SECRYPT 2021 Abstracts

Full Papers

Paper Nr:	16
Title:	An Upcycling Tokenization Method for Credit Card Numbers
Authors:	Cyrius Nugier, Diane Leblanc-Albarel, Agathe Blaise, Simon Masson, Paul Huynh and Yris W. Piugie
Abstract:	Internet users are increasingly concerned about their privacy and are looking for ways to protect their data. Additionally, they may rightly fear that companies extract information about them from their online behavior. The so-called tokenization process allows for the use of trusted third-party managed temporary identities, from which no personal data about the user can be inferred. We consider in this paper tokenization systems allowing a customer to hide their credit card number from a webshop. We present here a method for managing tokens in RAM using a table. We refer to our approach as upcycling as it allows for regenerating used tokens by maintaining a table of currently valid tokens. We compare our approach to existing ones and analyze its security. Contrary to the main existing system (Voltage), our table does not increase in size nor slow down over time. The approach we propose satisfies the common specifications of the domain. It is validated by measurements from an implementation. By reaching 70 thousand tries per timeframe, we almost exhaust the possibilities of the “8-digit model” for properly dimensioned systems.
Download

Paper Nr:	28
Title:	A Unified Model to Detect Information Flow and Access Control Violations in Software Architectures
Authors:	Stephan Seifermann, Robert Heinrich, Dominik Werle and Ralf Reussner
Abstract:	Software architectures allow identifying confidentiality issues early and in a cost-efficient way. Information Flow (IF) and Access Control (AC) are established confidentiality mechanisms, so modeling and analysis approaches should support them. Because confidentiality issues often trace back to data usage, data-oriented approaches are promising. However, we could not identify a data-oriented approach handling both, IF and AC. Therefore, we present a unified data-oriented modeling and analysis approach supporting both, IF and AC, within the same model in this paper. We demonstrate the integration into an existing architectural description language and evaluate the resulting expressiveness and accuracy by a case study considering 22 cases.
Download

Paper Nr:	29
Title:	Can a TLS Certificate Be Phishy?
Authors:	Kaspar Hageman, Egon Kidmose, René R. Hansen and Jens M. Pedersen
Abstract:	This paper investigates the potential of using digital certificates for the detection of phishing domains. This is motivated by phishing domains that have started to abuse the (erroneous) trust of the public in browser padlock symbols, and by the large-scale adoption of the Certificate Transparency (CT) framework. This publicly accessible evidence trail of Transport Layer Security (TLS) certificates has made the TLS landscape more transparent than ever. By comparing samples of phishing, popular benign, and non-popular benign domains, we provide insight into the TLS certificates issuance behavior for phishing domains, focusing on the selection of the certificate authority, the validation level of the certificates, and the phenomenon of certificate sharing among phishing domains. Our results show that phishing domains gravitate to a relatively small selection of certificate authorities, and disproportionally to cPanel, and tend to rely on certificates with a low, and cheap, validation level. Additionally, we demonstrate that the vast majority of certificates issued for phishing domains cover more than only phishing domains. These results suggest that a more pro-active role of CAs and putting more emphasis on certificate revocation can have a crucial impact in the defense against phishing attacks.
Download

Paper Nr:	33
Title:	Comparing Classifiers’ Performance under Differential Privacy
Authors:	Milan Lopuhaä-Zwakenberg, Mina Alishahi, Jeroen Kivits, Jordi Klarenbeek, Gert-Jan van der Velde and Nicola Zannone
Abstract:	The application of differential privacy in privacy-preserving data analysis has gained momentum in recent years. In particular, it provides an effective solution for the construction of privacy-preserving classifiers, in which one party owns the data and another party is interested in obtaining a classifier model from this data. While several approaches have been proposed in the literature to employ differential privacy for the construction of classifiers, an understanding of the difference in performance of these classifiers is currently missing. This knowledge enables the data owner and the analyst to select the most appropriate classification algorithm and training parameters in order to guarantee high privacy requirements while minimizing the loss of accuracy. In this study, we investigate the impact of the use of differential privacy on three well-known classifiers, i.e., Naïve Bayes, SVM, and Decision Tree classifiers. To this end, we show how these classifiers can be trained in a differential privacy setting and perform extensive experiments to evaluate the effect of this privacy enforcement on their performance.
Download

Paper Nr:	44
Title:	Hashing to Prime in Zero-Knowledge
Authors:	Thomas Groß
Abstract:	We establish a set of zero-knowledge arguments that allow for the hashing of a committed secret a-bit input x to a committed secret (k +1)-bit prime number px. The zero-knowledge arguments can convince a verifier that a commitment indeed is the correctly generated prime number derived from x with a soundness error probability of at most 2−k + 2−t dependent on the number of zero-knowledge argument rounds k and the number of primality bases t to establish primality. Our constructions offer a range of contributions including enabling dynamic encodings for prime-based accumulator (Barić and Pfitzmann, 1997; Camenisch and Lysyanskaya, 2002), signature (Groß, 2015) and attribute-based credential schemes (Camenisch and Groß, 2008) allowing to reduce these schemes’ public key size and setup requirements considerably and rendering them extensible. While our new primality zero-knowledge arguments are of independent interest, we also show improvements on proving that a secret number is the product of two secret safe primes significantly more efficient than previously known results (Camenisch and Michels, 1999), with applications to setting up secure special RSA moduli.
Download

Paper Nr:	49
Title:	BLT+L: Efficient Signatures from Timestamping and Endorsements
Authors:	Denis Firsov, Henri Lakk, Sven Laur and Ahto Truu
Abstract:	We propose a new digital signature scheme based on combining cryptographic timestamping with an endorsement scheme, both of which can be constructed from one-way and collision-resistant hash functions. The signature scheme is efficient and allows balancing of key generation and signing time for signature size and verification time. The security analysis is based on a realistic model of timestamping. As part of our construction, we introduce the novel concept of endorsements, which may be of independent interest.
Download

Paper Nr:	51
Title:	Scalable k-anonymous Microaggregation: Exploiting the Tradeoff between Computational Complexity and Information Loss
Authors:	Florian Thaeter and Rüdiger Reischuk
Abstract:	k-anonymous microaggregation is a standard technique to improve privacy of individuals whose personal data is used in microdata databases. Unlike semantic privacy requirements like differential privacy, k-anonymity allows the unrestricted publication of data, suitable for all kinds of analysis since every individual is hidden in a cluster of size at least k. Microaggregation can preserve a high level of utility, that means small information loss caused by the aggregation procedure, compared to other anonymization techniques like generalization or suppression. Minimizing the information loss in k-anonymous microaggregation is an NP-hard clustering problem for k ≥ 3. Even more, no efficient approximation algorithms with a nontrivial approximation ratio are known. Therefore, a bunch of heuristics have been developed to restrain high utility – all with quadratic time complexity in the size of the database at least. We improve this situation in several respects providing a tradeoff between computational effort and utility. First, a quadratic time algorithm ONA* is presented that achieves significantly better utility for standard benchmarks. Next, an almost linear time algorithm is developed that gives worse, but still acceptable utility. This is achieved by a suitable adaption of the Mondrian clustering algorithm. Finally, combining both techniques a new class MONA of parameterized algorithms is designed that deliver competitive utility for user-specified time constraints between almost linear and quadratic.
Download

Paper Nr:	53
Title:	Statically Identifying XSS using Deep Learning
Authors:	Heloise Maurel, Santiago Vidal and Tamara Rezk
Abstract:	Cross-site Scripting (XSS) is ranked first in the top 25 Most Dangerous Software Weaknesses (2020) of Common Weakness Enumeration (CWE) and places this vulnerability as the most dangerous among programming errors. In this work, we explore static approaches to detect XSS vulnerabilities using neural networks. We compare two different code representations based on Natural Language Processing (NLP) and Programming Language Processing (PLP) and experiment with models based on different neural network architectures for static analysis detection in PHP and Node.js. We train and evaluate the models using synthetic databases. Using the generated PHP and Node.js databases, we compare our results with a well-known static analyzer for PHP code, ProgPilot, and a known scanner for Node.js, AppScan static mode. Our analyzers using neural networks overcome the results of existing tools in all cases.
Download

Paper Nr:	57
Title:	Are You There, Moriarty? Feasibility Study of Internet-based Location for Location-based Access Control Systems
Authors:	Muhammad I. H. Sukmana, Kai-Oliver Kohlen, Carl Gödecken, Pascal Schulze and Christoph Meinel
Abstract:	As the Internet becomes more ubiquitous, everyone could access the data and services anytime, anywhere. However, it raises the challenge to enforce physical access control for the data or services to only be accessed in specific locations. Location-based access control (LBAC) systems could provide physical access control by only authorizing access to the services or data for the requesters at the allowed locations. In this paper, we continue our previous work and assess the feasibility of using Internet-based location for LBAC systems by inferring the information from the requester’s Internet-connected device to determine whether the requester is in the allowed location. We develop Internet-based location access control (ILAC) system to determine and verify the requester’s location using two delay-based geolocation algorithms and third-party open-source intelligence services. The evaluation conducted in the Amazon Mechanical Turk proves the Internet-based location has great potential as a location information input for LBAC systems with country-level accuracy.
Download

Paper Nr:	59
Title:	Python and Malware: Developing Stealth and Evasive Malware without Obfuscation
Authors:	Vasilios Koutsokostas and Constantinos Patsakis
Abstract:	With the continuous rise of malicious campaigns and the exploitation of new attack vectors, it is necessary to assess the efficacy of the defensive mechanisms used to detect them. To this end, the contribution of our work is twofold. First, it introduces a new method for obfuscating malicious code to bypass all static checks of multi-engine scanners, such as VirusTotal. Interestingly, our approach to generating the malicious executables is not based on introducing a new packer but on the augmentation of the capabilities of an existing and widely used tool for packaging Python, PyInstaller but can be used for all similar packaging tools. As we prove, the problem is deeper and inherent in almost all antivirus engines and not PyInstaller specific. Second, our work exposes significant issues of well-known sandboxes that allow malware to evade their checks. As a result, we show that stealth and evasive malware can be efficiently developed, bypassing with ease state of the art malware detection tools without raising any alert.
Download

Paper Nr:	63
Title:	SSI Strong Authentication using a Mobile-phone based Identity Wallet Reaching a High Level of Assurance
Authors:	Andreas Abraham, Christopher Schinnerl and Stefan More
Abstract:	Assurance in digital authentication means represents a fundamental requirement in the authentication process of digital identities. Different level-of-assurance (LoA) describe the trustworthiness of the authentication specified by various standards. Some traditional governmental identity systems achieve a high LoA. Nevertheless, the recent self-sovereign identity (SSI) model, which utilizes identity wallets to ensure that the identity data control remains with the related user, still lacks a high LoA, detaining the full potential of SSI such as using it for sensitive use-cases like for eGovernment or public administration services. This work tackles this problem by starting with assessing related LoA standards. Based on this assessment are requirements defined to achieve an LoA high. These requirements are utilized in the process of defining and evaluating our proposed concept. Our generic serves as the foundation for other developers, aiming to elevate the LoA in their SSI systems. The implementation of a proof-of-concept showcases the feasibility and practicability of our concept. In the evaluation, we identify measures provided by our concept, used to meet the defined requirements, and discuss the design decisions.
Download

Paper Nr:	65
Title:	Armored Twins: Flexible Privacy Protection for Digital Twins through Conditional Proxy Re-Encryption and Multi-Party Computation
Authors:	Felix Hörandner and Bernd Prünster
Abstract:	Digital twins, i.e., up-to-date digital copies of a physical object maintained in the cloud, make it possible to conveniently review a physical object’s state, indirectly interact with the physical object, or perform computations on the object’s state and history – also in combination with data from other digital twins. The concept of digital twins has seen wide uptake in Internet of Things use cases, e.g., in manufacturing to monitor a product’s lifecycle, or precision medicine to provide personalized treatment. Besides these benefits, challenges arise, especially if the involved data producers, clouds and data consumers are not in the same trusted domain: Who owns and controls the data? Are the parties (e.g., cloud) sufficiently trusted to handle privacy-sensitive data? In this work, we propose ARMOREDTWINS, i.e., a system for digital twins that protects the confidentiality of digital twin data while providing flexible and fine-grained sharing by employing key-policy conditional proxy re-encryption to enable processing on subsets of the data. Alternatively, to support computation on very sensitive data, our system integrates secure multi-party computation, which does not reveal the data items to the individual nodes performing the computation. Benchmarks of our implementation highlight the system’s feasibility and practical performance.
Download

Paper Nr:	67
Title:	Towards Integrating Security in Industrial Engineering Design Practices
Authors:	Panagiotis Dedousis, George Stergiopoulos, George Arampatzis and Dimitris Gritzalis
Abstract:	During the past decades, and especially since the Stuxnet event, there has being a growing concern around the protection of critical infrastructures. Even though the protection of such systems and services has been an international security priority, still, even after all those years, relevant research either focuses on individual ICS systems security (PLC, RTU and SCADA network protection and attacks), or uses high-level models to perform risk assessments, mostly from a system-of-systems scope that studies interdependencies. From an engineering perspective, current approaches address system resilience from an efficiency perspective (i.e. focusing on the availability of physical processes) while neglecting the security dimension of their components. Still, the availability and reliability requirements of such systems are directly affected by security incidents. To our knowledge, there is currently no process to integrate security-by-design in industrial critical infrastructure engineering. To this end, we present a method to integrate security risk assessment analysis into engineering design practices. We do this by modeling internal dependencies between physical components in critical industrial production processes to identify possible hotspots of system failures that are challenging to handle later in the development lifecycle, especially during operation. To validate our approach, we model and assess the present situation in a portion of an actual oil refining plant, thereby establishing a baseline model. Then we introduce risk mitigation measures by altering the design of the baseline model, resulting in a reduction of the overall cascade risk.
Download

Paper Nr:	78
Title:	Balancing Quality and Efficiency in Private Clustering with Affinity Propagation
Authors:	Hannah Keller, Helen Möllering, Thomas Schneider and Hossein Yalame
Abstract:	In many machine learning applications, training data consists of sensitive information from multiple sources. Privacy-preserving machine learning using secure computation enables multiple parties to compute on their joint data without disclosing their inputs to each other. In this work, we focus on clustering, an unsupervised machine learning technique that partitions data into groups. Previous works on privacy-preserving clustering often leak information and focus on the k-means algorithm, which provides only limited clustering quality and flexibility. Additionally, the number of clusters k must be known in advance. We analyze several prominent clustering algorithms’ capabilities and their compatibility with secure computation techniques to create an efficient, fully privacy-preserving clustering implementation superior to k-means. We find affinity propagation to be the most promising candidate and securely implement it using various multi-party computation techniques. Privacy-preserving affinity propagation does not require any input parameters and consists of operations that are relatively efficient with secure computation. We consider passive security as well as active security with an honest and dishonest majority. We offer the first comparison of privacy-preserving clustering between these scenarios, enabling an understanding of the exact trade-offs between them. Based on the clustering quality and the computational and communication costs, privacy-preserving affinity propagation offers a good trade-off between quality and efficiency for practical privacy-preserving clustering.
Download

Paper Nr:	81
Title:	Automated Symbolic Verification of Telegram’s MTProto 2.0
Authors:	Marino Miculan and Nicola Vitacolonna
Abstract:	MTProto 2.0 is a suite of cryptographic protocols for instant messaging at the core of the popular Telegram messenger application. In this paper we analyse MTProto 2.0 using the symbolic verifier ProVerif. We provide fully automated proofs of the soundness of MTProto 2.0’s authentication, normal chat, end-to-end encrypted chat, and rekeying mechanisms with respect to several security properties, including authentication, integrity, secrecy and perfect forward secrecy; at the same time, we discover that the rekeying protocol is vulnerable to an unknown key-share (UKS) attack. We proceed in an incremental way: each protocol is examined in isolation, relying only on the guarantees provided by the previous ones and the robustness of the basic cryptographic primitives. Our research proves the formal correctness of MTProto 2.0 w.r.t. most relevant security properties, and it can serve as a reference for implementation and analysis of clients and servers.
Download

Paper Nr:	88
Title:	Formal Proof of a Vulnerability in Z-Wave IoT Protocol
Authors:	Mario Lilli, Chiara Braghin and Elvinia Riccobene
Abstract:	Nowadays, IoT (Internet of Things) devices are becoming part of our daily life. Unfortunately, many of them do not use standardized communication protocols with a provable security guarantee. The use of formal methods is, therefore, highly demanded in order to perform property verification and to prevent possible threats and accidents to users. In this paper, we propose a formal verification of the Z-Wave protocol, claimed to be one of the most secure IoT communication protocols thanks to the new S2 Security class, recently added. Specifically, our analysis targets the joining procedure of a device to the Z-Wave net. We exploit the ASMETA formal framework to model the protocol and to perform formal analysis in terms of model validation against informal documented requirements and verification of the protocol correct behaviour with respect to its security goals. The verification process revealed a vulnerability that could be used to perform a successful Man-In-The-Middle (MITM) attack compromising the secrecy of the exchanged symmetric keys.
Download

Paper Nr:	90
Title:	Formal Analysis of EDHOC Key Establishment for Constrained IoT Devices
Authors:	Karl Norrman, Vaishnavi Sundararajan and Alessandro Bruni
Abstract:	Constrained IoT devices are becoming ubiquitous in society and there is a need for secure communication protocols that respect the constraints under which these devices operate. EDHOC is an authenticated key establishment protocol for constrained IoT devices, currently being standardized by the Internet Engineering Task Force (IETF). A rudimentary version of EDHOC with only two key establishment methods was formally analyzed in 2018. Since then, the protocol has evolved significantly and several new key establishment methods have been added. In this paper, we present a formal analysis of all EDHOC methods in an enhanced symbolic Dolev-Yao model using the Tamarin tool. We show that not all methods satisfy the authentication notion injective of agreement, but that they all do satisfy a notion of implicit authentication, as well as Perfect Forward Secrecy (PFS) of the session key material. We identify other weaknesses to which we propose improvements. For example, a party may intend to establish a session key with a certain peer, but end up establishing it with another, trusted but compromised, peer. We communicated our findings and proposals to the IETF, which has incorporated some of these in newer versions of the standard.
Download

Paper Nr:	92
Title:	A Framework for Security and Risk Analysis of Enrollment Procedures: Application to Fully-remote Solutions based on eDocuments
Authors:	Marco Pernpruner, Giada Sciarretta and Silvio Ranise
Abstract:	More and more online services are characterised by the need for strongly verifying the real-world identity of end users, especially when sensitive operations have to be carried out: just imagine a fully-remote signature of a contract, and what could happen whether someone managed to perform it by using another person’s name. For this reason, the identity management lifecycle contains specific procedures – called enrollment or onboarding – providing a certain level of assurance on digital users’ real identities. These procedures must be as secure as possible to prevent frauds and identity thefts. In this paper, we present a framework composed of a specification language, a security analysis methodology and a risk analysis methodology for enrollment solutions. For concreteness, we apply our framework to a real use case (i.e., fully-remote solutions relying on electronic documents as identity evidence) in the context of a collaboration with an Italian FinTech startup. Beyond validating the framework, we analyse and highlight the essential role of mitigations on the overall security of enrollment procedures.
Download

Paper Nr:	99
Title:	The Missing Piece of the ABAC Puzzle: A Modeling Scheme for Dynamic Analysis
Authors:	Marius Schlegel and Peter Amthor
Abstract:	Attribute-based access control (ABAC) has made its way into the mainstream of engineering secure IT systems. At the same time, ABAC models are still lagging behind well-understood, yet more basic access control models in terms of dynamic analyzability. This has led to a plethora of methods, languages, and tools for designing and integrating ABAC policies, but only few to formally reason about them in the process. We present DABAC, a modeling scheme to pick up that missing piece and put it right into its place in the security engineering workflow. Based on an automaton calculus, we demonstrate how DABAC can be leveraged as a holistic formal basis for engineering ABAC models, analyzing their dynamic properties, and providing a functional specification for their implementation. This sets the stage for comprehensive tool support in building future ABAC systems.
Download

Paper Nr:	103
Title:	Program Protection through Software-based Hardware Abstraction
Authors:	J. T. McDonald, Ramya K. Manikyam, Sébastien Bardin, Richard Bonichon and Todd R. Andel
Abstract:	Software companies typically embed one or more secrets in their programs to protect their intellectual property (IP) investment. These secrets are most often processed in code through evaluation of point functions, where only the correct password, PIN, or registration/activation code will authorize an end-user to legally install or use a product. Man-at-the-End (MATE) attacks can break assumptions of program security to find embedded secrets because they involve legitimate software owners who have complete access to the software and its execution environment. In this research, we present a novel approach to software MATE protection that leverages gate-level hardware representation, namely software-based hardware abstraction (SBHA). As a new proposed form of virtualization for software protection, SBHA demonstrates a light overhead – especially compared to much costlier traditional virtualization transformations, while completely defeating almost all symbolic execution-based attackers that were studied. Overall, SBHA bridges the gap between hardware and software protection, paving the way for future developments.
Download

Paper Nr:	108
Title:	Vulnerability Metrics for Graph-based Configuration Security
Authors:	Ibifubara Iganibo, Massimiliano Albanese, Marc Mosko, Eric Bier and Alejandro E. Brito
Abstract:	Vulnerability analysis has long been used to evaluate the security posture of a system, and vulnerability graphs have become an essential tool for modeling potential multi-step attacks and assessing a system’s attack surface. More recently, vulnerability graphs have been adopted as part of a multi-faceted approach to configuration analysis and optimization that aims at leveraging relationships between the components, configuration parameters, and vulnerabilities of a complex system to improve its security while preserving functionality. However, this approach still lacks robust metrics to quantify several important aspects of the system being modeled. To address this limitation, we introduce metrics to enable practical and effective application of graph-based configuration analysis and optimization. Specifically, we define metrics to evaluate (i) the exploitation likelihood of a vulnerability, (ii) probability distributions over the edges of a vulnerability graph, and (iii) exposure factors of system components to vulnerabilities. Our approach builds upon standard vulnerability scoring systems, and we show that the proposed metrics can be easily extended. We evaluate our approach against the Common Weakness Scoring System (CWSS), showing a high degree of correlation between CWE scores and our metrics.
Download

Paper Nr:	109
Title:	Model Inversion for Impersonation in Behavioral Authentication Systems
Authors:	Md M. Islam and Reihaneh Safavi-Naini
Abstract:	A Behavioral Authentication (BA) system uses behavioral characteristics of a user that is stored in their behavioral profile, to verify their future identity claims. BA profiles are widely used as a second factor to strengthen password based authentication systems. A BA verification algorithm takes the claimed identity of the user together with their presented verification data, and by comparing the data with the profile of the claimed identity it decides to accept or reject the claim. An efficient and highly accurate verification algorithms can be constructed by training a Deep Neural Network (DNN) on the users’ profiles. The trained DNN classifies the presented verification data and if the classification matches the claimed identity, accepts the claim, else reject it. This is a very attractive approach because it removes the need to maintain the profile database that is security and privacy sensitive. In this paper we show that query access to the DNN verification algorithm allows an attacker to break security of the authentication system by constructing the profile of a user in the original training database and succeed in impersonation attack. We show how to construct an inverse classifier when the attacker has black-box access to the DNN’s output prediction vectors, truncated to a single component (highest probability value). We use a substitute classifier to approximate the unknown components of the prediction vectors, and use the recovered vectors to train the inverse classifier and construct the profile of a user in the database. We implemented our approach on two existing BA systems and achieved the average success probability of 29.89% and 45.0%, respectively. Our approach is general and can be used in other DNN based BA systems.
Download

Paper Nr:	110
Title:	Trace Recovery: Inferring Fine-grained Trace of Energy Data from Aggregates
Authors:	Nazim U. Sheikh, Zhigang Lu, Hassan J. Asghar and Mohamed A. Kaafar
Abstract:	Smart meter data is collected and shared with different stakeholders involved in a smart grid ecosystem. The fine-grained energy data is extremely useful for grid operations and maintenance, monitoring and for market segmentation purposes. However, sharing and releasing fine-grained energy data induces explicit violations of private information of consumers (Molina-Markham et al., 2010). Service providers do then share and release aggregated statistics to preserve the privacy of consumers with data aggregation aiming at reducing the risks of individual consumption traces being revealed. In this paper, we show that an adversary can reconstruct individual traces of energy data by exploiting consistency (similar consumption patterns over time) and distinctiveness (one household’s energy consumption pattern is significantly different from that of others) properties of individual consumption load patterns. We propose an unsupervised attack framework to recover hourly energy consumption time-series of individual users without any prior knowledge. We pose the problem of assigning aggregated energy consumption meter readings to individuals as an assignment problem and solve it by the Hungarian algorithm (Xu et al., 2017; Kuhn, 1955). Using two real-world datasets, our empirical evaluations show that an adversary is capable of recovering over 70% of households’ energy consumption patterns with over 90% accuracy.
Download

Paper Nr:	112
Title:	Preventing Watermark Forging Attacks in a MLaaS Environment
Authors:	Sofiane Lounici, Mohamed Njeh, Orhan Ermis, Melek Önen and Slim Trabelsi
Abstract:	With the development of machine learning models for task automation, watermarking appears to be a suitable solution to protect one’s own intellectual property. Indeed, by embedding secret specific markers into the model, the model owner is able to analyze the behavior of any model on these markers, called trigger instances and hence claim its ownership if this is the case. However, in the context of a Machine Learning as a Service (MLaaS) platform where models are available for inference, an attacker could forge such proofs in order to steal the ownership of these watermarked models in order to make a profit out of it. This type of attacks, called watermark forging attacks, is a serious threat against the intellectual property of models owners. Current work provides limited solutions to this problem: They constrain model owners to disclose either their models or their trigger set to a third party. In this paper, we propose counter-measures against watermark forging attacks, in a black-box environment and compatible with privacy-preserving machine learning where both the model weights and the inputs could be kept private. We show that our solution successfully prevents two different types of watermark forging attacks with minimalist assumptions regarding either the access to the model’s weight or the content of the trigger set.
Download

Paper Nr:	113
Title:	Systematic Evaluation of Probabilistic k-Anonymity for Privacy Preserving Micro-data Publishing and Analysis
Authors:	Navoda Senavirathne and Vicenç Torra
Abstract:	In the light of stringent privacy laws, data anonymization not only supports privacy preserving data publication (PPDP) but also improves the flexibility of micro-data analysis. Machine learning (ML) is widely used for personal data analysis in the present day thus, it is paramount to understand how to effectively use data anonymization in the ML context. In this work, we introduce an anonymization framework based on the notion of “probabilistic k-anonymity” that can be applied with respect to mixed datasets while addressing the challenges brought forward by the existing syntactic privacy models in the context of ML. Through systematic empirical evaluation, we show that the proposed approach can effectively limit the disclosure risk in micro-data publishing while maintaining a high utility for the ML models induced from the anonymized data.
Download

Paper Nr:	119
Title:	Boolean Exponent Splitting
Authors:	Michael Tunstall, Louiza Papachristodoulou and Kostas Papagiannopoulos
Abstract:	A typical countermeasure against side-channel attacks consists of masking intermediate values with a random number. In symmetric cryptographic algorithms, Boolean shares of the secret are typically used, whereas in asymmetric algorithms the secret exponent is typically masked using algebraic properties. This paper presents a new exponent splitting technique with minimal impact on performance based on Boolean shares, typically requiring only an extra register and a few register copies per bit. We perform a security evaluation of our algorithms using a mutual information framework and provide proofs that they are secure against first-order side-channel attacks. The side-channel resistance of the proposed algorithms are also practically verified with test vector leakage assessment performed on Xilinx’s Zynq zc702 evaluation board.
Download

Paper Nr:	135
Title:	Proof-of-Forgery for Hash-based Signatures
Authors:	Evgeniy Kiktenko, Mikhail Kudinov, Andrey Bulychev and Aleksey Fedorov
Abstract:	In the present work, a peculiar property of hash-based signatures allowing detection of their forgery event is explored. This property relies on the fact that a successful forgery of a hash-based signature most likely results in a collision with respect to the employed hash function, while the demonstration of this collision could serve as convincing evidence of the forgery. Here we prove that with properly adjusted parameters Lamport and Winternitz one-time signatures schemes could exhibit a forgery detection availability property. This property is of significant importance in the framework of the crypto-agility paradigm since the considered forgery detection serves as an alarm that the employed cryptographic hash function becomes insecure to use and the corresponding scheme has to be replaced.
Download

Paper Nr:	136
Title:	Trusted Enforcement of Application-specific Security Policies
Authors:	Marius Schlegel
Abstract:	While there have been approaches for integrating security policies into operating systems (OSs) for more than two decades, applications often use objects of higher abstraction requiring individual security policies with application-specific semantics. Due to insufficient OS support, current approaches for enforcing application-level policies typically lead to large and complex trusted computing bases rendering tamperproofness and correctness difficult to achieve. To mitigate this problem, we propose the application-level policy enforcement architecture APPSPEAR and a C++ framework for its implementation. The configurable framework enables developers to balance enforcement rigor and costs imposed by different implementation alternatives and to easily tailor an APPSPEAR implementation to individual application requirements. We argue that hardware-based trusted execution environments offer an optimal balance between effectiveness and efficiency of policy protection and enforcement. This claim is substantiated by a practical evaluation based on a medical record system.
Download

Paper Nr:	161
Title:	Responding to Living-Off-the-Land Tactics using Just-In-Time Memory Forensics (JIT-MF) for Android
Authors:	Jennifer Bellizzi, Mark Vella, Christian Colombo and Julio Hernandez-Castro
Abstract:	Digital investigations of stealthy attacks on Android devices pose particular challenges to incident responders. Whereas consequential late detection demands accurate and comprehensive forensic timelines to reconstruct all malicious activities, reduced forensic footprints with minimal malware involvement, such as when Living-Off-the-Land (LOtL) tactics are adopted, leave investigators little evidence to work with. Volatile memory forensics can be an effective approach since app execution of any form is always bound to leave a trail of evidence in memory, even if perhaps ephemeral. Just-In-Time Memory Forensics (JIT-MF) is a recently proposed technique that describes a framework to process memory forensics on existing stock Android devices, without compromising their security by requiring them to be rooted. Within this framework, JIT-MF drivers are designed to promptly dump in-memory evidence related to app usage or misuse. In this work, we primarily introduce a conceptualized presentation of JIT-MF drivers. Subsequently, through a series of case studies involving the hijacking of widely-used messaging apps, we show that when the target apps are forensically enhanced with JIT-MF drivers, investigators can generate richer forensic timelines to support their investigation, which are on average 26% closer to ground truth.
Download

Paper Nr:	170
Title:	Cryptographic Enforcement of Access Control Policies in the Cloud: Implementation and Experimental Assessment
Authors:	Stefano Berlato, Roberto Carbone and Silvio Ranise
Abstract:	While organisations move their infrastructure to the cloud, honest but curious Cloud Service Providers (CSPs) threaten the confidentiality of cloud-hosted data. In this context, many researchers proposed Cryptographic Access Control (CAC) schemes to support data sharing among users while preventing CSPs from accessing sensitive data. However, the majority of these schemes focuses on high-level features only and cannot adapt to the multiple requirements arising in different scenarios. Moreover, (almost) no CAC scheme implementation is available for enforcement of authorisation policies in the cloud, and performance evaluation is often overlooked. To fill this gap, we propose the toolchain COERCIVE, short for CryptOgraphy killEd (the honest but) cuRious Cloud servIce proVidEr, which is composed of two tools: TradeOffBoard and CryptoAC. TradeOffBoard assists organisations in identifying the optimal CAC architecture for their scenario. CryptoAC enforces authorisation policies in the cloud by deploying the architecture selected with TradeOffBoard. In this paper, we describe the implementation of CryptoAC and conduct a thorough performance evaluation to demonstrate its scalability and efficiency with synthetic benchmarks.
Download

Short Papers

Paper Nr:	11
Title:	Supporting Cyber Threat Analysis with Service-Oriented Enterprise Modeling
Authors:	Kees Leune and Sung Kim
Abstract:	Today’s enterprise environment is rapidly changing with organizations adopting cloud services at record rates. This deperimeterization of enterprise computing architectures depends on software as a service (SaaS) and makes traditional perimeter-based defense controls less effective. We propose a service-oriented threat modeling approach that focuses on the perspective of a service consumer. We supplement our approach by providing an implementation view that includes technical details of service implementations that can be queried to identify potential vulnerabilities in the system. Our approach differs from existing threat modeling methods in that we seek to capture interactions between services in a technologically agnostic manner. This extends the applicability of our model into the realm of security operations. A case study and proof-of-concept are presented to validate our approach and demonstrate how such a model can be used to provide meaningful support for operations engineers.
Download

Paper Nr:	13
Title:	Signer and Message Ambiguity from a Variety of Keys
Authors:	George Teşeleanu
Abstract:	A signer and message ambiguous signature enables a recipient to request a signer to sign a sensible message such that the signer cannot guess what message he signed and the receiver cannot deduce the signer’s identity. In this work, we formalize this type of signature, introduce the corresponding security requirements and describe two instantions. The first one assumes that the signer hides his identity in n independently generated public keys, while the second one assumes that all n public keys share the same public parameters.
Download

Paper Nr:	20
Title:	Ransomware Detection using Markov Chain Models over File Headers
Authors:	Nicolas Bailluet, Hélène L. Bouder and David Lubicz
Abstract:	In this paper, a new approach for the detection of ransomware based on the runtime analysis of their behaviour is presented. The main idea is to get samples by using a mini-filter to intercept write requests, then decide if a sample corresponds to a benign or a malicious write request. To do so, in a learning phase, statistical models of structured file headers are built using Markov chains. Then in a detection phase, a maximum likelihood test is used to decide if a sample provided by a write request is normal or malicious. We introduce new statistical distances between two Markov chains, which are variants of the Kullback-Leibler divergence, which measure the efficiency of a maximum likelihood test to distinguish between two distributions given by Markov chains. This distance and extensive experiments are used to demonstrate the relevance of our method.
Download

Paper Nr:	34
Title:	Proof-of-Useful-Randomness: Mitigating the Energy Waste in Blockchain Proof-of-Work
Authors:	Efe A. Seyitoglu, Attila A. Yavuz and Thang Hoang
Abstract:	Proof-of-Work (PoW) is one of the fundamental and widely-used consensus algorithms in blockchains. In PoW, nodes compete to receive the mining reward by trying to be the first to solve a puzzle. Despite its fairness and wide-availability, traditional PoW incurs extreme computational and energy waste over the blockchain. This waste is considered to be one of the biggest problems in PoW-based blockchains and cryptocurrencies. In this work, we propose a new useful PoW called Proof-of-Useful-Randomness (PoUR) that mitigates the energy waste by incorporating pre-computed (disclosable) randomness into the PoW. The key idea is to inject special randomness into puzzles via algebraic commitments that can be stored and later disclosed. Unlike the traditional wasteful PoWs, our approach enables pre-computed commitments to be utilized by a vast array of public-key cryptography methods that require offline-online processing (e.g., digital signature, key exchange, zero-knowledge protocol). Moreover, our PoW preserves the desirable properties of the traditional PoW and therefore does not require a substantial alteration in the underlying protocol. We showed the security of our PoW, and then fully implemented it to validate its significant energy-saving capabilities.
Download

Paper Nr:	35
Title:	A New MILP Model for Matrix Multiplications with Applications to KLEIN and PRINCE
Authors:	Murat B. İlter and Ali A. Selçuk
Abstract:	Mixed integer linear programming (MILP) models are applied extensively in the field of cryptanalysis. Finding the minimum number of active S-boxes and the best differential characteristic in a differential attack are two main problems examined using the MILP approach. In this study, KLEIN and PRINCE block ciphers are modeled with MILP to search for an exact solution to these problems. Both ciphers contain matrix multiplication operations, which can be calculated using multiple xor operations. The standard MILP model for multiple xors increases the number of variables significantly, which extends the solution time. In this work, an alternative xor model is proposed using fewer variables than the standard xor model. The new model is much more efficient in terms of the number of variables involved and the execution time. Using the new model, we analyze the differential properties of KLEIN and PRINCE. We obtain the exact minimum number of active S-boxes of these ciphers with full rounds and also discover the best differential characteristics for various numbers of rounds. For KLEIN and PRINCE ciphers we achieve the best single differential characteristic of probability 2−56. These results improve the best single-key differential attacks on these ciphers in the literature.
Download

Paper Nr:	39
Title:	Protecting End User’s Privacy When using Social Login through GDPR Compliance
Authors:	Carlos Villarán and Marta Beltrán
Abstract:	Social login allows end-users to identify and authenticate in different applications and services using their social network providers (Facebook, Twitter, Google, LinkedIn) instead of using specific accounts and passwords. This kind of single-sign-on approach relies on federated identity management specifications that significantly simplify login processes. However, this kind of solution also implies new threats for end user’s privacy, because identity providers (social network providers) have access to sensitive information that allows them to perform processing without explicit consent (to profile or track their users, for example) or that can be shared with third parties. This paper proposes the inclusion of new capabilities within the authentication flows, intending to mitigate these privacy threats guaranteeing compliance with the General Data Protection Regulation (GDPR) through transparency and efficient use of already existing mechanisms and technologies such as back-channel logout or consent receipts. Furthermore, the integration of these capabilities in OpenID Connect flows has been validated with a real prototype of the proposed solution.
Download

Paper Nr:	50
Title:	Efficient Joint Random Number Generation for Secure Multi-party Computation
Authors:	Erwin Hoogerwerf, Daphne van Tetering, Aslí Bay and Zekeriya Erkin
Abstract:	Large availability of smart devices and an increased number of online activities result in extensive personalized or customized services in many domains. However, the data these services mostly rely on are highly privacy-sensitive, as in pace-makers. In the last decades, many privacy breaches have increased privacy awareness, leading to stricter regulations on data processing. To comply with this legislation, proper privacy preservation mechanisms are required. One of the technological solutions, which is also provably secure, is Secure Multi-Party Computation (SMPC) that can compute any function with secret inputs. Mainly, in several SMPC solutions, such as data aggregation, we observe that secret values distributed among parties are masked with random numbers, encrypted and combined to yield the desired outcome. To ensure correct decryption of the final result, it is required that these numbers sum to a publicly known value, for instance, zero. Despite its importance, many of the corresponding works omit how to obtain such random numbers jointly or suggest procedures with high computational and communication overhead. This paper proposes two novel protocols for Joint Random Number Generation with very low computational and communication overhead. Our protocols are stand-alone and not embedded in others, and can therefore be used in data aggregation and other applications, for instance, machine learning algorithms, that require such random numbers. We first propose a protocol that relies on bit-wise sharing of individually generated random numbers, allowing parties to adapt random numbers to yield a public sum. Second, we propose a protocol that uses the sign function to generate a random number from broadcast numbers. We provide security and complexity analyses of our protocols.
Download

Paper Nr:	55
Title:	Improved Circuit Compilation for Hybrid MPC via Compiler Intermediate Representation
Authors:	Daniel Demmler, Stefan Katzenbeisser, Thomas Schneider, Tom Schuster and Christian Weinert
Abstract:	Secure multi-party computation (MPC) allows multiple parties to securely evaluate a public function on their private inputs. The field has steadily moved forward and real-world applications have become practical. However, MPC implementations are often hand-built and require cryptographic knowledge. Thus, special compilers like HyCC (Büscher et al., CCS’18) have been developed, which automatically compile high-level programs to combinations of Boolean and arithmetic circuits required for mixed-protocol (hybrid) MPC. In this work, we explore the advantages of extending MPC compilers with an intermediate representation (IR) as commonly used in modern compiler infrastructures. For this, we extend HyCC with a graph-based IR that facilitates the implementation of well-known algorithms from compiler design as well as further MPC-specific optimizations. We demonstrate the benefits by implementing arithmetic decomposition based on our new IR that automatically extracts arithmetic expressions and then compiles them into separate circuits. For a line intersection algorithm, we require 40% less run-time and improve total communication by a factor of 3x compared to regular HyCC when securely evaluating the corresponding circuit with the hybrid MPC framework ABY (Demmler et al., NDSS’15).
Download

Paper Nr:	56
Title:	A Novel Security Framework for Minimization of False Information Dissemination in VANETs: Bayesian Game Formulation
Authors:	Basant Subba and Ayushi Singh
Abstract:	Information received by a vehicle in a Vehicular Ad-hoc Network (VANET) can either be regular messages from normal sender vehicles or fraudulent messages from malicious senders. Accepting malevolent messages from malicious sender would result in the receiver vehicle processing erroneous information, while discarding genuine normal messages would result in loss of valuable information. Therefore, in absence of a corroborating mechanism to verify the type of the sender vehicle (normal or malicious), the receiver vehicle is faced with a dilemma of either accepting or discarding the received information. This paper aims to address this issue by modeling the interaction between the pair of communicating vehicles in VANET as a two player incomplete information extensive form game. Various vehicular attributes such as the detection rate & false alarm rate of the IDSs operating on vehicles, reputation values of vehicles, priority levels of the messages being exchanged etc., are used to formulate the Bayesian Nash Equilibrium (BNE) based messages accepting strategies for the receiver vehicle. Empirical results show that the proposed game theory based framework significantly reduces the dissemination of false information in the vehicular network by enforcing the malicious sender vehicles (attackers) into adopting a constrained set of less malevolent strategies.
Download

Paper Nr:	58
Title:	An Extension of the Avalanche Criterion in the Context of c-Differentials
Authors:	Pål Ellingsen, Constanza Riera, Pantelimon Stănică and Anton Tkachenko
Abstract:	The Strict Avalanche Criterion (SAC) is a property of vectorial Boolean functions that is used in the construction of strong S-boxes. We generalize in this paper the concept of SAC in the realm of finite fields, to address possible c-differential attacks. We define the concepts of c-Strict Avalanche Criterion (c-SAC) and c-Strict Avalanche Criterion of order m (c-SAC(m)), and generalize results of (Li and Cusick, 2005). We also find out, computationally, that the new definition is not equivalent to the existing concepts of c-bent1-ness (Stănică et al., 2020), nor (for n = m) PcN-ness (Ellingsen et al., 2020).
Download

Paper Nr:	61
Title:	A New Delegated Authentication Protocol based on PRE
Authors:	Anass Sbai, Cyril Drocourt and Gilles Dequen
Abstract:	New trends highlight the use of delegated authentication solutions where identity providers do not need to synchronize user credentials with services. It is a facility for service providers and also for users who do not have to create multiple accounts. Different solutions for single sign-on and delegated authentication exist. Most of these solutions require many exchanges between the different actors involved in the protocol, an additional TLS layer and/or the use of signature schemes which, in terms of security, rely on random oracles for reasons of efficiency. In this article, we recall the concept of the best known solutions (e.g. Kerberos, OpenID, ...), briefly discuss the possibility of using one-way accumulators and define the Proxy Re-Encryption (PRE). Next, we propose a new delegated authentication protocol that allows users to authenticate anonymously on insecure networks and therefore asynchronously without direct communication between identity providers and service providers while minimizing the number of interactions. We based our solution on the use of PRE which could be instantiated by schemes based on standard assumptions. We first show how our protocol behaves against different types of attacks. Then in a more formal manner, we present the proof of security based on an adaptation of BAN logic method that supports the use of PRE functionalities.
Download

Paper Nr:	66
Title:	Mobile Family Detection through Audio Signals Classification
Authors:	Rosangela Casolare, Giacomo Iadarola, Fabio Martinelli, Francesco Mercaldo and Antonella Santone
Abstract:	Nowadays smartphones, and generically speaking mobile devices, allow users a plethora of tasks in total mobility for instance, from checking the balance on the bank account to distance learning. In this context it is really critical the detection of malicious behaviours, considering the weaknesses of the current antimalware mechanisms. In this paper we propose a method for malicious family detection exploiting audio signal processing: in fact, an application is converted into an audio file and then is processed to generate a feature vector to input several classifiers. We perform a real-world experimental analysis by considering a set of malware targeting the Android platform i.e., 4746 malware belonging to 10 families, showing the effectiveness of the proposed approach for Android malicious family detection.
Download

Paper Nr:	68
Title:	Accurate Measurement of the Energy Consumption of Security Functions
Authors:	Benoít Fournier, Valérie T. Tong and Gilles Guette
Abstract:	In recent years, the number of IoT devices has grown exponentially. These devices need to communicate with each other or with the infrastructure and their communications need to be protected. To do this, devices implement security protocols that ultimately rely on the execution of encryption, decryption and hash functions. When these devices run on battery, more broadly, in an energy-saving approach, it is important to evaluate the energy consumption associated with the implementation of these security measures. In the long run, we believe that it will be necessary to choose a balance between the implementation of very strong security measures but very expensive in terms of energy consumption and other implementations, perhaps less safe but less expensive. The first step in this direction is to know how to accurately measure the energy consumption of existing and widely deployed security libraries. In this article, we describe a methodology and architecture to evaluate the power consumption of any functions running on a Raspberry Pi. This article provides a benchmark of some of the cryptographic functions of OpenSSL, allowing developers to know what the cost of using a particular function is, and also to compare the energy cost of security functions with similar functionality.
Download

Paper Nr:	70
Title:	Practically Efficient RFID Scheme with Constant-time Identification
Authors:	Ferucio L. Ţiplea and Cristian Hristea
Abstract:	Complex systems based on RFID technology, such as healthcare or people identification, raise various scalability problems, timely identification of tags, security, privacy, and efficient, practical implementation. This is because such systems contain many tags, operate with private personal data, and respond promptly in concrete, practical situations to avoid malfunctions (errors in the decision process, traffic congestion, and so on). This paper proposes an RFID protocol that achieves the properties mentioned above, namely mutual authentication, destructive privacy, and constant-time identification in Vaudenay’s model with temporary state disclosure. The protocol employs just an IND-CPA secure symmetric-key encryption scheme, which makes it very efficient in implementation. To protect the secret key against adversaries with corruption capabilities, physically unclonable functions (PUFs) are used to mask it. As far as we know, this is the most practically efficient RFID protocol that achieves mutual authentication, destructive privacy, and constant-time identification. All these key features make it suitable for applications as those above.
Download

Paper Nr:	75
Title:	A Comparison of GKE Protocols based on SIDH
Authors:	Hiroki Okada, Shinsaku Kiyomoto and Carlos Cid
Abstract:	End-to-end encryption enables secure communication without releasing the contents of messages to the system server. This is a crucial security technology, in particular to cloud services. Group Key Establishment (GKE) protocols are often needed to implement efficient group end-to-end encryption systems. Perhaps the most famous GKE protocol is the Broadcast Protocol, proposed by Burmester and Desmedt. In addition, they also proposed the Star-based Protocol, Tree-based Protocol, and Cyclic-based Protocol. These protocols are based on the Diffie-Hellman key exchange protocol, and therefor are not secure against attacks based on quantum computers. Recently, Furukawa et al. proposed an efficient GKE protocol by modifying the original Broadcast Protocol into a post-quantum GKE protocol based on the Supersingular Isogeny Diffie-Hellman key exchange (SIDH). In this paper, we extend their work by considering the remaining DH-based GKE protocols by Burmester and Desmedt post-quantum versions based on SIDH, and compare their efficiency. As a result, we confirm that the Broadcast Protocol is indeed the most efficient protocol in this post-quantum setting, in terms of both communication rounds and computation time.
Download

Paper Nr:	77
Title:	Multi-Party Private Set Intersection Protocols for Practical Applications
Authors:	Asli Bay, Zeki Erkin, Mina Alishahi and Jelle Vos
Abstract:	Multi-Party Private Set Intersection (MPSI) is an attractive topic in research since a practical MPSI protocol can be deployed in several real-world scenarios, including but not limited to finding the common list of customers among several companies or privacy-preserving analyses of data from different stakeholders. Several solutions have been proposed in the literature however, the existing solutions still suffer from performance related challenges such as long run-time and high bandwidth demand, particularly when the number of involved parties grows. In this paper, we propose a new approach based on threshold additively homomorphic encryption scheme, e.g., Paillier, which enables us to process the bit-set representation of sets under encryption. By doing so, it is feasible to securely compute the intersection of several data sets in an efficient manner. To prove our claims on performance, we compare the communication complexity of our approach with the existing solutions and show performance test results. We also show how the proposed protocol can be extended to securely compute other set operations on multi-party data sets.
Download

Paper Nr:	80
Title:	Using Program Analysis to Identify the Use of Vulnerable Functions
Authors:	Rasmus Hagberg, Martin Hell and Christoph Reichenbach
Abstract:	Open-Source Software (OSS) is increasingly used by software applications. It allows for code reuse, but also comes with the problem of potentially being affected by the vulnerabilities that are found in the OSS libraries. With large numbers of OSS components and a large number of published vulnerabilities, it becomes challenging to identify and analyze which OSS components need to be patched and updated. In addition to matching vulnerable libraries to those used in software products, it is also necessary to analyze if the vulnerable functionality is actually used by the software. This process is both time-consuming and error-prone. Automating this process presents several challenges, but has the potential to significantly decrease vulnerability exposure time. In this paper, we propose a modular framework for analyzing if software code is using the vulnerable part of a library, by analyzing and matching the call graphs of the software with changes resulting from security patches. Further, we provide an implementation of the framework targeting Java and the Maven dependency management system. This allows us to identify 20% of the dependencies in our sample projects as false positives. We also identify and discuss challenges and limitations in our approach.
Download

Paper Nr:	85
Title:	Compact Variable-base ECC Scalar Multiplication using Euclidean Addition Chains
Authors:	Fabien Herbaut, Nicolas Méloni and Pascal Véron
Abstract:	The random generation of Euclidean addition chains fits well with a GLV context (Dosso et al., 2018) and provides a method with decent performance despite the growth of the base field required to get the same level of security. The aim of this paper is to reduce the size of the base field required. Combined with an algorithmic improvement, we obtain a reduction of 21% of the memory usage. Hence, our method appears to be one of the most compact scalar multiplication procedure and is particularly suitable for lightweight applications.
Download

Paper Nr:	87
Title:	Secure Computation by Secret Sharing using Input Encrypted with Random Number
Authors:	Keiichi Iwamura and Ahmad M. Kamal
Abstract:	Typically, unconditionally secure computation using a (k,n) threshold secret sharing is considered impossible when n<2k-1. Therefore, in our previous work, we first took the approach of finding the conditions required for secure computation under the setting of n<2k-1 and showed that secure computation using a (k,n) threshold secret sharing can be realized with a semi-honest adversary under the following three preconditions: (1) the result of secure computation does not include 0; (2) random numbers reconstructed by each server are fixed; and (3) each server holds random numbers unknown to the adversary and holds shares of random numbers that make up the random numbers unknown to the adversary. In this paper, we show that by leaving condition (3), secure computation with information-theoretic security against a semi-honest adversary is possible with k≤n<2k-1. In addition, we clarify the advantage of using secret information that has been encrypted with a random number as input to secure computation. One of the advantages is the acceleration of the computation time. Namely, we divide the computation process into a preprocessing phase and an online phase and shift the cost of communication to the preprocessing phase. Thus, for computations such as inner product operations, we realize a faster online phase, compared with conventional methods.
Download

Paper Nr:	101
Title:	A Scalable Bitcoin-based Public Key Certificate Management System
Authors:	Chloe Tartan, Craig Wright, Michaella Pettit and Wei Zhang
Abstract:	The main challenges with traditional public key infrastructures arise from the detection of fraudulent public key certificates and the timely retrieval of an up-to-date record of revoked certificates. While Certificate Transparency logs help to detect falsified certificates in circulation, they do not address the prevailing issues with certificate revocation. Public blockchains such as Bitcoin can be used to create a transparent, tamper-proof log of events secured by the cryptographic work carried out by nodes in the network. In this paper, we present a Bitcoin-based certificate management system that exploits the scalability and low-cost features of its underlying blockchain infrastructure, while preserving user privacy. Based on a feasibility analysis, we estimate the capability to support 9000 certificate issuances, revocations, or updates per second at a cost of less than 0.005 USD per event. The immutability and auditability of records stored on the blockchain provides a universal view of public key certificates. A comparative analysis shows that our solution can significantly reduce the overhead endured by live certificate status retrievals and offers flexibility in certificate revocation. The revocation of a public key certificate is as simple as spending a Bitcoin transaction.
Download

Paper Nr:	107
Title:	Cloud Key Management using Trusted Execution Environment
Authors:	Jaouhara Bouamama, Mustapha Hedabou and Mohammed Erradi
Abstract:	Cloud storage represents a primordial component in most information technology infrastructures. Using cloud instead of on-premise storage raises several security issues, especially when secret keys are stored on the cloud. In such a setting, a robust cloud key management system is a must. Using traditional key management systems (KMS) in the cloud suffers from performance and scalability limitations. This paper, proposes an efficient and secure cloud KMS based on Trusted Execution Environment, precisely Intel SGX. The suggested system (KMSGX), while being deployed on the cloud, is fully controlled by the end-user. Therefore, KMSGX allows running on-premise software key management securely on the cloud provider side, protecting the exchanged and stored data. The security properties of the suggested design have been formalized using the Applied Pi Calculus and proved with ProVerif. The experimental results have demonstrated the system’s high performance in terms of the upload and download durations and the limited overhead compared to the plain design.
Download

Paper Nr:	124
Title:	An Improved Live Anomaly Detection System (I-LADS) based on Deep Learning Algorithms
Authors:	Gustavo Gonzalez-Granadillo, Alejandro G. Bedoya and Rodrigo Diaz
Abstract:	Network Anomaly detection is an open issue that considers the problem of finding patterns in data that do not conform to expected behavior. Anomalies exhibit themselves in network statistics differently; therefore developing general models of normal network behavior and anomalies is a challenging task. This paper presents an Improved Live Anomaly Detection System (I-LADS) based on AutoEncoder (AE), a well known deep learning algorithm, to detect network traffic anomalies. I-LADS comes in two versions: (i) I-LADS-v1, that uses filters to independently model IP addresses from the NetFlow dataset, making it possible to train one model for each filtered IP address; and (ii) I-LADS-v2, that uses no filter and therefore a single algorithm is trained for all IP addresses. Experiments have been conducted using a valid dataset containing over two million connections to build a model with multiple features in order to identify the approach that most accurately detects traffic anomalies in the target network. Preliminary results show a promising solution with 99% and 94% of accuracy for the supervised and unsupervised learning approaches respectively.
Download

Paper Nr:	125
Title:	Inferring Flow Table State through Active Fingerprinting in SDN Environments: A Practical Approach
Authors:	Marcin Gregorczyk and Wojciech Mazurczyk
Abstract:	Software-Defined Networking (SDN) is currently a popular and heavily investigated concept, e.g., in cloud computing. Despite its obvious benefits, the decoupling of the control and data planes brings new security risks. One of the major threats is overflow attack, which can lead to network instability. To perform it in an efficient manner, an attacker needs to infer the flow table state, and for this purpose, typically fingerprinting techniques are utilized. In this paper, first, we prove that the previously proposed fingerprinting method exhibits major limitations. Then, building upon the existing solution, we propose an improved attack technique which is able to predict the flow table state with more than 99% prediction accuracy. Moreover, our solution has additional advantages over state-of-the-art solutions, i.e., it is adaptive and robust, thus it is suitable for real-world applications. Finally, we also discuss potential countermeasures that can be used to thwart such threats.
Download

Paper Nr:	128
Title:	SecSDN: A Novel Architecture for a Secure SDN
Authors:	Parjanya Vyas and R. K. Shyamasundar
Abstract:	Security of SDN has been an important focus of research. Attempts to uncover security vulnerabilities in SDN points to two major causes: (i) Inherent assumption of switches being severely limited in intelligence, (ii) Lack of authentication in the communication between controllers and switches. The assumption that switches have limited intelligence, and can only do the task of packet forwarding, further leads to the inference of switches never being actively corrupt or operated by malicious entities. While such an assumption is reasonable for SDN data centers operated within the bounds of a single organization, it is incorrect for larger scaled inter-networking. In this paper, we propose SecSDN, an architecture and a protocol using repetitive hashing to authenticate the communicating parties, securely verify consistency of flow tables residing inside the switches and detect their malicious behaviour within a predefined constant time frame. Using such a technique, we arrive at an infrastructure that can securely perform functions as envisaged in SDN. We establish the correctness of SecSDN and the simulations show that the overhead incurred is virtually non-existent.
Download

Paper Nr:	139
Title:	Storage Friendly Provably Secure Multivariate Identity-Based Signature from Isomorphism of Polynomials Problem
Authors:	Ratna Dutta, Sumit K. Debnath and Chinmoy Biswas
Abstract:	Multivariate public key cryptosystem (MPKC) is one of the promising candidates for post-quantum cryptography (PQC) as it features fast and efficient computation with security under the NP hardness of solving a system of multivariate quadratic (MQ) polynomial equations over a finite field. In the last two decades, there have been remarkable development in MPKC specially in signature and encryption scheme. In this work, we have developed a multivariate identity-based signature (MV-IBS) scheme employing a specialized version of non-interactive zero-knowledge proofs of knowledge (NIZK). Our construction is existentially unforgeable against chosen message and chosen identity attack (EUF-CMA) in the random oracle model (ROM) under the hardness of the isomorphism of polynomials (IP) problem. An IP problem tests the equivalence of two polynomial maps. It says that given access to two quadratic functions which are equal up to linear changes of coordinates, it is difficult to compute these changes of coordinates. We emphasize that unlike most of the MPKC, our scheme achieves provable security in an existing security framework. Additionally, the proposed IBS performs better over the existing works in terms of user’s secret key size, master public key size and master secret key size.
Download

Paper Nr:	141
Title:	Formal Security Verification of the Station-to-Station based Cell-attachment Procedure of LDACS
Authors:	Nils Mäurer, Christoph Gentsch, Thomas Gräupl and Corinna Schmitt
Abstract:	Aeronautical communications systems are currently undergoing a modernization process. Analogue legacy systems shall be replaced with modern digital alternatives, offering higher bandwidth, increasing capacity and paving the way for Unmanned Aeronautical Vehicles (UAVs). One modern candidate technology is the L-band Digital Aeronautical Communications System (LDACS), enabling long-range safety-critical digital communications between aircraft and ground. As with any modern wireless communications system, LDACS is prone to cyber-attacks. These issues were addressed in former research, where a secure cell-attachment procedure for LDACS, based on a modified Station to Station (STS) Mutual Authentication and Key Establishment (MAKE) protocol, was proposed. However, as of now, its security has not been proven. The contribution of this paper is the formal verification of the executability and security of the LDACS cell-attachment procedure using the symbolic model checker Tamarin. The achieved results proved that the suggested cell-attachment procedure for LDACS is workable and enables secure communication between aircraft and ground.
Download

Paper Nr:	151
Title:	Side Channel Counter-measures based on Randomized AMNS Modular Multiplication
Authors:	Christophe Negre
Abstract:	The paper presents counter-measures based on dynamic randomization against side channel analysis like differential and correlation power analysis. The building block of the proposed counter-measure is a randomization of the modular multiplication in AMNS for a prime p. We use this randomized modular multiplication to inject randomization during the whole computation in DSA exponentiation and Co-Z elliptic curve scalar multiplication. We analyze the level of randomization injected and, through implementations results, we evaluate the penalty in terms of performance of the proposed counter-measures.
Download

Paper Nr:	160
Title:	Selective Owner-side Encryption in Digital Data Markets: Strategies for Key Derivation
Authors:	Sara Foresti and Giovanni Livraga
Abstract:	The combined adoption of selective encryption and smart contracts deployed on blockchains allows data owners to maintain control over their data when traded on digital data market platforms. Selective encryption, combined with key derivation techniques, guarantees that only customers who are entitled to access a resource can read its content. The adoption of smart contracts deployed on a blockchain permits to regulate the interplay among parties, the possible economic incentives to be paid to the owners, and the exchange of the information necessary for resource decryption (i.e., updates to the key derivation structure) upon payment. However, operations on blockchains have a cost. In this paper, we propose two approaches for updating the key derivation structure to enable customers to access resources, while limiting access times to resources and the cost of write operations on the blockchain to enforce purchases.
Download

Paper Nr:	3
Title:	Security Issues of Electronic and Mobile Banking
Authors:	Wojciech Wodo, Damian Stygar and Przemysław Błaśkiewicz
Abstract:	With the very dynamic development of digital banking and trust services, security system designers have a huge number of new users as well as new problem areas to address. The article tries to draw attention to the most burning elements of modern digital banking security systems, taking into account not only technical areas, but also the level of awareness and habits of their users. The approach described in the article indicates connections between various elements of security systems, which go beyond the infrastructure of a single bank. In the content of the article the authors analyze the dangers associated with the use of digital and mobile banking systems by people with different levels of IT-related threats awareness based on their qualitative research (one hour in-depth interviews) on a group of 60 clients of banking services in Poland. The article tackles some issues associated with the compliance of banks with the PSD2 directive and exemplary ways of implementing the SCA recommendations (including a special emphasis on the risks of using SMS codes), the use of biometrics in user authorization, popularity and automation of phishing attacks, as well as forceful coercion. Several issues associated with electronic and mobile banking security are elaborated based on their current status in Poland.
Download

Paper Nr:	9
Title:	Enforcing Cardinality Constraint in Temporal RBAC
Authors:	Sohail Rajdev and Barsha Mitra
Abstract:	The temporal extensions of the Role-Based Access Control (RBAC) model imposes duration constraints on the availability of roles by allowing periodic enabling and disabling of roles. For deploying these models, a set of roles having associated time constraints are required. Such type of roles are termed as temporal roles and the process of creating them is referred to as Temporal Role Mining. In many real-life scenarios, simply imposing time constraints on role availability may not be sufficient. The system administrator may need to ensure different types of constraints reflecting specific organizational policies. In this paper, we propose a cardinality constraint which restricts the maximum number of temporal roles that a user can activate in a particular time interval. We name this constraint as Temporal Role Assignment Constraint (TRAC). We formally define the problem of mining a minimal set of temporal roles in presence of TRAC as the TRAC Temporal Role Mining Problem (TRAC-TRMP) and propose an algorithm for solving it. We also present the experimental results reflecting the performance of our proposed approach.
Download

Paper Nr:	25
Title:	Dynamic Access Control Framework for Enterprise Content Management Systems
Authors:	Nadia Hocine and Ismail Bokhari
Abstract:	With the large adoption of telework business model, employees can work anytime, anywhere and sometimes with their own personal devices due to the limited financial capabilities of their companies. Many issues of the security and access control of remote exchanges of Enterprise Content Management systems (ECM) have to be considered. In particular, the access control should be adapted to employees’ context, their multiple device capabilities as well as their profiles and situations to increase the usability of the system. However, most access control models do not take into account the users’ profiles and the variability of their devices in open network. They also focus on the continuous intervention of administrators to manage the system and add new devices and set parameters. With the diversity of users’ devices and context conditions in telework, access control needs to be dynamically managed to reduce human intervention. In this paper, we suggest an agent-based access control framework that focuses on M5StickC external device used as an access badge. The framework is based on a multi-level rule engine to dynamically generate policies according to users’ context, profile and device. It is implemented and proposed as an open-source solution for small companies to manage their own ECM access control.
Download

Paper Nr:	27
Title:	AVX-512-based Parallelization of Block Sieving and Bucket Sieving for the General Number Field Sieve Method
Authors:	Pritam Pallab and Abhijit Das
Abstract:	The fastest known general-purpose technique for factoring integers is the General Number Field Sieve Method (GNFSM), in which the most time-consuming part is the sieving stage. For both line sieving and lattice sieving, two cache-friendly extensions used in practical implementations are block sieving and bucket sieving. The new AVX-512 instruction set in modern Intel CPUs offers some fast vectorization intrinsics. In this paper, we report our AVX-512 based cache-friendly parallelization of block and bucket sieving for the GNFSM. We use vectorization for both sieve-index calculations and sieve-array updates in block sieving, and for the insertion stage in bucket sieving. Our experiments using Intel Xeon Skylake processors demonstrate a performance boost in both single-core and multi-core environments. The introduction of cache-friendly sieving leads to a speedup of up to 63%. On top of that, vectorization yields a speedup of up to 25%.
Download

Paper Nr:	32
Title:	Involving Humans in the Cryptographic Loop: Introduction and Threat Analysis of EEVEHAC
Authors:	Julius Hekkala, Sara Nikula, Outi-Marja Latvala and Kimmo Halunen
Abstract:	Our digital lives rely on modern cryptography that is based on complicated mathematics average human users cannot follow. Previous attempts at adding the human user into the cryptographic loop include things like Human Authenticated Key Exchange and visualizable cryptography. This paper presents our proof-of-concept implementation of these ideas as a system called EEVEHAC. It utilizes human capabilities to achieve an end-to-end encrypted channel between a user and a server that is authenticated with human senses and can be used through untrusted environments. The security of this complete system is analyzed. We find that the combination of the two different systems into EEVEHAC on a theoretical level retains the security of the individual systems. We also identify the weaknesses of this implementation and discuss options for overcoming them.
Download

Paper Nr:	37
Title:	Empirical Security and Privacy Analysis of Mobile Symptom Checking Apps on Google Play
Authors:	I. Wayan Budi Sentana, Muhammad Ikram, Mohamed A. Kaafar and Shlomo Berkovsky
Abstract:	Smartphone technology has drastically improved over the past decade. These improvements have seen the creation of specialized health applications, which offer consumers a range of health-related activities such as tracking and checking symptoms of health conditions or diseases through their smartphones. We term these applications as Symptom Checking apps or simply SymptomCheckers. Due to the sensitive nature of the private data they collect, store and manage, leakage of user information could result in significant consequences. In this paper, we use a combination of techniques from both static and dynamic analysis to detect, trace and categorize security and privacy issues in 36 popular SymptomCheckers on Google Play. Our analyses reveal that SymptomCheckers request a significantly higher number of sensitive permissions and embed a higher number of third-party tracking libraries for targeted advertisements and analytics exploiting the privileged access of the SymptomCheckers in which they exist, as a mean of collecting and sharing critically sensitive data about the user and their device. We find that these are sharing the data that they collect through unencrypted plain text to the third-party advertisers and, in some cases, to malicious domains. The results reveal that the exploitation of SymptomCheckers is present in popular apps, still readily available on Google Play.
Download

Paper Nr:	38
Title:	BlockJack: Towards Improved Prevention of IP Prefix Hijacking Attacks in Inter-domain Routing via Blockchain
Authors:	I. B. Sentana, Muhammad Ikram and Mohamed A. Kaafar
Abstract:	We propose “BlockJack”, a system based on a distributed and tamper-proof consortium Blockchain that aims at blocking IP prefix hijacking in the Border Gateway Protocol (BGP). BlockJack provides a synchronization amongst a BlockChain and BGP networks through interfaces ensuring operational independence. This approach preserves the legacy system and accommodates the impact of a race condition if the Blockchain process exceeds the BGP update intervals. BlockJack is also resilient to dynamic routing path changes during the occurrence of the IP prefix hijacking in the routing tables. We implement BlockJack using Hyperledger Fabric Blockchain and Quagga software package and we perform an initial set of experiments to evaluate its efficacy. We evaluate the performance and resilience of BlockJack in various attack scenarios including single and multiple paths attacks, and attacks from random sources. Our results show that BlockJack is able to handle multiple attacks caused by Autonomous Systems (AS) path changes during a BGP prefix hijacking. In experiment settings with 50 random routers, BlockJack takes on average 0.08 seconds (with standard deviation of 0.04 seconds) to block BGP prefix hijacking attacks.
Download

Paper Nr:	46
Title:	Private Set Intersection: Past, Present and Future
Authors:	Ionita Andreea
Abstract:	Privacy has been more and more difficult to obtain since the development of the Internet. Private set intersection has been and still is a subject of great interest. In this paper we present the state of the art for PSI and propose four new directions for PSI protocols based on bilinear maps, secret sharing, modular inverse and symmetric encryption. Although our proposals are not the best in terms of efficiency, we believe that there are many optimizations to be done to achieve performance competitive with the best known protocols.
Download

Paper Nr:	52
Title:	MMU-based Access Control for Libraries
Authors:	Marinos Tsantekidis and Vassilis Prevelakis
Abstract:	Code Reuse Attacks can trick the CPU into performing some actions not originally intended by the running program. This is due to the fact that the execution can move anywhere within a process’s executable memory area, as well as the absence of policy checks when a transfer is performed. In our effort to defend against this type of attacks, in an earlier paper we present a Proof-of-Concept mitigation technique based on a modified Linux kernel where each library - either dynamically or statically linked - constitutes a separate code region. The idea behind this technique is to compartmentalize memory in order to control access to the different memory segments, through a gate. Taking our previous work one step further, in this paper we present an updated version of our kernel-side technique, where we implement security policies in order to identify suspicious behavior and take some action accordingly.
Download

Paper Nr:	79
Title:	Exposure Resilient Public-key Encryption with Keyword Search against Keyword Guessing Attack
Authors:	Kaito Uemura and Satoshi Obana
Abstract:	Public-key Encryption with Keyword Search (PEKS), proposed by Boneh et al. in 2004, is a cryptographic primitive that enables keyword search over encrypted data. The crucial issue of PEKS is that many existing PEKS do not guarantee security against Keyword Guessing Attack (KGA). Moreover, if a key exposure occurs, PEKS cannot ensure secrecy of the ciphertext entrusted to the server. In this paper, we propose two Exposure Resilient Public-Key Encryption with Keyword Search against KGA. The proposed schemes guarantee security against KGA by slightly modifying the search process of PEKS so that it cannot be executed without the server’s secret key. Furthermore, the damage of key exposure is minimized by periodically updating the key. The second scheme even tolerates corruption of a server, which is realized by dividing the power of a single server into two separate servers.
Download

Paper Nr:	83
Title:	PUF based Lightweight Authentication and Key Exchange Protocol for IoT
Authors:	Sourav Roy, Dipnarayan Das, Anindan Mondal, Mahabub H. Mahalat, Suchismita Roy and Bibhash Sen
Abstract:	Internet-of-Things (IoT), an integral part of today’s smart society, is facing tremendous challenges of different security and interoperability attacks. Also, IoT device works in resource-constrained environments with limited storage. Conventional cryptography is not suitable for low-cost IoTs, and also they are susceptible to physical attacks. This work proposes a lightweight authentication and key exchange protocol utilizing the physically unclonable function (PUF) as security primitive. A single PUF challenge-response pair (PUF-CRP) is utilised to overcomes the server’s storage overhead in the proposed protocol. Also, this protocol ensures the secret message passing using the lightweight XOR function. The proposed protocol authenticates the end-user successfully as well as maintains the security of the shared secret. The two-pass approach of the proposed method builds confidence in communicating entities. Formal analysis by automated Proverif tool validates its security. Performance evaluation advocates the superiority of the proposed protocol over the existing methods upholding its strong security and lightweight feature.
Download

Paper Nr:	86
Title:	On Chameleon Pseudonymisation and Attribute Compartmentation-as-a-Service
Authors:	Anne M. Kayem, Nikolai J. Podlesny and Christoph Meinel
Abstract:	Data privacy legislation and the growing number of security violation incidents in the media, have played a key role in consumer awareness of data protection. Furthermore, the digital trail left by activities such as online purchases, websites browsed, and/or clicked advertisements yield behavioural information that is useful for various data analytics operations. Analysing such information in a privacy-preserving way is useful both in satisfying service level agreements and complying with privacy regulations. Pseudonymisation and anonymisation have been widely advocated as a means of generating privacy-preserving datasets. However, each approach poses drawbacks in terms of composing privacy-preserving datasets from multiple distributed data sources. The issue is made worse when the owners of the datasets co-exist in an untrusted environment. This paper presents a novel method of generating privacy-preserving datasets composed of distributed data in an untrusted scenario. We achieve this by combining cryptographically secure pseudonymisation with data obfuscation and sanitisation. The pseudonymisation and compartmentation are outsourced to a central but fully oblivious entity that can blindly compose datasets based on distributed sources. Controlled non-transitive join operations are used to ensure that the published datasets do not violate the contributing parties’ privacy properties. As a further step, the service provider will employ obfuscation and sanitisation to identify and break functional dependencies between attribute values that hold the risk of inferential disclosures. Our empirical model shows that the overhead due to cryptographic pseudonymisation is negligible and can be deployed in large datasets in a scalable manner. Furthermore, we are able to minimise information loss, even in large datasets, without impacting privacy negatively.
Download

Paper Nr:	97
Title:	Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model’s Complexity
Authors:	Mathias Parisot, Balázs Pejó and Dayana Spagnuelo
Abstract:	Machine learning models’ goal is to make correct predictions for specific tasks by learning important properties and patterns from data. By doing so, there is a chance that the model learns properties that are unrelated to its primary task. Property Inference Attacks exploit this and aim to infer from a given model (i.e., the target model) properties about the training dataset seemingly unrelated to the model’s primary goal. If the training data is sensitive, such an attack could lead to privacy leakage. In this paper, we investigate the influence of the target model’s complexity on the accuracy of this type of attack, focusing on convolutional neural network classifiers. We perform attacks on models that are trained on facial images to predict whether someone’s mouth is open. Our attacks’ goal is to infer whether the training dataset is balanced gender-wise. Our findings reveal that the risk of a privacy breach is present independently of the target model’s complexity: for all studied architectures, the attack’s accuracy is clearly over the baseline.
Download

Paper Nr:	114
Title:	RMCCS: RSSI-based Message Consistency Checking Scheme for V2V Communications
Authors:	Mujahid Muhammad, Paul Kearney, Adel Aneiba, Junaid Arshad and Andreas Kunz
Abstract:	V2V messaging systems enable vehicles to exchange safety related information with each other and support road safety and traffic efficiency applications. The effectiveness of these applications depends on the correctness of the information reported in the V2V messages. Consequently, the possibility that malicious agents may send false information is a major concern. The physical features of a transmission are relatively difficult to fake, and one of the most effective ways to detect lying is to check for consistency of these features with vehicle position information in the message. In this paper, we propose a message consistency checking scheme whereby a vehicle acting independently can utilise the strength and variability of received signals to estimate the distance from a transmitting vehicle without prior knowledge of the environment (building density, traffic conditions, etc.). The distance estimate can then be used to check the correctness of the reported position. We show through simulation that our RMCSS method can detect false information with an accuracy of about 90% for separation distances less than 100m. We believe this is sufficient for the method to be a valuable adjunct to use of digital signatures to establish trust.
Download

Paper Nr:	126
Title:	A New Method of Testing Machine Learning Models of Detection for Targeted DDoS Attacks
Authors:	Mateusz Kozlowski and Bogdan Ksiezopolski
Abstract:	Distributed Denial of Service (DDoS) is one of the most popular attacks on the Internet. One of the most popular classes of DDoS attacks is the flood-based, which sends huge amounts of packets to the victim host or infrastructure, causing an overload of the system. One of the attack mitigation systems is based on machine learning (ML) methods, which in many cases has a very high accuracy rate (0.95 – 0.99). Unfortunately, most ML models are not resistant against targeted DDoS attacks. In this article, we present the targeted attacks to the DDoS ML-based mitigation models, which have a high accuracy. After this, we propose a new method of testing ML-based models against targeted DDoS attacks.
Download

Paper Nr:	127
Title:	Comparing Support Vector Machine and Neural Network Classifiers of CVE Vulnerabilities
Authors:	Grzegorz J. Blinowski, Paweł Piotrowski and Michał Wiśniewski
Abstract:	The Common Vulnerabilities and Exposures (CVE) database is the largest publicly available source of structured data on software and hardware vulnerability. In this work, we analyze the CVE database in the context of IoT device and system vulnerabilities. We employ and compare support vector machine (SVM) and neural network (NN) algorithms on a selected subset of the CVE database to classify vulnerability records in this framework. Our scope of interest consists of records that describe vulnerabilities of potential IoT devices of different types, such as home appliances, SCADA (industry) devices, mobile controllers, networking equipment and others. The purpose of this work is to develop and test an automated system of recognition of IoT vulnerabilities to test two different methods of classification (SVM and NN) and to find an optimal timeframe for training (historical) data.
Download

Paper Nr:	129
Title:	Privacy Aura for Transparent Authentication on Multiple Smart Devices
Authors:	Takoua Guiga, Jean-Jacques Schwartzmann and Christophe Rosenberger
Abstract:	Nowadays, users carry multiple connected devices such as a smartphone, laptop, connected watch. . . . Security constraints limit user’s usability especially when using all of them intensively during the day (social media, work). In this paper, we propose the privacy Aura concept corresponding to the circle of trust in the neighborhood of each smart device to facilitate user authentication. Many data (phone calls habits, biometrics, localization) can be collected to realize a transparent and privacy compliant authentication on each device. The confidence on user authentication on each device can be transferred to another one if it is located in the same Aura. This is the main contribution of the paper. We show through illustrations the benefit of the proposed solution.
Download

Paper Nr:	130
Title:	Classifying Biometric Systems Users among the Doddington Zoo: Application to Keystroke Dynamics
Authors:	Denis Migdal, Ilaria Magotti and Christophe Rosenberger
Abstract:	Doddington zoo defines four categories of users when using a biometric system related to their difficulty to be recognized or attacked. In this paper, we propose an original work consisting in predicting for any biometric modality the associated animal in the Doddington menagerie related to a user given few captured biometric samples. Such a prediction could be useful for many applications, as for example, to adapt the behavior of biometric systems to each user. In this work, we apply this methodology to keystroke dynamics as it is an interesting behavioral biometric modality for user authentication. It consists in analyzing the way of typing of a user in order to recognize him/her. We use a significant keystroke dynamics dataset and we demonstrate through experimental results the benefit of the proposed approach.
Download

Paper Nr:	134
Title:	Fair Mutual Authentication
Authors:	Jacek Cichoń, Krzysztof Majcher and Mirosław Kutyłowski
Abstract:	We consider a fair authentication process where at each moment of the protocol execution each participant has almost the same certainty about the identity of the other participant. We combine this property with authentication with errors: each authentication bit may be replaced to the wrong value. Thereby, an observer attempting to derive the secret key(s) used for authentication in a cryptanalytic way has substantially harder job due to an unknown error pattern (learning secrets with errors). We show that the presented protocol satisfies subtle requirements of the GDPR Regulation of data minimization in case of failure.
Download

Paper Nr:	138
Title:	Towards CRYSTALS-Kyber VHDL Implementation
Authors:	Sara Ricci, Petr Jedlicka, Peter Cibik, Petr Dzurenda, Lukas Malina and Jan Hajny
Abstract:	Kyber is one of the three finalists of the National Institute of Standards and Technology (NIST) post-quantum cryptography competition. This article presents an optimized Very High Speed Integrated Circuit Hardware Description Language (VHDL)-based implementation of the main components of the Kyber scheme, namely Number-Theoretic Transform (NTT) and Keccak. We focus specifically on NTT, Keccak and their derivatives since they largely determine Kyber’s performance due to their wide involvement in each step of the scheme. Our high-speed implementation also takes into account the trade-off between the degree of parallelization and the resources utilization. The NTT component is more than 27% faster than the state-of-the-art implementations. Furthermore, the optimization helps the algorithm to achieve 1 572 839 NTT operations per second.
Download

Paper Nr:	140
Title:	Fast Cramer-Shoup Cryptosystem
Authors:	Pascal Lafourcade, Léo Robert and Demba Sow
Abstract:	Cramer-Shoup was the first practical adaptive CCA-secure public key encryption scheme. We propose a faster version of this encryption scheme, called Fast Cramer-Shoup. We show empirically and theoretically that our scheme is faster than three versions proposed by Cramer-Shoup in 1998. We observe an average gain of 60% for the decryption algorithm. We prove the IND-CCA2 security of our scheme. The proof only relies on intractability assumptions like DDH.
Download

Paper Nr:	142
Title:	RICAV: RIsk based Context-Aware Security Solution for the Intra-Electric Vehicle Network
Authors:	Yosra Fraiji, Lamia ben Azzouz, Wassim Trojet, Ghaleb Hoblos and Leila A. Saidane
Abstract:	Smart electric vehicles are equipped with many ECU (Electronic Control Unit) that provide high levels of safety and comfort to the drivers. However, the intra-vehicle networks are targeted by hackers as they are of great interest both in terms of processing power (botnets) and in terms of economic value (ransomware). Therefore, static security solutions were proposed, both by researchers and car manufacturers, to secure the Intra-Electric Vehicle Sensors network (IVSN). However, these solutions are energy-intensive and could deplete the battery along the travel, affecting the driver safety.For this purpose, we aim to propose an adaptive security solution, called RIsk-based Context-Aware security solution for the intra-Vehicle network (RICAV), that considers the electric vehicle context (energy, distance to the charging stations, traffic state, etc) and the risk assessment value to provide a trade-off between security and energy consumption. Simulation experiments were conducted to evaluate the proposed approach in terms of robustness and energy consumption.
Download

Paper Nr:	143
Title:	Verify It Yourself: A Note on Activation Functions’ Influence on Fast DeepFake Detection
Authors:	Piotr Kawa and Piotr Syga
Abstract:	DeepFakes are videos that include maliciously added in the postprocessing changes, quite often substituting face of a portrayed individual with a different face using neural networks. Even though the technology gained its popularity as a carrier of jokes and parodies, it raises a serious threat to ones security – via biometric impersonation or besmearing. In this paper we focus on a method that allows of detecting DeepFakes for a user without significant computational power. In particular, we enhance MesoNet (Afchar et al., 2018) by replacing the original activation functions. We achieve over 1% improvement as well as increasing the consistency of the results. Moreover, we introduced and verified a new activation function — Pish that at the cost of slight time overhead allows even higher accuracy on certain datasets.
Download

Paper Nr:	144
Title:	GRANEF: Utilization of a Graph Database for Network Forensics
Authors:	Milan Cermak and Denisa Sramkova
Abstract:	Understanding the information in captured network traffic, extracting the necessary data, and performing incident investigations are principal tasks of network forensics. The analysis of such data is typically performed by tools allowing manual browsing, filtering, and aggregation or tools based on statistical analyses and visualizations facilitating data comprehension. However, the human brain is used to perceiving the data in associations, which these tools can provide only in a limited form. We introduce a GRANEF toolkit that demonstrates a new approach to exploratory network data analysis based on associations stored in a graph database. In this article, we describe data transformation principles, utilization of a scalable graph database, and data analysis techniques. We then discuss and evaluate our proposed approach using a realistic dataset. Although we are at the beginning of our research, the current results show the great potential of association-based analysis.
Download

Paper Nr:	145
Title:	Anonymous Attribute-based Credentials in Collaborative Indoor Positioning Systems
Authors:	Raúl Casanova-Marqués, Pavel Pascacio, Jan Hajny and Joaquín Torres-Sospedra
Abstract:	Collaborative Indoor Positioning Systems (CIPSs) have recently received considerable attention, mainly because they address some existing limitations of traditional Indoor Positioning Systems (IPSs). In CIPSs, Bluetooth Low Energy (BLE) can be used to exchange positioning data and provide information (the Received Signal Strength Indicator (RSSI)) to establish the relative distance between the actors. The collaborative models exploit the position of actors and the relative position among them to allow positioning to external actors or improve the accuracy of the existing actors. However, the traditional protocols (e.g., iBeacon) are not yet ready for providing sufficient privacy protection. This paper deals with privacy-enhancing technologies and their application in CIPS. In particular, we focus on cryptographic schemes which allow the verification of users without their identification, so-called Anonymous Attribute-based Credential (ABC) schemes. As the main contribution, we present a cryptographic scheme that allows security and privacy-friendly sharing of location information sent through BLE advertising packets. In order to demonstrate the practicality of our scheme, we also present the results from our implementation and benchmarks on different devices.
Download

Paper Nr:	148
Title:	HIJaX: Human Intent JavaScript XSS Generator
Authors:	Yaw Frempong, Yates Snyder, Erfan Al-Hossami, Meera Sridhar and Samira Shaikh
Abstract:	Websites remain popular targets for web-based attacks such as Cross-Site Scripting (XSS). As a remedy, new research is needed to preemptively secure applications with the use of Automated Exploit Generation (AEG), whereby probing and patching of system vulnerabilities occurs autonomously. In this paper, we present HIJaX, a novel Natural Language-to-JavaScript generator prototype, that creates workable XSS exploit code from English sentences using neural machine translation. We train and test the HIJaX model with a variety of datasets containing benign and malicious intents along with differing numbers of baseline code entries to demonstrate how to best create datasets for XSS code generation. We also examine part-of-speech tagging algorithms and automated dataset expansion scripts to aid the dataset creation and code generation processes. Finally, we demonstrate the feasibility of deploying auto-generated XSS attacks against real-world websites.
Download

Paper Nr:	149
Title:	User Identification from Time Series of Fitness Data
Authors:	Thomas Marchioro, Andrei Kazlouski and Evangelos Markatos
Abstract:	We explore the threat posed by disclosure of personal fitness information collected by wearable devices. In particular, we study a scenario where an attacker has a list of aggregated records produced by a group of users, which are stored as time series of steps and calories. We introduce a machine learning-based approach to identify one target person in the aggregated data while being in possession of other records from that person. We estimate how accurately an attacker can find the target’s data when aggregated with other users by testing our approach on two public datasets. Our results show that personal fitness data possess identifying capabilities that should be accounted when they are shared or disclosed.
Download

Paper Nr:	150
Title:	Privacy Preserving Scalable Authentication Protocol with Partially Trusted Third Party for Distributed Internet-of-Things
Authors:	Hiral S. Trivedi and Sankita J. Patel
Abstract:	Internet-of-Things (IoT) has triggered substantial research in real-time applications of distributed networking infrastructure involving disparate entities with heterogeneous protocol configuration stacks. The disparate characteristics of diverse infrastructures elevate the need for improved authentication in distributed IoT. The distributed environment also amplifies the requirement of effective scalability to eliminate halting or restarting of a system whenever any fresh user joins an existing communication channel. Several security protocols using fully trusted third party (TTP) and multi-authority based approaches have been proposed to facilitate reliable distributed networks. These approaches while providing efficient key agreement, have issues such as key escrow and complete rights policy of fully TTP and compulsory user coordination of multi-authority based systems. We propose a novel privacy preserving dynamic new user addition protocol with partially TTP to address fully TTP issues, while achieving efficient scalability to avoid resource wastage in distributed IoT. Formal security analysis is exhibited using a real-or-random model and formal verification under a scyther security verification tool. Finally, we present a performance evaluation to elucidate the utility of our protocol.
Download

Paper Nr:	153
Title:	C2RBAC: An Extended Capability-Role-Based Access Control with Context Awareness for Dynamic Environments
Authors:	Mitsuhiro Mabuchi and Koji Hasebe
Abstract:	Various working styles, such as remote work, have become more common instead of working in one office. Moreover, to accelerate the development of new technologies, collaborations among multiple companies are increasing. Thus, most development projects are operating in dynamic environments, for example, dynamically changing teams, working from anywhere and at any time. To ensure security in such dynamic environments while maintaining efficiency, flexible and scalable access control is necessary. We previously proposed capability-role-based access control (CRBAC) that allows users to create capabilities for delegating authority across various domains without an administrator’s operation. However, in dynamic environments, a finer control is required based on where and when the authority is delegated or executed. In this paper, we propose an access control model called context-aware CRBAC (C2RBAC). This model is an extension of CRBAC obtained by introducing a mechanism of context-based restrictions on various operations regarding the delegation of authority by capabilities, such as time, place, and device. In this paper, we present a formal definition of C2RBAC and demonstrate its effectiveness using an example of collaborative development.
Download

Paper Nr:	155
Title:	Can Data Subject Perception of Privacy Risks Be Useful in a Data Protection Impact Assessment?
Authors:	Salimeh Dashti, Anderson Santana de Oliveria, Caelin Kaplan, Manuel Dalcastagnè and Silvio Ranise
Abstract:	The General Data Protection Regulation requires, where possible, to seek data subjects perception. Studies showed that people do not have a correct privacy risk perception. In this paper, we study how lay people perceive privacy risks once they are made aware and if experts can differentiate between security and privacy risks.
Download

Paper Nr:	157
Title:	Goal and Threat Modelling for Driving Automotive Cybersecurity Risk Analysis Conforming to ISO/SAE 21434
Authors:	Christophe Ponsard, Valery Ramon and Jean-Christophe Deprez
Abstract:	As cars are increasingly connected and autonomous, they also become more exposed to cyber security threats. Providing strong protection and reactive response to such threats in a large industry involving many tiers and complex safety critical systems is challenging and required the development of the new ISO 21434 standard. Along with ISO 2626 dedicated to safety, it provides solid grounds for safety-security co-engineering. This paper focuses on how to provide effective and efficient support to the risk assessment phase based on a model-based approach. A rich goal-oriented meta-model is proposed to capture automotive assets and system properties, to estimate the impact of damage scenarios, to identify threats and to assess their feasibility. The approach is implemented as proof-of-concept through the meta-model adaptation of a generic co-engineering platform and is illustrated on the car light control sub-system.
Download

Paper Nr:	163
Title:	Collateral-Free Trustworthiness-based Personal Lending on a Decentralized Application (DApp)
Authors:	Wisnu Uriawan, Omar Hasan, Youakim Badr and Lionel Brunie
Abstract:	Most loans given by banks are secured loans and require the borrower to provide collateral as a guarantee for returning the loan principal and interest. With a secured loan, the lender can take over an asset provided as col-lateral if the customer cannot make the loan payments. In this paper, we propose a peer-to-peer personal lending platform that minimizes the requirement of collateral. The trustworthiness of borrowers is considered as an indicator of whether the borrowers will pay the installments on time. Borrowers’ reliability is viewed as a function of their reputation and relationships. The lending platform is designed as a Blockchain Decentralized Application (DApp).
Download

Paper Nr:	167
Title:	Investing Data with Untrusted Parties using HE
Authors:	Mark Dockendorf, Ram Dantu, Kirill Morozov and Sanjukta Bhowmick
Abstract:	Data such as an individual’s income, favorite sports team, typical commute route, vehicle maintenance history, medical records, etc. are typically not useful for making large-scale decisions such as where to build a new hospital, identifying which roads are in need of upkeep, and the like. However, aggregates of of these data across hundreds of individuals are useful to governments and to companies. Data cooperatives/unions offer a place for individuals to store their data and a service of data aggregation and interpretation to governments, non-profit organizations, and businesses while maintaining individuals’ anonymity. We propose the use of anonymization techniques coupled with graph algorithms over homomorphically encrypted (HE) graphs as a basis of analysis for this accumulated data. We believe this approach ensures individuals’ privacy and anonymity while preserving the usefulness of the plaintext data.
Download

Paper Nr:	168
Title:	Machine Learning Classification of Obfuscation using Image Visualization
Authors:	Colby B. Parker, J. T. McDonald and Dimitrios Damopoulos
Abstract:	As the need for new techniques to analyze obfuscated software has grown, recent work has shown the ability to analyze programs via machine learning in order to perform automated metadata recovery. Often these techniques really on disassembly or other means of direct code analysis. We showcase an approach combining code visualization and image analysis via convolutional neural networks capable of statically classifying obfuscation transformations. By first turning samples into gray scale images, we are able to analyze the structure and side effects of transformations used in the software with no heavy code analysis or feature preparation. With experimental results samples produced with the Tigress and OLLVM obfuscators, our models are capable of labeling transformations with F1-scores between 90% and 100% across all tests. We showcase our approach via models designed as both a binary classification problem as well as a multi label and multi output problem. We retain high performance even in the presence of multiple transformations in a file.
Download