Malicious hardware is a mature topic but previous research has focused almost exclusively on theoretical applications. In this article, practical implementations of gate-level backdoors will be presented using the Verilog hardware description language, then simulated and finally synthesized using freely available deep sub-micron (45-180 nm) standard cells, resulting in a backdoored latest-generation ARM CPU, suitable for fabrication and massive deployment.
Shedding light on PROFINET node development
Despite the availability of Real Time Ethernet in general and PROFINET in particular for many years there is still insecurity regarding the necessary hardware and software effort required to implement and certify a PROFINET node. This presentation aims to shed some light on node development based on 10 odd years practical experience in the development of PROFINET technology.
The presentation starts with some generic performance characteristics of Real Time Ethernet in general and PROFINET in particular. To satisfy these characteristics particular architectures are required and we enumerate these detailing the pros-and cons underlined with performance data and some experiences in the field. We finish up by discussing some future themes and their ramifications for the node developer.
Presented by:
Hans Dermot Doran, Head of Real Time Ethernet Research Group & Professor of Communication and Information Technologies, Institute of Embedded Systems, Zürich University of Applied Sciences
Shedding light on PROFINET node development
Despite the availability of Real Time Ethernet in general and PROFINET in particular for many years there is still insecurity regarding the necessary hardware and software effort required to implement and certify a PROFINET node. This presentation aims to shed some light on node development based on 10 odd years practical experience in the development of PROFINET technology.
The presentation starts with some generic performance characteristics of Real Time Ethernet in general and PROFINET in particular. To satisfy these characteristics particular architectures are required and we enumerate these detailing the pros-and cons underlined with performance data and some experiences in the field. We finish up by discussing some future themes and their ramifications for the node developer.
Presented by:
Hans Dermot Doran, Head of Real Time Ethernet Research Group & Professor of Communication and Information Technologies, Institute of Embedded Systems, Zürich University of Applied Sciences
The presentation addresses the most typical issues during network software development and testing, explains the causes and suggests solutions:
- overlapping IP networks
- invalid netmasks
- incomplete routing configuration
- incorrect local MAC addresses
- unidirectional packet generator and unicast flood
- disabled ethernet auto negotiation
This is a seminar on hardware trojan that i have given during my M.tech. It follows the latest classification of hardware trojans used in research community. 3 latest hardware trojan detection technique and 2 insertion techniques are presented in slides.
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...PROIDEA
Radio-frequency (RF) remote controllers are widely used in multiple industrial applications like manufacturing, construction and transportation. Cranes, drillers and diggers, among others, are commonly equipped with RF controllers, which have become the weakest link in safety-critical IIoT applications. Our security assessment revealed a lack of important security features at different levels, with vendors using obscure proprietary protocols instead of standards. As a consequence, this technology appeared to be vulnerable to attacks like replay, command injection, e-stop abuse, malicious repairing and reprogramming. Together with ZDI, we ran into a 6-months responsible disclosure process and then released 10 security advisories. In this presentation, we share the findings of our research and make use of demos to discuss the problems in detail. We conclude providing recommendations for all parties involved in the life-cycle of these devices, from vendors to users and system integrators.
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMFFRI, Inc.
In 2017, Microsoft announced the ARM version of Windows. The number of devices with ARM version of Windows is increasing, such as Surface Pro X series and HP ENVY x2, and it is gradually becoming popular.
When using these ARM devices, there is a compatibility issue that existing x86/x64 applications cannot be used.
However, this problem has been addressed by providing x86/x64 emulation capabilities. In recent years, ARM64EC has been announced, allowing for the gradual migration of x64 applications to ARM. The aggressive introduction of these compatibility technologies is a sign of Microsoft's strong will to promote the ARM version of Windows.
On the other hand, doesn't the introduction of new compatibility technologies provide a new avenue of attack for attackers? As far as we know, this point has not even been discussed much at this point. Therefore, we reverse engineered the compatibility technology that exists in Windows on ARM and examined its exploitability.
We found that various techniques are available, such as code injection by modifying XTA cache files, and obfuscation by exploiting newly introduced relocation entries. All of these techniques have in common the characteristic that the binary "appearance" and runtime behavior are different, making them difficult to detect and track. In addition, some of the techniques can be widely exploited to interfere with static analysis or sandbox analysis. Therefore, there is a high possibility that they will become a threat to the ARM version of Windows in the future.
In this presentation, we will explain the details of our new method and its features with demonstrations. We hope that this presentation will be a good opportunity to develop and promote the security research of Windows on ARM.
The PoC code and detailed reverse engineering results will be available on GitHub.
To gain an understanding of the way in which
PROFINET devices communicate with one
another over Ethernet.
• To learn how to capture the PROFINET
Frames using Wireshark®.
• To see how Wireshark® can be used to analyse
the captured frames to gain an understanding
of the various protocols.
• This is a topic covered in more detail in the
Certified PROFINET Engineers Course
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...Maksim Shudrak
Fuzzing remains to be the most effective technique for bugs hunting in memory-unsafe programs. Last year, hundreds of security papers and talks on fuzzing have been published and dozens of them were focused on adapting or improving American Fuzzy Lop in some way. Attracting with its simplicity and efficiency, AFL is the number one choice for the vast majority of security researchers. This high popularity means that hunting for bugs with AFL or a similar tool is becoming less and less fruitful since many projects are already covered by other researchers. It is especially hard when we talk about a project participating in Google OSS-Fuzz program which utilizes AFL to generate a half-trillion test cases per day.
In practice, this means that we can not blindly rely on AFL anymore and should search for better fuzzing techniques. In order to overcome this challenge, we need to understand how AFL and similar fuzzers work and be able to use their weaknesses to find new 0days. This talk is aimed to discuss these weaknesses on real examples, explain how we can do fuzzing better and release a new open-source fuzzer called Manul.
Manul is a high-scalable coverage-guided parallel fuzzer with the ability to search for bugs in open source and black box binaries on Windows and Linux. Manul was able to find 10 0-days in 4 widely-used projects that have been extensively tested by AFL. These vulnerabilities were not found by chance, but by analyzing and addressing issues exist in AFL. Authors will show several of the most critical vulnerabilities and explain why AFL overlooked them.
This talk will be interested for experienced hackers, who are willing to improve their bug hunting capabilities, as well as for new researchers, who are making their first steps on the thorny trail of bug hunting.
For more discussion reach me @Larryz This articles shows the need for security in layers, as each layer can be compromised.
Abstract. This paper is a short summary of the first real world detection of a backdoor in a military grade FPGA. Using an innovative patented technique we were able to detect and analyse in the first documented case of its kind, a backdoor inserted into the Actel/Microsemi ProASIC3 chips. The backdoor was found to exist on the silicon itself, it was not present in any firmware loaded onto the chip. Using Pipeline Emission Analysis (PEA), a technique pioneered by our sponsor, we were able to extract the secret key to activate the backdoor. This way an attacker can disable all the security on the chip, reprogram crypto and access keys, modify low-level silicon features, access unencrypted configuration bitstream or permanently damage the device. Clearly this means the device is wide open to intellectual property theft, fraud, re-programming as well as reverse engineering of the design which allows the introduction of a new backdoor or Trojan. Most concerning, it is not possible to patch the backdoor in chips already deployed, meaning those using this family of chips have to accept the fact it can be easily compromised or it will have to be physically replaced after a redesign of the silicon itself.
Learn how to build your own testing and debugging environment for analysing IoT firmware images. Bug hunting in IoT firmware requires access to debugging, instrumentation and reverse engineering tools.
In this workshop, we shall learn how to extract firmware from a few ARM IoT devices, deploy the extracted filesystems on an ARM QEMU environment, and emulate the firmware as close to the original hardware environment as possible. We shall also learn how to intercept and emulate NVRAM access to faithfully reproduce the exact configuration available on the actual device. Participants are required to bring a laptop capable of running VMware Workstation/Fusion/Player. We shall distribute a virtual machine with ARM QEMU along with firmware images extracted on the spot from a few SoHo routers and IP Cameras.
The methodology discussed in this workshop is put together from the author’s own beats. While we use ARM as the base platform, the same methodology can also work for MIPS or other embedded architectures.
The presentation addresses the most typical issues during network software development and testing, explains the causes and suggests solutions:
- overlapping IP networks
- invalid netmasks
- incomplete routing configuration
- incorrect local MAC addresses
- unidirectional packet generator and unicast flood
- disabled ethernet auto negotiation
This is a seminar on hardware trojan that i have given during my M.tech. It follows the latest classification of hardware trojans used in research community. 3 latest hardware trojan detection technique and 2 insertion techniques are presented in slides.
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...PROIDEA
Radio-frequency (RF) remote controllers are widely used in multiple industrial applications like manufacturing, construction and transportation. Cranes, drillers and diggers, among others, are commonly equipped with RF controllers, which have become the weakest link in safety-critical IIoT applications. Our security assessment revealed a lack of important security features at different levels, with vendors using obscure proprietary protocols instead of standards. As a consequence, this technology appeared to be vulnerable to attacks like replay, command injection, e-stop abuse, malicious repairing and reprogramming. Together with ZDI, we ran into a 6-months responsible disclosure process and then released 10 security advisories. In this presentation, we share the findings of our research and make use of demos to discuss the problems in detail. We conclude providing recommendations for all parties involved in the life-cycle of these devices, from vendors to users and system integrators.
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMFFRI, Inc.
In 2017, Microsoft announced the ARM version of Windows. The number of devices with ARM version of Windows is increasing, such as Surface Pro X series and HP ENVY x2, and it is gradually becoming popular.
When using these ARM devices, there is a compatibility issue that existing x86/x64 applications cannot be used.
However, this problem has been addressed by providing x86/x64 emulation capabilities. In recent years, ARM64EC has been announced, allowing for the gradual migration of x64 applications to ARM. The aggressive introduction of these compatibility technologies is a sign of Microsoft's strong will to promote the ARM version of Windows.
On the other hand, doesn't the introduction of new compatibility technologies provide a new avenue of attack for attackers? As far as we know, this point has not even been discussed much at this point. Therefore, we reverse engineered the compatibility technology that exists in Windows on ARM and examined its exploitability.
We found that various techniques are available, such as code injection by modifying XTA cache files, and obfuscation by exploiting newly introduced relocation entries. All of these techniques have in common the characteristic that the binary "appearance" and runtime behavior are different, making them difficult to detect and track. In addition, some of the techniques can be widely exploited to interfere with static analysis or sandbox analysis. Therefore, there is a high possibility that they will become a threat to the ARM version of Windows in the future.
In this presentation, we will explain the details of our new method and its features with demonstrations. We hope that this presentation will be a good opportunity to develop and promote the security research of Windows on ARM.
The PoC code and detailed reverse engineering results will be available on GitHub.
To gain an understanding of the way in which
PROFINET devices communicate with one
another over Ethernet.
• To learn how to capture the PROFINET
Frames using Wireshark®.
• To see how Wireshark® can be used to analyse
the captured frames to gain an understanding
of the various protocols.
• This is a topic covered in more detail in the
Certified PROFINET Engineers Course
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...Maksim Shudrak
Fuzzing remains to be the most effective technique for bugs hunting in memory-unsafe programs. Last year, hundreds of security papers and talks on fuzzing have been published and dozens of them were focused on adapting or improving American Fuzzy Lop in some way. Attracting with its simplicity and efficiency, AFL is the number one choice for the vast majority of security researchers. This high popularity means that hunting for bugs with AFL or a similar tool is becoming less and less fruitful since many projects are already covered by other researchers. It is especially hard when we talk about a project participating in Google OSS-Fuzz program which utilizes AFL to generate a half-trillion test cases per day.
In practice, this means that we can not blindly rely on AFL anymore and should search for better fuzzing techniques. In order to overcome this challenge, we need to understand how AFL and similar fuzzers work and be able to use their weaknesses to find new 0days. This talk is aimed to discuss these weaknesses on real examples, explain how we can do fuzzing better and release a new open-source fuzzer called Manul.
Manul is a high-scalable coverage-guided parallel fuzzer with the ability to search for bugs in open source and black box binaries on Windows and Linux. Manul was able to find 10 0-days in 4 widely-used projects that have been extensively tested by AFL. These vulnerabilities were not found by chance, but by analyzing and addressing issues exist in AFL. Authors will show several of the most critical vulnerabilities and explain why AFL overlooked them.
This talk will be interested for experienced hackers, who are willing to improve their bug hunting capabilities, as well as for new researchers, who are making their first steps on the thorny trail of bug hunting.
For more discussion reach me @Larryz This articles shows the need for security in layers, as each layer can be compromised.
Abstract. This paper is a short summary of the first real world detection of a backdoor in a military grade FPGA. Using an innovative patented technique we were able to detect and analyse in the first documented case of its kind, a backdoor inserted into the Actel/Microsemi ProASIC3 chips. The backdoor was found to exist on the silicon itself, it was not present in any firmware loaded onto the chip. Using Pipeline Emission Analysis (PEA), a technique pioneered by our sponsor, we were able to extract the secret key to activate the backdoor. This way an attacker can disable all the security on the chip, reprogram crypto and access keys, modify low-level silicon features, access unencrypted configuration bitstream or permanently damage the device. Clearly this means the device is wide open to intellectual property theft, fraud, re-programming as well as reverse engineering of the design which allows the introduction of a new backdoor or Trojan. Most concerning, it is not possible to patch the backdoor in chips already deployed, meaning those using this family of chips have to accept the fact it can be easily compromised or it will have to be physically replaced after a redesign of the silicon itself.
Learn how to build your own testing and debugging environment for analysing IoT firmware images. Bug hunting in IoT firmware requires access to debugging, instrumentation and reverse engineering tools.
In this workshop, we shall learn how to extract firmware from a few ARM IoT devices, deploy the extracted filesystems on an ARM QEMU environment, and emulate the firmware as close to the original hardware environment as possible. We shall also learn how to intercept and emulate NVRAM access to faithfully reproduce the exact configuration available on the actual device. Participants are required to bring a laptop capable of running VMware Workstation/Fusion/Player. We shall distribute a virtual machine with ARM QEMU along with firmware images extracted on the spot from a few SoHo routers and IP Cameras.
The methodology discussed in this workshop is put together from the author’s own beats. While we use ARM as the base platform, the same methodology can also work for MIPS or other embedded architectures.
Clear Containers is an Open Containers Initiative (OCI) “runtime” that launches an Intel VT-x secured hypervisor rather than a standard Linux container. An introduction of Clear Containers will be provided, followed by an overview of CNM networking plugins which have been created to enhance network connectivity using Clear Containers. More specifically, we will show demonstrations of using VPP with DPDK and SRIO-v based networks to connect Clear Containers. Pending time we will provide and walk through a hands on example of using VPP with Clear Containers.
About the speaker: Manohar Castelino is a Principal Engineer for Intel’s Open Source Technology Center. Manohar has worked on networking, network management, network processors and virtualization for over 15 years. Manohar is currently an architect and developer with the ciao (clearlinux.org/ciao) and the clear containers (https://github.com/01org/cc-oci-runtime) projects focused on networking. Manohar has spoken at many Container Meetups and internal conferences.
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopSaumil Shah
Learn how to build your own testing and debugging environment for analysing IoT firmware images. Bug hunting in IoT firmware requires access to debugging, instrumentation and reverse engineering tools.
In this workshop, we shall learn how to extract firmware from a few ARM IoT devices, deploy the extracted filesystems on an ARM QEMU environment, and emulate the firmware as close to the original hardware environment as possible. We shall also learn how to intercept and emulate NVRAM access to faithfully reproduce the exact configuration available on the actual device. Participants are required to bring a laptop capable of running VMware Workstation/Fusion/Player. We shall distribute a virtual machine with ARM QEMU along with firmware images extracted on the spot from a few SoHo routers and IP Cameras.
The methodology discussed in this workshop is put together from the author’s own beats. While we use ARM as the base platform, the same methodology can also work for MIPS or other embedded architectures.
POLYTEDA LLC, a provider of semiconductor design software and PV-services announced the general availability of PowerDRC/LVS version 2.2.
This release is dedicated to delivering fill layer generation for multi-CPU mode, new KLayout integration functionality and other significant improvements for multi-CPU mode
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015CODE BLUE
We are in the IoT era. In this session, the function of GNURadio will be introduced with demonstration. GNURadio is a SDR (Software Defined Radio) tool to analyze wireless security such as Bluetooth LE. As an example of a SDR usage, I will demonstrate the replay attack for RF signal of ADS-B (Automatic Dependent Surveillance Broadcast) mounted on an aircraft and sniffer for wireless keyboards. Ideas of the counter measurement will also be discussed.
IoT exploitation: from memory corruption to code execution by Marco RomanoCodemotion
#Codemotion Rome 2018 - Attraverso un "IoT pentester's diary", analizzeremo i passaggi chiave di un penetration test su una IP webcam, che ci porterà dall'analisi delle superfici di attacco, all'individuazione di una vulnerabilità reale. Un'introduzione all'exploitation, per spostarci dall'overflow di un buffer all'esecuzione remota di codice.
IoT exploitation: from memory corruption to code execution - Marco Romano - C...Codemotion
Attraverso un "IoT pentester's diary", analizzeremo i passaggi chiave di un penetration test su una IP webcam, che ci porterà dall'analisi delle superfici di attacco, all'individuazione di una vulnerabilità reale. Un'introduzione all'exploitation, per spostarci dall'overflow di un buffer all'esecuzione remota di codice.
PowerDRC/LVS is designed to process integrated circuit (IC) designs of various size at technology nodes up to 28nm, with run times which are fast and completely predictable. In May 2017 POLYTEDA announced the general availability of PowerDRC/LVS 2.3.
www.polyteda.com
POLYTEDA LLC a provider of semiconductor design software and PV-services, announced the general availability of PowerDRC/LVS version 2.0.1. This release is dedicated to delivering further significant improvements for multi-CPU mode and some new LVS functionality. From now XOR operation supports multi-CPU mode to dramatically increase performance
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey GordeychikCODE BLUE
The boom of AI brought to the market a set of impressive solutions both on the hardware and software side. On the other hand, massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns.
In this talk we will present results of hands-on vulnerability research of different components of AI infrastructure including NVIDIA DGX GPU servers, ML frameworks such as Pytorch, Keras and Tensorflow, data processing pipelines and specific applications, including Medical Imaging and face recognition powered CCTV. Updated Internet Census toolkit based on the Grinder framework will be introduced.
Similar to Deep submicron-backdoors-ortega-syscan-2014-slides (20)
Slide 1: Title Slide
Extrachromosomal Inheritance
Slide 2: Introduction to Extrachromosomal Inheritance
Definition: Extrachromosomal inheritance refers to the transmission of genetic material that is not found within the nucleus.
Key Components: Involves genes located in mitochondria, chloroplasts, and plasmids.
Slide 3: Mitochondrial Inheritance
Mitochondria: Organelles responsible for energy production.
Mitochondrial DNA (mtDNA): Circular DNA molecule found in mitochondria.
Inheritance Pattern: Maternally inherited, meaning it is passed from mothers to all their offspring.
Diseases: Examples include Leber’s hereditary optic neuropathy (LHON) and mitochondrial myopathy.
Slide 4: Chloroplast Inheritance
Chloroplasts: Organelles responsible for photosynthesis in plants.
Chloroplast DNA (cpDNA): Circular DNA molecule found in chloroplasts.
Inheritance Pattern: Often maternally inherited in most plants, but can vary in some species.
Examples: Variegation in plants, where leaf color patterns are determined by chloroplast DNA.
Slide 5: Plasmid Inheritance
Plasmids: Small, circular DNA molecules found in bacteria and some eukaryotes.
Features: Can carry antibiotic resistance genes and can be transferred between cells through processes like conjugation.
Significance: Important in biotechnology for gene cloning and genetic engineering.
Slide 6: Mechanisms of Extrachromosomal Inheritance
Non-Mendelian Patterns: Do not follow Mendel’s laws of inheritance.
Cytoplasmic Segregation: During cell division, organelles like mitochondria and chloroplasts are randomly distributed to daughter cells.
Heteroplasmy: Presence of more than one type of organellar genome within a cell, leading to variation in expression.
Slide 7: Examples of Extrachromosomal Inheritance
Four O’clock Plant (Mirabilis jalapa): Shows variegated leaves due to different cpDNA in leaf cells.
Petite Mutants in Yeast: Result from mutations in mitochondrial DNA affecting respiration.
Slide 8: Importance of Extrachromosomal Inheritance
Evolution: Provides insight into the evolution of eukaryotic cells.
Medicine: Understanding mitochondrial inheritance helps in diagnosing and treating mitochondrial diseases.
Agriculture: Chloroplast inheritance can be used in plant breeding and genetic modification.
Slide 9: Recent Research and Advances
Gene Editing: Techniques like CRISPR-Cas9 are being used to edit mitochondrial and chloroplast DNA.
Therapies: Development of mitochondrial replacement therapy (MRT) for preventing mitochondrial diseases.
Slide 10: Conclusion
Summary: Extrachromosomal inheritance involves the transmission of genetic material outside the nucleus and plays a crucial role in genetics, medicine, and biotechnology.
Future Directions: Continued research and technological advancements hold promise for new treatments and applications.
Slide 11: Questions and Discussion
Invite Audience: Open the floor for any questions or further discussion on the topic.
Seminar of U.V. Spectroscopy by SAMIR PANDASAMIR PANDA
Spectroscopy is a branch of science dealing the study of interaction of electromagnetic radiation with matter.
Ultraviolet-visible spectroscopy refers to absorption spectroscopy or reflect spectroscopy in the UV-VIS spectral region.
Ultraviolet-visible spectroscopy is an analytical method that can measure the amount of light received by the analyte.
Comparing Evolved Extractive Text Summary Scores of Bidirectional Encoder Rep...University of Maribor
Slides from:
11th International Conference on Electrical, Electronics and Computer Engineering (IcETRAN), Niš, 3-6 June 2024
Track: Artificial Intelligence
https://www.etran.rs/2024/en/home-english/
Multi-source connectivity as the driver of solar wind variability in the heli...Sérgio Sacani
The ambient solar wind that flls the heliosphere originates from multiple
sources in the solar corona and is highly structured. It is often described
as high-speed, relatively homogeneous, plasma streams from coronal
holes and slow-speed, highly variable, streams whose source regions are
under debate. A key goal of ESA/NASA’s Solar Orbiter mission is to identify
solar wind sources and understand what drives the complexity seen in the
heliosphere. By combining magnetic feld modelling and spectroscopic
techniques with high-resolution observations and measurements, we show
that the solar wind variability detected in situ by Solar Orbiter in March
2022 is driven by spatio-temporal changes in the magnetic connectivity to
multiple sources in the solar atmosphere. The magnetic feld footpoints
connected to the spacecraft moved from the boundaries of a coronal hole
to one active region (12961) and then across to another region (12957). This
is refected in the in situ measurements, which show the transition from fast
to highly Alfvénic then to slow solar wind that is disrupted by the arrival of
a coronal mass ejection. Our results describe solar wind variability at 0.5 au
but are applicable to near-Earth observatories.
Introduction:
RNA interference (RNAi) or Post-Transcriptional Gene Silencing (PTGS) is an important biological process for modulating eukaryotic gene expression.
It is highly conserved process of posttranscriptional gene silencing by which double stranded RNA (dsRNA) causes sequence-specific degradation of mRNA sequences.
dsRNA-induced gene silencing (RNAi) is reported in a wide range of eukaryotes ranging from worms, insects, mammals and plants.
This process mediates resistance to both endogenous parasitic and exogenous pathogenic nucleic acids, and regulates the expression of protein-coding genes.
What are small ncRNAs?
micro RNA (miRNA)
short interfering RNA (siRNA)
Properties of small non-coding RNA:
Involved in silencing mRNA transcripts.
Called “small” because they are usually only about 21-24 nucleotides long.
Synthesized by first cutting up longer precursor sequences (like the 61nt one that Lee discovered).
Silence an mRNA by base pairing with some sequence on the mRNA.
Discovery of siRNA?
The first small RNA:
In 1993 Rosalind Lee (Victor Ambros lab) was studying a non- coding gene in C. elegans, lin-4, that was involved in silencing of another gene, lin-14, at the appropriate time in the
development of the worm C. elegans.
Two small transcripts of lin-4 (22nt and 61nt) were found to be complementary to a sequence in the 3' UTR of lin-14.
Because lin-4 encoded no protein, she deduced that it must be these transcripts that are causing the silencing by RNA-RNA interactions.
Types of RNAi ( non coding RNA)
MiRNA
Length (23-25 nt)
Trans acting
Binds with target MRNA in mismatch
Translation inhibition
Si RNA
Length 21 nt.
Cis acting
Bind with target Mrna in perfect complementary sequence
Piwi-RNA
Length ; 25 to 36 nt.
Expressed in Germ Cells
Regulates trnasposomes activity
MECHANISM OF RNAI:
First the double-stranded RNA teams up with a protein complex named Dicer, which cuts the long RNA into short pieces.
Then another protein complex called RISC (RNA-induced silencing complex) discards one of the two RNA strands.
The RISC-docked, single-stranded RNA then pairs with the homologous mRNA and destroys it.
THE RISC COMPLEX:
RISC is large(>500kD) RNA multi- protein Binding complex which triggers MRNA degradation in response to MRNA
Unwinding of double stranded Si RNA by ATP independent Helicase
Active component of RISC is Ago proteins( ENDONUCLEASE) which cleave target MRNA.
DICER: endonuclease (RNase Family III)
Argonaute: Central Component of the RNA-Induced Silencing Complex (RISC)
One strand of the dsRNA produced by Dicer is retained in the RISC complex in association with Argonaute
ARGONAUTE PROTEIN :
1.PAZ(PIWI/Argonaute/ Zwille)- Recognition of target MRNA
2.PIWI (p-element induced wimpy Testis)- breaks Phosphodiester bond of mRNA.)RNAse H activity.
MiRNA:
The Double-stranded RNAs are naturally produced in eukaryotic cells during development, and they have a key role in regulating gene expression .
Professional air quality monitoring systems provide immediate, on-site data for analysis, compliance, and decision-making.
Monitor common gases, weather parameters, particulates.
A brief information about the SCOP protein database used in bioinformatics.
The Structural Classification of Proteins (SCOP) database is a comprehensive and authoritative resource for the structural and evolutionary relationships of proteins. It provides a detailed and curated classification of protein structures, grouping them into families, superfamilies, and folds based on their structural and sequence similarities.
This pdf is about the Schizophrenia.
For more details visit on YouTube; @SELF-EXPLANATORY;
https://www.youtube.com/channel/UCAiarMZDNhe1A3Rnpr_WkzA/videos
Thanks...!
4. ltration
Agenda
Introduction
History
Non-gov examples
Agenda
Deep-Submicron VLSI: Technology smaller than 350nm
Hardware Backdoors History
Non-Gov examples
Unintentional backdoors
Why create a CPU backdoor
Malproxy BUS backdoor (Demo)
RFI Ex
12. ltration
Agenda
Introduction
History
Non-gov examples
History
The Great Seal Bug
Also called The Thing"
one of the
13. rst covert
listening devices (Found in
1945)
Designed by Leon Theremin
Sound-modulated resonant
cavity: No external power.
Groundworks Technologies Deep-Submicron Backdoor
15. ltration
Agenda
Introduction
History
Non-gov examples
Clipper chip
Clipper chip
Developed and promoted by
the U.S. NSA
Announced in 1993
Skipjack algorithm - Key
escrow mechanism
Cryptographer Matt Blaze
published a serious
vulnerability.
Entirely defunct by 1996
Groundworks Technologies Deep-Submicron Backdoor
17. ltration
Agenda
Introduction
History
Non-gov examples
NSA Ant division Catalog
NSA ANT Insert catalog
Catalog of hardware
backdoors
Developed from 2005 to 2010
Leaked by Edward Snowden
Groundworks Technologies Deep-Submicron Backdoor
24. ltration
Agenda
Introduction
History
Non-gov examples
Rationale
No real backdoor on silicon to analyze,
all theoretical examples.
Let's make a real one. Our approach:
Real silicon ASIC design
Generic and simple payload
trivial to locate. No eort on stealth.
Ready for massive deployment
Two basic attacks:
1 Bus-intrusion (MALPROXY)
2 data-ex
25. ltration (RiFt)
R i Ft
MAL PROXY
Groundworks Technologies Deep-Submicron Backdoor
29. ltration
Introduction
High-level design
Logic
ASIC
Usage
MALPROXY
High-level Design
Constantly monitoring the AMBA bus.
If command correctly parsed, take
control of the bus and modify memory.
Only two commands needed for
execution control:
Peek mem32
Poke mem32
If software/arch is known, only Poke
command is enough.
Search activation
cookie
Read command
Read address
Read data
Execute command
Groundworks Technologies Deep-Submicron Backdoor
48. ltration
We are not limited by standard
communication (TCP/IP, etc)
Many side-channels are available.
We chose forced RFI using PCB traces
Even LED traces can be used
Target: Altera DE1 FPGA dev-board
Reception with RTL-SDR, up to 5
meters with standard receiver antenna
DE1 PCB
Groundworks Technologies Deep-Submicron Backdoor
50. ltration
Introduction
Simulation
Measurements
End
RiFt: Harmonics
How it works?
CPUs and FPGAs usually can't emit
RF directly.
They can switch a pin on/o very fast
(100 Mhz)
This produces a square wave with
in
51. nite sinusoidal harmonics
We can use any of those harmonic
frequencies
For now, just simple modulation (AM,
on/o)
Groundworks Technologies Deep-Submicron Backdoor
70. ltration
Introduction
Simulation
Measurements
End
The end
Thanks! Any question?
Deep-Submicron Backdoor project was created by researchers Fernando Russ and Alfredo Ortega (Twitter: @ortegaalfredo ) from Groundworks
Technologies
Buenos Aires, Argentina
Groundworks Technologies Deep-Submicron Backdoor