SECRYPT 2022 Abstracts

Full Papers

Paper Nr:	6
Title:	SEVIL: Secure and Efficient VerifIcation over Massive Proofs of KnowLedge
Authors:	Souha Masmoudi, Maryline Laurent and Nesrine Kaaniche
Abstract:	This paper presents SEVIL, a group signature construction that offers an efficient, aggregated and batch verification over multiple signatures. The proposed group signature scheme is built upon Groth-Sahai Non-Interactive Witness-Indistinguishable proofs, in an effort to reduce the computation complexity, closely associated with the number the number of signatures. SEVIL fulfills the main security and privacy properties, proven through a detailed analysis. The implementation of SEVIL algorithms demonstrates the high efficiency of the aggregated and batch verification with up to 50% of gain in comparison with naive verification of NIWI proofs.
Download

Paper Nr:	7
Title:	Blind Side Channel on the Elephant LFSR
Authors:	Awaleh Houssein Meraneh, Christophe Clavier, Hélène Le Bouder, Julien Maillard and Gaël Thomas
Abstract:	Elephant is a finalist to the NIST lightweight cryptography competition. In this paper, the first theoretical blind side channel attack against the authenticated encryption algorithm Elephant is presented. More precisely, we are targetting the LFSR-based counter used internally. LFSRs are classic functions used in symmetric cryptography. In the case of Elephant, retrieving the initial state of the LFSR is equivalent to retrieving the encryption key. The paper ends by the study of different ways to tweak the design of Elephant to mitigate our attack.
Download

Paper Nr:	8
Title:	Towards an Automated Business Process Model Risk Assessment: A Process Mining Approach
Authors:	Panagiotis Dedousis, Melina Raptaki, George Stergiopoulos and Dimitris Gritzalis
Abstract:	Cybersecurity Risk Assessment reports (RAs) on an organization’s information systems are fundamental to supporting its entire information security management. Proper assessments do not restrict their analysis only to tangible assets of an information system (e.g., servers, personal computers, databases) but also delve into the company’s day-to-day business flows that utilize its information system. Business processes, whether internal (i.e., payments) or external (i.e., paid services to customers or products), must also be analyzed in terms of impact and threat exposure, an approach often coined “process-based risk assessment.” Most modern ISO27000 methods and relevant tools include business flow models in their analysis, either as assets or as processes themselves. Process mining defines methods and techniques able to construct graphs that demonstrate the various business flows that are taking place in an information system. However, while process mining methods are of significant interest in general risk analysis, supply chain, and business restructuring, they seem to be neglected in cybersecurity risk assessments. In this paper, we propose an automated method for leveraging process mining to conduct faster and more thorough cybersecurity risk assessments. Our enhanced process mining creates graphs that incorporate weights from typical risk assessment methodologies and provide helpful information on risk and potential attack vectors on business-driven events by correlating and analyzing the steps of the business processes depicted in the graph to the assets used to complete each step. We evaluate our approach and proof-of-concept tool by modeling a real-world company’s business flows and incorporating them into a risk assessment model to detect and analyze potential attack sources and their respective impact on everyday business work.
Download

Paper Nr:	15
Title:	Metering Homes: Do Energy Efficiency and Privacy Need to Be in Conflict?
Authors:	Libor Polčák and Petr Matoušek
Abstract:	The European directive on energy efficiency requires that all meters in multi-apartment buildings installed after 25 October 2020 shall be remotely readable devices where technically feasible and cost effective in terms of being proportionate in relation to the potential energy savings. We observed that some manufacturers produce meters that monitor energy consumption in very short intervals, for example, a minute, even though the directive expects to provide billing information to consumers only once a month starting from 2022. This paper reviews privacy and security risks stemming from the high-frequency readouts and provides recommendations for manufacturers and suppliers. The paper focuses on Wireless M-Bus metering devices sold and advertised as a solution to fulfil the directive on energy efficiency requirements. We responsibly disclosed four issues in the metering devices to Common Vulnerability Exposure database; real-world deployments are vulnerable. Many recommendations and observations are also applicable to other protocols or deployments.
Download

Paper Nr:	16
Title:	Stacked Ensemble Model for Enhancing the DL based SCA
Authors:	Anh T. Hoang, Neil Hanley, Ayesha Khalid, Dur-e-Shahwar Kundi and Maire O’Neill
Abstract:	Deep learning (DL) has proven to be very effective for image recognition tasks, with a large body of research on various models for object classification. The application of DL to side-channel analysis (SCA) has already shown promising results, with experimentation on open-source variable key datasets showing that secret keys for block ciphers like Advanced Encryption Standard (AES)-128 can be revealed with 40 traces even in the presence of countermeasures. This paper aims to further improve the application of DL in SCA, by enhancing the power of DL when targeting the secret key of cryptographic algorithms when protected with SCA countermeasures. We propose a stacked ensemble model, which trains the output probabilities and Maximum likelihood score of multiple traces and/or sub-models to improve the performance of Convolutional Neural Network (CNN)-based models. Our model generates state-of-the art results when attacking the ASCAD variable-key database, which has a restricted number of training traces per key, recovering the key within 20 attack traces in comparison to 40 traces as required by the state-of-the-art CNN-based model with Plaintext feature extension (CNNP)-based model. During the profiling stage an attacker needs no additional knowledge of the implementation, such as the masking scheme or random mask values, only the ability to record the power consumption or electromagnetic field traces, plaintext/ciphertext and the key is needed. However, a two step training procedure is required. Additionally, no heuristic pre-processing is required in order to break the multiple masking countermeasures of the target implementation.
Download

Paper Nr:	22
Title:	Comparison-based MPC in Star Topology
Authors:	Gowri R. Chandran, Carmit Hazay, Robin Hundt and Thomas Schneider
Abstract:	With the large amount of data generated nowadays, analysis of this data has become eminent. Since a vast amount of this data is private, it is also important that the analysis is done in a secure manner. Comparison-based functions are commonly used in data analysis. These functions use the comparison operation as the basis. Secure computation of such functions have been discussed for median by Aggarwal et al. (EUROCRYPT’04) and for convex hull by Shelat and Venkitasubramaniam (ASIACRYPT’15). In this paper, we present a generic protocol for the secure computation of comparison-based functions. In order to scale to a large number of participants, we propose this protocol in a star topology with an aim to reduce the communication complexity. We also present a protocol for one specific comparison-based function, the kth ranked element. The construction of one of our protocols leaks some intermediate values but does not reveal information about an individual party’s inputs. We demonstrate that our protocol offers better performance than the protocol for kth ranked element by Tueno et. al. (FC’20) by providing an implementation.
Download

Paper Nr:	25
Title:	CRGC: A Practical Framework for Constructing Reusable Garbled Circuits
Authors:	Christopher Harth-Kitzerow, Georg Carle, Fan Fei, Andre Luckow and Johannes Klepsch
Abstract:	In this work, we introduce two schemes to construct reusable garbled circuits (RGCs) in the semi-honest setting. Our completely reusable garbled circuit (CRGC) scheme allows the generator (party A) to construct and send an obfuscated boolean circuit along with an encoded input to the evaluator (party B). In contrast to Yao’s Garbled Circuit protocol, B can securely evaluate the same CRGC with an arbitrary number of inputs. As a tradeoff, CRGCs predictably leak some input bits of A to B. We also propose a partially reusable garbled circuit (PRGC) scheme that divides a circuit into reusable and non-reusable sections. PRGCs do not leak input bits of A. We benchmark our CRGC implementation against the state-of-the-art garbled circuit libraries EMP SH2PC and TinyGarble2. Using our framework, evaluating a CRGC is up to twenty times faster, albeit with weaker privacy guarantees, than evaluating an equivalent garbled circuit constructed by the two existing libraries. Our open-source library can convert any C++ function to a CRGC at approx. 80 million gates per second and repeatedly evaluate a CRGC at approx. 350 million gates per second. Additionally, a compressed CRGC is approx. 75% smaller in file size than the unobfuscated boolean circuit.
Download

Paper Nr:	29
Title:	An Adaptive Web Application Firewall
Authors:	Miguel Calvo and Marta Beltrán
Abstract:	Web Application Firewalls (WAFs) are security products responsible for protecting web applications with minimal cost and effort; by filtering, monitoring, and blocking HTTP traffic. Traditional WAFs work with a rule-based approach, applying predetermined rules when the signatures of known attack patterns or traffic anomalies are identified. This kind of design has suffered significant limitations in specific contexts since it is impossible to configure the WAF the first time and rely on that configuration over time. This paper proposes an adaptive WAF capable of context-aware risk-based adaptation, changing its configuration to every specific scenario, depending on the current value of risk indicators and on the level of risk tolerated at any given time. The proposed solution is implemented, validated and evaluated in a real use case.
Download

Paper Nr:	33
Title:	FAPRIL: Towards Faster Privacy-preserving Fingerprint-based Localization
Authors:	Christopher van der Beets, Raine Nieminen and Thomas Schneider
Abstract:	Fingerprinting is a commonly used technique to provide accurate localization for indoor areas, where global navigation satellite systems, such as GPS and Galileo, cannot function or are not precise enough. Although fingerprint-based indoor localization has gained wide popularity, existing solutions that preserve privacy either rely on non-colluding servers or have high communication which hinder deployment. In this work we present FAPRIL, a privacy-preserving indoor localization scheme, which takes advantage of the latest secure two-party computation protocol improvements. We can split our scheme into two parts: an input independent setup phase and an online phase. We concentrate on optimizing the online phase for mobile clients who run on a mobile data plan and observe that recurring operands allow to optimize the total communication overhead even further. Our observation can be generalized, e.g., to improve multiplication of Arithmetic secret shared matrices. We implement FAPRIL on mobile devices and our benchmarks over a simulated LTE network show that the online phase of a private localization takes under 0.15 seconds with less than 0.20 megabytes of communication even for large buildings. The setup phase, which can be pre-computed, depends heavily on the setting but stays in the range 0.28− 4.14 seconds and 0.69− 16.00 megabytes per localization query. The round complexity of FAPRIL is constant for both phases.
Download

Paper Nr:	35
Title:	A Longitudinal Study of Cryptographic API: A Decade of Android Malware
Authors:	Adam Janovsky, Davide Maiorca, Dominik Macko, Vashek Matyas and Giorgio Giacinto
Abstract:	Cryptography has been extensively used in Android applications to guarantee secure communications, conceal critical data from reverse engineering, or ensure mobile users’ privacy. Various system-based and third-party libraries for Android provide cryptographic functionalities, and previous works mainly explored the misuse of cryptographic API in benign applications. However, the role of cryptographic API has not yet been explored in Android malware. This paper performs a comprehensive, longitudinal analysis of cryptographic API in Android malware. In particular, we analyzed 603937 Android applications (half of them malicious, half benign) released between 2012 and 2020, gathering more than 1 million cryptographic API expressions. Our results reveal intriguing trends and insights on how and why cryptography is employed in Android malware. For instance, we point out the widespread use of weak hash functions and the late transition from insecure DES to AES. Additionally, we show that cryptography-related characteristics can help to improve the performance of learning-based systems in detecting malicious applications.
Download

Paper Nr:	39
Title:	Large-scale Randomness Study of Security Margins for 100+ Cryptographic Functions
Authors:	Dušan Klinec, Marek Sýs, Karel Kubíček, Petr Švenda and Vashek Matyáš
Abstract:	The output of cryptographic functions, be it encryption routines or hash functions, should be statistically indistinguishable from a truly random data for an external observer. The property can be partially tested automatically using batteries of statistical tests. However, it is not easy in practice: multiple incompatible test suites exist, with possibly overlapping and correlated tests, making the statistically robust interpretation of results difficult. Additionally, a significant amount of data processing is required to test every separate cryptographic function. Due to these obstacles, no large-scale systematic analysis of the the round-reduced cryptographic functions w.r.t their input mixing capability, which would provide an insight into the behaviour of the whole classes of functions rather than few selected ones, was yet published. We created a framework to consistently run 414 statistical tests and their variants from the commonly used statistical testing batteries (NIST STS, Dieharder, TestU01, and BoolTest). Using the distributed computational cluster providing required significant processing power, we analyzed the output of 109 round-reduced cryptographic functions (hash, lightweight, and block-based encryption functions) in the multiple configurations, scrutinizing the mixing property of each one. As a result, we established the fraction of a function’s rounds with still detectable bias (a.k.a. security margin) when analyzed by randomness statistical tests.
Download

Paper Nr:	50
Title:	PAMMELA: Policy Administration Methodology using Machine Learning
Authors:	Varun Gumma, Barsha Mitra, Soumyadeep Dey, Pratik S. Patel, Sourabh Suman, Saptarshi Das and Jaideep Vaidya
Abstract:	In recent years, Attribute-Based Access Control (ABAC) has become quite popular and effective for enforcing access control in dynamic and collaborative environments. Implementation of ABAC requires the creation of a set of attribute-based rules which cumulatively form a policy. Designing an ABAC policy ab initio demands a substantial amount of effort from the system administrator. Moreover, organizational changes may necessitate the inclusion of new rules in an already deployed policy. In such a case, re-mining the entire ABAC policy requires a considerable amount of time and administrative effort. Instead, it is better to incrementally augment the policy. In this paper, we propose PAMMELA, a Policy Administration Methodology using Machine Learning to assist system administrators in creating new ABAC policies as well as augmenting existing policies. PAMMELA can generate a new policy for an organization by learning the rules of a policy currently enforced in a similar organization. For policy augmentation, new rules are inferred based on the knowledge gathered from the existing rules. A detailed experimental evaluation shows that the proposed approach is both efficient and effective.
Download

Paper Nr:	51
Title:	Partially Oblivious Neural Network Inference
Authors:	Panagiotis Rizomiliotis, Christos Diou, Aikaterini Triakosia, Ilias Kyrannas and Konstantinos Tserpes
Abstract:	Oblivious inference is the task of outsourcing a ML model, like neural-networks, without disclosing critical and sensitive information, like the model’s parameters. One of the most prominent solutions for secure oblivious inference is based on a powerful cryptographic tools, like Homomorphic Encryption (HE) and/or multi-party computation (MPC). Even though the implementation of oblivious inference systems schemes has impressively improved the last decade, there are still significant limitations on the ML models that they can practically implement. Especially when both the ML model and the input data’s confidentiality must be protected. In this paper, we introduce the notion of partially oblivious inference. We empirically show that for neural network models, like CNNs, some information leakage can be acceptable. We therefore propose a novel trade-off between security and efficiency. In our research, we investigate the impact on security and inference runtime performance from the CNN model’s weights partial leakage. We experimentally demonstrate that in a CIFAR-10 network we can leak up to 80% of the model’s weights with practically no security impact, while the necessary HE-mutliplications are performed four times faster.
Download

Paper Nr:	59
Title:	Federated Naive Bayes under Differential Privacy
Authors:	Thomas Marchioro, Lodovico Giaretta, Evangelos Markatos and Šarūnas Girdzijauskas
Abstract:	Growing privacy concerns regarding personal data disclosure are contrasting with the constant need of such information for data-driven applications. To address this issue, the combination of federated learning and differential privacy is now well-established in the domain of machine learning. These techniques allow to train deep neural networks without collecting the data and while preventing information leakage. However, there are many scenarios where simpler and more robust machine learning models are preferable. In this paper, we present a federated and differentially-private version of the Naive Bayes algorithm for classification. Our results show that, without data collection, the same performance of a centralized solution can be achieved on any dataset with only a slight increase in the privacy budget. Furthermore, if certain conditions are met, our federated solution can outperform a centralized approach.
Download

Paper Nr:	60
Title:	Effectiveness of Adversarial Component Recovery in Protected Netlist Circuit Designs
Authors:	Jeffrey T. Mcdonald, Jennifer Parnell, Todd R. Andel and Samuel H. Russ
Abstract:	Hardware security has become a concern as the risk of intellectual property (IP) theft, malicious alteration, and counterfeiting has increased. Malicious reverse engineering is a common tool used to achieve such goals; thus, the need arises to quantify effectiveness and limits of both circuit protection techniques and adversarial analysis tools. Aspects of physical reverse engineering are well studied and these techniques result in netlist extraction that details gate-level information from an integrated circuit (IC) artifact. Specification recovery from the netlist is a harder problem with more open research questions. In this paper, we focus on the more narrow question of how to recover design-level logic components that were used to build an IC. Such analysis assumes the library of known component building blocks can be identified and that an adversary has successfully accomplished netlist extraction. Likewise, techniques exist to harden IC’s against reverse engineering through obfuscating transformations, particularly those that target component hiding. We report results of a case study analysis that compares effectiveness of component hiding algorithms against adversarial recovery approaches. As a contribution, we delineate six new approaches for subcircuit enumeration that extend a known algorithm for enumerating candidate components, seeking to improve number of potential candidates in obfuscated circuits. Our study examines algorithm performance in terms of ability to correctly identify original components and analysis time overhead. The study uses four different obfuscation approaches that target component hiding in a set of four benchmark circuits with well defined building blocks. Results indicate that all four hiding approaches are effective at increasing analysis run-time when algorithmic component identification is used, and two of the four were able to hide 95% of original components from our seven studied algorithms.
Download

Paper Nr:	61
Title:	Membership Inference Attacks on Aggregated Time Series with Linear Programming
Authors:	Antonin Voyez, Tristan Allard, Gildas Avoine, Pierre Cauchois, Elisa Fromont and Matthieu Simonin
Abstract:	Aggregating data is a widely used technique to protect privacy. Membership inference attacks on aggregated data aim to infer whether a specific target belongs to a given aggregate. We propose to study how aggregated time series data can be susceptible to simple membership inference privacy attacks in the presence of adversarial background knowledge. We design a linear programming attack that strongly benefits from the number of data points published in the series and show on multiple public datasets how vulnerable the published data can be if the size of the aggregated data is not carefully balanced with the published time series length. We perform an extensive experimental evaluation of the attack on multiple publicly available datasets. We show the vulnerability of aggregates made of thousands of time series when the aggregate length is not carefully balanced with the published length of the time series.
Download

Paper Nr:	63
Title:	Graph Algorithms over Homomorphic Encryption for Data Cooperatives
Authors:	Mark Dockendorf, Ram Dantu and John Long
Abstract:	“Big data” continues to grow in influence with few competitors able to challenge them. In order to slow the growth of and eventually replace these “data silos”, we must enable competition from alternative sources that respect users’ privacy, such as data cooperatives. In our previous work, we proposed an architecture for a privacy-preserving data cooperative that relies on homomorphic encryption (HE) to ensure data privacy and demonstrated ring-based BFS, degree centrality, and farness centrality over HE graph data. In this paper we expand our suite of HE graph algorithms to include single-source shortest-path, all-pairs shortest-path, minimum spanning tree, harmonic centrality, random walk, and betweenness centrality over HE graph data. These graph analysis algorithms support the core service of a data cooperative: to provide data and insights (or aggregates) to the service of the cooperative’s clients (researchers, companies, governments, etc.) while maintaining the privacy of their users.
Download

Paper Nr:	66
Title:	Mason Vulnerability Scoring Framework: A Customizable Framework for Scoring Common Vulnerabilities and Weaknesses
Authors:	Ibifubara Iganibo, Massimiliano Albanese, Kaan Turkmen, Thomas R. Campbell and Marc Mosko
Abstract:	One of the first lines of defense against cyberattacks is to understand and evaluate the weaknesses and vulnerabilities that a system exposes to malicious users. To address this need, several scoring systems have been developed, providing security analysts and practitioners with a means of quantifying the severity of common weaknesses and vulnerabilities found in software. However, these scoring systems rely on predefined notions of risk, use fixed equations to compute numerical scores, and do not provide users with the flexibility to fine-tune such equations or factor in new variables altogether. Furthermore, official scores and rankings are updated infrequently, making them less valuable in a rapidly evolving cybersecurity landscape. In this paper, we present the Mason Vulnerability Scoring Framework, a comprehensive and customizable framework for scoring vulnerabilities and ranking common weaknesses that gives users significant control over the scoring and ranking process.
Download

Paper Nr:	67
Title:	Threats to Adversarial Training for IDSs and Mitigation
Authors:	Hassan Chaitou, Thomas Robert, Jean Leneutre and Laurent Pautet
Abstract:	Intrusion Detection Systems (IDS) are essential tools to protect network security from malicious traffic. IDS have recently made significant advancements in their detection capabilities through deep learning algorithms compared to conventional approaches. However, these algorithms are susceptible to new types of adversarial evasion attacks. Deep learning-based IDS, in particular, are vulnerable to adversarial attacks based on Generative Adversarial Networks (GAN). First, this paper identifies the main threats to the robustness of IDS against adversarial sample attacks that aim at evading IDS detection by focusing on potential weaknesses in the structure and content of the dataset rather than on its representativeness. In addition, we propose an approach to improve the performance of adversarial training by driving it to focus on the best evasion candidates samples in the dataset. We find that GAN adversarial attack evasion capabilities are significantly reduced when our method is used to strengthen the IDS.
Download

Paper Nr:	72
Title:	CatNap: Leveraging Generic MPC for Actively Secure Privacy-enhancing Proximity Testing with a Napping Party
Authors:	Ivan Oleynikov, Elena Pagnin and Andrei Sabelfeld
Abstract:	Proximity testing is at the core of several Location-Based Services (LBS). Despite a series of reported and confirmed abuses, modern LBSs still demand their clients to disclose their locations in plain in order to preform location proximity testing. This works aims at enhancing proximity testing with privacy. We design CatNap a novel protocol that (1) implements precise Euclidean distance matching; (2) allows matching even if the clients are not online at the same time (the “napping party” feature); (3) is secure against active adversaries (malicious actors that corrupt up to one party); (4) makes black-box use of generic Multi-Party Computation techniques (any future improvement of the underlying building blocks will also boost CatNap); and (5) is efficient: servers run with about 0.03 seconds of CPU time and 5.6MB of communication, while clients perform only a small number of Boolean operations and need just 51 bytes of communication.
Download

Paper Nr:	99
Title:	Real-time Crowd Counting based on Wearable Ephemeral IDs
Authors:	Daniel Morales, Isaac Agudo and Javier Lopez
Abstract:	Crowd Counting is a very interesting problem aiming at counting people typically based on density averages and/or aerial images. This is very useful to prevent crowd crushes, especially on urban environments with high crowd density, or to count people in public demonstrations. In addition, in the last years, it has become of paramount importance for pandemic management. For those reasons, giving users automatic mechanisms to anticipate high risk situations is essential. In this work, we analyze ID-based Crowd Counting, and propose a real-time Crowd Counting system based on the Ephemeral ID broadcast by contact tracing applications on wearable devices. We also performed some simulations that show the accuracy of our system in different situations.
Download

Paper Nr:	114
Title:	HTTPFuzz: Web Server Fingerprinting with HTTP Request Fuzzing
Authors:	Animesh Kar, Andrei Natadze, Enrico Branca and Natalia Stakhanova
Abstract:	Web server-based fingerprinting is a type of fingerprinting that allows security practitioners, penetration testers, and attackers to distinguish between servers based on the set of information these servers disclose. A common approach to hide this information is to apply fingerprinting mitigating techniques. In this work, we present a new approach for fingerprinting web server software irrespective of the applied fingerprinting mitigation techniques. The premise of our approach is based on the simple insight, i.e., web servers handle different types of HTTP requests differently. We use the fuzzing approach for intelligent and adaptive selection of HTTP requests that are able to provoke servers to disclose their service-level information.
Download

Short Papers

Paper Nr:	12
Title:	A Region-based Training Data Segmentation Strategy to Credit Scoring
Authors:	Roberto Saia, Salvatore Carta, Gianni Fenu and Livio Pompianu
Abstract:	The rating of users requesting financial services is a growing task, especially in this historical period of the COVID-19 pandemic characterized by a dramatic increase in online activities, mainly related to e-commerce. This kind of assessment is a task manually performed in the past that today needs to be carried out by automatic credit scoring systems, due to the enormous number of requests to process. It follows that such systems play a crucial role for financial operators, as their effectiveness is directly related to gains and losses of money. Despite the huge investments in terms of financial and human resources devoted to the development of such systems, the state-of-the-art solutions are transversally affected by some well-known problems that make the development of credit scoring systems a challenging task, mainly related to the unbalance and heterogeneity of the involved data, problems to which it adds the scarcity of public datasets. The Region-based Training Data Segmentation (RTDS) strategy proposed in this work revolves around a divide-and-conquer approach, where the user classification depends on the results of several sub-classifications. In more detail, the training data is divided into regions that bound different users and features, which are used to train several classification models that will lead toward the final classification through a majority voting rule. Such a strategy relies on the consideration that the independent analysis of different users and features can lead to a more accurate classification than that offered by a single evaluation model trained on the entire dataset. The validation process carried out using three public real-world datasets with a different number of features, samples, and degree of data imbalance demonstrates the effectiveness of the proposed strategy, which outperforms the canonical training one in the context of all the datasets.
Download

Paper Nr:	14
Title:	A Spendable Cold Wallet from QR Video
Authors:	Rafael Dowsley, Mylène Q. Farias, Mario Larangeira, Anderson Nascimento and Jot Virdee
Abstract:	Hot/cold wallet refers to a widely used paradigm to enhance the security level of cryptocurrency applications that was proposed on Bitcoin Improvement Proposal 32. In a nutshell, after performing an initial setup in which the hot wallet receives partial information of the cold wallet in order to hierarchically generate (transaction receiving) addresses, the cold wallet stays offline, whereas the hot wallet is kept online. The initial transferred information enables the hot wallet to generate receiving addresses for both wallets, but it can only spend its own funds, i.e., it cannot spend the funds in the cold wallet. This design conveniently mimics money storage in daily life: pocket money is kept in a less safe location, e.g., a regular wallet, while life savings are kept in a more safe environment, e.g., banking account. Note that the funds that land in offline addresses cannot be spent if the cold wallet is kept permanently offline. We propose a protocol and a technical solution to spend funds from a cold wallet without physically connecting it to any network. We designed and implemented a prototype for a system based on Optical Camera Communication (OCC) in a screen to camera setting, which can receive messages from a computer screen at the rate of over 150kB per second. Our system consists of a sequence of QR codes – a QR video. Our solution minimizes the possible attack vectors, including malware, by relying on optical communication yet providing a larger bandwidth than regular QR code based solutions.
Download

Paper Nr:	17
Title:	Collusion-resistant Broadcast Encryption based on Hidden RSA Subgroups
Authors:	Sigurd Eskeland
Abstract:	Public key broadcast encryption enables computations of ciphertexts, in which a single ciphertext is encrypted with regard to a set of recipients, and only the intended recipients can decrypt that ciphertext independently of each other and without interactions. A significant shortcoming of existing broadcast encryption schemes are long decryption keys comprising the public keys of pertaining recipients. Decryption therefore necessitates access to public keys, which requires key management and impacts computational and transmission overhead, accessibility, and storage. Moreover, a user description list referencing the pertaining recipients and their public keys must be appended to each ciphertext, which leads to the privacy implication of disclosing user/content-relations. Curiously, virtually all broadcast encryption schemes are based on bilinear pairings. In this paper, we propose a collusion-resistant broadcast encryption scheme that is the first broadcast encryption scheme based on the factorization problem and hidden RSA subgroups. A novel feature is that the decryption key consists of a single element only, which leads to significantly reduced key management, improved computational efficiency, and elimination of the mentioned privacy issue.
Download

Paper Nr:	18
Title:	Cryptanalysis of a Privacy-preserving Behavior-oriented Authentication Scheme
Authors:	Sigurd Eskeland and Ahmed F. Baig
Abstract:	Continuous authentication has been proposed as a complementary security mechanism to password-based authentication for computer devices that are handled directly by humans, such as smart phones. Continuous authentication has some privacy issues as certain user features and actions are revealed to the authentication server, which is not assumed to be trusted. Wei et al. proposed in 2021 a privacy-preserving protocol for behavioral authentication that utilizes homomorphic encryption. The encryption prevents the server from obtaining sampled user features. In this paper, we show that the Wei et al. scheme is insecure regarding both an honest-but-curious server and an active eavesdropper. We present two attacks: The first attack enables the authentication server to obtain the secret user key, plaintext behavior template and plaintext authentication behavior data from encrypted data. The second attack enables an active eavesdropper to restore the plaintext authentication behavior data from the transmitted encrypted data.
Download

Paper Nr:	26
Title:	SHINE: Resilience via Practical Interoperability of Multi-party Schnorr Signature Schemes
Authors:	Antonin Dufka, Vladimir Sedlacek and Petr Svenda
Abstract:	Secure multi-party cryptographic protocols divide the secret key among multiple devices and never reconstruct it in a single place. Such a mechanism protects against malware, code vulnerabilities, and backdoors when different implementations and devices are used. Still, a protocol-level issue may result in a compromise, and up until now, it has been unknown how to combine different unmodified multi-party protocols. We study the interoperability of different multi-party Schnorr signature schemes and classify them based on their approach to the nonce agreement. We identify issues that could hinder in-class interoperability, and we propose a trustless mediator that facilitates interoperability among different classes in certain cases. Besides mitigating the risks, interoperability provides usability and performance benefits, as protocols better suited for special devices can be used together with more general protocols. We make use of these advantages in our new multi-signature scheme SHINE, which is optimized for resource-limited devices like cryptographic smartcards while being interoperable with popular schemes such as MSDL, MuSig2, or SpeedyMuSig.
Download

Paper Nr:	27
Title:	Application Sandboxing for Linux Desktops: A User-friendly Approach
Authors:	Lukas Brodschelm and Marcus Gelderie
Abstract:	Sandboxes are a proven tool to isolate processes from the overall system. Although desktop computers face significant risks, there is no widely adopted way to use sandboxes on the Linux desktops, since sandboxing on desktop PCs is more challenging. We name the specific challenges for the Linux desktop and derive requirements that we argue are essential for widespread adoption of any sandbox solution. We then introduce a concept to isolate Linux desktop software using UIDs and GIDs as well as namespace-based sandboxes. Furthermore, we provide a PoC implementation including sandbox profiles for example applications. Based on this, we conducted a survey to assess the usability of our sandboxing concept. We report on the results, analyze the security of our concept, and detail how our sandbox meets the aforementioned requirements.
Download

Paper Nr:	36
Title:	A Local Differential Privacy based Hybrid Recommendation Model with BERT and Matrix Factorization
Authors:	Jeyamohan Neera, Xiaomin Chen, Nauman Aslam, Biju Issac and Eve O’Brien
Abstract:	Many works have proposed integrating sentiment analysis with collaborative filtering algorithms to improve the accuracy of recommendation systems. As a result, service providers collect both reviews and ratings, which is increasingly causing privacy concerns among users. Several works have used the Local Differential Privacy (LDP) based input perturbation mechanism to address privacy concerns related to the aggregation of ratings. However, researchers have failed to address whether perturbing just ratings can protect the privacy of users when both reviews and ratings are collected. We answer this question in this paper by applying an LDP based perturbation mechanism in a recommendation system that integrates collaborative filtering with a sentiment analysis model. On the user-side, we use the Bounded Laplace mechanism (BLP) as the input rating perturbation method and Bidirectional Encoder Representations from Transformers (BERT) to tokenize the reviews. At the service provider’s side, we use Matrix Factorization (MF) with Mixture of Gaussian (MoG) as our collaborative filtering algorithm and Convolutional Neural Network (CNN) as the sentiment classification model. We demonstrate that our proposed recommendation system model produces adequate recommendation accuracy under strong privacy protection using Amazon’s review and rating datasets.
Download

Paper Nr:	37
Title:	Behavior Modeling of a Distributed Application for Anomaly Detection
Authors:	Amanda Viescinski, Tiago Heinrich, Newton C. Will and Carlos Maziero
Abstract:	Computational clouds offer services in different formats, aiming to adapt to the needs of each client. This scenario of distributed systems is responsible for the communication, management of services and tools through the exchange of messages. Thus, security in such environments is an important factor. However, the implementation of secure systems to protect information has been a difficult goal to achieve. In addition to the prevention mechanisms, a common approach to achieve security is intrusion detection, which can be carried out by anomaly detection. This technique does not require prior knowledge of attack patterns, since the normal behavior of the monitored environment is used as a basis for detection. This work proposes a behavioral modeling technique for distributed applications using the traces of operations of its nodes, allowing the development of a strategy to identify anomalies. The chosen strategy consists of modeling the normal behavior of the system, which is arranged in sets of n-grams of events. Our goal is to build functional and effective models, which make it possible to detect anomalies in the system, with reduced rates of false positives. The results obtained through the evaluation of the models highlight the feasibility of using n-grams to represent correct activities of a system, with favorable results in the false positive rate and also in terms of accuracy.
Download

Paper Nr:	41
Title:	What your Fitbit Says about You: De-anonymizing Users in Lifelogging Datasets
Authors:	Andrei Kazlouski, Thomas Marchioro and Evangelos Markatos
Abstract:	Recently, there has been a significant surge of lifelogging experiments, where the activity of few participants is monitored for a number of days through fitness trackers. Data from such experiments can be aggregated in datasets and released to the research community. To protect the privacy of the participants, fitness datasets are typically anonymized by removing personal identifiers such as names, e-mail addresses, etc. However, although seemingly correct, such straightforward approaches are not sufficient. In this paper we demonstrate how an adversary can still de-anonymize individuals in lifelogging datasets. We show that users’ privacy can be compromised by two approaches: (i) through the inference of physical parameters such as gender, height, and weight; and/or (ii) via the daily routine of participants. Both methods rely solely on fitness data such as steps, burned calories, and covered distance to obtain insights on the users in the dataset. We train several inference models, and leverage them to de-anonymize users in public lifelogging datasets. Between our two approaches we achieve 93.5% re-identification rate of participants. Furthermore, we reach 100% success rate for people with highly distinct physical attributes (e.g., very tall, overweight, etc.).
Download

Paper Nr:	49
Title:	Key Encapsulation Mechanism in Ciphertext-policy Attribute based Setting Featuring Revocation and Key-homomorphic Property
Authors:	Anushree Belel, Ratna Dutta and Sourav Mukhopadhyay
Abstract:	Cloud computing is a paradigm shift from traditional computing to process, store and share data in an untrusted environment with emerging applications in medical fields, online data storage, social network, big data analysis and online learning platforms. As more and more organizations, business platforms, individuals are choosing cloud, it is very urgent to ensure data security and privacy in the cloud. To safeguard data breaches, it is important to provide fine-grained access control on encrypted data in the cloud. Ciphertext-policy attribute based encryption (CP-ABE) is a promising advanced cryptographic primitive that monitors fine-grained access control of sensitive data in untrusted cloud environment. The revocable CP-ABE (RCP-ABE) is an extension of CP-ABE which facilitates direct user revocation from the system. In this work, we introduce a refined encapsulated version of RCP-ABE, called key-homomorphic revocable ciphertext-policy attribute based key encapsulation mechanism (RCP-ABKEM). Interesting features of this primitive is that it supports extended correctness and key-homomorphism along with normal correctness requirement. Our work is inspired by the work of Sun et al. (PKC 2020) who introduced the notion of key-homomorphic identity based revocable key encapsulation mechanism (IRKEM). We generalize the notion of key-homomorphic IRKEM in attribute based setting and provide an instantiation of key-homomorphic RCP-ABKEM. We support the conjectured security of our candidate by analysis and prove that the scheme achieves selective security against chosen plaintext attack (CPA) under the q-decisional bilinear Diffie-Hellman exponent (q-DBDHE) assumption in the standard model. More interestingly, when contrasted with existing similar scheme, our scheme exhibits better performance over the existing similar schemes in terms of communication overhead and master secret key size and is the first scheme in attribute setting that preserves key homomorphic property. As a refined primitive, key-homomorphic RCP-ABKEM is of independent interest and may be utilized as a building block for generic construction of new cryptographic primitive.
Download

Paper Nr:	54
Title:	Tick Tock Break the Clock: Breaking CAPTCHAs on the Darkweb
Authors:	David H. Audran, Marcus B. Andersen, Mark H. Hansen, Mikkel M. Andersen, Thomas B. Frederiksen, Kasper H. Hansen, Dimitrios Georgoulias and Emmanouil Vasilomanolakis
Abstract:	Nowadays, almost all major websites employ CAPTCHAs. This prevents website scraping, fake account creation as well as DDoS or bruteforce attacks. For anonymity reasons, mainstream CAPTCHAs such as Google’s reCAPTCHA cannot be used on the darkweb. Due to the evolution of machine learning and computer vision, the CAPTCHA challenges used there, such as the clock CAPTCHA, are usually more arduous than those found on the clearweb. This paper presents an automated system that uses machine learning to break clock CAPTCHA challenges with a high success rate. We evaluate our system in a real world setting against 725 clock challenges from live darkweb marketplaces. Our results show an accuracy of 96.83% while maintaining low time requirements while analyzing, predicting and submitting the CAPTCHA solution.
Download

Paper Nr:	56
Title:	A New Leakage Resilient Symmetric Searchable Encryption Scheme for Phrase Search
Authors:	Samiran Bag, Indranil G. Ray and Feng Hao
Abstract:	Symmetric searchable encryption (SSE) schemes are preferred over asymmetric ones for their lower computational cost. Owing to the big data size of most of the cloud applications, SSE with keyword search often yields a large number of search results matching the search criterion, but only a small portion of them is of actual interest. This results in unnecessary increase of network traffic. A customized search against a phrase instead of keywords can yield more specific and relevant search results and can reduce the network traffic. This motivates the idea of phrase search in SSE. Most of the existing symmetric key searchable encryption schemes either do not support phrase search or have unwanted leakage associated with them. In this paper, we propose a symmetric key searchable encryption scheme for phrase search that minimizes the leakage of information from search pattern and access pattern. We propose a probabilistic trapdoor generation algorithm for phrase search and thereby prevent the leakage due to search pattern. In earlier SSE based schemes, an honest-but-curious server could always learn about the position of the sentences and keywords in the encrypted text after the search operation is performed. This is referred to as the leakage from access pattern. This may turn out to be a significant security concern owing to the prior knowledge of positions of certain sentences and keywords in certain documents. In this paper, we provide the access pattern secure encryption scheme such that, an honest-but-curious cloud server could not learn anything about the position of the phrase in the sentence even after the search. We implement a prototype of our scheme and validate it against commercial data and provide security and performance analysis to demonstrate its practicality.
Download

Paper Nr:	58
Title:	Code-based Key Encapsulation Mechanism Preserving Short Ciphertext and Secret Key
Authors:	Jayashree Dey and Ratna Dutta
Abstract:	Post-quantum cryptography has recently drawn considerable attention from both industry and academia due to the impending threat by quantum computers. Developing key encapsulation mechanism (KEM) that resists attacks equipped with quantum computers has become relevant as KEM is used in practice quite heavily. Coding theory is an attractive option to guarantee secure communication in the post-quantum world. Motivated by the goal of improving efficiency, we revisit code-based KEM in this article. We present basicPKE, a public key encryption (PKE) scheme using a parity check matrix of maximum distance separable (MDS) code. Our construction is built on top of a companion matrix in deriving an MDS code. This significantly reduces the secret key size. We support the conjectured security of basicPKE by analysis and prove that the scheme achieves security against indistinguishability under chosen plaintext attacks (IND-CPA) in the random oracle model. Following the design framework of basicPKE, we construct fullPKE that leads to the design of fullKEM. We have shown that fullPKE is secure against one-wayness under plaintext and validity checking attacks (OW-PCVA) and fullKEM achieves security against indistinguishability under chosen ciphertext attacks (IND-CCA) in the random oracle model. An appealing feature of fullKEM is that it exhibits better performance guarantee in terms of communication bandwidth and secret key size when contrasted with existing similar approaches.
Download

Paper Nr:	70
Title:	Near-collisions and Their Impact on Biometric Security
Authors:	Axel Durbet, Paul-Marie Grollemund, Pascal Lafourcade and Kevin Thiry-Atighehchi
Abstract:	Biometric recognition encompasses two operating modes. The first one is biometric identification which consists in determining the identity of an individual based on her biometrics and requires browsing the entire database (i.e., a 1:N search). The other one is biometric authentication which corresponds to verifying claimed biometrics of an individual (i.e., a 1:1 search) to authenticate her, or grant her access to some services. The matching process is based on the similarities between a fresh and an enrolled biometric template. Considering the case of binary templates, we investigate how a highly populated database yields near-collisions, impacting the security of both the operating modes. Insight into the security of binary templates is given by establishing a lower bound on the size of templates and an upper bound on the size of a template database depending on security parameters. We provide efficient algorithms for partitioning a leaked template database in order to improve the generation of a master-template-set that can impersonates any enrolled user and possibly some future users. Practical impacts of proposed algorithms are finally emphasized with experimental studies.
Download

Paper Nr:	90
Title:	Resilience of GANs against Adversarial Attacks
Authors:	Kyrylo Rudavskyy and Ali Miri
Abstract:	The goal of this paper is to explore the resilience of Generative Adversarial Networks(GANs) against adversarial attacks. Specifically, we evaluated the threat potential of an adversarial attack against the discriminator part of the system. Such an attack aims to distort the output by injecting maliciously modified input during training. The attack was empirically evaluated against four types of GANs, injections of 10% and 20% malicious data, and two datasets. The targets were CGAN, ACGAN, WGAN, and WGAN-GP. The datasets were MNIST and F-MNIST. The attack was created by improving an existing attack on GANs. The lower bound for the injection size turned out to be 10% for the improvement and 10-20% for the baseline attack. It was shown that the attack on WGAN-GP can overcome a filtering defence for F-MNIST.
Download

Paper Nr:	101
Title:	Implementation of a Stateful Network Protocol Intrusion Detection Systems
Authors:	S. Seng, J. Garcia-Alfaro and Y. Laarouci
Abstract:	The deployment of a Network Intrusion Detection System (NIDS) is one of the imperatives for the control of an information system. Today, almost all intrusion detection systems are based on a static vision of network exchanges, whether for detection engines based on signatures or on behavioral models. However, this approach is limited: it does not allow to directly take into account past exchanges and thus to fully model normal or abnormal behavior, such as verifying that an authentication has taken place before authorizing a privileged request or detecting a replay attack. We propose to add an additional dimension to NIDS by performing stateful monitoring of communication protocols. Unified Modeling Language (UML) statecharts have been chosen to model the protocols and to perform the stateful monitoring. An implementation of this solution is integrated within an existing NIDS and validated on two industrial protocols IEC 60870-5-104 and Modbus TCP. This implementation has been realized by dissociating the stateful monitoring and the NIDS with the help of an abstraction interface allowing an easy integration of new communication protocols.
Download

Paper Nr:	102
Title:	zkBeacon: Proven Randomness Beacon based on Zero-knowledge Verifiable Computation
Authors:	Thomas Lavaur and Jérôme Lacan
Abstract:	The generation of random numbers by a trusted third-party is essential to many cryptographic protocols. Recently, the NIST proposed the standardization of randomness beacons, which are hash-based chains of pulses. Each pulse contains a random number and is generated at regular time intervals. However, if the owner of the beacon generator is untrusted, several attacks allow the manipulation of the provided random numbers. In this paper, we firstly suggest protecting the first hash functions of the NIST scheme by adding a verifiable argument of knowledge. More precisely, we propose furnishing a zk-SNARK or a zk-STARK with the hash to make the system more transparent and resistant to randomness manipulation. Secondly, we propose a verifiable computation-based interactive protocol to allow a client, with the help of the beacon, to generate proven randomness. Then, we show that connecting this system to a blockchain could have several benefits. We provide a security analysis with a model allowing a malicious beacon generator. We prove that our first application improves the resilience of the system against randomness manipulation attacks and that the interactive protocol rules out timing attacks for the client and ensures the non-predictability of the random numbers. Finally, we evaluated the computation cost with zk-SNARKs.
Download

Paper Nr:	105
Title:	Yet Another Algebraic Cryptanalysis of Small Scale Variants of AES
Authors:	Marek Bielik, Martin Jureček, Olha Jurečková and Róbert Lórencz
Abstract:	This work presents new advances in algebraic cryptanalysis of small scale derivatives of AES. We model the cipher as a system of polynomial equations over GF(2), which involves only the variables of the initial key, and we subsequently attempt to solve this system using Gröbner bases. We show, for example, that one of the attacks can recover the secret key for one round of AES-128 under one minute on a contemporary CPU. This attack requires only two known plaintexts and their corresponding ciphertexts. We also compare the performance of Gröbner bases to a SAT solver, and provide an insight into the propagation of diffusion within the cipher.
Download

Paper Nr:	111
Title:	PhishGNN: A Phishing Website Detection Framework using Graph Neural Networks
Authors:	Tristan Bilot, Grégoire Geis and Badis Hammi
Abstract:	Because of the importance of the web in our daily lives, phishing attacks have been causing a significant damage to both individuals and organizations. Indeed, phishing attacks are today among the most widespread and serious threats to the web and its users. Currently, the main approaches deployed against such attacks are blacklists. However, the latter represent numerous drawbacks. In this paper, we introduce PhishGNN, a Deep Learning framework based on Graph Neural Networks, which leverages and uses the hyperlink graph structure of websites along with different other hand-designed features. The performance results obtained, demonstrate that PhishGNN outperforms state of the art results with a 99.7% prediction accuracy.
Download

Paper Nr:	113
Title:	Are Clouds making Our Research Irrelevant and Who Is at Fault? (Position Paper)
Authors:	Yvo Desmedt
Abstract:	Until recently, the user of a computer system was able to (at least to some degree) help decide security policies, such as which access and information flow control to use, which cryptographic algorithms to choose, how to secure databases in use, etc. Due to these choices, researchers were able to have an impact on what was deployed. In today’s world, the Chief Information Officer (CIO) outsources online communication (replacing landlines), databases, e-mail, storage, voting, WWW, etc., to clouds. These do not use open source and do not disclose their design. So, the security is left to the designer and the user is completely left in the dark. Since most programmers never took a course in information security, we should assume the worst. In our paper we justify several positions: (i) we make the claim that clouds have lowered our information security; (ii) we wonder whether CIOs compare competing clouds on their security properties and ask independent experts for their advice; (iii) one finds that self-acclaimed experts often lack basic knowledge; (iv) that research is becoming irrelevant. We also wonder who is at fault for these problems and how we can address them.
Download

Paper Nr:	118
Title:	PASS-P: Performance and Security Sensitive Dynamic Cache Partitioning
Authors:	Nirmal K. Boran, Pranil Joshi and Virendra Singh
Abstract:	Cache-based side-channel attacks can cause security breaches like extraction of private keys from various encryption algorithms. Static cache partitioning protocols are widely known to prevent such side-channel attacks. However, because static partitioning protocols exhibit poor program performance, dynamic partitioning techniques are preferably used in modern systems. This work exposes the vulnerability of dynamic partitioning protocols such as UCP (Utility-based Cache Partitioning) and SecDCP (Secure Dynamic Cache Partitioning) to well-known side-channel attacks. We then propose PASS-P protocol which prevents such side-channel attacks without compromising on performance. PASS-P, when implemented to secure the widely used UCP protocol, results in an average performance drop of only 0.35%. Compared to the inherently secure static partitioning protocol, PASS-P improves performance by up to 29% (33.4%) and on an average 7.2% (10.6%) in pairs of memory-intensive benchmarks when implemented on the shared L3 (L2) cache.
Download

Paper Nr:	119
Title:	GAN-based Approach to Crafting Adversarial Malware Examples against a Heterogeneous Ensemble Classifier
Authors:	Saad Al-Ahmadi and Saud Al-Eyead
Abstract:	The rapid advances in machine learning and deep learning algorithms have led to their adoption to tackle different security problems such as spam, intrusion, and malware detection. Malware is a type of software developed with a malicious intent to damage, exploit, or disable devices, systems, or networks. Malware authors typically operate through black-box sitting when they have a partial knowledge about the targeted detection system. It has been shown that supervised machine learning models are vulnerable to well-crafted adversarial examples. The application domain of malware classification introduces additional constraints in the adversarial sample crafting process compared to the computer vision domain: (1) the input is binary and (2) retaining the visual appearance of the malware application and its intended functionality. In this paper, we have developed a heterogeneous ensemble classifier that combines supervised and unsupervised models to hinder black-box attacks designed by two variants of generative adversarial network (GAN). We experimentally validate its soundness on a corpus of malware and legitimate files.
Download

Paper Nr:	122
Title:	Reverse Engineering for Thwarting Digital Supply Chain Attacks in Critical Infrastructures: Ethical Considerations
Authors:	Arne R. Nygård, Arvind Sharma and Sokratis Katsikas
Abstract:	A reverse engineering process includes disassembling to analyse, test, and document the functionality of the target system. In doing so for the purpose of uncovering vulnerabilities intentionally or unintentionally introduced through the digital supply chain in components used in industrial control systems within critical infrastructures, ethical issues arise. This paper addresses such issues, by leveraging a real-life use case in the power infrastructure. A set of principles that should govern an ethical framework geared to reverse engineering for cybersecurity and recommendations on action needed to complement such a framework are proposed.
Download

Paper Nr:	123
Title:	A Decentralised Real Estate Transfer Verification based on Self-Sovereign Identity and Smart Contracts
Authors:	Abubakar-Sadiq Shehu, António Pinto and Manuel E. Correia
Abstract:	Since its first introduction in late 90s, the use of marketplaces has continued to grow, today virtually everything from physical assets to services can be purchased on digital marketplaces, real estate is not an exception. Some marketplaces allow acclaimed asset owners to advertise their products, to which the services gets commission/percentage from proceeds of sale/lease. Despite the success recorded in the use of the marketplaces, they are not without limitations which include identity and property fraud, impersonation and the use of centralised technology with trusted parties that are prone to single point of failures (SPOF). Being one of the most valuable assets, real estate has been a target for marketplace fraud as impersonators take pictures of properties they do not own, upload them on marketplace with promising prices that lures innocent or naive buyers. This paper addresses these issues by proposing a self sovereign identity (SSI) and smart contract based framework for identity verification and verified transaction management on secure digital marketplaces. First, the use of SSI technology enable methods for acquiring verified credential (VC) that are verifiable on a decentralised blockchain registry to identify both real estate owner(s) and real estate property. Second, the smart contracts are used to negotiate the secure transfer of real estate property deeds on the marketplace. To assess the viability of our proposal we define an application scenario and compare our work with other approaches.
Download

Paper Nr:	2
Title:	Irreversible Applications for Windows NT Systems
Authors:	Rahul S. Gunawardhana and Kavinga Y. Abeywardena
Abstract:	Anti-reversing or anti-debugging mechanisms refer to the implementations put in place in an application that tries to hinder or completely halt the process of debugging and disassembly. The paper discusses the possibility of a monitoring system that would prevent any debugger from debugging a given process in a Windows NT environment. This project aims to facilitate a similar concept present in that of anti-cheat monitoring programs in online games for commercial products and applications. In contrast, an anti-cheat product monitors the game’s memory pages for direct or indirect modifications either via internal (within the process) mechanisms such as hooks and DLL injections or external mechanisms such as Read Process Memory (RPM), Write Process Memory (WPM), named pipes, sockets. In many other scenarios, the anti-debug program would monitor a selected process for attempts of debug or disassembly.
Download

Paper Nr:	10
Title:	Bypassing Current Limitations for Implementing a Credential Delegation for the Industry 4.0
Authors:	Santiago de Diego, Óscar Lage, Cristina Regueiro, Sergio Anguita and Gabriel Maciá-Fernández
Abstract:	Industry 4.0 is set to modernize industrial processes as we know them today. This modernization goes hand in hand with the digitalization of industry and the need to digitally identify the different devices involved in the manufacturing process. Verifiable credentials and Decentralized Identifiers, which are part of the self-sovereign identity (SSI) concept, allow decentralized identification and characterization of the devices (commonly IIoT devices) that make up Industry 4.0. However, some use cases in the Industry 4.0 cannot be modelled with standard SSI schemes. Despite the fact that delegated credentials have been defined in the W3C standard for verifiable credentials, current technologies present some important limitations that make them non-implementable. This paper analyses these limitations in the context of the problem of building delegated credentials for the Industry 4.0, and proposes an alternative based on an Hyperledger Aries RFC, bypassing these limitations. Finally, some implementation tests have been conducted in order to demonstrate that the Aries RFC does not add extra complexity in terms of performance to the normal SSI flow.
Download

Paper Nr:	20
Title:	A Generic Privacy-preserving Protocol for Keystroke Dynamics-based Continuous Authentication
Authors:	Ahmed F. Baig and Sigurd Eskeland
Abstract:	Continuous authentication utilizes automatic recognition of certain user features for seamless and passive authentication without requiring user attention. Such features can be divided into categories of physiological biometrics and behavioral biometrics. Keystroke dynamics is proposed for behavioral biometrics-oriented authentication by recognizing users by means of their typing patterns. However, it has been pointed out that continuous authentication using physiological biometrics and behavior biometrics incur privacy risks, revealing personal characteristics and activities. In this paper, we consider a previously proposed keystroke dynamics-based authentication scheme that has no privacy-preserving properties. In this regard, we propose a generic privacy-preserving version of this authentication scheme in which all user features are encrypted —preventing disclosure of those to the authentication server. Our scheme is generic in the sense that it assumes homomorphic cryptographic primitives. Authentication is conducted on the basis of encrypted data due to the homomorphic cryptographic properties of our protocol.
Download

Paper Nr:	23
Title:	Risk-driven Model-based Architecture Design for Secure Information Flows in Manufacturing Infrastructures
Authors:	Loris Dal Lago, Fabio Federici, Davide Martintoni and Valerio Senni
Abstract:	Modern manufacturing infrastructures leverage internet and intranet connectivity to guarantee the remote execution of services at the shopfloor level, continued operations and remote reconfigurability. Nonetheless, equipment used in industrial plants is not always prepared to withstand the security challenges introduced by increased connectivity demands, thus exposing the overall system to security threats. We propose a model-based approach to combine secure design of digital infrastructures for manufacturing with a rigorous security risk assessment, enabling trusted connectivity for equipment, with a robust analysis method for the evaluation of their security properties. To that aim, information flow paths are captured between functions and equipment, assets and threats are identified, mitigations and new security requirements are defined. Mitigations are then propagated to the level of implementation, where we rely on hardware-enforced isolation to provide trusted computation and data protection. In this paper we demonstrate our methodological approach using an extension of the SysML language for threat modelling and by relying on ARM TrustZone for hardware isolation. Our approach is sufficiently general to be reused for other domains and alternative technologies.
Download

Paper Nr:	24
Title:	Seccomp Filters from Fuzzing
Authors:	Marcus Gelderie, Valentin Barth, Maximilian Luff and Julian Birami
Abstract:	Seccomp is an integral part of Linux sandboxes, but intimate knowledge of the required syscalls of a program are required. We present a fuzzer-based dynamic approach to auto-generate seccomp filters that permit only the required syscalls. In our model, a syscall is required, if any execution path leads to its invocation. Our implementation combines a symbolic execution step and a custom mutator to take command line flags into account and achieve a large coverage of the SUT. We provide an evaluation of our tool on popular command line tools and find up to 100% of the system calls found through manual analysis.
Download

Paper Nr:	28
Title:	A Method for Road Accident Prevention in Smart Cities based on Deep Reinforcement Learning
Authors:	Giuseppe Crincoli, Fabiana Fierro, Giacomo Iadarola, Piera L. Rocca, Fabio Martinelli, Francesco Mercaldo and Antonella Santone
Abstract:	Autonomous vehicles play a key role in the smart cities vision: they bring benefits and innovation, but also safety threats, especially if they suffer from vulnerabilities that can be easily exploited. In this paper, we propose a method that exploits Deep Reinforcement Learning to train autonomous vehicles with the purpose of preventing road accidents. The experimental results demonstrated that a single self-driving vehicle can help to optimise traffic flows and mitigate the number of collisions that would occur if there were no self-driving vehicles in the road network. Our results proved that the training progress is able to reduce the collision frequency from 1 collision every 32.40 hours to 1 collision every 53.55 hours, demonstrating the effectiveness of deep reinforcement learning in road accident prevention in smart cities.
Download

Paper Nr:	30
Title:	TrustLend: Using Borrower Trustworthiness for Lending on Ethereum
Authors:	Wisnu Uriawan, Youakim Badr, Omar Hasan and Lionel Brunie
Abstract:	The practice of personal lending, also known as Peer-to-Peer (P2P) lending, has been increasing globally. However, providing unsecured loans to peers without requiring collateral remains a challenge. We present a platform called TrustLend, which enables using borrower trustworthiness as an alternative to collateral in personal lending transactions. TrustLend is a blockchain-based platform implemented on Ethereum. We introduce a borrower trustworthiness score with variable selection rules to help lenders decide on reliable candidates as borrowers. We describe the prototype implementation, which is a Decentralized Application (DApp) that uses smart contracts. The prototype demonstrates fundamental features and supports borrowers, recommenders, and lenders/investors in establishing loans and approvals. Finally, the prototype shows how end-users can easily access loans with minimum collateral without hidden costs and swift transactions.
Download

Paper Nr:	32
Title:	Efficient IoT Device Fingerprinting Approach using Machine Learning
Authors:	Richmond Osei, Habib Louafi, Malek Mouhoub and Zhongwen Zhu
Abstract:	Internet of Things (IoT) usage is steadily becoming a way of life. IoT devices can be found in smart homes, factories, farming, etc. However, skyrocketing of IoT devices comes along with many security concerns due to their small and constrained build-up. For instance, a comprised IoT device in a network presents a vulnerability that can be exploited to attack the entire network. Since IoT devices are usually scattered over vast areas, Mobile Network Operators resort to analyzing the traffic generated by these devices to detect the identity (fingerprint) and nature of these devices (legitimate, faulty, or malicious). We propose an efficient solution to fingerprint IoT devices using known classifiers, alongside dimensionality reduction techniques, such as PCA and Autoencoder. The latter techniques extract the most relevant features required for accurate fingerprinting while reducing the amount of IoT data to process. To assess the performance of our proposed approach, we conducted several experiments on a real-world dataset from an IoT network. The results show that the Autoencoder for dimensionality reduction with a Decision Tree Algorithm reduces the number of features from 14 to 5 while keeping the prediction of the IoT devices fingerprints very high (97%).
Download

Paper Nr:	38
Title:	A Real-time Method for CAN Bus Intrusion Detection by Means of Supervised Machine Learning
Authors:	Francesco Mercaldo, Rosangela Casolare, Giovanni Ciaramella, Giacomo Iadarola, Fabio Martinelli, Francesco Ranieri and Antonella Santone
Abstract:	Nowadays vehicles are not composed only of mechanical parts, exits a plethora of electronics components in our cars, able to exchange information. The protection devices such as the airbags are activated electronically. This happens because the braking or acceleration signal from the pedal to the actuator arrives through a packet. The latter is an electronic and not a mechanical signal. For packets transmission a bus, i.e., the Controller Area Network, was designed and implemented in vehicles. This bus was not designed to receive access from the outside world, which happened when info-entertainment systems were introduced, opening up the possibility of accessing bus information from devices external to the vehicle. To avoid the possibility of those attacks, in this research article, we propose a method aimed to detect intrusions targeting the CAN bus. In particular, we analyze packets transiting through the CAN bus, and we build a set of models by exploiting supervised machine learning. We experiment with the proposed method on three different attacks (i.e., speedometer attack, arrows attack, and doors attack), obtaining interesting performances.
Download

Paper Nr:	40
Title:	Parallel and Distributed Implementations of the Wiedemann and the Block-Wiedemann Methods over GF(2)
Authors:	Rahul Roy, Abhijit Das and Dipanwita Roy Chowdhury
Abstract:	Finding the prime factors of large composite integers is the fundamental computational problem in number theory. Currently, the fastest known integer-factoring algorithm is the General Number Field Sieve method (GNFSM) which has been used by the research community to factor RSA moduli of sizes 500–800 bits. One of the steps of this method involves finding non-zero solutions of the linear system available from the sieving stage. Since the linear systems involved in GNFSM are necessarily sparse, special iterative system solvers are used. One such solver is called the Wiedemann method. This paper reports our efficient implementation of the Wiedemann method, and its block version. We start with a single-core sequential implementation, and then make efforts to parallelize the implementation to run on multiple cores of a single machine. Special load-balancing techniques are designed to reduce synchronization overheads after each iteration. Finally, we distribute the computation across multiple computing nodes. Our load-balancing ideas are refined, and computation-communication overlapping techniques are explored in order to absorb the communication overheads. Speed-up figures achieved by the different improvements incorporated in our implementations are reported. To the best of our knowledge, we are the first to report distributed implementations of the Wiedemann method.
Download

Paper Nr:	44
Title:	Discovering How to Attack a System
Authors:	Fabrizio Baiardi, Daria Maggi and Mauro Passacantando
Abstract:	We evaluate the performance of a genetic algorithm to discover the best set of rules to implement an intrusion against an ICT network. The rules determine how the attacker selects and sequentializes its actions to implement an intrusion. The fitness of a set of rules is assigned after exploiting it in an intrusion. The evaluation of the distinct sets of rules in the populations the algorithm considers requires multiple intrusions. To avoid the resulting noise on the ICT network, the intrusions target a digital twin of the network. We present a preliminary experimental results that supports the feasibility of the proposed solution.
Download

Paper Nr:	53
Title:	Decentralized Public Key Infrastructure with Identity Management using Hyperledger Fabric
Authors:	Amisha Sinha and Debanjan Sadhya
Abstract:	Public key infrastructure (PKI) is one of the most effective ways to protect confidential electronic data on the internet. In centralized PKIs, the identity is defined by trusted third parties, specifically the Certificate Authority (CA). However, the security of the end-users becomes jeopardized if the CA gets compromised. To tackle this problem, the decentralized nature of the system can be used to eliminate a single point of failure. However, the lack of real-time support, the block complexity, and strict implementation are drawbacks that burden the practicality of these approaches. This study tries to evaluate the Decentralized Public Key Infrastructure (DPKI) framework based on a permission-less model. The model itself is constructed over the decentralized identifier to manage the identity of users. We use the Hyperledger Fabric based blockchain network to create a hierarchy Certificate Authority, where each CA is a peer in a decentralized distributed network. Hence, each peer owns a separate database validated by the blockchain. We have evaluated the model efficacy in terms of the network latency and throughput, which were all found to be acceptable.
Download

Paper Nr:	62
Title:	The Weakest Link: On Breaking the Association between Usernames and Passwords in Authentication Systems
Authors:	Eva Anastasiadi, Elias Athanasopoulos and Evangelos Markatos
Abstract:	Over the last decade, we have seen a significant number of data breaches affecting hundreds of millions of users. Leaked password files / Databases that contain passwords in plaintext allow attackers to get immediate access to the credentials of all the accounts stored in those files. Nowadays most systems keep passwords in a hashed salted form, but using brute force techniques attackers are still able to crack a large percentage of those passwords. In this work, we present a novel approach to protect users’ credentials from such leaks. We propose a new architecture for the password file that makes use of multiple servers. The approach is able to defend even against attackers that manage to compromise all servers - as long as they do not do it at the same time. Our prototype implementation and preliminary evaluation in the authentication system of WordPress suggests that this approach is not only easy to incorporate into existing systems, but it also has minimal overhead.
Download

Paper Nr:	64
Title:	Authentication Attacks on Projection-based Cancelable Biometric Schemes
Authors:	Axel Durbet, Paul-Marie Grollemund, Pascal Lafourcade, Denis Migdal and Kevin Thiry-Atighehchi
Abstract:	Cancelable biometric schemes aim at generating secure biometric templates by combining user specific tokens, such as password, stored secret or salt, along with biometric data. This type of transformation is constructed as a composition of a biometric transformation with a feature extraction algorithm. The security requirements of cancelable biometric schemes concern the irreversibility, unlinkability and revocability of templates, without losing in accuracy of comparison. While several schemes were recently attacked regarding these requirements, full reversibility of such a composition in order to produce colliding biometric characteristics, and specifically presentation attacks, were never demonstrated to the best of our knowledge. In this paper, we formalize these attacks for a traditional cancelable scheme with the help of integer linear programming (ILP) and quadratically constrained quadratic programming (QCQP). Solving these optimization problems allows an adversary to slightly alter its fingerprint image in order to impersonate any individual. Moreover, in an even more severe scenario, it is possible to simultaneously impersonate several individuals.
Download

Paper Nr:	68
Title:	Weighted Attribute-based Encryption with Parallelized Decryption
Authors:	Alexandru Ioniță
Abstract:	Unlike conventional ABE systems, which support Boolean attributes (with only 2 states: 1 and 0, or "Present" and "Absent"), Weighted Attribute-based Encryption schemes also support numerical values attached to attributes, and each terminal node of the access structure contains a threshold for a minimum weight. We propose a Weighted ABE system, with access policy of logarithmic expansion, by dividing each weighted attribute in sub-attributes. On top of that, we show that the decryption can be parallelized, leading to a notable improvement in running time, compared to the serial version.
Download

Paper Nr:	73
Title:	Evaluation of AI-based Malware Detection in IoT Network Traffic
Authors:	Nuno Prazeres, Rogério C. Costa, Leonel Santos and Carlos Rabadão
Abstract:	Internet of Things (IoT) devices have become day-to-day technologies. They collect and share a large amount of data, including private data, and are an attractive target of potential attackers. On the other hand, machine learning has been used in several contexts to analyze and classify large volumes of data. Hence, using machine learning to classify network traffic data and identify anomalous traffic and potential attacks promises. In this work, we use deep and traditional machine learning to identify anomalous traffic in the IoT-23 dataset, which contains network traffic from real-world equipment. We apply feature selection and encoding techniques and expand the types of networks evaluated to improve existing results from the literature. We compare the performance of algorithms in binary classification, which separates normal from anomalous traffic, and in multiclass classification, which aims to identify the type of attack.
Download

Paper Nr:	76
Title:	Towards Heterogeneous Remote Attestation Protocols
Authors:	Paul G. Wagner and Jürgen Beyerer
Abstract:	Remote attestation protocols are valuable tools to cryptographically verify the integrity of remote software stacks. Usually these protocols rely on a specific hardware-based trusted computing technology to provide their security guarantees. However, especially in distributed settings with many collaborating platforms it is not always feasible to use protocols developed exclusively for one trusted computing technology. In this work we explore the possibility of conducting heterogeneous remote attestations between endpoints utilizing different trusted computing technologies. We motivate the benefits of such attestations in the light of distributed systems and present a list of requirements for a working heterogeneous remote attestation protocol. Then we propose a remote attestation mechanism that can securely link Intel SGX enclaves, TPM-based trusted applications, as well as ARM TrustZone devices with an attested and encrypted communication channel. Finally we outline how this mechanism can be integrated into an established remote attestation protocol.
Download

Paper Nr:	78
Title:	Identifying Organizations Receiving Personal Data in Android Apps
Authors:	David Rodriguez, Miguel Cozar and Jose D. Alamo
Abstract:	Many studies have demonstrated that mobile applications are common means to collect massive amounts of personal data. This goes unnoticed by most users, who are also unaware that many different organizations are receiving this data, even from multiple apps in parallel. This paper assesses different techniques to identify the organizations that are receiving personal data flows in the Android ecosystem, namely the WHOIS service, SSL certificates inspection, and privacy policy textual analysis. Based on our findings, we propose a fully automated method that combines the most successful techniques, achieving a 94.73% precision score in identifying the recipient organization. We further demonstrate our method by evaluating 1,000 Android apps and exposing the corporations that collect the users’ personal data.
Download

Paper Nr:	79
Title:	JCAlgTest: Robust Identification Metadata for Certified Smartcards
Authors:	Petr Svenda, Rudolf Kvasnovsky, Imrich Nagy and Antonin Dufka
Abstract:	The certification of cryptographic smartcards under the Common Criteria or NIST FIPS140-2 is a well-established process, during which an evaluation facility validates the manufacturer’s claims and issues a product certificate. The tested card is usually identified by its name, type, ATR, and Card Production Life Cycle (CPLC) data. While sufficient to pair the purchased card to its original certificate when bought from a trustworthy seller, such static metadata stored on the card can easily be manipulated. We extend the currently used card identification with a more descriptive set of metadata extracted from supported functionality, performance profiling, and properties of generated cryptographic keys. All of this information can be obtained directly by the evaluation facility, appended to the certificate, and later verified by the end-user with no need for any special knowledge or equipment, resulting in a better assurance about the purchased product. We developed a suite of open tools for the extraction of such characteristics and collected results for a set of more than 100 different smartcards. The database, openly available, demonstrates the significant variability in the measured properties and allows us to estimate the trends in support of different cryptographic algorithms as provided by the JavaCard platform.
Download

Paper Nr:	80
Title:	On the Efficiency and Security of Quantum-resistant Key Establishment Mechanisms on FPGA Platforms
Authors:	Lukas Malina, Sara Ricci, Patrik Dobias, Petr Jedlicka, Jan Hajny and Kim-Kwang R. Choo
Abstract:	The importance of designing efficient and secure post-quantum cryptographic algorithms is reinforced in the recent National Institute of Standards and Technology (NIST)’s Post-Quantum Cryptography (PQC) competitions. Seeking to complement existing studies that evaluate the performance of various PQC algorithms, we explore current hardware implementations of third-round finalist key-establishment algorithms (i.e., Kyber, McEliece, NTRU, and SABER) and the five alternate algorithms (i.e., BIKE, FrodoKEM, HQC, NTRU Prime, and SIKE) on Field Programmable Gate Array (FPGA) platforms. Further, we present our pure-VHDL implementation of Kyber and compare it with the hardware implementations of the NIST finalists. Our design offers one universal Kyber component that can operate in 6 different modes. The evaluation findings show that our pure-VHDL Kyber provides less latency than current VHDL-based implementations.
Download

Paper Nr:	81
Title:	Brain Waves and Evoked Potentials as Biometric User Identification Strategy: An Affordable Low-cost Approach
Authors:	Roberto Saia, Salvatore Carta, Gianni Fenu and Livio Pompianu
Abstract:	The relatively recent introduction on the market of low-cost devices able to perform an Electroencephalography (EEG) has opened a stimulating research scenario that involves a large number of researchers previously excluded due to the high costs of such hardware. In this regard, one of the most stimulating research fields is focused on the use of such devices in the context of biometric systems, where the EEG data are exploited for user identification purposes. Based on the current literature, which reports that many of these systems are designed by combining the EEG data with a series of external stimuli (Evoked Potentials) to improve the reliability and stability over time of the EEG patterns, this work is aimed to formalize a biometric identification system based on low-cost EEG devices and simple stimulation instruments, such as images and sounds generated by a computer. In other words, our objective is to design a low-cost EEG-based biometric approach exploitable on a large number of real-world scenarios.
Download

Paper Nr:	83
Title:	Illicit Darkweb Classification via Natural-language Processing: Classifying Illicit Content of Webpages based on Textual Information
Authors:	Giuseppe Cascavilla, Gemma Catolino and Mirella Sangiovanni
Abstract:	This work aims at expanding previous works done in the context of illegal activities classification, performing three different steps. First, we created a heterogeneous dataset of 113995 onion sites and dark marketplaces. Then, we compared pre-trained transferable models, i.e., ULMFit (Universal Language Model Fine-tuning), Bert (Bidirectional Encoder Representations from Transformers), and RoBERTa (Robustly optimized BERT approach) with a traditional text classification approach like LSTM (Long short-term memory) neural networks. Finally, we developed two illegal activities classification approaches, one for illicit content on the Dark Web and one for identifying the specific types of drugs. Results show that Bert obtained the best approach, classifying the dark web’s general content and the types of Drugs with 96.08% and 91.98% of accuracy.
Download

Paper Nr:	84
Title:	Verification of PUF-based IoT Protocols with AVISPA and Scyther
Authors:	Tomáš Rabas, Róbert Lórencz and Jiří Buček
Abstract:	Paper from 2020 (Buchovecká et al., 2020) suggests protocols suitable for lightweight IoT Devices. They are based on physical unclonable functions (PUF) which among others simplify the problem of key management on simple hardware devices and microcontrollers. These protocols are supposed to authenticate a device and distribute keys safely so that only the intended parties can know the key. We analysed suggested protocols using two automated verification tools AVISPA and Scyther. The analysis shows that there are several issues concerning the authentication property. We demonstrate the results from the tools and describe several attacks that exploit this vulnerability. Finally, we provide modified versions of these protocols that are resistant to those attacks and satisfy authentication as desired.
Download

Paper Nr:	86
Title:	PE-AONT: Partial Encryption All or Nothing Transform
Authors:	Katarzyna Kapusta and Gerard Memmi
Abstract:	We introduce PE-AONT: a novel algorithm for very fast computational secret sharing scheme. The core idea of this scheme is to encrypt the data only partially before applying an all-or-nothing transform that will blend the encrypted and non-encrypted data. By doing this, we achieve much better performance than relevant techniques including straightforward encryption. To this regard, a performance benchmark is provided. Interestingly, when the ratio between the number of encrypted and non-encrypted fragments is wisely chosen, data inside fragments are protected against exposure of the encryption key unless all fragments are gathered by an attacker. Therefore, by choosing the right parameters, we can achieve key exposure protection, faster processing, and a better overall protection.
Download

Paper Nr:	87
Title:	From GDPR to Privacy Design Patterns: The MATERIALIST Framework
Authors:	Vita Barletta, Giuseppe Desolda, Domenico Gigante, Rosa Lanzilotti and Marco Saltarella
Abstract:	Privacy is becoming an increasingly important factor in software production. Indeed, besides increasing software quality, privacy is a mandatory aspect of national and supranational regulations like GDPR. However, several aspects like lack of knowledge on privacy and data protection regulations ambiguities limit the adoption of proper privacy implementation mechanisms during the software lifecycle. To fill this gap, this paper presents a framework, MATERIALIST, which aims to guide developers in choosing privacy design patterns to be used during software development. In particular, this paper focuses on the selection of privacy design patterns starting from the GDPR requirements. In this way, what is currently prescribed by GDPR in a non-technical way becomes a practical solution that software developers can adopt during their work.
Download

Paper Nr:	88
Title:	Moving Target Defense Router: MaTaDoR
Authors:	Berkan Ufuk and Mehmet T. Sandikkaya
Abstract:	The continuous increase in network attacks and the complexity of the available offensive technologies enforces novel defensive mechanisms. Moving Target Defense (MTD) is a recent family of approaches for network defense. This study proposes MaTaDoR, which utilizes message authentication akin to TCP Authentication Option (TCP-AO) in a MTD setting to mitigate a wide range of attacks, including Denial of Service (DoS). The purpose of MaTaDoR is averting unauthenticated packets from reaching protected assets. When many other MTD approaches aim to delay adversaries, MaTaDoR strictly protects networked assets from unauthenticated access. MaTaDoR is transparent, stateless and scalable. The efficiency of this combination is demonstrated by the results of a simulation. The proposed approach is capable of blocking every DoS packet with an insignificant trade-off increase in end-to-end delay.
Download

Paper Nr:	91
Title:	Transient State Signaling for Spectre/Meltdown Transient Cache Side-channel Prevention
Authors:	Zelong Li and Akhilesh Tyagi
Abstract:	The discovery of Meltdown and Spectre attacks and their variants showed that speculative execution offers a major attack surface for micro-architectural side channel attacks. The secret data-dependent traces in the CPU’s micro-architectural state are not cleansed which can be exploited by an adversary to reveal victim’s secrets. In this paper, we propose a cache control scheme that cooperates with a novel load store queue(LSQ) unit to nullify the cache side-channel exploited by Meltdown and Spectre attacks and their variants. In our proposed cache scheme, a new saturating reference counter is added to each cache line to hold the number of accesses since its arrival from the higher level of the memory hierarchy. For every squashed (uncommitted) speculative transient load, a corresponding flush request packet is sent to the downstream memory hierarchy. This ensures that any cache line brought into the cache by a transient load is always evicted soon after the corresponding mis-speculation commit. A cache side-channel adversary can no longer detect the existence of a transiently loaded cache block. Our experiment on gem5 shows that by integrating the proposed design, Meltdown and Spectre variants that uses Flush+Reload attack to create the cache covert channel are completely closed.
Download

Paper Nr:	92
Title:	On the Practicality of Relying on Simulations in Different Abstraction Levels for Pre-silicon Side-Channel Analysis
Authors:	Javad Bahrami, Mohammad Ebrahimabadi, Sofiane Takarabt, Jean-luc Danger, Sylvain Guilley and Naghmeh Karimi
Abstract:	Cryptographic chips are prone to side-channel analysis attacks aiming at extracting their secrets. Side-channel leakage is particularly hard to remove completely, unless using a bottom-up approach (compositional security). On the contrary, industrial secure-by-design methods are rather relying on a top-down approach: (would-be) protected circuits are synthesized by Electronic Design Automation (EDA) tools. Tracking that no leakage exists at any refinement stage is therefore a challenge. Experience has shown that multiple leakages can resurge out of the blue when a sound RTL design is turned into a technology-mapped netlist. Checking for leaks and identifying them is a challenge. When the netlist is unstructured (e.g., it results from an EDA tool), dynamic checking appears as the most straightforward approach. It is feasible, given only a few thousand execution traces, to decide with a great certainty whether a leakage hides at some time samples within the trace or not. In practice, such easy detection is fostered by the fact that the activity of signals in cryptographic implementations (even more true for masked implementations) is almost maximal (=50%). The remaining question is about the adequate abstraction level of the simulation. The higher as possible abstractions are preferred, as they potentially capture more situations. However, if the simulation is too abstract, it may model the reality inappropriately. In this paper, we explore whether or not an evenemential simulation (toggle count) is faithful with respect to a low-level simulation (at SPICE level). Our results show that both abstraction levels match qualitatively for unprotected implementations. However, abstract toggle count simulations are no longer connected to real SPICE simulations in masked implementations. The reason is that the effect of the random mask is to mix evenemential simulations (which only reflect “approximately” the SPICE reality) together, in such a way that the useful information is lost. Therefore, masked logic netlist implementations shall be analysed only at SPICE level.
Download

Paper Nr:	96
Title:	A Secure Federated Learning: Analysis of Different Cryptographic Tools
Authors:	Oana Stan, Vincent Thouvenot, Aymen Boudguiga, Katarzyna Kapusta, Martin Zuber and Renaud Sirdey
Abstract:	Federated Learning is established as one of the most efficient collaborative learning approaches aiming at training different client models using private datasets. By private, we mean that clients’ datasets are never disclosed as they serve to train clients’ models locally. Then, a central server is in charge of aggregating the different models’ weights. The central server is generally a honest-but-curious entity that may be interested in collecting information about clients datasets by using model inversion or membership inference. In this paper, we discuss different cryptographic options for providing a secure Federated Learning framework. We investigate the use of Differential Privacy, Homomorphic Encryption and Multi-Party Computation (MPC) for confidential data aggregation while considering different threat models. In our homomorphic encryption approach, we compare results obtained with an optimized version of the Paillier cryptosystem to those obtained with BFV and CKKS. As for MPC technique, different general protocols are tested under various security assumptions. Overall we have found HE to have better performance, for a lower bandwidth usage.
Download

Paper Nr:	97
Title:	Novel Design for IE-Cache to Mitigate Conflict-based Cache-side Channel Attacks with Reduced Energy Consumption
Authors:	Saqib Javed, Muhammad A. Mukhtar, Muhammad K. Bhatti and Guy Gogniat
Abstract:	Cache-based side-channel attacks have raised serious security concerns in the contemporary cache architectures. To mitigate these attacks, various cache architectures have been proposed that rely on cache partitioning and random memory-to-cache mapping based methods. Unfortunately, these cache methods are not adopted by the mainstream processors because of unfavorable security and performance trade-off. In literature, the Indirect-Eviction Cache (IE-Cache), a random memory-to-cache mapping based cache architecture, has shown high security and faster execution time by introducing the principles of multi-indexing and relocating the cache lines. However, IE-Cache requires relocation of cache lines that result in high energy consumption along with security. In this paper, we alleviate the energy consumption issue in IE-Cache by introducing a pointer-based mapping between tag and data store, which we call PIE-Cache (Pointer-based IE-Cache). This enables relocation of pointers in the tag-store without relocating a large cache line in the data-store, yielding low energy consumption compared to IE-Cache. We have developed the PIE-Cache model in the gem5 simulator to evaluate the energy consumption with Micro-benchmark. The results show that the energy consumption of 1MB PIE-Cache with 4 ways and 3 levels is 20% less compared to IE-Cache with the same capacity, ways and levels over Micro-benchmark. Moreover, we have performed the security evaluation of PIE-Cache in the same way as proposed in IE-Cache study to compare the learning time of eviction sets. These results show that the complexity of learning eviction sets is similar to IE-Cache.
Download

Paper Nr:	100
Title:	Switched-based Control Testbed to Assure Cyber-physical Resilience by Design
Authors:	Mariana Segovia, Jose Rubio-Hernan, Ana R. Cavalli and Joaquin Garcia-Alfaro
Abstract:	Cyber-Physical Systems (CPS) integrate control systems engineering, computer science, and networking to control a physical process. The main challenge after detecting malicious actions in a CPS is to choose the correct reaction that the system has to carry out. In this paper, we propose a deployment platform for cyber-physical configurations evaluation to satisfy cyber-physical resilience properties. Experimental testbeds are crucial to analyze new proposals. For this reason, we discuss some actions for the development of a replicable and affordable cyber-physical testbed for training and research. The architecture is based on real-world components. This solution combines diverse parameters that come from cyber and physical layers.
Download

Paper Nr:	103
Title:	Offline-verifiable Data from Distributed Ledger-based Registries
Authors:	Stefan More, Jakob Heher and Clemens Walluschek
Abstract:	Trust management systems often use registries to authenticate data, or form trust decisions. Examples are revocation registries and trust status lists. By introducing distributed ledgers (DLs), it is also possible to create decentralized registries. A verifier then queries a node of the respective ledger, e.g., to retrieve trust status information during the verification of a credential. While this ensures trustworthy information, the process requires the verifier to be online and the ledger node available. Additionally, the connection from the verifier to the registry poses a privacy issue, as it leaks information about the user’s behavior. In this paper, we resolve these issues by extending existing ledger APIs to support results that are trustworthy even in an offline setting. We do this by introducing attestations of the ledger’s state, issued by ledger nodes, aggregatable into a collective attestation by all nodes. This attestation enables a user to prove the provenance of DL-based data to an offline verifier. Our approach is generic. So once deployed it serves as a basis for any use case with an offline verifier. We also provide an implementation for the Ethereum stack and evaluate it, demonstrating the practicability of our approach.
Download

Paper Nr:	108
Title:	Efficient Hybrid Model for Intrusion Detection Systems
Authors:	Nesrine Kaaniche, Aymen Boudguiga and Gustavo Gonzalez-Granadillo
Abstract:	This paper proposes a new hybrid ML model that relies on K-Means clustering and the Variational Bayesian Gaussian Mixture models to efficiently detect and classify unknown network attacks. The proposed model first classifies the input data into various clusters using K-Means. Then, it identifies anomalies in those clusters using the Variational Bayesian Gaussian Mixture model. The model has been tested against the CICIDS 2017 dataset that contains new relevant attacks and realistic normal traffic, with a reasonable size. To balance the data, undersampling techniques were used. Furthermore, the features were reduced from 78 to 28 using feature selection and feature extraction methods. The proposed model shows promising results when identifying whether a data point is an attack or not with an F1 score of up to 91%.
Download

Paper Nr:	109
Title:	Side-channel Analysis and Countermeasure for Implementation of Lattice-based Signature
Authors:	Kazuhide Fukushima, Hiroki Okada, Sofiane Takarabt, Amina Korchi, Meziane Hamoud, Khaled Karray, Youssef Souissy and Sylvain Guilley
Abstract:	Lattice-based cryptography is believed to be a promising candidate for post-quantum cryptography (PQC). The NIST announced that the third-round finalists in the standardization project of PQC (NIST-PQC) and four out of seven finalists are lattice-based cryptography. An implementation is desired that is resistant to side-channel analysis for the widespread use of lattice-based cryptography. This paper studies possible side-channel analysis on the signature scheme MLWRSign, a lattice-based signature scheme. We apply differential power analysis to the implementation of MLWRSign to specify all the sensitive parts. The experimental results show that only Karatsuba and Toom-Cook multiplications can be vulnerable to DPA with the Hamming weight power consumption model. Furthermore, we propose masking countermeasures for multiplication: inter-functional and intra-functional masking. Our lightweight countermeasure is beneficial to further enhance the security of post-quantum cryptography, which is naturally resistant to side-channel attacks.
Download

Paper Nr:	112
Title:	Towards a Threat Model and Security Analysis for Data Cooperatives
Authors:	Abiola Salau, Ram Dantu, Kirill Morozov, Kritagya Upadhyay and Syed Badruddoja
Abstract:	Data cooperative (called “data coop” for short) is an emerging approach in the area of secure data management. It promises its users a better protection and control of their data, as compared to the traditional way of their handling by the data collectors (such as governments, big data companies, and others). However, for the success of data coops, existing challenges with respect to data management systems need to be adequately addressed. Especially, they concern terms of security and privacy, as well as the power imbalance between providers/owners and collectors of data. Designing a security and privacy model for a data coop requires a systematic threat modeling approach that identifies the security landscape, attack vectors, threats, and vulnerabilities, as well as the respective mitigation strategies. In this paper, we analyze the security of data cooperatives, identify potential security risks and threats, and suggest adequate countermeasures. We also discuss existing challenges that hinder the widespread adoption of data coops.
Download

Paper Nr:	121
Title:	A Novel Method for Embedding and Extracting Secret Messages in Textual Documents based on Paragraph Resizing
Authors:	Benjamin Aziz, Aysha Bukhelli, Rinat Khusainov and Alaa Mohasseb
Abstract:	The ancient technique of information hiding known as text steganography has enjoyed much research in recent years due to the rising popularity of social media platforms and the abundant availability of online literature and other text as cover media for steganography. Whilst the majority of the research approaches have focused on manipulating or replacing text, in some form or another, to embed secret information, the utilisation of the structure of the document itself for such embedding has rarely been researched. Therefore, we propose in this short paper a new approach for embedding secret messages in textual documents based on the splitting, merging, and resizing of paragraph text. The size comparison between adjacent paragraphs embeds one bit of information. We outline only the basic idea and define the syntax and semantics of the embedding language.
Download