SECRYPT 2013 Abstracts


Full Papers
Paper Nr: 8
Title:

InCC: Hiding Information by Mimicking Traffic In Network Flows

Authors:

Luis Campo Giralte, Cristina Conde, Isaac Martin De Diego and Enrique Cabello

Abstract: This article proposes and implements a light-weight covert channel called InCC, which is designed to produce a undetectable communication channel between systems. This channel, fully transparent to any network analysis, is able to send messages on the same production network without compromising its existence. By using techniques like encryption, address spoofing, signatures and traffic analysis, the channel is able to hide the flows on the network without compromising the source and destination.
Download

Paper Nr: 13
Title:

Efficient Simultaneous Privately and Publicly Verifiable Robust Provable Data Possession from Elliptic Curves

Authors:

Christian Hanser and Daniel Slamanig

Abstract: When outsourcing large sets of data to the cloud, it is desirable for clients to efficiently check, whether all outsourced data is still retrievable at any later point in time without requiring to download all of it. Provable data possession (PDP)/proofs of retrievability (PoR), for which various constructions exist, are concepts to solve this issue. Interestingly, by now, no PDP/PoR scheme leading to an efficient construction supporting both private and public verifiability simultaneously is known. In particular, this means that up to now all PDP/PoR schemes either allow public or private verifiability exclusively, since different setup procedures and metadata sets are required. However, supporting both variants simultaneously seems interesting, as publicly verifiable schemes are far less efficient than privately verifiable ones. In this paper, we propose the first simultaneous privately and publicly verifiable (robust) PDP protocol, which allows the data owner to use the more efficient private verification and anyone else to run the public verification algorithm. Our construction, which is based on elliptic curves, achieves this, as it uses the same setup procedure and the same metadata set for private and public verifiability. We provide a rigorous security analysis and prove our construction secure in the random oracle model under the assumption that the elliptic curve discrete logarithm problem is intractable. We give detailed comparisons with the most efficient existing approaches for either private or public verifiability with our proposed scheme in terms of storage and communication overhead, as well as computational effort for the client and the server. Our analysis shows that for choices of parameters, which are relevant for practical applications, our construction outperforms all existing privately and publicly verifiable schemes significantly. This means, that even when our construction is used for either private or public verifiability alone, it still outperforms the most efficient constructions known, which is particularly appealing in the public verifiability setting.
Download

Paper Nr: 16
Title:

Improving Block Cipher Design by Rearranging Internal Operations

Authors:

Liran Lerman, Jorge Nakahara Jr and Nikita Veshchikov

Abstract: This paper discusses the impact of a simple strategy in block cipher design: rearranging the internal cipher components. We report on a test case in which we observed a significant upgrade on a cipher's security. We applied this approach in practice and report on an updated design of the IDEA block cipher, in which we swapped all exclusive-or operations for multiplications. The consequences of these modifications are far reaching: there are no more weak multiplicative subkeys (because multiplications are not keyed anymore) and overall diffusion improves sharply in the encryption framework. The unkeyed multiplication is novel in itself since it did not exist in IDEA as a primitive operation and it alone guarantees stronger diffusion than the exclusive-or operation. Moreover, our analysis so far indicate that the new cipher resists better than IDEA and AES against old and new attacks such as the recent biclique technique and the combined Biryukov-Demirci meet-in-the-middle attack. Experiments on an 8-bit microcontroller indicate the new design has about the same performance as IDEA. A theoretical analysis also suggests the new design is more resistant to power analysis than IDEA.
Download

Paper Nr: 23
Title:

A Security-enhanced Design Methodology for Embedded Systems

Authors:

Alberto Ferrante, Jelena Milosevic and Marija Janjušević

Abstract: Designing an embedded system is a complex process that involves working both on hardware and on software. Designers often optimize the systems that they design for specific applications; an optimal system is the one that can execute the desired set of applications with the required performances at the lowest possible cost. Cost may be expressed in different ways such as, for example, energy consumption and/or silicon area. Security is being, in the common practice, disregarded during this phase and inserted in later stages of the design process, thus obtaining non optimal and/or non safe systems. In this paper we propose a design methodology for embedded systems that integrate the choice of suitable design solutions into the early stages of the design process. The main purpose of this methodology is to provide a way to evaluate security as an additional optimization parameter. Along with a description of the methodology, in this paper we also show a case study that explains how the methodology can be applied and that proves its effectiveness.
Download

Paper Nr: 32
Title:

A Key-revocable Attribute-based Encryption for Mobile Cloud Environments

Authors:

Tsukasa Ishiguro, Shinsaku Kiyomoto and Yutaka Miyake

Abstract: In this paper, we propose a new Attribute-Based Encryption (ABE) scheme applicable to mobile cloud environments. A key issue in mobile cloud environments is how to reduce the computational cost on mobile devices and delegate the remaining computation to cloud environments. We also consider two additional issues: an efficient key revocation mechanism for ABE based on a concept of token-controlled public key encryption, and attribute hiding encryption from a cloud server. To reduce the computational cost on the client side, we propose an efficient ABE scheme jointly with secure computing on the server side. We analyze the security of our ABE scheme and evaluate the transaction time of primitive functions implemented on an Android mobile device and a PC. The transaction time of our encryption algorithm is within 150 msec for 89-bit security and about 600 msec for 128-bit security on the mobile device. Similarly, the transaction time of the decryption algorithm is within 50 msec for 89-bit security and 200 msec for 128-bit security.
Download

Paper Nr: 42
Title:

Trust-based Secure Cloud Data Storage with Cryptographic Role-based Access Control

Authors:

Lan Zhou, Vijay Varadharajan and Michael Hitchens

Abstract: Role-based access control (RBAC) model is a widely used access control model which can simplify security management in large-scale systems. Recently, several cryptographic RBAC schemes have been proposed to integrate cryptographic techniques with RBAC models to secure data storage in an outsourced environment such as a cloud. These schemes allow data to be encrypted in such a way that only the users who are members of an appropriate role can decrypt and view the data. However, the issue of trust in such a data storage system is not addressed in these schemes. In this paper, we propose trust models to improve the security of such a system which uses cryptographic RBAC schemes. The trust models provide an approach for the users and roles to determine the trustworthiness of individual roles and owners in the RBAC system. The users can use the trust models to decide whether to join a particular role for accessing data in the system. The roles can use the trust models in their decision to ensure that only data from data owners with good behaviours are accepted by the roles. The proposed trust models take into account role inheritance and hierarchy in the evaluation of trustworthiness of the roles. In addition, we present a design of a trust-based cloud storage system which shows how the trust models can be integrated into a system that uses cryptographic RBAC schemes.
Download

Paper Nr: 49
Title:

A Dynamic Watermarking Model for Embedding Reducible Permutation Graphs into Software

Authors:

Ioannis Chionis, Maria Chroni and Stavros D. Nikolopoulos

Abstract: Software watermarking involves embedding a unique identifier or, equivalently, a watermark value, within a software to discourage software theft; towards the embedding process, several graph theoretic watermarking algorithmic techniques encode the watermark values as graph structures and embed them in application programs. Recently, we presented an efficient codec system for encoding a watermark number w as a reducible permutation graph F[p^*] through the use of self-inverting permutations p^*. In this paper, we propose a dynamic watermarking model for embedding the watermark graph F[p^*] into an application program P. The main idea behind the proposed watermarking model is a systematic use of appropriate calls of specific functions of the program P. More precisely, our model uses the dynamic call-graph G(P, I_key) of the program P, taken by the specific input I_key, and the graph F[p^*], and produces the watermarked program P^* having the following key property: its dynamic call-graph G(P^*, I_key) and the reducible permutation graph F[p^*] are isomorphic graphs. Within this idea the program P^* is produced by only altering appropriate real-calls of specific functions of the input program P. Moreover, the proposed watermarking model incorporates such properties which cause it resilient to attacks.

Paper Nr: 58
Title:

HoneydV6: A Low-interaction IPv6 Honeypot

Authors:

Sven Schindler, Bettina Schnor, Simon Kiertscher, Thomas Scheffler and Eldad Zack

Abstract: This paper starts with the presentation of results from an IPv6-darknet experiment that we conducted during summer 2012. The experiment indicates that attackers are gaining interest in IPv6 networks and appropriate security tools need to be readied. Therefore, we propose HoneydV6, a low-interaction IPv6 honeypot that can simulate entire IPv6 networks and which may be utilized to detect and analyze IPv6 network attacks. Our implementation extends the well-known low-interaction honeypot Honeyd. To the best of our knowledge, this is the first low-interaction honeypot which is able to simulate entire IPv6 networks on a single host. The huge IPv6 address spaces requires new approaches and concepts in order to enable attackers to find and exploit a honeypot. We increase the chance for an attacker to find a target host in our IPv6 honeypot by reacting to the attacker's requests with the dynamic generation of new IPv6 host instances in the honeynet.
Download

Paper Nr: 60
Title:

Which Side Are You On? - A New Panopticon vs. Privacy

Authors:

Miltiadis Kandias, Lilian Mitrou, Vasilis Stavrou and Dimitris Gritzalis

Abstract: Social media and Web 2.0 have enabled internet users to contribute online content, which may be crawled and utilized for a variety of reasons, from personalized advertising to behaviour prediction/profiling. One negative case scenario is the political affiliation profiling. Our hypothesis is that this scenario is nowadays realistic, applicable to social media, and violates civil rights, privacy and freedom. To demonstrate this, we developed a horror story, i.e., a Panopticon method, in order to reveal this threat and contribute in raising the social awareness over it. The Panopticon relies on data/opinion mining techniques; hence it classifies comments, videos and playlists, collected from the popular social medium YouTube. Afterwards, it aggregates these classifications in order to decide over the users’ political affiliation. The experimental test case of the Panopticon is an extensive Greek community of YouTube users. In order to demonstrate our case, we performed an extensive graph theoretical and content analysis of the collected dataset and show how and what kind of personal data (e.g. political attitude) can be derived via data mining on publicly available YouTube data. Then, we provide the reader with an analysis of the legal means that are available today, to a citizen or a society as a whole, so as to effectively be prevented from such a threat.
Download

Paper Nr: 61
Title:

Meet-in-the-Middle Preimage Attacks Revisited - New Results on MD5 and HAVAL

Authors:

Yu Sasaki, Wataru Komatsubara, Yasuhide Sakai, Lei Wang, Mitsugu Iwamoto, Kazuo Sakiyama and Kazuo Ohta

Abstract: In this paper, we revisit previous meet-in-the-middle preimage attacks on hash functions. We firstly present a technical improvement for the existing local-collision and initial-structure techniques. With applying some equivalent transformation, we can significantly reduce the memory requirement from the original proposals. We then revisit the previous preimage attacks on MD5 and HAVAL with recent techniques. Consequently, we can improve the memory complexity of the previous preimage attack on full MD5 from 2^45 to 2^13 and on full 4-pass HAVAL from 2^64 to 2^32. Moreover, we extend the preimage attack on 5-pass HAVAL from 151 steps to 158 steps, and present the first preimage attack with a single block message for 3-pass HAVAL.
Download

Paper Nr: 66
Title:

Modelling SCADA and Corporate Network of a Medium Voltage Power Grid under Cyber Attacks

Authors:

E. Ciancamerla, M. Minichino and S. Palmieri

Abstract: There is an increasing concern over the cyber security of Critical Infrastructures (CI) due to the increasing ability of cyber attackers to cause even catastrophic failures. It is mainly due to the pervasiveness of ICT (Information and Communication Technologies) and to the consequent de isolation of SCADA (Supervision, Control and Data Acquisition) system, which represents the nervous system of most CIs. Cyber attacks could block the connection between SCADA Control Centre and its remote devices or insert fake commands/measurements in the equipment communications. With reference to an actual case study, constituted by a SCADA system controlling a portion of a medium voltage power grid and a corporate network, we discuss how cyber threats, vulnerabilities and attacks might degrade the functionalities of SCADA and corporate network, which, in turn, might lead to outages of the electrical grid. We represent SCADA and corporate network under malware propagation, Denial of Service and Man In The Middle attacks and predict their consequent performance degradation. Particularly, we use NetLogo to identify possible malware propagation in relation to SCADA & corporate security policies adopted from the utility and NS2 simulator to compute the consequences of the attacks on SCADA and in turn on power grid.
Download

Paper Nr: 67
Title:

Towards Cryptographic Function Distinguishers with Evolutionary Circuits

Authors:

Petr Svenda, Martin Ukrop and Vashek Matyas

Abstract: Cryptanalysis of a cryptographic function usually requires advanced cryptanalytical skills and extensive amount of human labour. However, some automation is possible, e.g., by using randomness testing suites like STS NIST (Rukhin, 2010) or Dieharder (Brown, 2004). These can be applied to test statistical properties of cryptographic function outputs. Yet such testing suites are limited only to predefined patterns testing particular statistical defects. We propose more open approach based on a combination of software circuits and evolutionary algorithms to search for unwanted statistical properties like next bit predictability, random data non-distinguishability or strict avalanche criterion. Software circuit that acts as a testing function is automatically evolved by a stochastic optimization algorithm and uses information leaked during cryptographic function evaluation. We tested this general approach on problem of finding a distinguisher (Englund et al., 2007) of outputs produced by several candidate algorithms for eStream competition from truly random sequences. We obtained similar results (with some exceptions) as those produced by STS NIST and Dieharder tests w.r.t. the number of rounds of the inspected algorithm. This paper focuses on providing solid assessment of the proposed approach w.r.t. STS NIST and Dieharder when applied over multiple different algorithms rather than obtaining best possible result for a particular one. Additionally, proposed approach is able to provide random distinguisher even when presented with very short sequence like 16 bytes only.
Download

Paper Nr: 76
Title:

Extending the Ciphertext-Policy Attribute Based Encryption Scheme for Supporting Flexible Access Control

Authors:

Bo Lang, Runhua Xu and Yawei Duan

Abstract: Ciphertext-Policy Attribute Based Encryption (CP-ABE) is recognized as an important data protection mechanism in cloud computing environment for its flexible, scalable and fine-grained access control features. For enhancing its security, efficiency and policy flexibility, researchers have proposed different schemes of CP-ABE which have different kinds of access policy structures. However, as far as we know, most of these structures only support AND, OR and threshold attribute operations. In order to achieve more effective data self-protection mechanisms in open environments such as Cloud computing, CP-ABE needs to support more flexible attribute based policies, most of which are described using operators of NOT, <, \leq, >, \geq. This paper proposed an Extended CP-ABE(ECP-ABE) scheme based on the existing CP-ABE scheme. The ECP-ABE scheme can express any access policy represented by arithmetic comparison and logical expressions that involve NOT, <, \leq, >, \geq operators in addition to AND, OR and threshold operators. We prove the Chosen-plaintext Attack (CPA) security of our scheme under the Decisional Bilinear Diffie-Hellman (DBDH) assumption in the standard model, and also discuss the experimental results of the efficiency of ECP-ABE.
Download

Paper Nr: 77
Title:

Secure Second Price Auctions with a Rational Auctioneer

Authors:

Boaz Catane and Amir Herzberg

Abstract: We present novel security requirements for second price auctions and a simple, efficient and practical protocol that provably maintains these requirements. Novel requirements are needed because commonly used requirements, such as the indistinguishability-based secrecy requirement of encryption schemes presented by (Goldwasser and Micali, 1982), do not fit properly in the second price auctions context. Additionally, the presented protocol uses a trustworthy supervisor that checks if the auctioneer deviated from the protocol and fines him accordingly. By making sure the expected utility of the auctioneer when deviating from the protocol is lower than his expected utility when abiding by the protocol we ascertain that a rational auctioneer will abide by the protocol. This allows the supervisor to optimize by performing (computationally-intensive) inspections of the auctioneer with only low probability.
Download

Paper Nr: 78
Title:

iOS Encryption Systems - Deploying iOS Devices in Security-critical Environments

Authors:

Peter Teufl, Thomas Zefferer, Christof Stromberger and Christoph Hechenblaikner

Abstract: The high usability of smartphones and tablets is embraced by consumers as well as the private and public sector. However, especially in the non-consumer area the factor security plays a decisive role for the platform selection process. All of the current companies within the mobile device sector added a wide range of security features to the initially consumer-oriented devices (Apple, Google, Microsoft), or have dealt with security as a core feature from the beginning (RIM, now Blackerry). One of the key security features for protecting data on the device or in device backups are the encryption systems, which are deployed in most current devices. However, even under the assumption that the systems are implemented correctly, there is a wide range of parameters, specific use cases, and weaknesses that need to be considered by the security officer. As the first part in a series of papers, this work analyzes the deployment of the iOS platform and its encryption systems within a security-critical context from a security officer’s perspective. Thereby, the different sub-systems, the influence of the developer, the applied configuration, and the susceptibility to various attacks are analyzed in detail. Based on these results we present a workflow that supports the security officer in analyzing the security of an iOS device and the installed applications within a security-critical context. This workflow is supported by various tools that were either developed by ourselves or are available from other sources.
Download

Paper Nr: 81
Title:

Security Evaluation and Optimization of the Delay-based Dual-rail Pre-charge Logic in Presence of Early Evaluation of Data

Authors:

Simone Bongiovanni, Giuseppe Scotti and Alessandro Trifiletti

Abstract: Delay-based Dual-rail Pre-charge Logic (DDPL) has been introduced for counteracting power analysis attacks. Basically DDPL allows to achieve a constant power consumption for each data transition even in presence of capacitive load mismatches, thanks to an asynchronous two-phases evaluation. Unlikely other secure logic styles, in DDPL the clock frequency does not fix the security level since it depends on the value of the delay Δ between the complementary signals, which can be designed to be lower than 1ns using current CMOS technologies. However no works exist in which the DPA-resistance of DDPL is tested in presence of early evaluation, due to the different arrival times of the signals. The aim of this work is to provide and validate through transistor level simulations a theoretical model of the variations of the delay Δ during the evaluation phase for each possible data configuration in order to assess the effect of the early evaluation in DDPL, and to design early evaluation free DDPL gates. Moreover a case study crypto-core implemented both with basic and optimized DDPL gates has been designed in which a Correlation Frequency Power Analysis (CFPA) attack is mounted so to detect any leakage on simulated current traces.
Download

Paper Nr: 88
Title:

Behavior-based Malware Analysis using Profile Hidden Markov Models

Authors:

Saradha Ravi, N. Balakrishnan and Bharath Venkatesh

Abstract: In the area of malware analysis, static binary analysis techniques are becoming increasingly difficult with the code obfuscation methods and code packing employed when writing the malware. The behavior-based analysis techniques are being used in large malware analysis systems because of this reason. In these dynamic analysis systems, the malware samples are executed and monitored in a controlled environment using tools such as CWSandbox(Willems et al., 2007). In previous works, a number of clustering and classification techniques from machine learning and data mining have been used to classify the malwares into families and to identify even new malware families, from the behavior reports. In our work, we propose to use the Profile Hidden Markov Model to classify the malware files into families or groups based on their behavior on the host system. PHMM has been used extensively in the area of bioinformatics to search for similar protein and DNA sequences in a large database. We see that using this particular model will help us overcome the hurdle posed by polymorphism that is common in malware today. We show that the classification accuracy is high and comparable with the state-of-art-methods, even when using very few training samples for building models. The experiments were on a dataset with 24 families initially, and later using a larger dataset with close to 400 different families of malware. A fast clustering method to group malware with similar behaviour following the scoring on the PHMMprofile database was used for the large dataset. We have presented the challenges in the evaluation methods and metrics of clustering on large number of malware files and show the effectiveness of using profile hidden model models for known malware families.
Download

Paper Nr: 102
Title:

An Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities

Authors:

Massimiliano Albanese, Sushil Jajodia, Anoop Singhal and Lingyu Wang

Abstract: Computer systems are vulnerable to both known and zero-day attacks. Although known attack patterns can be easily modeled, thus enabling the development of suitable hardening strategies, handling zero-day vulnerabilities is inherently difficult due to their unpredictable nature. Previous research has attempted to assess the risk associated with unknown attack patterns, and a suitable metric to quantify such risk, the k-zero-day safety metric, has been defined. However, existing algorithms for computing this metric are not scalable, and assume that complete zero-day attack graphs have been generated, which may be unfeasible in practice for large networks. In this paper, we propose a set of polynomial algorithms for estimating the k-zero-day safety of possibly large networks efficiently, without pre-computing the entire attack graph. We validate our approach through experiments, and show that the proposed algorithms are computationally efficient and accurate.
Download

Paper Nr: 107
Title:

Secure Alert Tracking in Supply Chain

Authors:

Mehdi Khalfaoui, Refik Molva and Laurent Gomez

Abstract: Risk management practices, techniques and tools with respect to companies’ supply chains have begun to receive more attention recently, as the need to improve supply chain performances has increased in order to keep the balance between financial considerations and those of the customer interests. With the multiplication of intermediate actors, a single threat at one point might compromise the safety of the all actors involved in the supply chain process. Therefore, there is a clear need for product tracking in order to trace anomalies for mitigation of potential threats in the future. Traditional approaches rely on operator-assisted verification procedures that mainly suffer from the lack of global coverage. In this paper, we propose an automated process to securely trace the supply chain actors that interact with the product, as well as the operations that were performed, and the alerts that got raised. The core component of this process is wireless sensor nodes attached to the product. Empowered with sensing capabilities, wireless sensor nodes are meant to raise alert in case of detection of an anomaly. Our solution allows for tracing the path taken by a product and the recording of the alerts that got raised, while preserving the actors’ privacy. The solution combines a polynomial path encoding technique, together with additive homomorphic encryption to ensure the correctness of the path taken by a product, and to preserve the privacy of the actors, respectively.
Download

Paper Nr: 112
Title:

Differential Power Analysis of HMAC SHA-2 in the Hamming Weight Model

Authors:

Sonia Belaïd, Luk Bettale, Emmanuelle Dottax, Laurie Genelle and Franck Rondepierre

Abstract: As any algorithm manipulating secret data, HMAC is potentially vulnerable to side channel attacks. In 2007, McEvoy et al. proposed a differential power analysis attack against HMAC instantiated with hash functions from the SHA-2 family. Their attack works in the Hamming distance leakage model and makes strong assumptions on the target implementation. In this paper, we present an attack on HMAC SHA-2 in the Hamming weight leakage model, which advantageously can be used when no information is available on the targeted implementation. Furthermore, our attack can be adapted to the Hamming distance model with weaker assumptions on the implementation. We show the feasibility of our attack on simulations, and we study its overall cost and success rate. We also provide an evaluation of the performance overhead induced by the countermeasures necessary to avoid the attack.
Download

Paper Nr: 117
Title:

Secure Computation of Hidden Markov Models

Authors:

Mehrdad Aliasgari and Marina Blanton

Abstract: Hidden Markov Model (HMM) is a popular statistical tool with a large number of applications in pattern recognition. In some of such applications, including speaker recognition in particular, the computation involves personal data that can identify individuals and must be protected. For that reason, we develop privacy preserving techniques for HMM and Gaussian mixture model (GMM) computation suitable for use in speaker recognition and other applications. Unlike prior work, our solution uses floating point arithmetic, which allows us to simultaneously achieve high accuracy, provable security guarantees, and reasonable performance. We develop techniques for both two-party HMM and GMM computation based on threshold homomorphic encryption and multi-party computation based on threshold linear secret sharing, which are suitable for secure collaborative computation as well as secure outsourcing.
Download

Paper Nr: 131
Title:

Adaptive Resource Management for Balancing Availability and Performance in Cloud Computing

Authors:

Ravi Jhawar and Vincenzo Piuri

Abstract: Security, availability and performance are critical to meet service level agreements in most Cloud computing services. In this paper, we build on the virtual machine technology that allows software components to be cheaply moved, replicated, and allocated on the hardware infrastructure to devise a solution that ensures users availability and performance requirements in Cloud environments. To deal with failures and vulnerabilities also due to cyber-attacks, we formulate the availability and performance attributes in the users perspective and show that the two attributes may often be competing for a given application. We then present a heuristicsbased approach that restores application’s requirements in the failure and recovery events. Our algorithm uses Markov chains and queuing networks to estimate the availability and performance of different deployment contexts, and generates a set of actions to re-deploy a given application. By simulation, we show that our proposed approach improves the availability and lowers the degradation of system’s response time compared to traditional static schemes.
Download

Short Papers
Paper Nr: 19
Title:

Privacy-preserving SVANETs - Privacy-preserving Simple Vehicular Ad-hoc Networks

Authors:

Jan Hajny, Lukas Malina, Zdenek Martinasek and Vaclav Zeman

Abstract: The paper deals with the cryptographic design and experimental implementation of a scheme for (but not limited to) vehicular ad-hoc networks (VANETs). In contrast to existing solutions, our scheme does not need any complex infrastructure (like costly road-side units or special on-board devices) and is based just on users' smart-phones and Internet connection. We call this simplified concept SVANETs (Simple Vehicular Ad-Hoc Networks). In addition, our cryptographic scheme supports drivers' privacy by employing advanced cryptographic constructions like ?-protocols and proof of knowledge protocols. Our scheme is computationally efficient and practically implementable on current hardware. To prove the efficiency and practical implementability, we provide the first implementation results, which were obtained from our experimental implementation on the Android platform.
Download

Paper Nr: 29
Title:

Topological Study and Lyapunov Exponent of a Secure Steganographic Scheme

Authors:

Jacques M. Bahi, Nicolas Friot and Christophe Guyeux

Abstract: CIS_2 is a steganographic scheme proposed formerly, belonging into the small category of algorithms being both stego and topologically secure. Due to its stego-security, this scheme is able to face attacks that take place into the “watermark only attack” framework. Its topological security reinforce its capability to face threats in other frameworks as “known message attack” or “known original attack”, in the Simmons' prisoner problem. In this research work, the study of topological properties of CIS_2 is enlarged by describing this scheme as iterations over the real line, and investigating other security properties of topological nature as the Lyapunov exponent, that have been reported as important in the field of information hiding security. Results show that this scheme is able to withdraw a malicious attacker in the “estimated original attack” context too.
Download

Paper Nr: 30
Title:

LMM - A Common Component for Software License Management on Cloud

Authors:

Shinsaku Kiyomoto, Andre Rein, Yuto Nakano, Carsten Rudolph and Yutaka Miyake

Abstract: On a cloud environment, the platform that runs a program is not fixed, and there is a possibility that a program runs on several servers in a cloud environment. Transferability of the license information by a valid user should be allowed, even though general requirements for license management have to be satisfied. In this paper, we consider software license management models for cloud environments, and discuss security functions for building secure license management schemes. We show four license management models and analyze the security requirements for the models. Then, we design a common component referred to as the license management module (LMM), and explain the security functions required for the LMM. Furthermore, we discuss how to realize the security functions and evaluate their performance using a prototype implementation.
Download

Paper Nr: 31
Title:

Dynamic Proofs of Retrievability from Chameleon-Hashes

Authors:

Stefan Rass

Abstract: Proofs of retrievability (POR) are interactive protocols that allow a verifier to check the consistent existence and availability of data residing at a potentially untrusted storage provider, e.g., a cloud. While most POR protocols strictly refer to static files, i.e., content that is read-only, dynamic PORs shall achieve the same security guarantees (existence, consistency and the possibility to retrieve the data) for content that is subject to an unlimited number of (legitimate) modifications. This work discusses how to construct such a dynamic proof of retrievability from chameleon hashes (trapdoor commitments). Like standard POR constructions, the presented scheme is sentinel-based and does audit queries via spot checking mechanism. Unlike previous schemes, however, a-posteriori insertions of new sentinels throughout the lifetime of the file is supported. This novel feature is apparently absent in any other POR scheme in the literature. Moreover, the system is designed for compatibility with XML structured data files.
Download

Paper Nr: 33
Title:

On the Security of the XOR Sandwiching Paradigm for Multiple Keyed Block Ciphers

Authors:

Ruth Ng Ii-Yung, Khoongming Khoo and Raphael C.-W. Phan

Abstract: While block cipher design is relatively mature, advances in computational power mean that the keylength of block ciphers, upon which the security relies entirely, becomes less resistant to cryptanalysis over time. Therefore, the security for a block cipher with a particular keylength typically is seen to last for at most some decades. One common approach to strengthen a block cipher’s security is based on increasing its keylength. In the literature, two strategies have emerged: multiple keyed multiple encryption and multiple keyed XOR sandwiching. Known attacks on these such as Meet-in-the-Middle(Merkle and Hellman, 1981; van Oorschot and Wiener, 1991; Lucks, 1998) and Related-Key (J. Kelsey and Wagner, 1996; Choi et al., 1996; Vaudenay, 2011; Phan, 2004) attacks, show that Triple Encryption is significantly weaker than a brute-force attack would suggest, especially for block ciphers with small keys, such as the Data Encryption Standard (DES). This paper provides a comprehensive analysis on the security of the XOR sandwiching paradigm against known attacks for the case of multiple keyed triple encryption, without loss of generality, using DES as the underlying block cipher. In particular, we focus on DES-XEXEXEX variants, based on 2-Key and 3-Key Triple-DES, which involve performing the XOR for key-whitening before and after each encryption with an additional 64-bit key. One of the conclusions to be drawn from this work is the increased strength obtained from the XOR sandwiching paradigm while requiring little in terms of additional computational resources.
Download

Paper Nr: 38
Title:

Redactable Signature Scheme for Tree-structured Data based on Merkle Tree

Authors:

Shoichi Hirose and Hidenori Kuwakado

Abstract: In 2008, Kundu and Bertino proposed a structural signature scheme for tree-structured data. A signature generated by the scheme is redactable: for given tree-structured data and its signature, it is possible to compute signatures of subtrees of the given tree without the secret signing key. Brzuska et al. formalized security requirements of such kind of redactable signature schemes. They also proposed a provably secure redactable signature scheme for tree-structured data using an ordinary signature scheme. This paper presents a new redactable signature scheme for tree-structured data using an ordinary signature scheme and a Merkle tree constructed by a keyed hash function such as HMAC. The proposed scheme assumes that the out-degree of each node in a tree is at most constant. It is also shown that the proposed scheme is provably secure under standard security assumptions of the underlying primitives. The proposed scheme first generates a digest of given tree-structured data based on the Merkle tree using the keyed hash function, and computes a single signature for the digest using the ordinary signature scheme. On the other hand, the total number of signatures required by previous provably secure schemes is at least as large as that of the nodes of the tree.
Download

Paper Nr: 40
Title:

SVD-based Digital Image Watermarking on approximated Orthogonal Matrix

Authors:

Yevhen Zolotavkin and Martti Juhola

Abstract: A new watermarking method based on Singular Value Decomposition is proposed in this paper. The method uses new embedding rules to store a watermark in orthogonal matrix U that is preprocessed in advance in order to fit a proposed model of orthogonal matrix. Some experiments involving common distortions for grayscale images were done in order to confirm efficiency of the proposed method. The robustness of watermark embedded by our method was higher for all the proposed rules under condition of jpeg compression and in some cases outperformed existing method for more than 46%.
Download

Paper Nr: 46
Title:

Massive Group Message Authentication with Revocable Anonymity

Authors:

Boaz Catane and Amir Herzberg

Abstract: We present and implement schemes for authenticating messages from a group of users to a recipient, with revocable anonymity and massive (very high) message rate. Our implementations present a trade-off between the efficiency and the security required: from online group managers that participate in every message sent to offline managers, from assuming a trusted group manager and a trusted recipient to securing against both entities. All implementations have the traceablity feature, allowing distributive and efficient tracing of all messages originating from a specific group member without violating anonymity of other members. In addition, our schemes are efficient and practical.
Download

Paper Nr: 47
Title:

Partially Wildcarded Attribute-based Encryption and Its Efficient Construction

Authors:

Go Ohtake, Yuki Hironaka, Kenjiro Kai, Yosuke Endo, Goichiro Hanaoka, Hajime Watanabe, Shota Yamada, Kouhei Kasamatsu, Takashi Yamakawa and Hideki Imai

Abstract: Many kinds of ciphertext-policy attribute-based encryption (CP-ABE) schemes have been proposed. In CPABE, the set of user attributes is associated with his/her secret key whereas a policy is associated with a ciphertext so that only users whose attributes satisfy the policy can decrypt the ciphertext. CP-ABE may be applied to a variety of services such as access control for file sharing systems and content distribution services. However, CP-ABE costs more for encryption and decryption in comparison with conventional public key encryption schemes since it can handle more flexible policies. In particular, wildcards, which mean that certain attributes are not relevant to the ciphertext policy, are not essential for a certain service. In this paper, we construct a partially wildcarded CP-ABE scheme with a lower decryption cost. In our scheme, the user’s attributes are separated into those requiring wildcards and those not requiring wildcards. Our scheme hence embodies a CP-ABE scheme with a wildcard functionality and an efficient CP-ABE scheme without wildcard functionality. We compare our scheme with the conventional CP-ABE schemes and describe a content distribution service as an application of our scheme.
Download

Paper Nr: 51
Title:

Policy-based Security Assessment of Mobile End-user Devices - An Alternative to Mobile Device Management Solutions for Android Smartphones

Authors:

Thomas Zefferer and Peter Teufl

Abstract: For security-critical applications, the integrity and security of end-user devices is of particular importance. This especially applies to mobile applications that use smartphones to process security-critical data. Unfortunately, users often compromise the security of smartphones by disabling security features for convenience reasons or by unintentionally installing malware from untrusted application sources. Mobile device management (MDM) solutions overcome this problem by providing means to centrally manage and configure smartphones. However, MDM is mainly suitable for corporate environments but often cannot be applied in non-corporate fields of application such as m-banking or m-government. To address this problem, we propose an alternative approach to assure the security and integrity of smartphones. Our approach relies on a device assessor that evaluates the current state of a smartphone according to a security policy. Integration of this device assessor allows smartphone applications to condition the processing of security-critical data on the smartphone’s compliance with a defined security policy. We have shown the practicability of the proposed approach by means of a concrete implementation for the Android platform. We have evaluated this implementation on different Android devices. Obtained results show that our approach constitutes an appropriate alternative for scenarios, in which MDM cannot be applied.
Download

Paper Nr: 59
Title:

Intent Security Testing - An Approach to Testing the Intent-based Vulnerability of Android Components

Authors:

Sébastien Salva, Stassia R. Zafimiharisoa and Patrice Laurençot

Abstract: The intent mechanism is a powerful feature of the Android platform that helps compose existing components together to build a Mobile application. However, hackers can leverage the intent messaging to extract personal data or to call components without credentials by sending malicious intents to components. This paper tackles this issue by proposing a security testing method which aims at detecting whether the components of an Android application are vulnerable to malicious intents. Our method takes Android projects and intent-based vulnerabilities formally represented with models called vulnerability patterns. The originality of our approach resides in the generation of partial specifications from configuration files and component codes to generate test cases. A tool, called APSET, is presented and evaluated with experimentations on some Android applications.
Download

Paper Nr: 68
Title:

Preimage Attack on BioHashing

Authors:

Patrick Lacharme, Estelle Cherrier and Christophe Rosenberger

Abstract: Biometric recognition is more and more employed in authentication and access control of various applications. Biometric data are strongly linked with the user and do not allow revocability nor diversity, without an adapted post-processing. Cancelable biometrics, including the very popular algorithm BioHashing, is used to cope with the underlying privacy and security issues. The principle is to transform a biometric template in a BioCode, in order to enhance user privacy and application security. These schemes are used for template protection of several biometric modalities, as fingerprints or face and the robustness is generally related to the hardness to recover the original biometric template by an impostor. In this paper, we propose to use genetic algorithms to approximate the original biometric feature and spoof the authentication system. We show through experimental results on fingerprints the efficiency of the proposed attack on the BioHashing algorithm, by approximating the original FingerCode, given the seed and the corresponding BioCode.
Download

Paper Nr: 79
Title:

An Efficient and Provably Secure Certificateless Identification Scheme

Authors:

Ji-Jian Chin, Raphael C.-W. Phan, Rouzbeh Behnia and Swee-Huay Heng

Abstract: Identity-based identification, first formalized independently by Bellare et al. and Kurosawa and Heng in 2004, still had the inherent key escrow problem, as the TA generating the user secret keys had full access to every user’s secret key. In 2003, Al-Riyami and Paterson introduced the notion of certificateless cryptography, and subsequently many certificateless encryption, signature and other schemes were introduced in literature. However, to this date there are still no certificateless identification schemes in existence. Therefore, in this paper, we formalize the notion of certificateless identification schemes and construct the first concrete certificateless identification scheme.
Download

Paper Nr: 93
Title:

Improving 802.11 Fingerprinting of Similar Devices by Cooperative Fingerprinting

Authors:

Clémentine Maurice, Stéphane Onno, Christoph Neumann, Olivier Heen and Aurélien Francillon

Abstract: Fingerprinting 802.11 devices has been proposed to identify devices in order to mitigate IEEE 802.11 weaknesses. However, important limitations prevent any real deployment. On the first hand, fingerprinting has a low accuracy when the devices have similar hardware and software. On the second hand, attackers may forge signatures to impersonate devices. We propose Diversity, a cooperative fingerprinting approach that improves accuracy of existing fingerprinting methods while relying only on off-the-shelf hardware. Diversity improves fingerprinting up to the reliable individual identification of identical 802.11 devices. This approach modifies the signature of devices by modifying slightly their traffic attributes. We evaluate Diversity with both a simulation and an implementation, achieving a false positive rate of 0% with a dataset including identical devices. Finally, we complement Diversity by mechanisms for detecting attackers that try to forge signatures.
Download

Paper Nr: 95
Title:

Instance-based Anomaly Method for Android Malware Detection

Authors:

Borja Sanz, Igor Santos, Xabier Ugarte-Pedrero, Carlos Laorden, Javier Nieves and Pablo G. Bringas

Abstract: The usage of mobile phones has increased in our lives because they offer nearly the same functionality as a personal computer. Besides, the number of applications available for Android-based mobile devices has increased. Android application distribution is based on a centralized market where the developers can upload and sell their applications. However, as it happens with any popular service, it is prone to misuse and, in particular, malware writers can use this market to upload their malicious creations. In this paper, we propose a new method that, based upon several features that are extracted from the AndroidManifest file of the legitimate applications, builds an anomaly detection system able to detect malware.
Download

Paper Nr: 96
Title:

A New Fully Auditable Proposal for an Internet Voting System with Secure Individual Verification and Complaining Capabilities

Authors:

Maider Huarte, Iñaki Goirizelaia, Juan José Unzilla, Jon Matías and Juan J. Igarza

Abstract: This paper introduces a new Internet voting (i-voting) system based on an analysis of the related literature, oriented to democratic election principles (universality, equality, freedom and secrecy). The foundations compiled from that analysis include both technical and social aspects because achieving voter confidence is as important as creating “perfectly secure” systems when talking about democracy. The issues especially addressed in the new system are: full audit-capability, secure individual verification and vote-complaining, and N-Version Programming based robustness and transparency. Currently, this new i-voting system is being tested for performance and usability in our lab.
Download

Paper Nr: 98
Title:

Symmetric Searchable Encryption for Exact Pattern Matching using Directed Acyclic Word Graphs

Authors:

Rolf Haynberg, Jochen Rill, Dirk Achenbach and Jörn Müller-Quade

Abstract: Searchable Encryption schemes allow searching within encrypted data without prior decryption. Various index-based schemes have been proposed in the past, which are only adequate for certain use cases. There is a lack of schemes with exact pattern matching capabilities. We introduce Symmetric Searchable Encryption for Exact Pattern Matching, a new class of searchable encryption schemes. To this end, we define the XPM-SSE primitive and two privacy notions for the new primitive. Our own construction, SEDAWG, is a XPM-SSE scheme which uses Directed Acyclic Word Graphs. We discuss and prove its properties.
Download

Paper Nr: 110
Title:

Enhanced Truncated Differential Cryptanalysis of GOST

Authors:

Nicolas T. Courtois, Theodosis Mourouzis and Michal Misztal

Abstract: GOST is a well-known block cipher implemented in standard libraries such as OpenSSL, it has extremely low implementation cost and nothing seemed to threaten its high 256-bit security [CHES 2010]. In 2010 it was submitted to ISO to become a worldwide industrial standard. Then many new attacks on GOST have been found in particular some advanced differential attacks by Courtois and Misztal with complexity of 2^179 which are based on distinguishers for 20 Rounds. In July 2012 Rudskoy et al claimed that these attacks fail when the S-boxes submitted to ISO 18033-3 are used. However, the authors failed to consider that these attacks need to be re-optimized again for this set of S-boxes. This is difficult because we have exponentially many sets of differentials. In this paper we present a basic heuristic methodology and a framework for constructing families of distinguishers and we introduce differential sets of a special new form dictated by the specific regular structure of GOST. We look at different major variants of GOST and we have been able to construct a distinguisher for 20 round for CryptoParamSetA and similar results for the new version of GOST submitted to ISO which is expected to be the strongest (!). Therefore there is absolutely no doubt that these versions of GOST are also broken by the same sort of attacks.
Download

Paper Nr: 116
Title:

Privacy-preserving Realization of the STORK Framework in the Public Cloud

Authors:

Bernd Zwattendorfer and Daniel Slamanig

Abstract: The STORK framework – enabling secure eID federation across European countries – will be the dominant identification and authentication framework across Europe in the future. While still in its start up phase, adoption of the STORK framework is continuously increasing and high loads can be expected, since, theoretically, the entire population of the European Union will be able to run authentications through this framework. This can easily lead to scalability issues, especially for the proxy-based (PEPS) approach in STORK, which relies on a central gateway being responsible for managing and handling citizen authentications. In order to mitigate the associated scalability issues, the PEPS approach could be moved into the public cloud. However, a move of a trusted service into the public cloud brings up new obstacles, especially with respect to citizens’ privacy. In this paper we propose an approach how this move could be successfully realized by still preserving citizens’ privacy and keeping existing national eID infrastructures untouched. We present the approach in detail and evaluate its capability with respect to citizens’ privacy protection as well as its practicability. We conclude, that the proposed approach is a viable way of realizing an efficient and scalable Pan-European citizen identification and authentication framework.
Download

Paper Nr: 119
Title:

The Usability of CAPTCHAs on Smartphones

Authors:

Gerardo Reynaga and Sonia Chiasson

Abstract: Completely Automated Public Turing tests to tell Computers and Humans Apart (CAPTCHA) are challenge-response tests used on the web to distinguish human users from automated bots (von Ahn et al., 2004). In this paper, we present an exploratory analysis of the results obtained from a user study and a heuristic evaluation of captchas on smartphones; we aimed to identify opportunities and guide improvements for captchas on smartphones. Results showed that existing captcha schemes face effectiveness and user satisfaction problems. Among the more severe problems found were the need to often zoom and pan, and too small control buttons. Based on our results, we present deployment and design guidelines for captchas on smartphones.
Download

Paper Nr: 120
Title:

From a Logical Approach to Internal States of Hash Functions - How SAT Problem Can Help to Understand SHA-* and MD*

Authors:

Florian Legendre, Gilles Dequen and Michaël Krajecki

Abstract: This paper deals with logical cryptanalysis of hash functions. They are commonly used to check data integrity and to authenticate protocols. These functions compute, from an any-length message, a fixed-length bit string, usually named digest. This work defines an experimental framework, that allows, thanks to the propositional formalism, to study cryptosystems at the bit level through corresponding instances of the sat problem. Thus, we show that some internal words of popular hashing functions md?and sha-? are not as random as expected and provide some convincing elements to explain this phenomenon by the use of round constants. Because this presents several weaknesses, we show how to detect and exploit these ones through an application based on logical cryptanalysis. As a result we show equivalences, and quasi-equivalences between digits and explain how we inverse reduced-step versions of md5 and sha-1.
Download

Paper Nr: 122
Title:

Policy-based Non-interactive Outsourcing of Computation using Multikey FHE and CP-ABE

Authors:

Michael Clear and Ciarán McGoldrick

Abstract: We consider the problem of outsourced computation that operates on encrypted inputs supplied by multiple independent parties. To facilitate fine-grained access control, it would be desirable if each party could encrypt her input under an appropriate access policy. Moreover, a party should only be authorized to decrypt the result of a computation performed on a set of encrypted inputs if his credentials satisfy the composition of all input policies. There has been limited success so far achieving homomorphic encryption in the functional setting; that is, for primitives such as Ciphertext-Policy Attribute Based Encryption (CP-ABE) and Identity Based Encryption (IBE). We introduce a new primitive that captures homomorphic encryption with support for access policies and policy composition. We then present a generic construction using CP-ABE and multikey Fully-Homomorphic encryption (FHE). Furthermore, we show that a CP-ABE scheme that is homomorphic for circuits of polylogarithmic depth in some parameter $ implies a CP-ABE scheme that is homomorphic for circuits of arity m and unbounded depth.
Download

Paper Nr: 127
Title:

Recovering RSA Private Keys on Implementations with Tampered LSBs

Authors:

Constantinos Patsakis

Abstract: The theoretical security that modern encryption algorithms are providing, leads researchers to new attack scenarios which are more implementation centric. By discovering hardware or software flaws that can recover some information about the decryption key, cryptanalysts try to exploit this knowledge. Therefore, many side channel attacks have appeared, illustrating that the concept of having secure code or even embedding all cryptographic functions in hardware modules, in many cases in not adequate. The aim of this work is to illustrate how partial information can be used to exploit the extracted information, leading to full reconstruction of the private key of RSA, for some implementations of the algorithm where the LSB has been selected to fit several constraints. More precisely, we study the case where the LSB half of the primes is identical or when there is a linear equation that mixes the LSB halves of the two primes.
Download

Paper Nr: 128
Title:

On the Effectiveness of Dynamic Taint Analysis for Protecting against Private Information Leaks on Android-based Devices

Authors:

Golam Sarwar, Olivier Mehani, Roksana Boreli and Mohamed-Ali Kaafar

Abstract: We investigate the limitations of using dynamic taint analysis for tracking privacy-sensitive information on Android-based mobile devices. Taint tracking keeps track of data as it propagates through variables, interprocess messages and files, by tagging them with taint marks. A popular taint-tracking system, TaintDroid, uses this approach in Android mobile applications to mark private information, such as device identifiers or user’s contacts details, and subsequently issue warnings when this information is misused (e.g., sent to an undesired third party). We present a collection of attacks on Android-based taint tracking. Specifically, we apply generic classes of anti-taint methods in a mobile device environment to circumvent this security technique. We have implemented the presented techniques in an Android application, ScrubDroid. We successfully tested our app with the TaintDroid implementations for Android OS versions 2.3 to 4.1.1, both using the emulator and with real devices. Finally, we evaluate the success rate and time to complete of the presented attacks. We conclude that, although taint tracking may be a valuable tool for software developers, it will not effectively protect sensitive data from the black-box code of a motivated attacker applying any of the presented anti-taint tracking methods.
Download

Paper Nr: 10
Title:

Non-random Properties of Compression and Hash Functions using Linear Cryptanalysis

Authors:

Daniel Santana de Freitas and Jorge Nakahara Jr

Abstract: We report on linear analyses of block-cipher based compression and hash functions. Our aim is not to find collisions nor (second) preimages, but to detect non-random properties that may distinguish a compression or hash function from an ideal primitive (random oracle). We study single-block modes of operation such as Davies-Meyer (DM), Matyas-Meyer-Oseas (MMO) and Miyaguchi-Preneel (MP) and double-block modes such as Hirose's, Tandem-DM, Parallel-DM and Abreast-DM. This paper points out weaknesses coming from the feedforward operation used in these hash modes. We use an inside-out approach: we show how a weakness (linear relation) in the underlying block cipher can propagate to the compression function and eventually to the whole hash function. To demonstrate our ideas, we instantiate the block cipher underlying these modes with 21-round PRESENT, the full 16-round DES and 9-round Serpent. For instance, in DM-PRESENT-80 mode, we can distinguish the hash function from an ideal primitive with 2^64 hash computations.
Download

Paper Nr: 22
Title:

On the Connection between t-Closeness and Differential Privacy for Data Releases

Authors:

Josep Domingo-Ferrer

Abstract: t-Closeness was introduced as an improvement of the well-known k-anonymity privacy model for data release. On the other hand, ?-differential privacy was originally proposed as a privacy property for answers to on-line database queries and it has been very welcome in academic circles. In spite of their quite diverse origins and motivations, we show in this paper that t-closeness and ?-differential privacy actually provide related privacy guarantees when applied to off-line data release. Specifically, k-anonymity for the quasi-identifiers combined with differential privacy for the confidential attributes yields t-closeness in expectation.
Download

Paper Nr: 26
Title:

AVON - A Fast Hash Function for Intel SIMD Architectures

Authors:

Matt Henricksen and Shinsaku Kiyomoto

Abstract: In this paper, we propose a hash function that takes advantage of the AES-NI and other Single-Instruction Multiple-Data operations on Intel x64 platforms to generate digests very efficiently. It is suitable for applications in which a server needs to securely hash electronic documents at a rate of several cycles/byte. This makes it much more efficient for certain applications than SHA-2, SHA-3 or any of the SHA-3 finalists. On the common Sandy Bridge micro-architecture, our hash function, AVON, has a throughput of 2.65 cycles per byte while retaining a high degree of security.
Download

Paper Nr: 35
Title:

Development of Device Identity using WiFi Layer 2 Management Frames for Combating Rogue APs

Authors:

Jonny Milliken, Valerio Selis, Kian Meng Yap and Alan Marshall

Abstract: The susceptibility of WiFi networks to Rogue Access Point attacks derives from the lack of identity for 802.11 devices. The most common means of detecting these attacks in current research is through tracking the credentials or the location of unauthorised and possibly malicious APs. In this paper, the authors outline a method of distinguishing WiFi Access Points using 802.11 MAC layer management frame traffic profiles. This system does not require location estimation or credential tracking techniques as used in current research techniques, which are known to be inaccurate. These characteristic management traffic profiles are shown to be unique for each device, tantamount to a MAC identity. The application of this technique to solving Rogue AP attacks under the constraints of an open access, public WiFi environment is discussed with the conclusion that the identity is practically very difficult to forge.
Download

Paper Nr: 63
Title:

Are Biometric Web Services a Reality? - A Best Practice Analysis for Telebiometric Deployment in Open Networks

Authors:

Dustin van der Haar and Basie von Solms

Abstract: With the growth of biometric system complexity and the resources required for these systems, newer biometric systems are increasingly becoming more distributed to deal with accessibility and computation demand. These telebiometric systems introduce additional problems, which are outside of the scope of traditional biometric standards. Best practices have been published that address problems in these distributed systems, by outlining service-based approaches that provision typical biometric operations through the use of telecommunication standards, such as SOAP. In this paper, 2 families of best practices for telebiometric-based systems (the ITU-T X.1080 family of recommendations and the BIAS family of standards) are reviewed and assessed according to their current deployment potential within an online context. Recommendations are then presented and a verdict is given that shows current best practice provides adequate guidance for the building of large-scale telebiometric systems that utilise web-based biometric services.
Download

Paper Nr: 64
Title:

Abusing Social Networks with Abuse Reports - A Coalition Attack for Social Networks

Authors:

Slim Trabelsi and Hana Bouafif

Abstract: In Social Network websites, the users can report the bad behaviors of other users. In order to do so, they can create a kind of escalation ticket called abuse report in which they detail the infraction made by the “bad” user and help the website moderator to decide on a penalty. Today Social Networks count billions of users, the handling of the abuse reports is no more executed manually by moderators; they currently rely on some algorithms that automatically block the “bad” users until a moderator takes care of the case. In this paper we purport to demonstrate how such algorithms are maliciously used by attackers to illegally block innocent victims. We also propose to automate such an attack to demonstrate the big damage that can be caused in current social network websites. We also took the case study of Facebook as proof of concept.
Download

Paper Nr: 69
Title:

Diagnostic Category Leakage in Helper Data Schemes for Biometric Authentication

Authors:

Joep de Groot, Boris Skoric, Niels de Vreede and Jean-Paul Linnartz

Abstract: A helper data scheme (HDS) is a cryptographic primitive that extracts a high-entropy noise-free secret string from noisy data, such as biometrics. A well-known problem is to ensure that the storage of a user-specific helper data string in a database does not reveal any information about the secret. Although Zero Leakage Systems (ZSL) have been proposed, an attacker with a priori knowledge about the enrolled user can still exploit the helper data. In this paper we introduce diagnostic category leakage (DCL), which quantifies what an attacker can infer from helper data about, for instance, a particular medical indication of the enrolled user, her gender, etc. The DCL often is non-zero. Though small per dimension, it can be problematic in high-dimensional biometric authentication systems. Furthermore, partial a priori knowledge on of medical diagnosis of the prover can leak about the secret.
Download

Paper Nr: 73
Title:

A Game Theory based Repeated Rational Secret Sharing Scheme for Privacy Preserving Distributed Data Mining

Authors:

Nirali R. Nanavati and Devesh C. Jinwala

Abstract: Collaborative data mining has become very useful today with the immense increase in the amount of data collected and the increase in competition. This in turn increases the need to preserve the participants’ privacy. There have been a number of approaches proposed that use Secret Sharing for privacy preservation for Secure Multiparty Computation (SMC) in different setups and applications. The different multiparty scenarios may have parties that are semi-honest, rational or malicious. A number of approaches have been proposed for semi honest parties in this setup. The problem however is that in reality we have to deal with parties that act in their self-interest and are rational. These rational parties may try and attain maximum gain without disrupting the protocol. Also these parties if cautioned would correct themselves to have maximum individual gain in the future. Thus we propose a new practical game theoretic approach with three novel punishment policies with the primary advantage that it avoids the use of expensive techniques like homomorphic encryption. Our proposed approach is applicable to the secret sharing scheme among rational parties in distributed data mining. We have analysed theoretically the proposed novel punishment policies for this approach. We have also empirically evaluated and implemented our scheme using Java. We compare the punishment policies proposed in terms of the number of rounds required to attain the Nash equilibrium with eventually no bad rational nodes with different percentage of initial bad nodes.
Download

Paper Nr: 75
Title:

Practical and Exposure-resilient Hierarchical ID-based Authenticated Key Exchange without Random Oracles

Authors:

Kazuki Yoneyama

Abstract: ID-based authenticated key exchange (ID-AKE) is a cryptographic tool to establish a common session key between parties with authentication based on their IDs. If IDs contain some hierarchical structure such as an email address, hierarchical ID-AKE (HID-AKE) is especially suitable because of scalability. However, most of existing HID-AKE schemes do not satisfy advanced security properties such as forward secrecy, and the only known strongly secure HID-AKE scheme is inefficient. In this paper, we propose a new HID-AKE scheme which achieves both strong security and efficiency. We prove that our scheme is eCK-secure (which ensures maximal-exposure-resilience including forward secrecy) without random oracles, while existing schemes is proved in the random oracle model. Moreover, the number of messages and pairing operations are independent of the hierarchy depth; that is, really scalable and practical for a large-system.
Download

Paper Nr: 80
Title:

Identity Security in Biometric Systems based on Keystroking

Authors:

Lucjan Hanzlik and Wojciech Wodo

Abstract: The most valuable element of biometric security systems are the personal features of its users. Characteristics of individuals are unique and must be protected. We focus in this paper on methods of protection of user identity in systems based on keystroking. Our approach assumes giving minimal information to adversaries and the best responsiveness of the system regardless of user representation or possible usage. We consider keystroking not only in the context of keyboard, but also touch screen, pin pad and any other input device that could be used for typing. We present as results several complete security solutions that are applicable for software as well as hardware systems.
Download

Paper Nr: 87
Title:

Efficient Characteristic 3 Galois Field Operations for Elliptic Curve Cryptographic Applications

Authors:

Vinay S. Iyengar

Abstract: Galois fields of characteristic 3, where the number of field elements is a power of 3, have a distinctive application in building high-security elliptic curve cryptosystems. However, they are not typically used because of their relative inefficiency in computing polynomial operations when compared to conventional prime or binary Galois fields. The purpose of this research was to design and implement characteristic 3 Galois field arithmetic algorithms with greater overall efficiency than those presented in current literature, and to evaluate their applicability to elliptic curve cryptography. The algorithms designed were tested in a C++ program and using a mapping of field element logarithms, were able to simplify the operations of polynomial multiplication, division, cubing, and modular reduction to that of basic integer operations. They thus significantly outperformed the best characteristic 3 algorithms presented in literature and showed a distinct applicability to elliptic curve cryptosystems. In conclusion, this research presents a novel method of optimizing the performance of characteristic 3 Galois fields and has major implications for the field of elliptic curve cryptography.
Download

Paper Nr: 92
Title:

Related-key Impossible Differential Cryptanalysis of Full-round HIGHT

Authors:

Saeed Rostami, Sadegh Bamohabbat Chafjiri and Seyed Amir Hossein Tabatabaei

Abstract: The HIGHT algorithm is a 64-bit block cipher with 128-bit key length, at CHES'06 as a lightweight cryptographic algorithm. In this paper, a new related-key impossible differential attack on the full-round algorithm is introduced. Our cryptanalysis requires time complexity of 2^127.276 HIGHT evaluations which is slightly faster than exhaustive search attack. This is the first related-key impossible differential cryptanalysis on the full-round HIGHT block cipher.
Download

Paper Nr: 103
Title:

Survey and Benchmark of Lightweight Block Ciphers for Wireless Sensor Networks

Authors:

Mickaël Cazorla, Kevin Marquet and Marine Minier

Abstract: For security applications in wireless sensor networks (WSNs), choosing best algorithms in terms of energy efficiency and of small memory requirements is a real challenge because the sensor networks must be autonomous. In (Eisenbarth et al., 2012; Law et al., 2006), the authors have benchmarked on a dedicated platform some block-ciphers and have deduced the best candidates to use in the context of small embedded platforms. This article proposes to study on a dedicated platform of sensors most of the recent lightweight block ciphers as well as some conventional block ciphers. First, we describe the design of the chosen block ciphers with a security summary and we then present some implementation tests performed on our platform.

Paper Nr: 111
Title:

Privacy-enhanced Perceptual Hashing of Audio Data

Authors:

Heiko Knospe

Abstract: Audio hashes are compact and robust representations of audio data and allow the efficient identification of specific recordings and their transformations. Audio hashing for music identification is well established and similar algorithms can also be used for speech data. A possible application is the identification of replayed telephone spam. This contribution investigates the security and privacy issues of perceptual hashes and follows an information-theoretic approach. The entropy of the hash should be large enough to prevent the exposure of audio content. We propose a privacy-enhanced randomized audio hash and analyze its entropy as well as its robustness and discrimination power over a large number of hashes.
Download

Paper Nr: 137
Title:

Efficient Group Signatures with Verifier-local Revocation Employing a Natural Expiration

Authors:

Lukas Malina, Jan Hajny and Zdenek Martinasek

Abstract: This paper presents a novel proposal of group signatures with verifier-local revocation employing a natural expiration to ensure an efficient verification of signatures and a revocation check. Current group signatures have an expensive verification phase which takes several pairing operations and checks a long-sized revocation list, especially, if a large number of users are in the group. Generally, the revocation list grows linearly every time when a new revoked user is added into the list unless group parameters and keys are not reinitialized. Nevertheless, the reinitialization is not feasible and burdens the communication overhead in many communication systems. In these schemes, the verification of several signatures with the long-sized revocation list takes too much time. Our proposed group signature scheme offers the more efficient verification phase which employs the revocation list that is reduced in time by a natural expiration of group member secret keys. Due to an optimization in the verification phase, our scheme is more efficient than related solutions.
Download

Paper Nr: 138
Title:

Public-key Cryptography from Different Assumptions - A Multi-bit Version

Authors:

Herve Chabanne, Gerard Cohen and Alain Patey

Abstract: At STOC 2010, Applebaum, Barak and Wigderson introduced three new public-key cryptosystems based on combinatorial assumptions. In their paper, only encryption of bits has been considered. In this paper, we focus on one of their schemes and adapt it to encrypt a constant number of bits in a single ciphertext without changing the size of the public key. We add wire-tap channel techniques to improve the security level of our scheme, thus reaching indistinguishability. We show that it is homomorphic for the XOR operation on bit strings. We also suggest concrete parameters for a first instantiation of our scheme.
Download

Paper Nr: 139
Title:

Not All ISPs Equally Secure Home Users - An Empirical Study Comparing Wi-Fi Security Provided by UK ISPs

Authors:

Z. Cliffe Schreuders and Adil M. Bhat

Abstract: A majority of home users rely on their Internet service providers (ISPs) to provide them with wireless equipment that is secure, and assume that they are appropriately protected from threats such as piggybacking and eavesdropping. In this paper we present the results of an empirical study comparing the security provided to home users by their ISPs. Passive wireless data collection was used to gather information on 7,847 unique wireless access points within Leeds, UK. Non-parametric inferential statistical analysis was used to compare the security provided by the corresponding ISPs, as identified via the SSID naming used by ISPs in the UK. The ISPs identified included BT, O2, Orange, Plus Net, Sky, TalkTalk, and Virgin Media. Statistically significant differences in the security of the networks were found between ISPs, which we contend can in part be explained by their upgrade policies. These results are contrasted with the security configuration provided by three of the largest ISPs to new customers. For example, BT (the largest ISP in the UK) was found to have a greater number of access points configured with the cryptographically broken Wireless Equivalent Privacy (WEP) encryption method in use, compared to most of the other large ISPs, and this is in contrast to the favourable security configuration of the routers that are provided to new customers. The paper concludes with recommendations for when ISPs provide Wi-Fi enabled routers to home users.
Download

Paper Nr: 140
Title:

Approaching Encryption through Complex Number Logarithms

Authors:

George Stergiopoulos, Miltiadis Kandias and Dimitris Gritzalis

Abstract: In this paper, we approach encryption through the properties of complex logarithm and the complex plane. We introduce a mathematical concept to be used in cryptography. As an example, we propose a new cryptosystem, by mixing known robust techniques such as chain-block encryption and AES-like structures together with complex exponentiation to provide robust encryption of plaintext messages. The proposed method implements encryption by transforming complex numbers into position vectors in a two-dimensional Cartesian coordinate system called the complex plane and utilizes the properties of the complex logarithm together with well-defined techniques from global standards (such as AES), in order to ensure robustness against cryptanalysis. This is made possible without implementing any computational costly algorithm. This has two important consequences: First, it may open up viable solutions to known limitations in cryptography such as relatively complex key schedules (i.e. in Feistel ciphers) and the need for relatively large keys used in encryption methods (bit-wise). Second, it proposes a new mathematical concept that can be used in future cryptosystems. An example of this is the preliminary cryptosystem found in this paper. We present its algorithm and show that it can be implemented using fast mechanisms for encryption and decryption.
Download

Paper Nr: 141
Title:

Keystroke Authentication with a Capacitive Display using Different Mobile Devices

Authors:

Matthias Trojahn, Christian Schadewald and Frank Ortmeier

Abstract: This study investigates keystroke dynamics as biometric authentication on different smartphones. We analysed different sensors in the smartphones which affect the error rates of the authentication. We also evaluate the effectiveness of different features based on the error rates. In addition, a framework is presented for using one device as a base model to authenticate the same person on other devices. We conduct with an experiment with three devices and three different keywords to assess how well different devices can be used (error rates smaller than 3.5 %) and suitable combinations of devices. Moreover, our experiment results showed that passwords spread over the whole keyboard have lower error rates.
Download

Paper Nr: 151
Title:

MINHO - A Novel Authentication Scheme based on Pre-Authentication Service

Authors:

Hasan Kadhem

Abstract: This paper presents a novel authentication scheme called MINHO, which protects users from unauthorized access even when their passwords have been stolen. At the same time, MINHO detects any tries for unauthorized access by attackers. Our idea is to use a mobile phone to send a request with specific parameters to the service provider before the actual authentication process, then, the service provider verifies the pre-authentication parameters during the authentication process. We propose many parameters that can be used with the preauthentication service such as Authentication Ticket (AT), time, and location. MINHO is a practical scheme that can be used with the current systems, without (hardware/software) changes on the terminal side. It is a cost effective scheme, easy to use, and does not rely on a third party.

Paper Nr: 157
Title:

A Model-driven Approach for Securing Software Architectures

Authors:

Mario Arrigoni Neri, Marco Guarnieri, Eros Magri, Simone Mutti and Stefano Paraboschi

Abstract: Current IT systems consist usually of several components and services that communicate and exchange data over the Internet. They have security requirements that aim at avoiding information disclosure and at showing compliance with government regulations. In order to effectively handle the security management of complex IT systems, techniques are needed to help the security administrator in the design and configuration of the security architecture. We propose a model-driven security approach for the design and generation of concrete security configurations for software architectures. In our approach the system architect models the architecture of the system by means of UML class diagrams, and then the security administrator adds security requirements to the model by means of Security4UML, a UML profile. From the model enriched with security requirements, the concrete security configuration is derived in a semi-automated way. We present a tool that supports this model-driven approach, and a case study that involves a distributed multi-user meeting scheduler application.
Download

Paper Nr: 162
Title:

Database Anomalous Activities - Detection and Quantification

Authors:

Elisa Costante, Sokratis Vavilis, Sandro Etalle, Jerry den Hartog, Milan Petkovic and Nicola Zannone

Abstract: The disclosure of sensitive data to unauthorized entities is a critical issue for organizations. Timely detection of data leakage is crucial to reduce possible damages. Therefore, breaches should be detected as early as possible, e.g., when data are leaving the database. In this paper, we focus on data leakage detection by monitoring database activities. We present a framework that automatically learns normal user behavior, in terms of database activities, and detects anomalies as deviation from such behavior. In addition, our approach explicitly indicates the root cause of an anomaly. Finally, the framework assesses the severity of data leakages based on the sensitivity of the disclosed data.
Download

Paper Nr: 163
Title:

A Preliminary Application of Generalized Fault Trees to Security

Authors:

Daniele Codetta-Raiteri

Abstract: Fault trees (FT) are widespread models in the field of reliability, but they lack of modelling power. So, in the literature, several extensions have been proposed and introduced specific new modelling primitives. Attack trees (AT) have gained acceptance in the field of security. They follow the same notation of standard FT, but they represent the combinations of actions necessary for the success of an attack to a computing system. In this paper, we extend the AT formalism by exploiting the new primitives introduced in the FT extensions. This leads to more accurate models. The approach is applied to a case study: the AT is exploited to represent the attack mode and compute specific quantitative measures about the system security.
Download

Paper Nr: 164
Title:

E3SN - Efficient Security Scheme for Sensor Networks

Authors:

Hassan Noura, Steven Martin and Khaldoun Al Agha

Abstract: Sensor networks are widely used in various areas and applications, and the need for effective security systems is increasingly essential. But most security systems are based on complex algorithms that require a high complexity and energy consumption, thus have undesirable consequences. To reduce them, a new security system called E3SN is defined. It is based on an invertible and flexible key dependent matrix to mix the contents of the packets. Our proposal can achieve simultaneously the information’s confidentiality, packet’s integrity and source’s authentication, with a minimum of computational complexity, communication overhead and memory consumption. This matrix is secret and only the transmitter and receiver can produce it in counter mode. We evaluate our system by comparing E3SN to AES algorithm, considered reliable and robust in several standards of sensor networks such as ZigBee, WirelessHART and ISA100.11a. The results show that the proposed technique is much more efficient than AES, with the same quality of cryptography.
Download