SECRYPT 2020 Abstracts


Full Papers
Paper Nr: 7
Title:

Helper-in-the-Middle: Supporting Web Application Scanners Targeting Industrial Control Systems

Authors:

Anne Borcherding, Steffen Pfrang, Christian Haas, Albrecht Weiche and Jürgen Beyerer

Abstract: Web applications on industrial control systems (ICS) provide functionality such as obtaining status information or updating configurations. However, a web application possibly adds additional attack vectors to the ICS. In order to find existing vulnerabilities of web applications, automated black box web application scanners (WAS) can be used. Evaluations of existing scanners show similar limitations in their applicability. For example, ICS often crash during a scan. If the used scanner does not recognize and handle this issue, it is not able to finish the test. We present HelpMeICS which makes improvements available for different scanners without the need to adapt the specific scanner. It is implemented as a proxy-based solution which is transparent for the scanners and handles different aspects such as error-handling, authentication, and replacement of contents. Our evaluation with five different ICS shows an improvement of applicability as well as a reduction of additional limitations of WAS. As an example, our improvements increased the URL coverage from 8% to 100%. For one of the ICS, a complete scan was only made possible by HelpMeICS since the ICS crashed irrecoverably during the scans without HelpMeICS.
Download

Paper Nr: 8
Title:

Termination of Ethereum’s Smart Contracts

Authors:

Thomas Genet, Thomas Jensen and Justine Sauvage

Abstract: Ethereum is a decentralized blockchain technology equipped with so-called Smart Contracts. A contract is a program whose code is public, which can be triggered by any user, and whose actual execution is performed by miners participating in Ethereum. Miners execute the contract on the Ethereum Virtual Machine (EVM) and apply its effect by adding new blocks to the blockchain. A contract that takes too much time to be processed by the miners of the network may result into delays or a denial of service in the Ethereum system. To prevent this scenario, termination of Ethereum’s Smart Contracts is ensured using a gas mechanism. Roughly, the EVM consumes gas to process each instruction of a contract and the gas provided to run a contract is limited. This technique could make termination of contracts easy to prove but the way the official definition of the EVM specifies gas usage makes the proof of this property non-trivial. EVM implementations and formal analysis techniques of EVM’s Smart Contracts use termination of contracts as an assumption, so having a formal proof of termination of contracts is crucial. This paper presents a mechanized, formal, and general proof of termination of Smart Contracts based on a measure of EVM call stacks.
Download

Paper Nr: 11
Title:

Avoiding Network and Host Detection using Packet Bit-masking

Authors:

George Stergiopoulos, Eirini Lygerou, Nikolaos Tsalis, Dimitris Tomaras and Dimitris Gritzalis

Abstract: Current host and network intrusion detection and prevention systems mainly use deep packet inspection, signature analysis and behavior analytics on traffic and relevant software to detect and prevent malicious activity. Solutions are applied on both system and network level. We present an evasion attack to remotely control a shell and/or exfiltrate sensitive data that manages to avoid most popular host and network intrusion techniques. The idea is to use legitimate traffic and victim-generated packets that belong to different contexts and reuse it to communicate malicious content without tampering their payload or other information (except destination IP). We name the technique “bit-masking”. The attack seems able to exfiltrate any amount of data and execution time does not seem to affect detection rates. For proof, we develop the “Leaky-Faucet” software that allows us to (i) remotely control a reverse shell and (ii) transfer data unnoticed. The validation scope for the presented attack includes evading 5 popular NIDS, 8 of the most popular integrated end-point protection solutions and a Data Leakage Prevention system (DLP); both on the network and host session level. We present three different variations of the attack able to transfer (i) shell commands, (ii) large chunks of data, and (iii) malicious code to a remote command and control (CnC) center. During experiments, we also detected an NPcap library bug that allows resent packets to avoid logging from network analysis tools for Windows that use the Npcap library.
Download

Paper Nr: 14
Title:

Security and Complexity of a New Variant of the McEliece Cryptosystem using Non-linear Convolutional codes

Authors:

Michael E. Sone

Abstract: The paper reports development of a new version of the McEliece cryptosystem using non-linear convolutional codes. Cascaded convolutional codes are used to be part of the public key with each stage of the cascade separated by a product cipher to increase the security level. Cryptanalysis of the new version of the McEliece cryptosystem is performed using existing attacks of the classical cryptosystem to demonstrate the difficulties in breaking the new cryptosystem. It is shown that, security levels comparable to the original McEliece cryptosystem could be obtained by using smaller public key sizes of the new version if multiple stages of the generator matrix are employed. This aspect makes the new version of the McEliece cryptosystem attractive in mobile wireless networks since it could be ported onto a single Field Programmable Gate Array (FPGA).
Download

Paper Nr: 17
Title:

CROOT: Code-based Round-Optimal Oblivious Transfer

Authors:

Nicolas Aragon, Olivier Blazy, Neals Fournaise and Philippe Gaborit

Abstract: In this paper, we present a new functionality for 1-out-of-2 Oblivious Transfer. This functionality lives between the classical and the weak-Oblivious Transfer ones. We motivate this functionality to adapt and prove a formerly proposed (and retracted) framework that was shown to be unprovable with the classical OT functionality. Our functionality still remains reasonably close to natural expectation for Oblivious Transfer. Once our global framework is proven in the new functionality, we propose two instantiations using recent code-based candidates of the NIST post-quantum standardization process. We show that the resulting instantiations are both efficient and secure. Our new functionality opens the way to round-optimal oblivious transfer instantiations.
Download

Paper Nr: 28
Title:

DCBC: A Distributed High-performance Block-Cipher Mode of Operation

Authors:

Oussama Trabelsi, Lilia Sfaxi and Riadh Robbana

Abstract: Since the rise of Big Data, working with large files became the rule and no longer the exception. Despite this fact, some data at-rest encryption modes of operation, namely CBC, are being used even though they do not take into account the heavy cost of running sequential encryption operations over a big volume of data. This led to some attempts that aim to parallelizing such operations either by only chaining isolated subsets of the plaintext, or by using hash functions to reflect any changes made to the plaintext before running parallel encryption operations. However, we noticed that such solutions present some security issues of different levels of severity. In this paper, we propose a Distributed version of CBC, which we refer to as DCBC, that uses an IV generation layer to ensure some level of chaining between multiple CBC encryption operations that run in parallel, while keeping CPA security intact and even adding new operations such as appending data without compromising the encryption mode’s security. We will, also, make a theoretical performance comparison between DCBC and CBC under different circumstances to study optimal conditions for running our proposed mode. We show in this comparison that our solution largely outperforms CBC, when it comes to large files.
Download

Paper Nr: 46
Title:

Stay Thrifty, Stay Secure: A VPN-based Assurance Framework for Hybrid Systems

Authors:

Marco Anisetti, Claudio A. Ardagna, Nicola Bena and Ernesto Damiani

Abstract: Security assurance provides a wealth of techniques to demonstrate that a target system holds some nonfunctional properties and behaves as expected. These techniques have been recently applied to the cloud ecosystem, while encountering some critical issues that reduced their benefit when hybrid systems, mixing public and private infrastructures, are considered. In this paper, we present a new assurance framework that evaluates the trustworthiness of hybrid systems, from traditional private networks to public clouds. It implements an assurance process that relies on a Virtual Private Network (VPN)-based solution to smoothly integrate with the target systems. The assurance process provides a transparent and non-invasive solution that does not interfere with the working of the target system. The performance of the framework have been experimentally evaluated in a simulated scenario.
Download

Paper Nr: 51
Title:

An Enhanced Lightweight Authentication Scheme for Secure Access to Cloud Data

Authors:

Hamza Hammami, Mohammad S. Obaidat and Sadok Ben Yahia

Abstract: The use of cloud computing has become increasingly important due to many factors, including the cost- effective architecture that supports data transmission, storage and computation. It has become indispensable to setting up and providing IT services. Among these services, outsourced data storage, or Storage as a Service (StaaS), which is one of the most popular services in cloud computing; it reliably stores large volumes of data. In return, apart from its benefits in terms of cost and ease of management, StaaS poses new problems related to the security of data and their treatments during access. This is due to the storage of data at a distance beyond the perimeters of users and the involvement of one or more third parties such as service providers or infrastructure. Indeed, the provision of sensitive data to an external entity is a serious concern. The major issues of security, privacy and trust remain the main concerns that hamper the mass adoption of the cloud. Therefore, an automatic focus when using cloud services is the presence of a good strong authentication mechanism to properly authenticate users and mitigate as many vulnerabilities as possible. Our work is part of the research theme on security challenges including the protection of personal data during the authentication process, posed in cloud environments. With this in mind, we introduce an authentication mechanism that takes advantage of the opportunities offered by the hybrid cryptography techniques to protect each user's personal data in the cloud environment while preserving its privacy. The experiments show that the authentication mechanism, we offer, surpasses its competitors in terms of communication and computational costs, data confidentiality and integrity, and resistance to various types of attacks.
Download

Paper Nr: 53
Title:

Decentralized Multi-Client Attribute Based Functional Encryption

Authors:

Yuechen Chen, Linru Zhang and Siu-Ming Yiu

Abstract: Functional encryption (FE) allows users to learn only functional values from the encrypted data. However, in existing FE schemes, all legitimate users get the same decryption results. Functional encryption that allows users to get different decryption results based on user attributes/policies has many useful practical applications. For example, a company may only authorize department heads of other sections to query the average sale figures of the sales department from the encrypted sales database. In this paper, we combine techniques from Attribute Based Encryption(ABE) and Multi Client Function Encryption (MCFE) to propose a primitive that we call “Multi-Client Attribute Based Functional Encryption scheme (MCABFE)” which allows only authorized users to obtain functional values based on the users’ attributes/policies, and give the first MCABFE scheme for inner product functionality from simple and well-studied assumptions. Then we extend our new primitive and propose a “Decentralized Multi-Client Attribute Based Functional Encryption scheme (DMCABFE)” in which no trusted party is required in the setup phase and the generation of functional decryption keys, and also give an instantiation for inner product functionality.
Download

Paper Nr: 57
Title:

Optimal Transport Layer for Secure Computation

Authors:

Markus Brandt, Claudio Orlandi, Kris Shrishak and Haya Shulman

Abstract: Although significantly improved, the performance of secure two-party computation (2PC) is still prohibitive for practical systems. Contrary to common belief that bandwidth is the remaining bottleneck for 2PC implementation, we show that the network is under-utilised due to the use of standard TCP sockets. Nevertheless, using other sockets is non-trivial: the developers of secure computation need to integrate them into the operating systems, which is a challenging task even for systems experts. To resolve the efficiency barrier of 2PC, we develop a framework, we call Transputation, which automates the integration of transport layer sockets into 2PC implementations. Transputation is the first tool which enables developers of 2PC protocols to easily identify and use the optimal transport layer protocol for the given computation task and network conditions. We integrate selected transport layer protocols into Transputation and evaluate the performance for a number of computational tasks. As a highlight, even a general purpose transport layer protocol, such as SABUL, improves the run-time of 2PC over TCP on EU-Australia connection for circuits with > 10⁶ Boolean gates by a factor of 8. To enable evaluations of 2PC implementations in real life setups in the Internet we setup a distributed testbed.The testbed provides automated generation of network scenarios and runs evaluations of 2PC implementations. We evaluate Transputation on in different network setups and report on our experimental results in this work.
Download

Paper Nr: 60
Title:

An Identity-matching Process to Strengthen Trust in Federated-identity Architectures

Authors:

Paul Marillonnet, Mikaël Ates, Maryline Laurent and Nesrine Kaaniche

Abstract: To smoothly counteract privilege escalation in federated-identity architectures, the cross-checking of asserted Personally Identifiable Information (PII) among different sources is highly recommended and advisable. Identity matching is thus a key component for supporting the automated PII cross-checking process. This paper proposes an efficient identity-matching solution, adapted to a chosen User-Relationship Management (URM) platform, relying on a French Territorial Collectivities and Public Administrations (TCPA) use case. The originality of the paper is threefold. (1) It presents an original solution to identity-matching issues raised by a concrete use case from the Territorial Collectivities and the Public Administration (TCPA), formalizing concepts such as information completeness, PII normalization and Levenshtein-distance matrix generation. (2) Implementation guidelines are given to deploy the solution on an operational Publik platform. (3) A precise security analysis is provided, relying on an original attacker model.
Download

Paper Nr: 65
Title:

Ensuring the Integrity of Outsourced Web Scripts

Authors:

Josselin Mignerey, Cyrille Mucchietto and Jean-Baptiste Orfila

Abstract: Dynamic web browsing, supported by web scripting languages such as JavaScript, has quickly conquered the Internet. In spite of the obvious advantages they offer, they have also opened many security flaws for the user browsing. The browser starts by retrieving some external scripts, potentially distributed over many servers. In terms of security, this process is extremely sensitive, therefore many solutions have been introduced to secure web browsing. Unfortunately, they mostly rely on server side actions. Hence, a malicious server is able to compromise the client by modifying the security policy and the scripts sent. We propose an efficient solution, which does not require any trust in the servers, to ensure the integrity of distributed web scripts. Our protocols rely on simple cryptographic tools, such as digital signature schemes and hash functions. In the end, we provide a proven secure, user-friendly and easy-to-deploy solution which only adds a small latency in the end-user browsing.
Download

Paper Nr: 77
Title:

Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-entropy Secrets

Authors:

Itzel Vazquez Sandoval, Arash Atashpendar and Gabriele Lenzini

Abstract: We revisit the problem of entity authentication in decentralized end-to-end encrypted email and secure messaging to propose a practical and self-sustaining cryptographic solution based on password-authenticated key exchange (PAKE). This not only allows users to authenticate each other via shared low-entropy secrets, e.g., memorable words, without a public key infrastructure or a trusted third party, but it also paves the way for automation and a series of cryptographic enhancements; improves security by minimizing the impact of human error and potentially improves usability. First, we study a few vulnerabilities in voice-based out-of-band authentication, in particular a combinatorial attack against lazy users, which we analyze in the context of a secure email solution. Next, we propose solving the problem of secure equality test using PAKE to achieve entity authentication and to establish a shared high-entropy secret key. Our solution lends itself to offline settings, compatible with the inherently asynchronous nature of email and modern messaging systems. The suggested approach enables enhancements in key management such as automated key renewal and future key pair authentications, multi-device synchronization, secure secret storage and retrieval, and the possibility of post-quantum security as well as facilitating forward secrecy and deniability in a primarily symmetric-key setting. We also discuss the use of auditable PAKEs for mitigating a class of online guess and abort attacks in authentication protocols.
Download

Paper Nr: 81
Title:

FALCO: Detecting Superfluous JavaScript Injection Attacks using Website Fingerprints

Authors:

Chih-Chun Liu, Hsu-Chun Hsiao and Tiffany H. Kim

Abstract: JavaScript injection attacks enable man-in-the-middle adversaries to not only exploit innocent users to launch browser-based DDoS but also expose them to unwanted advertisements. Despite ongoing efforts to address the critical JavaScript injection attacks, prior solutions have several practical limitations, including the lack of deployment incentives and the difficulty to configure security policies. An interesting observation is that the injected JavaScript oftentimes changes the website’s behavior, significantly increasing the additional requests to previously unseen domains. Hence, this paper presents the design and implementation of a lightweight system called FALCO to detect JavaScript injection with mismatched website behavior fingerprints. We extract a website’s behavior fingerprint from its dependency on external domains, which yields compact fingerprint representations with reasonable detection accuracy. Our experiments show that FALCO can detect 96.98% of JavaScript-based attacks in simulation environments. FALCO requires no cooperation with servers and users can easily add an extension on their browsers to use our service without privacy concerns.
Download

Paper Nr: 104
Title:

Beyond Black and White: Combining the Benefits of Regular and Incognito Browsing Modes

Authors:

John Korniotakis, Panagiotis Papadopoulos and Evangelos P. Markatos

Abstract: As an increasing number of users seem to be concerned about the sophisticated tracking approaches that web sites employ, most modern browsers provide a privacy-preserving browsing mode. This so called “Incognito” mode enables users to browse web sites with sensitive (e.g., medical-, religious-, and substance-abuse-related) content by providing them with a clean-state and disposable browser session. Although incognito-mode browsing is useful, users will eventually need to switch back to regular web browsing as they need to log in to their favorite web sites (e.g., Gmail, Facebook, etc.). However, whenever they want to access another unfamiliar or sensitive web site, they are forced to switch back to Incognito mode, and so on and so forth. Pretty soon, users find themselves switching all the time back and forth between regular and incognito mode. Unfortunately, such a chain of actions, is not only tiresome, but may also turn out to be error-prone as well, since users may accidentally use regular browsing mode to visit web sites they intended to access in incognito mode. To provide users with a convenient and privacy-preserving browsing experience, in this paper we propose GRISEO: a new browsing mode that aims to act as a middle-ground, thus enabling users to get the best of both words: the privacy of incognito mode along with the convenience of the regular browsing mode. Our approach is founded on a whitelist-based solution where users “whitelist” the sites they trust and from which they are willing to receive cookies that will persist even after a single browsing section is over. The rest of the sites are considered black-listed and are allowed to plant only ephemeral cookies: cookies that will be deleted at the end of the browsing session. Our preliminary performance results of our prototype, show that for the average web page access, the rendering time while browsing in GRISEO mode is just 5.9% more than while in Chrome’s Regular Browsing mode. We believe that the overhead of GRISEO is very small and it will be hardly noticeable by most users.
Download

Paper Nr: 108
Title:

Practically Efficient Attribute-based Encryption for Compartmented Access Structures

Authors:

Ferucio Laurentiu Tiplea, Alexandru Ionită and Anca M. Nica

Abstract: Compartmented access structures (CASs) regulate the access control by requesting the consent of various compartments. Thus, they are particularly useful to Internet of Things or Wireless Sensor Networks applications with cloud support. The construction of practically efficient attribute-based encryption (ABE) schemes for CASs is faced with the fact that these access structures cannot be represented by Boolean formulas. The use of multilinear map based ABE schemes for general Boolean circuits is not only impractical but also suffers from the lack of secure multilinear map candidates. Also, the schemes based on lattice cryptography, even if they are secure, are highly inefficient in practice. We show in this paper that for CASs we can construct practically efficient ABE schemes based on secret sharing and just one bilinear map. The construction can also be applied to multilevel access structures.
Download

Paper Nr: 111
Title:

Round-optimal Constant-size Blind Signatures

Authors:

Olivier Blazy, Brouilhet Laura, Céline Chevalier and Neals Fournaise

Abstract: Blind signatures schemes allow a user to obtain a signature on messages from a signer, ensuring blindness (the signer should not learn which messages he signed or in which order) and unforgeability (the user should not be able to produce more signatures than the number of times he interacted with the signer). For practical purposes, it is important that such schemes are round-optimal (one flow sent by the user and one by the signer) and constant-size (the amount of data sent during the interaction should not depend on the length of the message), which are two properties difficult to ensure together. In this paper, we propose the first blind signature scheme both round-optimal, constant-size, in the standard model (without any random oracle) and under a classical assumption (SXDH). Our construction follows the classical framework initially presented by Fischlin. As a side result, we first show how to use a special kind of structure-preserving signatures (where the signatures also are group elements) in order to construct the first constant-size signatures on randomizable ciphertexts, a notion presented a few years ago by Blazy et al. Our construction of blind signature then builds upon this primitive and consists of constant-size two-round communication. It can be instantiated under any k −MDDH assumption, requires to exchange 9 elements and leads to a final signature with 22 elements when relying on SXDH. .
Download

Paper Nr: 113
Title:

Prov-Trust: Towards a Trustworthy SGX-based Data Provenance System

Authors:

Nesrine Kaaniche, Sana Belguith, Maryline Laurent, Ashish Gehani and Giovanni Russello

Abstract: Data provenance refers to records of the inputs, entities, systems, and processes that influence data of interest, providing a historical record of the data and its origins. Secure data provenance is vital to ensure accountability, forensics investigation of security attacks and privacy preservation. In this paper, we propose Prov-Trust, a decentralized and auditable SGX-based data provenance system relying on highly distributed ledgers. This consensually shared and synchronized database allows anchored data to have public witness, providing tamper-proof provenance data, enabling the transparency of data accountability, and enhancing the secrecy and availability of the provenance data. Prov-Trust relies on Intel SGX enclave to ensure a trusted execution of the provenance kernel to collect, store and query provenance records. The use of SGX enclave protects data provenance and users’ credentials against malicious hosting and processing parties. Prov-Trust does not rely on a trusted third party to store provenance data while performing their verification using smart contracts and voting process. The storage of the provenance data in Prov-Trust is done using either the log events of Smart Contracts or blockchain’s transactions depending on the provenance change event, which enables low storage costs. Finally, Prov-Trust ensures an accurate privacy-preserving auditing process based on blockchain traces and achieved thanks to events’ logs that are signed by SGX enclaves, transactions being registered after each vote session, and sealing the linking information using encryption schemes.
Download

Paper Nr: 118
Title:

A Failure Rate Model of Bit-flipping Decoders for QC-LDPC and QC-MDPC Code-based Cryptosystems

Authors:

Marco Baldi, Alessandro Barenghi, Franco Chiaraluce, Gerardo Pelosi and Paolo Santini

Abstract: The design of quantum-resistant cryptographic primitives has gained attraction lately, especially thanks to the U.S.A. National Institute of Standards and Technology (NIST) initiative, which is selecting a portfolio of primitives for standardization. A prime position in the set of asymmetric encryption primitives is occupied by the ones relying on decoding random linear error correction codes as their trapdoor. Among these primitives, the LEDAcrypt and BIKE cryptosystems have been admitted to the second round of the standardization initiative. They are based on the adoption of iteratively decoded Low- and Moderate-Density Parity Check (LDPC/MDPC) codes. Characterizing the decoding failure rate of such codes under iterative decoding is paramount to the security of both the LEDAcrypt and BIKE second round candidates to achieve indistinguishability under adaptive chosen ciphertext attacks (IND-CCA2). For these codes, we propose a new iterative decoder, obtained through a simple modification of the classic in-place bit-flipping decoder and, in this paper, we provide a statistical worst-case analysis of its performance. This result allows us to design parameters for LDPC/MDPC code-based cryptosystems with guaranteed extremely low failure rates (e.g., 2−128), fitting the hard requirement imposed by IND-CCA2 constructions.
Download

Short Papers
Paper Nr: 10
Title:

Exploring Current E-mail Cyber Threats using Authenticated SMTP Honeypot

Authors:

Lukáš Zobal, Dušan Kolář and Jakub Křoustek

Abstract: Today, spam is a major attack vector hackers use to cause harm. Let it be through phishing or direct malicious attachments, e-mail can be used to steal credentials, distribute malware, or cause other illegal activities. Even nowadays, most users are unaware of such danger, and it is the responsibility of the cybersecurity community to protect them. To do that, we need tools to gain proper threat intelligence in the e-mail cyber landscape. In this work, we show how an e-mail honeypot requiring authentication can be used to monitor current e-mail threats. We study how such honeypot performs in place of an open relay server. The results show this kind of solution provides a powerful tool to collect fresh malicious samples spreading in the wild. We present a framework we built around this solution and show how its users are automatically notified about unknown threats. Further, we perform analysis of the data collected and present a view on the threats spreading in the recent months as captured by this authentication-requiring e-mail honeypot.
Download

Paper Nr: 16
Title:

Optimizing dm-crypt for XTS-AES: Getting the Best of Atmel Cryptographic Co-processors

Authors:

Levent Demir, Mathieu Thiery, Vincent Roca, Jean-Michel Tenkes and Jean-Louis Roch

Abstract: Linux implementation of Full Disk Encryption (FDE) relies on the dm-crypt kernel module, and is based on the XTS-AES encryption mode. However, XTS-AES is complex and can quickly become a performance bottleneck. Therefore we explore the use of cryptographic co-processors to efficiently implement the XTS-AES mode in Linux. We consider two Atmel boards that feature different cryptographic co-processors: the XTS-AES mode is completely integrated on the recent SAMA5D2 board but not on the SAMA5D3 board. We first analyze three XTS-AES implementations: a pure software implementation, an implementation that leverages the XTS-AES co-processor, and an intermediate solution. This work leads us to propose an optimization of dm-crypt, the extended request mode, that enables to encrypt/decrypt a full 4kB page at once instead of issuing eight consecutive 512 bytes requests as in the current implementation. We show that major performance gains are possible with this optimization, a SAMA5D3 board reaching the performance of a SAMA5D2 board where XTS-AES operations are totally offloaded to the dedicated cryptographic co-processor, while remaining fully compatible with the standard. Finally, we explain why bad design choices prevent this optimization to be applied to the new SAMA5D2 board and derive recommendations for future co-processor designs.
Download

Paper Nr: 21
Title:

cipherPath: Efficient Traversals over Homomorphically Encrypted Paths

Authors:

Georg Bramm and Julian Schütte

Abstract: We propose cipherPath, a novel graph encryption scheme that enables exact shortest distance queries on encrypted graphs. Shortest distance queries are very useful in a vast number of applications, including medical, social or geospatial. Our approach using somewhat homomorphic encryption in combination with structured encryption enables exact shortest distance queries on outsourced and encrypted graph data. Our approach upholds provable security against a semi-honest provider. We demonstrate our framework by means of two different shortest path algorithms on encrypted graphs: Dijkstra and Floyd. Finally, we evaluate the leakage profile of cipherPath.
Download

Paper Nr: 25
Title:

A White-Box Encryption Scheme using Physically Unclonable Functions

Authors:

Sandra Rasoamiaramanana, Marine Minier and Gilles Macario-Rat

Abstract: When a cryptographic algorithm is executed in a potentially hostile environment, techniques of White-Box Cryptography are used to protect a secret key from a fully-privileged adversary. However, even if the adversary is not able to extract the secret key from the implementation, they might lift the entire white-box code and execute it (this is called a code lifting attack). In this work, we introduce an encryption scheme that can be implemented on an untrusted environment and is still secure even if the white-box code has been lifted. We base our proposal on a Physically Unclonable Function (PUF) to ensure the execution context of our so-called PUF-based encryption scheme. This way, the encryption is “locked” by a particular device.
Download

Paper Nr: 26
Title:

Towards Understanding Man-on-the-Side Attacks (MotS) in SCADA Networks

Authors:

Peter Maynard and Kieran McLaughlin

Abstract: We describe a new class of packet injection attacks called Man-on-the-Side (MotS), previously only seen where state actors have “compromised” a number of telecommunication companies. MotS injection attacks have not been widely investigated in scientific literature, despite having been discussed by news outlets and security blogs. MotS came to attention after the Edward Snowden revelations, which described large scale pervasive monitoring of the Internet’s infrastructure. For an advanced adversary attempting to interfere with IT connected systems, the next logical step is to adapt this class of attack to a smaller scale, such as enterprise or critical infrastructure networks. MotS is a weaker form of attack compared to a Man-in-the-Middle (MitM). A MotS attack allows an adversary to read and inject packets, but not modify packets sent by other hosts. This paper presents practical experiments where we have implemented and performed MotS attacks against two testbeds: 1) on HTTP connections, by redirecting a victim to a host controlled by an adversary; and 2) on an Industrial Control network, where we inject falsified command responses to the victim. In both cases, the victims accept the injected packets without generating a suspiciously large number of unusual packets on the network. We then perform an analysis of three leading Network Intrusion Detection Systems (IDSs) to determine whether the attacks are detected, and discuss mitigation methods.
Download

Paper Nr: 29
Title:

Towards Secure Edge-assisted Image Sharing for Timely Disaster Situation Awareness

Authors:

Jing Yao, Yifeng Zheng, Cong Wang and Surya Nepal

Abstract: To save human lives and reduce injury and property loss in disasters, it is important to collect real-time situation awareness information such as the surroundings, road conditions, resource information, and more. Among others, images carry rich information and can easily provide a comprehensive view of the disaster situations. This is nowadays greatly facilitated with the prevalence of camera-embedded smartphones. However, high redundancy typically exists among the images gathered from different users during disasters. Given that bandwidth is dearer in disaster situations, it would be valuable to detect the image redundancy during transmission so that bandwidth allocation can be prioritized for unique images, enabling the timely delivery of useful information. In light of the above, in this position paper, we propose the design of an image sharing system architecture for timely disaster situation awareness. Our system architecture takes advantage of the emerging edge computing paradigm to perform image redundancy detection and prioritize the transmission of unique images, optimizing the amount of useful information delivered within a certain period of time. Meanwhile, to prevent images from being exposed to the intermediate edge infrastructure, our protocol is devised in a manner that the edge infrastructure can perform image redundancy detection without seeing the images in the clear.
Download

Paper Nr: 33
Title:

Evasive Windows Malware: Impact on Antiviruses and Possible Countermeasures

Authors:

Cédric Herzog, Valérie T. Tong, Pierre Wilke, Arnaud Van Straaten and Jean-Louis Lanet

Abstract: The perpetual opposition between antiviruses and malware leads both parties to evolve continuously. On the one hand, antiviruses put in place solutions that are more and more sophisticated and propose more complex detection techniques in addition to the classic signature analysis. This sophistication leads antiviruses to leave more traces of their presence on the machine they protect. To remain undetected as long as possible, malware can avoid executing within such environments by hunting down the modifications left by the antiviruses. This paper aims at determining the possibilities for malware to detect the antiviruses and then evaluating the efficiency of these techniques on a panel of antiviruses that are the most used nowadays. We then collect samples showing this kind of behavior and propose to evaluate a countermeasure that creates false artifacts, thus forcing malware to evade.
Download

Paper Nr: 34
Title:

Security Analysis of ElGamal Implementations

Authors:

Mohamad El Laz, Benjamin Grégoire and Tamara Rezk

Abstract: The ElGamal encryption scheme is not only the most extensively used alternative to RSA, but is also almost exclusively used in voting systems as an effective homomorphic encryption scheme. Being easily adaptable to a wide range of cryptographic groups, the ElGamal encryption scheme enjoys homomorphic properties while remaining semantically secure. This is subject to the upholding of the Decisional Diffie-Hellman (DDH) assumption on the chosen group. We analyze 26 libraries that implement the ElGamal encryption scheme and discover that 20 of them are semantically insecure as they do not respect the Decisional Diffie-Hellman (DDH) assumption. From the five libraries that do satisfy the DDH assumption, we identify and compare four different message encoding and decoding techniques.
Download

Paper Nr: 38
Title:

Efficient Constructions of Non-interactive Secure Multiparty Computation from Pairwise Independent Hashing

Authors:

Satoshi Obana and Maki Yoshida

Abstract: An important issue of secure multi-party computation (MPC) is to improve the efficiency of communication. Non-interactive MPC (NIMPC) introduced by Beimel et al. in Crypto 2014 completely avoids interaction in the information theoretical setting by allowing a correlated randomness setup where the parties get correlated random strings beforehand and locally compute their messages sent to an external output server. Existing studies have been devoted to constructing NIMPC with small communication complexity, and many NIMPC have been presented so far. In this paper, we present a new generic construction of NIMPC for arbitrary functions from a class of functions called indicator functions. We employ pairwise independent hash functions to construct the proposed NIMPC, which results in smallest communication complexity compared to the existing generic constructions. We further present a concrete construction of NIMPC for the set of indicator functions with smallest communication complexity known so far. The construction also employs pairwise independent hash functions. It will be of independent interest to see how pairwise independent hash functions helps in constructing NIMPC.
Download

Paper Nr: 41
Title:

Signatures to Go: A Framework for Qualified PDF Signing on Mobile Devices

Authors:

Emina Ahmetovic, Thomas Lenz and Christian Kollmann

Abstract: Electronic documents are an important part of a business workflow. To assure the integrity, authenticity, and non-repudiation of those documents, both public and private sectors use qualified electronic signatures to sign PDF files. Benefits of the resulting qualified PDF signing are widely recognized, and there are many desktop and web applications used to sign PDFs. Those applications usually require additional hardware, such as smartphones, or smart cards, to assure a multi-factor authentication in the signing process. However, the prevalence of mobile devices in everyday life posed a need for public services, which can be executed on a single mobile device. In this paper, we develop a user-friendly and privacy-preserving framework for qualified PDF signing on mobile devices. We show the feasibility of our framework by implementing all necessary components: the PDF processing application, the Trust Service Provider server-side, and client-side application. The main focus of these components is to preserve the privacy of users and to meet user expectations regarding the functionalities of PDF signing applications. Furthermore, we demonstrate the practical applicability of our solution by integrating it into the productive Austrian e-Government system. Lastly, we conclude the paper with extensive performance evaluation.
Download

Paper Nr: 45
Title:

Privacy-Preserving Greater-Than Integer Comparison without Binary Decomposition

Authors:

Sigurd Eskeland

Abstract: Common for the overwhelming majority of privacy-preserving greater-than integer comparison schemes is that cryptographic computations are conducted in a bitwise manner. To ensure secrecy, each bit must be encoded in such a way that nothing is revealed to the opposite party. The most noted disadvantage is that the computational and communication cost of bitwise encoding is at best linear to the number of bits. Also, many proposed schemes have complex designs that may be difficult to implement. Carlton et al. (2018) proposed an interesting scheme that avoids bitwise decomposition and works on whole integers. A variant was proposed by Bourse et al. (2019). Despite that the stated adversarial model of these schemes is honest-but-curious users, we show that they are vulnerable to malicious users. Inspired by the two mentioned papers, we propose a novel comparison scheme, which is resistant to malicious users.
Download

Paper Nr: 47
Title:

Multi-Stakeholder Cybersecurity Risk Assessment for Data Protection

Authors:

Majid Mollaeefar, Alberto Siena and Silvio Ranise

Abstract: To ensure the effectiveness of the adopted security measures and minimize the impact of security issues on the rights and freedom of individuals, the General Data Protection Regulation (GDPR) requires to carry out a Data Processing Impact Assessment (DPIA). Such an assessment differs from traditional risk analyses in which the actor carrying out the evaluation is also the one interested in reducing its risk. Conflicts may thus arise between the need of protecting data subjects rights and organizations that shall provide adequate security measures while struggling with various types of constraints (e.g., budget). To alleviate this problem, we introduce the Multi-Stakeholder Risk Trade-off Analysis Problem, (MSRToAP) and propose an automated technique to solve their instances. We then show how this can help data controllers make more informed decisions about which security mechanisms allow for a better trade-off between their requirements and those of the data subjects. For concreteness, we illustrate the proposed on a simple yet realistic use case scenario.
Download

Paper Nr: 50
Title:

A Novel Anonymous Authentication and Key Agreement Scheme for Smart Grid

Authors:

Hamza Hammami, Mohammad S. Obaidat and Sadok Ben Yahia

Abstract: The smart grid is a new technology that is revolutionizing the services and uses of the electric power sector. It is a solution that integrates the new information and the communication technology into its operation in order to modernize the electrical system and optimize the transport of electrical energy from production points to distribution ones. Indeed, the smart grid represents a future solution mainly based on two participants: the distribution and calculation center and the smart meter installed at the end customer. This smart meter sends the information carrying the energy consumption data of its customer to the distribution and calculation center. The latter processes the received consumption data and returns the result of its calculation to the end customer in the form of an invoice containing the amount of its consumption. This communication can be susceptible to several types of attacks due to its sending in a network, which is not always secure. These types of attacks can modify data and can subsequently generate a falsified consumption invoice. Our work therefore focuses on this issue. It particularly concerns the development of a solution that has the capacity to stem attacks targeting the smart grid with a lower computation and communication costs than its competitors.
Download

Paper Nr: 52
Title:

SENSSE: Simple, Efficient Searchable Symmetric Encryption for Sensor Networks

Authors:

Bojan Spasić, Olivier Markowitch and Philippe Thiran

Abstract: In this work, we focus on the problem of forward-private dynamic searchable symmetric encryption (DSSE) in the multi-client setting. In order to achieve forward privacy, efficient DSSE schemes require clients to store local information, such as per-keyword search counters. Such construction choices prevent these schemes from being used in a multi-user scenario. We revisit the concept of forward privacy with a goal to examine the need for client storage. As a result, we propose a new method of realising forward privacy without requiring the clients to keep any state information. Based on this method, we construct a dynamic, forward-private searchable symmetric encryption scheme supporting multiple concurrent clients with minimal overhead. The proposed construction requires no state to be kept by clients, yet provides optimal asymptotic behaviour both in time, storage and communication cost, while having similar leakage profile to other state-of-the-art DSSE schemes.
Download

Paper Nr: 61
Title:

Linear Generalized ElGamal Encryption Scheme

Authors:

Pascal Lafourcade, Léo Robert and Demba Sow

Abstract: ElGamal public key encryption scheme has been designed in the 80’s. It is one of the first partial homomorphic encryption and one of the first IND-CPA probabilistic public key encryption scheme. A linear version has been recently proposed by Boneh et al. In this paper, we present a linear encryption based on a generalized version of ElGamal encryption scheme. We prove that our scheme is IND-CPA secure under linear assumption. We design a generalized ElGamal scheme from the generalized linear. We also run an evaluation of performances of our scheme. We show that the decryption algorithm is slightly faster than the existing versions.
Download

Paper Nr: 62
Title:

Accelerating Homomorphic Encryption using Approximate Computing Techniques

Authors:

Shabnam Khanna and Ciara Rafferty

Abstract: This research proposes approximate computing techniques to accelerate homomorphic encryption (HE). In particular, the CKKS encryption scheme for approximate numbers is targeted. There is a requirement for HE in services dealing with confidential data, however current constructions are not efficient enough for real-time applications. A homomorphic encryption scheme which uses approximate arithmetic (showing faster results than previous HE schemes) already exists, the CKKS scheme, and this research applies a variation of the approximate computing techniques of task skipping and depth reduction (derived from loop perforation) to determine whether further approximating the functions evaluated using CKKS scheme can have a positive impact on performance of homomorphic evaluation. This is demonstrated via the evaluation of the logistic and exponential functions that this is possible, showing positive results. The speed up in running time for HE with task skipping is between 12.1% and 45.5%, depth reduction gives 35-45.5% speed-up with a small error difference than task skipping alone. The combination of both techniques corresponds to a halving of the running time, at the cost of increased error. This novel approach to further approximate homomorphic encryption shows that it is possible for certain functions, where running time is of paramount importance, that further approximations can be made with a lower-impacting greater error.
Download

Paper Nr: 64
Title:

This Selfie Does Not Exist: On the Security of Electroneum Cloud Mining

Authors:

Alexander Marsalek, Edona Fasllija and Dominik Ziegler

Abstract: The Electroneum cryptocurrency provides a novel mining experience called “cloud mining”, which enables iOS and Android users to regularly earn cryptocurrency tokens by simply interacting with the Electroneum app. Besides other security countermeasures against automated attacks, Electroneum requires the user to upload selfies with a predefined gesture or a drawing of a symbol as a prerequisite for the activation of the mining process. In this paper, we show how a malicious user can circumvent all of these security features and thus create and maintain an arbitrary number of fake accounts. Our impersonation attack particularly focuses on creating non-existing selfies by relying on Generative Adversarial Network (GAN) techniques during account initialization. Furthermore, we employ reverse engineering to develop a bot that simulates the genuine Electroneum app and is capable of operating an arbitrary number of illegitimate accounts on one Android device, enabling the malicious user to obtain an unfairly large payout.
Download

Paper Nr: 66
Title:

ProteiNN: Privacy-preserving One-to-Many Neural Network Classifications

Authors:

Beyza Bozdemir, Orhan Ermis and Melek Önen

Abstract: In this work, we propose ProteiNN, a privacy-preserving neural network classification solution in a one-to-many scenario whereby one model provider outsources a machine learning model to the cloud server for its many different customers, and wishes to keep the model confidential while controlling its use. On the other hand, these customers take advantage of this machine learning model without revealing their sensitive inputs and the corresponding results. The solution employs homomorphic proxy re-encryption and a simple additive encryption to ensure the privacy of customers’ inputs and results against the model provider and the cloud server, and to give the control on the privacy and use of the model to the model provider. A detailed security analysis considering potential collusions among different players is provided.
Download

Paper Nr: 73
Title:

Privacy-preserving Content-based Publish/Subscribe with Encrypted Matching and Data Splitting

Authors:

Nathanaël Denis, Pierre Chaffardon, Denis Conan, Maryline Laurent, Sophie Chabridon and Jean Leneutre

Abstract: The content-based publish/subscribe paradigm enables a loosely-coupled and expressive form of communication. However, privacy preservation remains a challenge for distributed event-based middleware especially since encrypted matching incurs significant computing overhead. This paper adapts an existing attribute-based encryption scheme and combines it with data splitting, a non-cryptographic method called for alleviating the cost of encrypted matching. Data splitting enables to form groups of attributes that are sent apart over several independent broker networks so that it prevents the identification of an end-user; and, only identifying attributes are encrypted to prevent data leakage. The goal is to achieve an acceptable privacy level at an affordable computing price by encrypting only the necessary attributes, whose selection is determined through a Privacy Impact Assessment.
Download

Paper Nr: 76
Title:

Differentially Private Graph Publishing and Randomized Response for Collaborative Filtering

Authors:

Julián Salas and Vicenç Torra

Abstract: Several methods for providing edge and node-differential privacy for graphs have been devised. However, most of them publish graph statistics, not the edge-set of the randomized graph. We present a method for graph randomization that provides randomized response and allows for publishing differentially private graphs. We show that this method can be applied to sanitize data to train collaborative filtering algorithms for recommender systems. Our results afford plausible deniability to users in relation to their interests, with a controlled probability predefined by the user or the data controller. We show in an experiment with Facebook Likes data and psychodemographic profiles, that the accuracy of the profiling algorithms is preserved even when they are trained with differentially private data. Finally, we define privacy metrics to compare our method for different parameters of ε with a k-anonymization method on the MovieLens dataset for movie recommendations.
Download

Paper Nr: 78
Title:

A Machine-learning based Unbiased Phishing Detection Approach

Authors:

Hossein Shirazi, Landon Zweigle and Indrakshi Ray

Abstract: Phishing websites mimic a legitimate website to capture sensitive information of users. Machine learning is often used to detect phishing websites. In current machine-learning based approaches, the phishing and the genuine sites are classified into two groups based on some features. We feel that this is an inadequate modeling of the problem as the characteristics of different phishing websites may vary widely. Moreover, the current approaches are biased towards groups of over-represented samples. Most importantly, as new features are exploited, the training set must be updated to detect new phishing sites. There is a time lag between the evolution of new phishing sites and retraining of the model, which can be exploited by attackers. We provide an alternative approach that aims to solve the above-mentioned problems. Instead of finding commonalities among non-related genuine websites, we find similarity of a suspicious website to a legitimate target and use machine learning to decide whether the suspicious site is impersonating the target. We define the fingerprint of a legitimate website by using visual and textual characteristics against which a sample is compared to ascertain whether it is fake. We implemented our approach on 14 legitimate websites and tested against 1446 unique samples. Our model reported an accuracy of at least 98% and it is not biased towards any website. This is in contrast to the current machine learning models that may be biased towards groups of over-represented samples and lead to more false-negative errors for less popular websites.
Download

Paper Nr: 79
Title:

Beyond Administration: A Modeling Scheme Supporting the Dynamic Analysis of Role-based Access Control Policies

Authors:

Marius Schlegel and Peter Amthor

Abstract: Despite defining a de-facto standard in model-based security engineering, role-based access control models still suffer from limited analysis capabilities. This is especially true for dynamic security properties in the lineage of HRU safety. As a consequence, despite of their widespread use for policy specification and implementation, it is difficult to provide and preserve correctness guarantees for such models. We propose a formal framework, called DRBAC, to resolve this dilemma: While retaining application-oriented model abstractions, our approach allows to configure their dynamics in terms of state transitions. This enables a security engineer to tailor both a model and its analysis method to certain safety-related analysis goals. We demonstrate this claim based on a practical security policy.
Download

Paper Nr: 86
Title:

Solving Set Relations with Secure Bloom Filters Keeping Cardinality Private

Authors:

Louis Tajan, Dirk Westhoff and Frederik Armknecht

Abstract: We propose in this work to solve privacy preserving set relations performed by a third party in an outsourced configuration. We argue that solving the disjointness relation based on Bloom filters is a new contribution in particular by having another layer of privacy on the sets cardinality. We propose to compose the set relations in a slightly different way by applying a keyed hash function. Besides discussing the correctness of the set relations, we analyze how this impacts the privacy of the sets content as well as providing privacy on the sets cardinality. We are in particular interested in how having bits overlapping in the Bloom filters impacts the privacy level of our approach. Finally, we present our results with real-world parameters in two concrete scenarios.
Download

Paper Nr: 96
Title:

Identity Verification and Fraud Detection During Online Exams with a Privacy Compliant Biometric System

Authors:

M. A. Haytom, C. Rosenberger, C. Charrier, C. Zhu and C. Regnier

Abstract: Distant learning is an alternative solution to education when the learner is far from the school or cannot attend courses for professional or medical reasons. The main objective of this work is to design a smart application of remote exams, using a multibiometric system combining face with deep learning and keystroke dynamics to verify the identity of the learner. Privacy protection is consider in this work as an important issue because many personal data are processed in the proposed solution. We consider in this paper experiments under real-life conditions to identify abnormal behaviours with confidence indicators. We show the system ability to make the correct decision while preserving learner’s privacy.
Download

Paper Nr: 98
Title:

VIP Blowfish Privacy in Communication Graphs

Authors:

Mohamed Nassar, Elie Chicha, Bechara Al Bouna and Richard Chbeir

Abstract: Communication patterns analysis is becoming crucial for global health security especially with the spread of epidemics such as COVID-19 by the means of social contact. At the same time, personal privacy is considered an essential human right. Privacy-preserving frameworks enable communication graph analysis within formal privacy guarantees. In this paper, we present a summary of Blowfish privacy and explore the possibility of applying it in the context of undirected communication graphs. Communication graphs represent social contact or call detail records databases. We define the notions of neighborhood, discriminative secrets, and policies for these graphs. We study several examples of queries and compute their sensitivity. Even though not addressed in the original Blowfish privacy paper, we explore the idea of having a discriminative secret graph per individual. This allows us to treat some persons as VIP and put their privacy on top priority, where other persons can have lower privacy constraints. This may help to offer privacy as a service and increase the utility of the anonymized communication graph to an appropriate level.
Download

Paper Nr: 100
Title:

Droppix: Towards More Realistic Video Fingerprinting

Authors:

Przemysław Błaśkiewicz, Marek Klonowski and Piotr Syga

Abstract: We present preliminary results for a way of video fingerprinting that is different from typical methods based on paradigms from watermarking of still images. Our approach is based on modifying some fragments of the clip in a carefully chosen manner. We show the robustness of our approach against a number of typical of attacks. The marks introduced by our modifications are almost imperceptible to the viewer and their impact can be adjusted. Finally, our protocol is computationally light and can be combined with others schemes as an extra security layer.
Download

Paper Nr: 105
Title:

Software Emulation of Quantum Resistant Trusted Platform Modules

Authors:

Luís Fiolhais, Paulo Martins and Leonel Sousa

Abstract: Trusted Platform Modules (TPMs) serve as the root of trust to design and implement secure systems. Conceived by the Trusted Computing Group, a computer industry consortium, components complying with the TPM 2.0 standard are stable and widely available. However, should large-scale quantum computing become a reality, the type of cryptographic primitives adopted in the current standard will no longer be secure. For this reason, this paper analyses the impact of adding three Post-Quantum (PQ) algorithms to a current non-Quantum Resistant TPM through software emulation. The experimental results give insight on the kind of implementation challenges hardware designers will face when integrating the new primitives onto the TPM, that typically features limited hardware resources and low power consumption. In particular, it is concluded that Kyber, NTTRU, and Dilithium can efficiently replace most of the functionality provided by Elliptic Curve Cryptography (ECC) and Rivest-Shamir-Adleman (RSA). In contrast, current PQ Direct Anonymous Attestation (DAA) protocols are currently not compact enough to fit into a hardware TPM.
Download

Paper Nr: 110
Title:

Formal Accuracy Analysis of a Biometric Data Transformation and Its Application to Secure Template Generation

Authors:

Shoukat Ali, Koray Karabina and Emrah Karagoz

Abstract: Many of the known secure template constructions transform real-valued feature vectors to integer-valued vectors, and then apply cryptographic transformations. Throughout this two-step transformation, the original biometric data is distorted, whence it is natural to expect some loss in the accuracy. As a result, the accuracy and security of the whole system should be analyzed carefully. In this paper, we provide a formal accuracy analysis of a generic and intuitive method to transform real-valued feature vectors to integer-valued vectors. We carefully parametrize the transformation, and prove some accuracy-preserving properties of the transformation. Second, we modify a recently proposed noise-tolerant template protection algorithm and combine it with our transformation. As a result, we obtain a secure biometric authentication method that works with real-valued feature vectors. A key feature of our scheme is that a second factor (e.g., user password, or public/private key) is not required, and therefore, it offers certain advantages over cancelable biometrics or homomorphic encryption methods. Finally, we verify our theoretical findings through implementations over public face and keystroke dynamics datasets and provide some comparisons.
Download

Paper Nr: 115
Title:

SwaNN: Switching among Cryptographic Tools for Privacy-preserving Neural Network Predictions

Authors:

Gamze Tillem, Beyza Bozdemir and Melek Önen

Abstract: The rise of cloud computing technology led to a paradigm shift in technological services that enabled enterprises to delegate their data analytics tasks to cloud servers which have domain-specific expertise and computational resources for the required analytics. Machine Learning as a Service (MLaaS) is one such service which provides the enterprises to perform machine learning tasks on the cloud. Despite the advantage of eliminating the need for computational resources and domain expertise, sharing sensitive data with the cloud server brings a privacy risk to the enterprises. In this paper, we propose SwaNN, a protocol to privately perform neural network predictions for MLaaS. SwaNN brings together two well-known techniques for secure computation: partially homomorphic encryption and secure two-party computation, and computes neural network predictions by switching between the two methods. The hybrid nature of SwaNN enables to maintain the accuracy of predictions and to optimize the computation time and bandwidth usage. Our experiments show that SwaNN achieves a good balance between computation and communication cost in neural network predictions compared to the state-of-the-art proposals.
Download

Paper Nr: 120
Title:

Deconstructing the Decentralization Trilemma

Authors:

Harry Halpin

Abstract: The vast majority of applications at this moment rely on centralized servers to relay messages between clients, where these servers are considered trusted third-parties. With the rise of blockchain technologies over the last few years, there has been a move away from both centralized servers and traditional federated models to more decentralized peer-to-peer alternatives. However, there appears to be a trilemma between security, scalability, and decentralization in blockchain-based systems. Deconstructing this trilemma using well-known threat models, we define a typology of centralized, federated, and decentralized architectures. Each of the different architectures has this trilemma play out differently. Facing a possible decentralized future, we outline seven hard problems facing decentralization and theorize that the differences between centralized, federated, and decentralized architectures depend on differing social interpretations of trust.
Download

Paper Nr: 121
Title:

Towards Language Support for Model-based Security Policy Engineering

Authors:

Peter Amthor and Marius Schlegel

Abstract: Software engineering for security-critical systems is based on manual translations between languages from different domains: an informal security policy is translated to a formally verifiable model, and further to actual source code. This is an error-prone task, put at the risk of losing hard-acquired correctness guarantees. To mitigate this problem, we argue for a methodical support by domain-specific languages and tools. We present ongoing work on two languages that substantiate this thesis, including their usage in a practical setting, and discuss the benefits from combining them with appropriate tool support.
Download

Paper Nr: 125
Title:

Exploiting Hot Spots in Heuristic Safety Analysis of Dynamic Access Control Models

Authors:

Marius Schlegel and Winfried E. Kühnhauser

Abstract: Model-based security engineering approaches frequently suffer from computational complexity of model analysis. As a consequence, a considerable amount of human expertise is involved in the analysis process, rendering model analysis an expensive approach applied mostly to sophisticated systems with challenging security requirements. This paper discusses algorithmic foundations for an automated safety analysis of large access control models. The computational complexity is tackled by a heuristic-based approach, rendering the analysis algorithm scalable to large real-world access control systems.
Download

Paper Nr: 9
Title:

CP-ABE Scheme Satisfying Constant-size Keys based on ECC

Authors:

Nishant Raj and Alwyn R. Pais

Abstract: Cloud-based applications, especially on IoT devices, is one of the desired fields to apply Ciphertext-Policy Attribute-Based Encryption (CP-ABE). Most of the IoT devices are with the low-end configuration; hence, they need better time and computation efficient algorithms. There are existing algorithms, but none of the systems are based on conventional cryptosystems as well as secure at the same time. Here, we propose a CP-ABE scheme based on the elliptic curve cryptosystem with a constant-size secret key, which is capable of addressing the collusion attack security issue.
Download

Paper Nr: 19
Title:

Privacy Enhanced DigiLocker using Ciphertext-Policy Attribute-Based Encryption

Authors:

Puneet Bakshi and Sukumar Nandi

Abstract: Recently, Government of India has taken several initiatives to make India digitally strong such as to provide each resident a unique digital identity, referred to as Aadhaar, and to provide several online e-Governance services based on Aadhaar such as DigiLocker. DigiLocker is an online service which provides a shareable private storage space on public cloud to its subscribers. Although DigiLocker ensures traditional security such as data integrity and secure data access, privacy of e-documents are yet to addressed. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can improve data privacy but the right implementation of it has always been a challenge. This paper pressents a scheme to implement privacy enhanced DigiLocker using CP-ABE.
Download

Paper Nr: 27
Title:

Efficient Access-control in the IIoT through Attribute-Based Encryption with Outsourced Decryption

Authors:

Dominik Ziegler, Alexander Marsalek, Bernd Prünster and Josef Sabongui

Abstract: We present a new architectural design to leverage Attribute-Based Encryption (ABE) in the Industrial Internet of Things (IIoT). The general idea of our approach is to automatically issue and revoke attributes based on already established identity management systems. Our design enables organisations to rely on arbitrary identity and access management solutions across different security domain boundaries. We, furthermore, tackle privacy concerns typically associated with outsourcing sensitive data to the cloud. To demonstrate the feasibility and versatility of our approach, we evaluate our design by integrating both OAuth and the Austrian eID. Besides, we present performance data. The evaluation results clearly show that our proposed design suits the requirements imposed by the IIoT well.
Download

Paper Nr: 31
Title:

Practical Predicate Encryption for Inner Product

Authors:

Yi-Fan Tseng, Zi-Yuan Liu and Raylin Tso

Abstract: Inner product encryption is a powerful cryptographic primitive, where a private key and a ciphertext are both associated with a predicate vector and an attribute vector, respectively. A successful decryption requires the inner product of the predicate vector and the attribute vector to be zero. Most of the existing inner product encryption schemes suffer either long private key or heavy decryption cost. In this manuscript, an efficient inner product encryption is proposed. The length for a private key is only an element in G and an element in Zp. Besides, only one pairing computation is needed for decryption. Moreover, both formal security proof and implementation result are demonstrated in this manuscript. To the best of our knowledge, our scheme is the most efficient one in terms of the private key length and the number of pairings computation for decryption.
Download

Paper Nr: 32
Title:

Securing Device-to-Cloud Interactions in the Internet of Things Relying on Edge Devices

Authors:

Elías Grande and Marta Beltrán

Abstract: The Internet of Things (IoT) is not a traditional network, and this is the reason why it presents new and unique challenges such as identification, addressing, naming, authentication or authorization of constrained devices. Edge approaches rely on distributed platforms at the network edge serving as a bridge between the physical world (things and data sources, often very constrained devices) and the IoT-cloud services (digital services offered from full-resource servers in the cloud, often not real-time and bandwidth-consuming). The main contributions of this work are the specification of a new event-driven addressing approach for IoT relying on edge-centric delegation of authorization which appropriately adapts and extends the well-known OAuth 2.0 specification for the IoT and a novel approach for naming constrained devices in large scale scenarios that does not depend on the application domain or on the deployment and implementation details. Furthermore, the definition of the Enrolment and Action flows solving the most important challenges arising in the considered scenario: enrolment at the edge device, name-oriented networking, authentication, and authorization using access control tokens as a mechanism for transferring access rights from one agent (edge device) to another (constrained device).
Download

Paper Nr: 37
Title:

Under Pressure: Pushing Down on Me – Touch Sensitive Door Handle to Identify Users at Room Entry

Authors:

Christian Tietz, Eric Klieme, Rachel Brabender, Teresa Lasarow, Lukas Rambold and Christoph Meinel

Abstract: Each day we open a door using physical keys or tokens like RFID or smart cards. While we all are used to these methods they have problems of security and usability. These tokens and keys can easily be stolen or taken by other persons which results in a security problem. The problem in usability is that users need a significant amount of time to take out their tokens to unlock and open the door. In this paper, we propose a new approach for door handle access control. We developed a prototype by attaching pressure sensors to the door handle that measure resistive and capacitive touch interactions with the door handle. We demonstrate the feasibility of identification with a door handle with a visual and classification analysis. The classification algorithms used are K-NN, SVM, Random Forests, AdaBoost and MLP achieving a maximum accuracy of 88% using the Random Forests.
Download

Paper Nr: 55
Title:

Practical Hash-based Anonymity for MAC Addresses

Authors:

Junade Ali and Vladimir Dyo

Abstract: Given that a MAC address can uniquely identify a person or a vehicle, continuous tracking over a large geographical scale has raised serious privacy concerns amongst governments and the general public. Prior work has demonstrated that simple hash-based approaches to anonymization can be easily inverted due to the small search space of MAC addresses. In particular, it is possible to represent the entire allocated MAC address space in 39 bits and that frequency-based attacks allow for 50% of MAC addresses to be enumerated in 31 bits. We present a practical approach to MAC address anonymization using both computationally expensive hash functions and truncating the resulting hashes to allow for k-anonymity. We provide an expression for computing the percentage of expected collisions, demonstrating that for digests of 24 bits it is possible to store up to 168,617 MAC addresses with the rate of collisions less than 1%. We experimentally demonstrate that a rate of collision of 1% or less can be achieved by storing data sets of 100 MAC addresses in 13 bits, 1,000 MAC addresses in 17 bits and 10,000 MAC addresses in 20 bits.
Download

Paper Nr: 56
Title:

Defender-centric Conceptual Cyber Exposure Ontology for Adaptive Cyber Risk Assessment

Authors:

Lamine Aouad and Muhammad R. Asghar

Abstract: A major gap in cybersecurity studies, especially as it relates to cyber risk, is the lack of comprehensive formal knowledge representation, and often a limited view, mainly based on abstract security concepts with limited context. Additionally, much of the focus is on the attack and the attacker, and a more complete view of risk assessment has been inhibited by the lack of knowledge from the defender landscape, especially in the matter of the impact and performance of compensating controls. In this study, we will start by defining a conceptual ontology that integrates concepts that model all of cybersecurity entities. We will then present an adaptive risk reasoning approach with a particular focus on defender activities. The main purpose is to provide a more complete view, from the defender perspective, that bridges the gap between risk assessment theories and practical cybersecurity operations in real-world deployments.
Download

Paper Nr: 70
Title:

Performance Comparison of Two Generic MPC-frameworks with Symmetric Ciphers

Authors:

Thomas Lorünser and Florian Wohner

Abstract: Research on multiparty computation (MPC) made substantial progress over recent years. It can be used to protect the privacy of data and users in modern application scenarios like Blockchain and the Internet of Things where different stakeholders want to collaborate. In this work we analyze practical aspects of two generic MPC frameworks, MP-SPDZ and MPyC, to generate new insights into the state-of-the art for generic and platform independent MPC. We implemented various symmetric ciphers and did extensive benchmarking on both frameworks to see how universal and generic they are and if they can be used without special knowledge. We found that the achieved performance cannot be trivially estimated from the algorithms without implementing. The stream cipher Trivium was by far the fastest and most portable in our tests. Contrary to most of existing literature we also addressed non optimal network settings and found surprising results. The asynchronous architecture of MPyC turned out to make more efficient use of the network layer in scenarios with higher network latency and loss and could even compensate for the optimizing compiler used by MP-SPDZ.
Download

Paper Nr: 74
Title:

A Fine-grained Access Control Model for Knowledge Graphs

Authors:

Marco Valzelli, Andrea Maurino and Matteo Palmonari

Abstract: Nowadays Knowledge Graphs are a common way to integrate and manage all the information that an organization owns. This involve also sensitive domains like security, so the management of access control on these graphs became crucial. Due to their dimension, Knowledge graphs are often stored using NoSQL solutions, that have very poor support to access control. In this paper a distributed and secure Knowledge graph management system is presented. The system supports both open and closed access control and its architecture guarantees the management of very large knowledge graph.
Download

Paper Nr: 85
Title:

A Trend-following Trading Indicator on Homomorphically Encrypted Data

Authors:

Haotian Weng and Artem Lenskiy

Abstract: Algorithmic trading has dominated the area of quantitative finance for already over a decade. The decisions are made without human intervention using the data provided by brokerage firms and exchanges. An emerging intermediate layer of financial players that are placed in between a broker and algorithmic traders has recently been introduced. The role of this layer is to aggregate market decisions from the algorithmic traders and send a final market order to a broker. In return, the quantitative analysts receive incentives proportional to the correctness of their predictions. In such a setup, the intermediate player — an aggregator — does not provide the market data in plaintext but encrypts it. Encrypting market data prevents quantitative analysts from trading on their own, as well as keeps valuable financial data private. This paper proposes an implementation of a popular trend-following indicator with two different homomorphic encryption libraries — SEAL and HEAAN — and compares it to the trading indicator implemented for plaintext. Then, an attempt to implement a trading strategy is presented and analysed. The trading indicator implemented with SEAL and HEAAN is almost identical to that implemented on the plaintext, with the percentage error of 0.14916% and 0.00020% respectively. Despite many limitations that homomorphic encryption imposes on this algorithm’s implementation, quantitative finance has a potential of benefiting from the methods of homomorphic encryption.
Download

Paper Nr: 88
Title:

SMART: Shared Memory based SDN Architecture to Resist DDoS ATtacks

Authors:

Sana Belguith, Muhammad R. Asghar, Song Wang, Karina Gomez and Giovanni Russello

Abstract: Software-Defined Networking (SDN) is a virtualised yet promising technology that is gaining attention from both academia and industry. On the one hand, the use of a centralised SDN controller provides dynamic configuration and management in an efficient manner; but on the other hand, it raises several concerns mainly related to scalability and availability. Unfortunately, a centralised SDN controller may be a Single Point Of Failure (SPOF), thus making SDN architectures vulnerable to Distributed Denial of Service (DDoS) attacks. In this paper, we design SMART, a scalable SDN architecture that aims at reducing the risk imposed by the centralised aspects in typical SDN deployments. SMART supports a decentralised control plane where the coordination between switches and controllers is provided using Tuple Spaces. SMART ensures a dynamic mapping between SDN switches and controllers without any need to execute complex migration techniques required in typical load balancing approaches.
Download

Paper Nr: 90
Title:

QSOR: Quantum-safe Onion Routing

Authors:

Zsolt Tujner, Thomas Rooijakkers, Maran van Heesch and Melek Önen

Abstract: We propose a study on the use of post-quantum cryptographic primitives for the Tor network in order to make it safe in a quantum world. With this aim, the underlying keying material has first been analysed. We observe that breaking the security of the algorithms/protocols that use long- and medium-term keys (usually RSA keys) have the highest impact in security. Therefore, we investigate the cost of quantum-safe variants. Six different post-quantum cryptographic algorithms that ensure level 1 NIST security are evaluated. We further target the Tor circuit creation operation and evaluate the overhead of the post-quantum variant. This comparative study is performed through a reference implementation based on SweetOnions that simulates Tor with slight simplifications. We show that a quantum-safe Tor circuit creation is possible and suggest two versions - one that can be used in a purely quantum-safe setting, and one that can be used in a hybrid setting.
Download

Paper Nr: 114
Title:

Attribute-Based Encryption and Its Application to a Software-Distributed Shared Memory

Authors:

Oana Stan, Loíc Cudennec and Louis Syoën

Abstract: Due to the widespread of cloud computing, there is an increasing interest in distributed systems as well as in data privacy and security. However, unlike the multi-core processors and NUMA architectures, the Distributed Shared Memory (DSM) systems do not benefit from the numerous works on security and privacy. We argue here that their potential deployment onto distributed heterogeneous systems requires new approaches to securely manage access to shared data. In this paper we propose to rely on the Attribute-Based Encryption (ABE) techniques to tackle the problem of data security within the Software DSM. Moreover, this approach allowing to directly store encrypted data within the DSM and to manage the access control to these data is made transparent for the user. The implementation over an in-house S-DSM using libbswabe, an ABE library, shows that, as expected, the overhead is significant, but that it can also be adapted to the application requirements as a trade-off between security and performance.
Download

Paper Nr: 116
Title:

Address-bit Differential Power Analysis on Boolean Split Exponent Counter-measure

Authors:

Christophe Negre

Abstract: Current public key cryptographic algorithms (RSA, DSA, ECDSA) can be threaten by side channel analyses. The main approach to counter-act such attacks consists in randomizing sensitive data and address bits used in loads and stores of an exponentiation algorithm. In this paper we study a recent counter-measure ”Boolean split exponent” (Tunstall et al. 2018) preventing differential power analysis on address bits. We show that one of their proposed protections has a flaw. We derive an attack exploiting this flaw and we successfully apply it on a simulated power consumption of an RSA modular exponentiation.
Download

Paper Nr: 119
Title:

Providing Secured Access Delegation in Identity Management Systems

Authors:

Abubakar-Sadiq Shehu, António Pinto and Manuel E. Correia

Abstract: The evolutionary growth of information technology has enabled us with platforms that eases access to a wide range of electronic services. Typically, access to these services requires users to authenticate their identity, which involves the release, dissemination and processing of personal data by third parties such as service and identity providers. The involvement of these and other entities in managing and processing personal identifiable data has continued to raise concerns on privacy of personal information. Identity management systems (IdMs) emerged as a promising solution to address major access control and privacy issues, however most research works are focused on securing service providers (SPs) and the services provided, with little emphases on users privacy. In order to optimise users privacy and ensure that personal information are used only for intended purposes, there is need for authorisation systems that controls who may access what and under what conditions. However, for adoption data owners perspective must not be neglected. To address these issues, this paper introduces the concept of IdM and access control framework which operates with RESTful based services. The proposal provides a new level of abstraction and logic in access management, while giving data owner a decisive control over access to personal data using smartphone. The framework utilises Attribute based access control (ABAC) method to authenticate and authorise users, Open ID Connect (OIDC) protocol for data owner authorisation and Public-key cryptography to achieve perfect forward secrecy communication. The solution enables data owner to attain the responsibility of granting or denying access to their data, from a secured communication with an identity provider using a digitally signed token.
Download

Paper Nr: 122
Title:

An Innovative Self-Healing Approach with STIX Data Utilisation

Authors:

Arnolnt Spyros, Konstantinos Rantos, Alexandros Papanikolaou and Christos Ilioudis

Abstract: Organisations nowadays devote many resources in maintaining a robust security posture against emerging cyber-threats. This typically requires rapid response against newly identified or shared threat information so that appropriate countermeasures are immediately deployed to eliminate these threats or reduce the associated risks. For many shared indicators, like malicious IPs or URLs, such a response might only require minor modifications to the configuration of security appliances. Self-Healing systems are the mechanism that allows a system to discover any misconfigurations and apply the necessary corrections in an automated or semiautomated manner. This paper proposes such a mechanism that can be deployed within large organisations that either do not have the resources to devote in security and therefore automation is one of their main priorities, or they outsource their infrastructure’s protection. The use of such a mechanism can relax the increased need for human resources and can also reduce response times in confronting emerging threats. The architecture and the details of a reference implementation for local public administrations is also provided.
Download

Paper Nr: 124
Title:

A Comprehensive Quantified Approach for Security Risk Management in e-Health Systems

Authors:

Sondes Ksibi, Faouzi Jaidi and Adel Bouhoula

Abstract: As a major advancement technology in healthcare industry, e-health contributes to setting up efficient and highly automated healthcare infrastructures. Internet of things (IoT) holds great promise for healthcare providers as well as for its end users. Internet of Medical Things (IoMT) applications are among the major trends of the moment. Nonetheless, numerous security features remain as main issues towards secure, reliable and privacy-preserving e-health systems. Indeed, the participating nodes in IoMT networking for e-health service delivery; which are heterogeneous and resource-constrained; generate, collect and exchange huge amounts of private and extremely sensitive data. These facts, among others, expand the attack surface and decrease the trustworthiness in e-health systems. In this research work, we propose a framework to enhance trust and help with making decisions based on a quantified risk assessment approach. This framework relies on a novel approach/model for improving trust and risk management in an e-health context.
Download