Triggerflow: Regression Testing by Advanced Execution Path Inspection

Cryptographic libraries often feature multiple implementations of primitives to meet both the security needs of handling private information and the performance requirements of modern services when the handled information is public. OpenSSL, the de-facto standard free and open source cryptographic library, includes mechanisms to differentiate the confidential data and its control flow, including runtime flags, designed for hardening against timing side-channels, but repeatedly accidentally mishandled in the past. To analyze and prevent these accidents, we introduce Triggerflow, a tool for tracking execution paths that, assisted by source annotations, dynamically analyzes the binary through the debugger. We validate this approach with case studies demonstrating how adopting our method in the development pipeline would have promptly detected such accidents. We further show-case the value of the tooling by presenting two novel discoveries facilitated by Triggerflow: one leak and one defect

OpenSSLNTRU : Faster post-quantum TLS key exchange

Google's CECPQ1 experiment in 2016 integrated a post-quantum key-exchange algorithm, newhope1024, into TLS 1.2. The Google-Cloudflare CECPQ2 experiment in 2019 integrated a more efficient key-exchange algorithm, ntruhrss701, into TLS 1.3. This paper revisits the choices made in CECPQ2, and shows how to achieve higher performance for post-quantum key exchange in TLS 1.3 using a higher-security algorithm, sntrup761. Previous work had indicated that ntruhrss701 key generation was much faster than sntrup761 key generation, but this paper makes sntrup761 key generation much faster by generating a batch of keys at once. Batch key generation is invisible at the TLS protocol layer, but raises software-engineering questions regarding the difficulty of integrating batch key exchange into existing TLS libraries and applications. This paper shows that careful choices of software layers make it easy to integrate fast post-quantum software, including batch key exchange, into TLS with minor changes to TLS libraries and no changes to applications. As a demonstration of feasibility, this paper reports successful integration of its fast sntrup761 library, via a lightly patched OpenSSL, into an unmodified web browser and an unmodified TLS terminator. This paper also reports TLS 1.3 handshake benchmarks, achieving more TLS 1.3 handshakes per second than any software included in OpenSSL.acceptedVersionPeer reviewe

Port Contention for Fun and Profit

Simultaneous Multithreading (SMT) architectures are attractive targets for side-channel enabled attackers, with their inherently broader attack surface that exposes more per physical core microarchitecture components than cross-core attacks. In this work, we explore SMT execution engine sharing as a side-channel leakage source. We target ports to stacks of execution units to create a high-resolution timing side-channel due to port contention, inherently stealthy since it does not depend on the memory subsystem like other cache or TLB based attacks. Implementing said channel on Intel Skylake and Kaby Lake architectures featuring Hyper-Threading, we mount and end-to-end attack that recovers a P-384 private key from an OpenSSL-powered TLS server using a small number of repeated TLS handshake attempts. Furthermore, we show that traces targeting shared libraries, static builds, and SGX enclaves are essentially identical, hence our channel has wide target application

Set It and Forget It! Turnkey ECC for Instant Integration

Historically, Elliptic Curve Cryptography (ECC) is an active field of applied cryptography where recent focus is on high speed, constant time, and formally verified implementations. While there are a handful of outliers where all these concepts join and land in real-world deployments, these are generally on a case-by-case basis: e.g.\ a library may feature such X25519 or P-256 code, but not for all curves. In this work, we propose and implement a methodology that fully automates the implementation, testing, and integration of ECC stacks with the above properties. We demonstrate the flexibility and applicability of our methodology by seamlessly integrating into three real-world projects: OpenSSL, Mozilla's NSS, and the GOST OpenSSL Engine, achieving roughly 9.5x, 4.5x, 13.3x, and 3.7x speedup on any given curve for key generation, key agreement, signing, and verifying, respectively. Furthermore, we showcase the efficacy of our testing methodology by uncovering flaws and vulnerabilities in OpenSSL, and a specification-level vulnerability in a Russian standard. Our work bridges the gap between significant applied cryptography research results and deployed software, fully automating the process

Laparoscopic cholecystectomy for melanoma metastatic to the gallbladder: is it an adequate surgical procedure? Report of a case and review of the literature

<p>Abstract</p> <p>Background</p> <p>Only 2% to 4% of patients with melanoma will be diagnosed with gastrointestinal metastasis during the course of their disease. The most common sites of gastrointestinal metastases from melanoma include the small bowel (35%–67%), colon (9%–15%) and stomach (5%–7%), with a median survival of 6–10 months after surgery, and 18% survival at five years. Metastatic melanoma to the gallbladder is extremely rare and it is associated with a very poor prognosis.</p> <p>Case presentation</p> <p>We report a case of a 54-year old man presented to observation with diagnosis of 6.1 mm thick, Clark's level IV, ulcerated melanoma of the trunk, developing in the course of the disease metastatic involvement of the gallbladder as first site of recurrence, treated by laparoscopic cholecystectomy. To date only few cases of patients with metastatic melanoma of the gallbladder treated by this surgical procedure have been reported in literature.</p> <p>Conclusion</p> <p>Gallbladder metastasis represents a rare event as a first site of recurrence. It must be considered a possible expression of systemic disease also despite radiological absence of other metastatic lesions. Laparoscopic approach has a possible therapeutic role, but open surgery has also a concomitant diagnostic purpose because gives the possibility of manual exploration of abdominal cavity, useful particularly to reveal bowel metastatic lesions, not easily identifiable by preoperative imaging examinations.</p

Start your ENGINEs: Dynamically Loadable Contemporary Crypto

Software ever-increasingly relies on building blocks implemented by security libraries, which provide access to evolving standards, protocols, and cryptographic primitives. These libraries are often subject to complex development models and long decision-making processes, which limit the ability of contributors to participate in the development process, hinder the deployment of scientific results and pose challenges for OS maintainers. In this paper, focusing on OpenSSL as a de-facto standard, we analyze these limits, their impact on the security of modern systems, and their significance for researchers. We propose the OpenSSL ENGINE API as a tool in a framework to overcome these limits, describing how it fits in the OpenSSL architecture, its features, and a technical review of its internals. We evaluate our methodology by instantiating libsuola, a new ENGINE providing support for emerging cryptographic standards such as X25519 and Ed25519 for currently deployed versions of OpenSSL, performing benchmarks to demonstrate the viability and benefits. The results confirm that the ENGINE API offers (1) an ideal architecture to address wide-ranging security concerns; (2) a valuable tool to enhance future research by easing testing and facilitating the dissemination of novel results in real-world systems; and (3) a means to bridge the gaps between research results and currently deployed systems.acceptedVersionPeer reviewe

OpenSSLNTRU: Faster post-quantum TLS key exchange

Google's CECPQ1 experiment in 2016 integrated a post-quantum key-exchange algorithm, newhope1024, into TLS 1.2. The Google-Cloudflare CECPQ2 experiment in 2019 integrated a more efficient key-exchange algorithm, ntruhrss701, into TLS 1.3. This paper revisits the choices made in CECPQ2, and shows how to achieve higher performance for post-quantum key exchange in TLS 1.3 using a higher-security algorithm, sntrup761. Previous work had indicated that ntruhrss701 key generation was much faster than sntrup761 key generation, but this paper makes sntrup761 key generation much faster by generating a batch of keys at once. Batch key generation is invisible at the TLS protocol layer, but raises software-engineering questions regarding the difficulty of integrating batch key exchange into existing TLS libraries and applications. This paper shows that careful choices of software layers make it easy to integrate fast post-quantum software, including batch key exchange, into TLS with minor changes to TLS libraries and no changes to applications. As a demonstration of feasibility, this paper reports successful integration of its fast sntrup761 library, via a lightly patched OpenSSL, into an unmodified web browser and an unmodified TLS terminator. This paper also reports TLS 1.3 handshake benchmarks, achieving more TLS 1.3 handshakes per second than any software included in OpenSSL.Comment: 20 pages, 5 figures; accepted at USENIX Security 2022; added Artifact Evaluation badges and final Artifact Appendi

A closed-loop system for neural networks analysis through high density MEAs

In this work we present a FPGA-based system for real-time processing of neural signals acquired by commercial high-density microelectrode array (HDMEA). The considered MEA features 4096 electrodes with 18kHz sampling frequency and 12-bit resolution, thus produces nearly 1 Gbps of data. Within the implementation, we considered low-latency as a main objective, to allow for closed-loop acquisition-stimulation experiments, that represent a novel promising frontier in neuro-physiology and in the development of brain-machine interfaces. The developed platform is implemented on a low-to-mid Zynq all-programmable SoC, and is able to perform all the required computation (from signal acquisition to response generation) with less than 2ms latency, enabling closed-loop applications in a wide range of experiments

On-FPGA real-time processing of biological signals from high-density MEAs: A design space exploration

High-density microelectrode arrays (HDMEAs) are promising tools to tackle fundamental questions in neuroscience and brain diseases with unprecedented experimental capabilities. The acquisition of the biological signals sampled by such MEAs, that usually involves filtering, preliminary processing and finally data storage, is an intrinsically parallel and computation-intensive activity, particularly in systems targeting thousands of recording channels acquired with sub-millisecond time resolution. Within several applications, these operations need to be performed in real-time. A promising solution offering an adequate performance level relies on parallel hardware structures, making FPGA devices the perfect target technology.\\In this paper, we present an evaluation of an acquisition and processing system, to be implemented on an FPGA device, which is conceived to be connected to multi-channel CMOS-MEAs and is specifically designed for in-vitro and in-vivo recordings of neural activity. The template, implemented on reconfigurable logic, performs the first steps of the computing chain: filtering and adaptive detection of neural spikes. The filtered samples together with information regarding the presence of spikes are stored in an external DDR memory, for further elaboration and communication with the external environment. We performed a design space exploration measuring resource utilization and precision of the detection algorithm for different use-cases, corresponding to different state-of-the-art HDMEAs, and for different application parameters, such as the filtering scheme, number of parallel input channels, and sampling frequency. A prototype instance of the proposed platform, implemented on a low-end Xilinx Zynq SoC, allows to process more than 1 Gbps of data coming from up to 4096 18-kHz channels, within a time latency of 1.8 ms