL-1β, TLR-3 and TLR-9, whereas the debris stimuli only increased expression of IL-1β. Consequently, an in vivo experiment was further set up. By mechanically damaging the muscle tissue of rainbow trout, it was shown that fibroblasts in the muscle tissue of rainbow trout contribute to electing a highly local inflammatory response following tissue injury. The damaged muscle tissue showed a strong increase in the expression of the immune genes IL-1β, IL-8 and TGF-β already 4 hours post injury at the site of injury while the expression in non-damaged muscle tissue was not influenced. A weaker, but significant response was also seen for TLR-9 and TLR-22. Rainbow trout fibroblasts were found to be highly immune competent with a significant ability to express cytokines and immune receptors. Thus fish fibroblasts are believed to contribute significantly to local inflammatory reactions in concert with the traditional immune cells