Cryptanalysis of block ciphers with overdefined systems of equations

Several recently proposed ciphers, for example Rijndael and Serpent, are built with layers of small S-boxes interconnected by linear key-dependent layers. Their security relies on the fact, that the classical methods of cryptanalysis (e.g. linear or differential attacks) are based on probabilistic characteristics, which makes their security grow exponentially with the number of rounds N r r. In this paper we study the security of such ciphers under an additional hypothesis: the S-box can be described by an overdefined system of algebraic equations (true with probability 1). We show that this is true for both Serpent (due to a small size of S-boxes) and Rijndael (due to unexpected algebraic properties). We study general methods known for solving overdefined systems of equations, such as XL from Eurocrypt’00, and show their inefficiency. Then we introduce a new method called XSL that uses the sparsity of the equations and their specific structure. The XSL attack uses only relations true with probability 1, and thus the security does not have to grow exponentially in the number of rounds. XSL has a parameter P, and from our estimations is seems that P should be a constant or grow very slowly with the number of rounds. The XSL attack would then be polynomial (or subexponential) in N r> , with a huge constant that is double-exponential in the size of the S-box. The exact complexity of such attacks is not known due to the redundant equations. Though the presented version of the XSL attack always gives always more than the exhaustive search for Rijndael, it seems to (marginally) break 256-bit Serpent. We suggest a new criterion for design of S-boxes in block ciphers: they should not be describable by a system of polynomial equations that is too small or too overdefined.

Distinguishing attack on SOBER-128 with linear masking

We present a distinguishing attack against SOBER-128 with linear masking. We found a linear approximation which has a bias of 2^− − 8.8 for the non-linear filter. The attack applies the observation made by Ekdahl and Johansson that there is a sequence of clocks for which the linear combination of some states vanishes. This linear dependency allows that the linear masking method can be applied. We also show that the bias of the distinguisher can be improved (or estimated more precisely) by considering quadratic terms of the approximation. The probability bias of the quadratic approximation used in the distinguisher is estimated to be equal to O(2^− − 51.8), so that we claim that SOBER-128 is distinguishable from truly random cipher by observing O(2^103.6) keystream words.

Acute resistance exercise increases the expression of chemotactic factors within skeletal muscle

Intense resistance exercise causes mechanical loading of skeletal muscle, followed by muscle adaptation. Chemotactic factors likely play an important role in these processes. Purpose We investigated the time course of changes in the expression and tissue localization of several key chemotactic factors in skeletal muscle during the early phase of recovery following resistance exercise. Methods Muscle biopsy samples were obtained from vastus lateralis of eight untrained men (22+-0.5 yrs) before and 2, 4 and 24 h after three sets of leg press, squat and leg extension at 80% 1 RM. Results Monocyte chemotactic protein-1 (95×), interleukin-8 (2,300×), IL-6 (317×), urokinase-type plasminogen activator (15×), vascular endothelial growth factor (2×) and fractalkine (2.5×) mRNA was significantly elevated 2 h post-exercise. Interleukin-8 (38×) and interleukin-6 (58×) protein was also significantly elevated 2 h post-exercise, while monocyte chemotactic protein-1 protein was significantly elevated at 2 h (22×) and 4 h (21×) post-exercise. Monocyte chemotactic protein-1 and interleukin-8 were expressed by cells residing in the interstitial space between muscle fibers and, in some cases, were co-localized with CD68+ macrophages, PAX7+ satellite cells and blood vessels. However, the patterns of staining were inconclusive and not consistent. Conclusion In conclusion, resistance exercise stimulated a marked increase in the mRNA and protein expression of various chemotactic factors in skeletal muscle. Myofibers were not the dominant source of these factors. These findings suggest that chemotactic factors regulate remodeling/adaptation of skeletal muscle during the early phase of recovery following resistance exercise.

Extending FORK-256 attack to the full hash function

In a paper published in FSE 2007, a way of obtaining near-collisions and in theory also collisions for the FORK-256 hash function was presented [8]. The paper contained examples of near-collisions for the compression function, but in practice the attack could not be extended to the full function due to large memory requirements and computation time. In this paper we improve the attack and show that it is possible to find near-collisions in practice for any given value of IV. In particular, this means that the full hash function with the prespecified IV is vulnerable in practice, not just in theory. We exhibit an example near-collision for the complete hash function.

Generation of uniform plasmas by crossed internal oscillating current sheets : key concepts and experimental verification

The results of comprehensive experimental studies of the operation, stability, and plasma parameters of the low-frequency (0.46 MHz) inductively coupled plasmas sustained by the internal oscillating rf current are reported. The rf plasma is generated by using a custom-designed configuration of the internal rf coil that comprises two perpendicular sets of eight currents in each direction. Various diagnostic tools, such as magnetic probes, optical emission spectroscopy, and an rf-compensated Langmuir probe were used to investigate the electromagnetic, optical, and global properties of the argon plasma in wide ranges of the applied rf power and gas feedstock pressure. It is found that the uniformity of the electromagnetic field inside the plasma reactor is improved as compared to the conventional sources of inductively coupled plasmas with the external flat coil configuration. A reasonable agreement between the experimental data and computed electromagnetic field topography inside the chamber is reported. The Langmuir probe measurements reveal that the spatial profiles of the electron density, the effective electron temperature, plasma potential, and electron energy distribution/probability functions feature a high degree of the radial and axial uniformity and a weak azimuthal dependence, which is consistent with the earlier theoretical predictions. As the input rf power increases, the azimuthal dependence of the global plasma parameters vanishes. The obtained results demonstrate that by introducing the internal oscillated rf currents one can noticeably improve the uniformity of electromagnetic field topography, rf power deposition, and the plasma density in the reactor.

Multiple modular additions and crossword puzzle attack on NLSv2

NLS is a stream cipher which was submitted to the eSTREAM project. A linear distinguishing attack against NLS was presented by Cho and Pieprzyk, which was called Crossword Puzzle (CP) attack. NLSv2 is a tweak version of NLS which aims mainly at avoiding the CP attack. In this paper, a new distinguishing attack against NLSv2 is presented. The attack exploits high correlation amongst neighboring bits of the cipher. The paper first shows that the modular addition preserves pairwise correlations as demonstrated by existence of linear approximations with large biases. Next, it shows how to combine these results with the existence of high correlation between bits 29 and 30 of the S-box to obtain a distinguisher whose bias is around 2^−37. Consequently, we claim that NLSv2 is distinguishable from a random cipher after observing around 2^74 keystream words.

A non-malleable group key exchange protocol robust against active insiders

In this paper we make progress towards solving an open problem posed by Katz and Yung at CRYPTO 2003. We propose the first protocol for key exchange among n ≥2k+1 parties which simultaneously achieves all of the following properties: 1. Key Privacy (including forward security) against active attacks by group outsiders, 2. Non-malleability — meaning in particular that no subset of up to k corrupted group insiders can ‘fix’ the agreed key to a desired value, and 3. Robustness against denial of service attacks by up to k corrupted group insiders. Our insider security properties above are achieved assuming the availability of a reliable broadcast channel.

A ramp metering strategy for rapid congestion recovery

Recurrent congestion caused by high commuter traffic is an irritation to motorway users. Ramp metering (RM) is the most effective motorway control means (M Papageorgiou & Kotsialos, 2002) for significantly reducing motorway congestion. However, given field constraints (e.g. limited ramp space and maximum ramp waiting time), RM cannot eliminate recurrent congestion during the increased long peak hours. This paper, therefore, focuses on rapid congestion recovery to further improve RM systems: that is, to quickly clear congestion in recovery periods. The feasibility of using RM for recovery is analyzed, and a zone recovery strategy (ZRS) for RM is proposed. Note that this study assumes no incident and demand management involved, i.e. no re-routing behavior and strategy considered. This strategy is modeled, calibrated and tested in the northbound model of the Pacific Motorway, Brisbane, Australia in a micro-simulation environment for recurrent congestion scenario, and evaluation results have justified its effectiveness.

Detection of sinkhole attack in wireless sensor networks

Generally wireless sensor networks rely of many-to-one communication approach for data gathering. This approach is extremely susceptible to sinkhole attack, where an intruder attracts surrounding nodes with unfaithful routing information, and subsequently presents selective forwarding or change the data that carry through it. A sinkhole attack causes an important threat to sensor networks and it should be considered that the sensor nodes are mostly spread out in open areas and of weak computation and battery power. In order to detect the intruder in a sinkhole attack this paper suggests an algorithm which firstly finds a group of suspected nodes by analyzing the consistency of data. Then, the intruder is recognized efficiently in the group by checking the network flow information. The proposed algorithm's performance has been evaluated by using numerical analysis and simulations. Therefore, accuracy and efficiency of algorithm would be verified.

B-Raf mutation : a key player in molecular biology of cancer

B-Raf is one of the more commonly mutated proto-oncogenes implicated in the development of cancers. In this review, we consider the mechanisms and clinical impacts of B-Raf mutations in cancer and discuss the implications for the patient in melanoma, thyroid cancer and colorectal cancer, where B-Raf mutations are particularly common.

The child pose : the role of the nonhuman natural world in recovery from psychological trauma

This thesis by creative work explores relationships among human beings, the nonhuman natural world and language. It addresses the central research question: 'How can a novel embody a narrative of recovery from psychological trauma in which recovery is primarily a function of the character's subjective interaction with nature?' The novel, 'The Child Pose', tells the story of a woman's recovery from psychological trauma. The thesis draws on the psychoanalytic theory of Jacques Lacan, who saw the human subject as fundamentally split and alienated, and therefore inherently vulnerable to being destabilised by trauma. Situating the narrative of recovery within the emerging fields of ecocriticism and ecopsychology, the research constructs psychological recovery through interaction with nature as a transformation of subjectivity: the creation of a new, more stable and connected kind of subject, which Jordan (2012) has called 'the ecological subject'.

Mechanisms of mono- and poly-ubiquitination : ubiquitination specificity depends on compatibility between the E2 catalytic core and amino acid residues proximal to the lysine

Ubiquitination involves the attachment of ubiquitin to lysine residues on substrate proteins or itself, which can result in protein monoubiquitination or polyubiquitination. Ubiquitin attachment to different lysine residues can generate diverse substrate-ubiquitin structures, targeting proteins to different fates. The mechanisms of lysine selection are not well understood. Ubiquitination by the largest group of E3 ligases, the RING-family E3 s, is catalyzed through co-operation between the non-catalytic ubiquitin-ligase (E3) and the ubiquitin-conjugating enzyme (E2), where the RING E3 binds the substrate and the E2 catalyzes ubiquitin transfer. Previous studies suggest that ubiquitination sites are selected by E3-mediated positioning of the lysine toward the E2 active site. Ultimately, at a catalytic level, ubiquitination of lysine residues within the substrate or ubiquitin occurs by nucleophilic attack of the lysine residue on the thioester bond linking the E2 catalytic cysteine to ubiquitin. One of the best studied RING E3/ E2 complexes is the Skp1/Cul1/F box protein complex, SCFCdc4, and its cognate E2, Cdc34, which target the CDK inhibitor Sic1 for K48-linked polyubiquitination, leading to its proteasomal degradation. Our recent studies of this model system demonstrated that residues surrounding Sic1 lysines or lysine 48 in ubiquitin are critical for ubiquitination. This sequence-dependence is linked to evolutionarily conserved key residues in the catalytic region of Cdc34 and can determine if Sic1 is mono- or poly-ubiquitinated. Our studies indicate that amino acid determinants in the Cdc34 catalytic region and their compatibility to those surrounding acceptor lysine residues play important roles in lysine selection. This may represent a general mechanism in directing the mode of ubiquitination in E2 s.

Effect of broadcast baiting on abundance patterns of red imported fire ants (Hymenoptera: Formicidae) and key local ant genera at long-term monitoring sites in Brisbane, Australia

In 2001, the red imported fire ant (Solenopsis invicta Buren) was identified in Brisbane, Australia. An eradication program involving broadcast bait treatment with two insect growth regulators and a metabolic inhibitor began in September of that year and is currently ongoing. To gauge the impacts of these treatments on local ant populations, we examined long-term monitoring data and quantified abundance patterns of S. invicta and common local ant genera using a linear mixed-effects model. For S. invicta, presence in pitfalls reduced over time to zero on every site. Significantly higher numbers of S. invicta workers were collected on high-density polygyne sites, which took longer to disinfest compared with monogyne and low-density polygyne sites. For local ants, nine genus groups of the 10 most common genera analyzed either increased in abundance or showed no significant trend. Five of these genus groups were significantly less abundant at the start of monitoring on high-density polygyne sites compared with monogyne and low-density polygyne sites. The genus Pheidole significantly reduced in abundance over time, suggesting that it was affected by treatment efforts. These results demonstrate that the treatment regime used at the time successfully removed S. invicta from these sites in Brisbane, and that most local ant genera were not seriously impacted by the treatment. These results have important implications for current and future prophylactic treatment efforts, and suggest that native ants remain in treated areas to provide some biological resistance to S. invicta.

Pasture Degradation and Recovery in Australia's Rangelands : Learning from History

"The extended drought periods in each degradation episode have provided a test of the capacity of grazing systems (i.e. land, plants, animals, humans and social structure) to handle stress. Evidence that degradation was already occurring was identified prior to the extended drought sequences. The sequence of dry years, ranging from two to eight years, exposed and/or amplified the degradation processes. The unequivocal evidence was provided by: (a) the physical 'horror' of bare landscapes, erosion scalds and gullies and dust storms; (b) the biological devastation of woody weeds and animal suffering/deaths or forced sales, and; (c) the financial and emotional plight of graziers and their families due to reduced production in some cases leading to abandonment of properties or, sadly, deaths (e.g. McDonald 1991, Ker Conway 1989)."--Publisher website

A random key genetic algorithm for live migration of multiple virtual machines in data centers

Live migration of multiple Virtual Machines (VMs) has become an integral management activity in data centers for power saving, load balancing and system maintenance. While state-of-the-art live migration techniques focus on the improvement of migration performance of an independent single VM, only a little has been investigated to the case of live migration of multiple interacting VMs. Live migration is mostly influenced by the network bandwidth and arbitrarily migrating a VM which has data inter-dependencies with other VMs may increase the bandwidth consumption and adversely affect the performances of subsequent migrations. In this paper, we propose a Random Key Genetic Algorithm (RKGA) that efficiently schedules the migration of a given set of VMs accounting both inter-VM dependency and data center communication network. The experimental results show that the RKGA can schedule the migration of multiple VMs with significantly shorter total migration time and total downtime compared to a heuristic algorithm.