CacheZoom: How SGX Amplifies The Power of Cache Attacks

In modern computing environments, hardware resources are commonly shared, and parallel computation is widely used. Parallel tasks can cause privacy and security problems if proper isolation is not enforced. Intel proposed SGX to create a trusted execution environment within the processor. SGX relies on the hardware, and claims runtime protection even if the OS and other software components are malicious. However, SGX disregards side-channel attacks. We introduce a powerful cache side-channel attack that provides system adversaries a high resolution channel. Our attack tool named CacheZoom is able to virtually track all memory accesses of SGX enclaves with high spatial and temporal precision. As proof of concept, we demonstrate AES key recovery attacks on commonly used implementations including those that were believed to be resistant in previous scenarios. Our results show that SGX cannot protect critical data sensitive computations, and efficient AES key recovery is possible in a practical environment. In contrast to previous works which require hundreds of measurements, this is the first cache side-channel attack on a real system that can recover AES keys with a minimal number of measurements. We can successfully recover AES keys from T-Table based implementations with as few as ten measurements.Comment: Accepted at Conference on Cryptographic Hardware and Embedded Systems (CHES '17

Door to relocation time for dislocated hip prosthesis: Multicentre comparison of emergency department procedural sedation versus theatre-based general anaesthesia

Background: Dislocation of a hip prosthesis is a painful event which has an incidence of 4% for primary total hip arthroplasty. Relocation is traditionally performed under general anaesthesia in the operating theatre, but relocation using sedation in the emergency department (ED) has been reported, with a limited success rate of 62%. A study was undertaken to compare door to relocation times for ED sedation and theatre general anaesthesia. Methods: The notes of all patients attending five centres in the south west of England with prosthetic hip dislocation over a 12-month period between 2005 and 2006 were retrospectively reviewed using standardised data collection forms. Results: Successful ED reduction was significantly quicker than failed ED reduction and theatre-based general anaesthesia (2 h 21 min vs 8 h 32 min;

Deep learning to automate the labelling of head MRI datasets for computer vision applications

OBJECTIVES: The purpose of this study was to build a deep learning model to derive labels from neuroradiology reports and assign these to the corresponding examinations, overcoming a bottleneck to computer vision model development. METHODS: Reference-standard labels were generated by a team of neuroradiologists for model training and evaluation. Three thousand examinations were labelled for the presence or absence of any abnormality by manually scrutinising the corresponding radiology reports ('reference-standard report labels'); a subset of these examinations (n = 250) were assigned 'reference-standard image labels' by interrogating the actual images. Separately, 2000 reports were labelled for the presence or absence of 7 specialised categories of abnormality (acute stroke, mass, atrophy, vascular abnormality, small vessel disease, white matter inflammation, encephalomalacia), with a subset of these examinations (n = 700) also assigned reference-standard image labels. A deep learning model was trained using labelled reports and validated in two ways: comparing predicted labels to (i) reference-standard report labels and (ii) reference-standard image labels. The area under the receiver operating characteristic curve (AUC-ROC) was used to quantify model performance. Accuracy, sensitivity, specificity, and F1 score were also calculated. RESULTS: Accurate classification (AUC-ROC > 0.95) was achieved for all categories when tested against reference-standard report labels. A drop in performance (ΔAUC-ROC > 0.02) was seen for three categories (atrophy, encephalomalacia, vascular) when tested against reference-standard image labels, highlighting discrepancies in the original reports. Once trained, the model assigned labels to 121,556 examinations in under 30 min. CONCLUSIONS: Our model accurately classifies head MRI examinations, enabling automated dataset labelling for downstream computer vision applications. KEY POINTS: • Deep learning is poised to revolutionise image recognition tasks in radiology; however, a barrier to clinical adoption is the difficulty of obtaining large labelled datasets for model training. • We demonstrate a deep learning model which can derive labels from neuroradiology reports and assign these to the corresponding examinations at scale, facilitating the development of downstream computer vision models. • We rigorously tested our model by comparing labels predicted on the basis of neuroradiology reports with two sets of reference-standard labels: (1) labels derived by manually scrutinising each radiology report and (2) labels derived by interrogating the actual images

A Tale of Three Signatures: practical attack of ECDSA with wNAF

One way of attacking ECDSA with wNAF implementation for the scalar multiplication is to perform a side-channel analysis to collect information, then use a lattice based method to recover the secret key. In this paper, we reinvestigate the construction of the lattice used in one of these methods, the Extended Hidden Number Problem (EHNP). We find the secret key with only 3 signatures, thus reaching the theoretical bound given by Fan, Wang and Cheng, whereas best previous methods required at least 4 signatures in practice. Our attack is more efficient than previous attacks, in particular compared to times reported by Fan et al. at CCS 2016 and for most cases, has better probability of success. To obtain such results, we perform a detailed analysis of the parameters used in the attack and introduce a preprocessing method which reduces by a factor up to 7 the overall time to recover the secret key for some parameters. We perform an error resilience analysis which has never been done before in the setup of EHNP. Our construction is still able to find the secret key with a small amount of erroneous traces, up to 2% of false digits, and 4% with a specific type of error. We also investigate Coppersmith's methods as a potential alternative to EHNP and explain why, to the best of our knowledge, EHNP goes beyond the limitations of Coppersmith's methods

Efficient Implementation of Bilinear Pairings on ARM Processors

Abstract. As hardware capabilities increase, low-power devices such as smartphones represent a natural environment for the efficient imple-mentation of cryptographic pairings. Few works in the literature have considered such platforms despite their growing importance in a post-PC world. In this paper, we investigate the efficient computation of the Optimal-Ate pairing over Barreto-Naehrig curves in software at differ-ent security levels on ARM processors. We exploit state-of-the-art tech-niques and propose new optimizations to speed up the computation in the tower field and curve arithmetic. In particular, we extend the concept of lazy reduction to inversion in extension fields, analyze an efficient al-ternative for the sparse multiplication used inside the Miller’s algorithm and reduce further the cost of point/line evaluation formulas in affine and projective homogeneous coordinates. In addition, we study the effi-ciency of using M-type sextic twists in the pairing computation and carry out a detailed comparison between affine and projective coordinate sys-tems. Our implementations on various mass-market smartphones and tablets significantly improve the state-of-the-art of pairing computation on ARM-powered devices, outperforming by at least a factor of 3.7 the best previous results in the literature

Living risk prediction algorithm (QCOVID) for risk of hospital admission and mortality from coronavirus 19 in adults: national derivation and validation cohort study.

OBJECTIVE: To derive and validate a risk prediction algorithm to estimate hospital admission and mortality outcomes from coronavirus disease 2019 (covid-19) in adults. DESIGN: Population based cohort study. SETTING AND PARTICIPANTS: QResearch database, comprising 1205 general practices in England with linkage to covid-19 test results, Hospital Episode Statistics, and death registry data. 6.08 million adults aged 19-100 years were included in the derivation dataset and 2.17 million in the validation dataset. The derivation and first validation cohort period was 24 January 2020 to 30 April 2020. The second temporal validation cohort covered the period 1 May 2020 to 30 June 2020. MAIN OUTCOME MEASURES: The primary outcome was time to death from covid-19, defined as death due to confirmed or suspected covid-19 as per the death certification or death occurring in a person with confirmed severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) infection in the period 24 January to 30 April 2020. The secondary outcome was time to hospital admission with confirmed SARS-CoV-2 infection. Models were fitted in the derivation cohort to derive risk equations using a range of predictor variables. Performance, including measures of discrimination and calibration, was evaluated in each validation time period. RESULTS: 4384 deaths from covid-19 occurred in the derivation cohort during follow-up and 1722 in the first validation cohort period and 621 in the second validation cohort period. The final risk algorithms included age, ethnicity, deprivation, body mass index, and a range of comorbidities. The algorithm had good calibration in the first validation cohort. For deaths from covid-19 in men, it explained 73.1% (95% confidence interval 71.9% to 74.3%) of the variation in time to death (R2); the D statistic was 3.37 (95% confidence interval 3.27 to 3.47), and Harrell's C was 0.928 (0.919 to 0.938). Similar results were obtained for women, for both outcomes, and in both time periods. In the top 5% of patients with the highest predicted risks of death, the sensitivity for identifying deaths within 97 days was 75.7%. People in the top 20% of predicted risk of death accounted for 94% of all deaths from covid-19. CONCLUSION: The QCOVID population based risk algorithm performed well, showing very high levels of discrimination for deaths and hospital admissions due to covid-19. The absolute risks presented, however, will change over time in line with the prevailing SARS-C0V-2 infection rate and the extent of social distancing measures in place, so they should be interpreted with caution. The model can be recalibrated for different time periods, however, and has the potential to be dynamically updated as the pandemic evolves

Increasing survival after admission to UK critical care units following cardiopulmonary resuscitation

© 2016 The Author(s). Background: In recent years there have been many developments in post-resuscitation care. We have investigated trends in patient characteristics and outcome following admission to UK critical care units following cardiopulmonary resuscitation (CPR) for the period 2004-2014. Our hypothesis is that there has been a reduction in risk-adjusted mortality during this period. Methods: We undertook a prospectively defined, retrospective analysis of the Intensive Care National Audit & Research Centre (ICNARC) Case Mix Programme Database (CMPD) for the period 1 January 2004 to 31 December 2014. Admissions, mechanically ventilated in the first 24 hours in the critical care unit and admitted following CPR, defined as the delivery of chest compressions in the 24 hours before admission, were identified. Case mix, withdrawal, outcome and activity were described annually for all admissions identified as post-cardiac arrest admissions, and separately for out-of-hospital cardiac arrest and in-hospital cardiac arrest. To assess whether in-hospital mortality had improved over time, hierarchical multivariate logistic regression models were constructed, with in-hospital mortality as the dependent variable, year of admission as the main exposure variable and intensive care unit (ICU) as a random effect. All analyses were repeated using only the data from those ICUs contributing data throughout the study period. Results: During the period 2004-2014 survivors of cardiac arrest accounted for an increasing proportion of mechanically ventilated admissions to ICUs in the ICNARC CMPD (9.0 % in 2004 increasing to 12.2 % in 2014). Risk-adjusted hospital mortality following admission to ICU after cardiac arrest has decreased significantly during this period (OR 0.96 per year). Over this time, the ICU length of stay and time to treatment withdrawal has increased significantly. Re-analysis including only those 116 ICUs contributing data throughout the study period confirmed all the results of the primary analysis. Conclusions: Risk-adjusted hospital mortality following admission to ICU after cardiac arrest has decreased significantly during the period 2004-2014. Over the same period the ICU length of stay and time to treatment withdrawal has increased significantly

A New Family of Pairing-Friendly elliptic curves

International audienceThere have been recent advances in solving the finite extension field discrete logarithm problem as it arises in the context of pairing-friendly elliptic curves. This has lead to the abandonment of approaches based on supersingular curves of small characteristic, and to the reconsideration of the field sizes required for implementation based on non-supersingular curves of large characteristic. This has resulted in a revision of recommendations for suitable curves, particularly at a higher level of security. Indeed for a security level of 256 bits, the BLS48 curves have been suggested, and demonstrated to be superior to other candidates. These curves have an embedding degree of 48. The well known taxonomy of Freeman, Scott and Teske only considered curves with embedding degrees up to 50. Given some uncertainty around the constants that apply to the best discrete logarithm algorithm, it would seem to be prudent to push a little beyond 50. In this note we announce the discovery of a new family of pairing friendly elliptic curves which includes a new construction for a curve with an embedding degree of 54