SECRYPT 2011 Abstracts

Full Papers
Paper Nr: 30
Title:

ANOMALY-BASED SPAM FILTERING

Authors:

Igor Santos, Carlos Laorden and Xabier Ugarte-Pedrero

Abstract: Spam has become an important problem for computer security because it is a channel for the spreading of threats such as computer viruses, worms and phishing. Currently, more than 85% of received e-mails are spam. Historical approaches to combat these messages, including simple techniques such as sender blacklisting or the use of e-mail signatures, are no longer completely reliable. Many solutions utilise machine-learning approaches trained using statistical representations of the terms that usually appear in the e-mails. However, these methods require a time-consuming training step with labelled data. Dealing with the situation where the availability of labelled training instances is limited slows down the progress of filtering systems and offers advantages to spammers. In this paper, we present the first spam filtering method based on anomaly detection that reduces the necessity of labelling spam messages and only employs the representation of legitimate emails. This approach represents legitimate e-mails as word frequency vectors. Thereby, an email is classified as spam or legitimate by measuring its deviation to the representation of the legitimate e-mails. We show that this method achieves high accuracy rates detecting spam while maintaining a low false positive rate and reducing the effort produced by labelling spam.

Paper Nr: 32
Title:

THREE-PARTY PASSWORD-AUTHENTICATED KEY EXCHANGE WITHOUT RANDOM ORACLES

Authors:

Xun Yi

Abstract: Password-authenticated key exchange (PAKE) in the 3-party setting is where two clients, who do not share a password between themselves but only with a server, establish a common session key with the help of the server. Abdalla, Fouque and Pointcheval were the first formally to address 3-party PAKE issue and presented a natural and generic construction from any 2-party PAKE protocols. Soon after, Abdalla and Pointcheval presented a more efficient 3-party PAKE protocol and proved its security in the random oracle model. In this paper, we present a new 3-party PAKE protocol on the basis of identity-based encryption and ElGamal encryption schemes. In our protocol, the client needs to remember passwords and the server’s identity only while the server keeps passwords in addition to a private key related to its identity. We have put forth a formal model of security for ID-based 3-party PAKE, and provided a rigorous proof of security for our protocol without random oracles.

Paper Nr: 33
Title:

SMARTPHONE SECURITY EVALUATION - The Malware Attack Case

Authors:

Alexios Mylonas and Stelios Dritsas

Abstract: The adoption of smartphones, devices transforming from simple communication devices to ‘smart’ and multipurpose devices, is constantly increasing. Amongst the main reasons are their small size, their en¬hanced functionality and their ability to host many useful and attractive applications. However, this vast use of mobile platforms makes them an attractive target for conducting privacy and security attacks. This sce¬na¬rio increases the risk introduced by these attacks for personal mobile devices, given that the use of smar¬t¬phones as business tools may extend the perimeter of an organization’s IT infrastructure. Furthermore, smart¬¬phone platforms provide application developers with rich capabilities, which can be used to compro¬mi¬¬se the security and privacy of the device holder and her environment (private and/or organizational). This paper examines the feasibility of malware development in smartphone platforms by average programmers that have access to the official tools and programming libraries provided by smartphone platforms. Towards this direction in this paper we initially propose specific evaluation criteria assessing the security level of the well-known smartphone platforms (i.e. Android, BlackBerry, Apple iOS, Symbian, Windows Mobile), in terms of the development of malware. In the sequel, we provide a comparative analysis, based on a proof of concept study, in which the implementation and distribution of a location tracking malware is attempted. Our study has proven that, under circumstances, all smartphone platforms could be used by average de¬ve¬lo¬pers as privacy attack vectors, harvesting data from the device without the users knowledge and consent.

Paper Nr: 35
Title:

TOWARDS OPTIMAL REVOCATION AND TRACING SCHEMES - The Power of the Ternary Tree

Authors:

Kazuhide Fukushima and Shinsaku Kiyomoto

Abstract: Digital content distribution services require that 1) only valid user devices that has a valid key can decrypt the broadcasting content, 2) the keys can no longer be used to decrypt the content, if keys in a device are revealed, and 3) invalid users who illegally use keys in a device can be identified. This paper proposes a broadcast encryption scheme with traitor tracing based on the ternary tree structure. We design a new cover-finding algorithm and label assignment algorithm in order to achieve a coalition-resistant revocation and tracing schemes. In our scheme, the number of labels stored in a client device can be reduced by about 20.4 percent and the average header length by up to 15.0 percent in the case where the total number of devices is 65,536. The efficiency of the traitor tracing is the same as the complete subtree method, and its computational cost imposed on a client device stays within O(logn). Our scheme is an improvement of the complete subtree and difference subset methods.

Paper Nr: 37
Title:

A METHOD FOR FLEXIBLE REDUCTION OVER BINARY FIELDS USING A FIELD MULTIPLIER

Authors:

Saptarsi Das, Keshavan Varadarajan, Ganesh Garga and Rajdeep Mondal

Abstract: Flexibility in implementation of the underlying field algebra kernels often dictates the life-span of an Elliptic Curve Cryptography solution. The systems/methods designed to realize binary field arithmetic operations can be tuned either for performance or for flexibility. Usually flexibility of these solutions adversely affects their performance. For solutions to reduction operation this adverse effect is particularly prominent. Therefore it is a non-trivial task to design a flexible reduction method/system without compromising performance. In this paper we present a method for flexible reduction. The proposed reduction technique is based on the well-known repeated multiplication technique and Barrett reduction. This technique is particularly appealing in the context of coarse-grain programmable architectures where performance of any kernel is heavily influenced by granularity of operations. In this context we propose a design of a polynomial multiplier based on the well-known Interleaved Galois Field multiplier to accelerate the underlying multi-word polynomial multiplications. We show that this modified IGF multiplier offers a significant improvement in throughput over a purely software realization or a hybrid software-hardware implementation using a conventional polynomial multiplier.

Paper Nr: 41
Title:

RELATED-KEY ATTACK AGAINST TRIPLE ENCRYPTION BASED ON FIXED POINTS

Authors:

Serge Vaudenay

Abstract: Triple encryption was proposed to increase the security of single encryption when the key is too short. In the past, there have been several attacks in this encryption mode. When triple encryption is based on two keys, Merkle and Hellman proposed a subtle meet-in-the-middle attack which can break it at a price similar to breaking single encryption (but with nearly all the code book). When triple encryption is based on three keys, Kelsey, Schneier, and Wagner proposed a related-key attack which can break it at a price similar to breaking single encryption. In this paper, we propose a new related-key attack against triple encryption which compares to breaking single encryption in the two cases. Our attack against two-key triple-encryption has exactly the same performances as a meet-in-the-middle on double-encryption. It is based on the discovery of fixed points in a decrypt-encrypt sequence using related keys. In the two-key case, it is comparable to the Merkle-Hellman attack (except that is uses related keys). In the three-key case, it has a higher complexity than the Kelsey-Schneier-Wagner attack but can live with known plaintexts.

Paper Nr: 49
Title:

ON THE (NON-)REUSABILITY OF FUZZY SKETCHES AND EXTRACTORS AND SECURITY IN THE COMPUTATIONAL SETTING

Authors:

Marina Blanton and Mehrdad Aliasgari

Abstract: Secure sketches and fuzzy extractors enable the use of biometric data in cryptographic applications by correcting errors in noisy biometric readings and producing cryptographic materials suitable for many applications. Such constructions work by producing a public sketch, which is later used to reproduce the original biometric and all derived information exactly from a noisy biometric reading. It has been previously shown that release of multiple sketches associated with a single biometric presents security problems for certain constructions. Through novel analysis we demonstrate that all other constructions in the literature are also prone to similar problems, which hinders their adoption in practice. To mitigate the problem, we propose for each user to store one short secret string for all possible uses of her biometric, and show that simple constructions in the computational setting have numerous security and usability advantages under standard hardness assumptions. Our constructions are generic in that they can be used with any existing secure sketch as a black box.

Paper Nr: 55
Title:

STUDY OF THE PHENOMENOLOGY OF DDOS NETWORK ATTACKS IN PHASE SPACE

Authors:

Michael E. Farmer and William Arthur

Abstract: Denial of Service (DOS) network attacks continue to be a widespread problem throughout the internet. These attacks are designed not to steal data but to prevent regular users from accessing the systems. One particularly difficult attack type to detect is the distributed denial of service attack where the attacker commandeers multiple machines without the users’ awareness and coordinates an attack using all of these machines. While the attacker may use many machines, it is believed that the underlying characteristics of the resultant network traffic are fundamentally different than normal traffic due to the fact that the underlying dynamics of sources of the data are different than for normal traffic. Chaos theory has been growing in popularity as a means for analyzing systems with complex dynamics in a host of applications. One key tool for detecting chaos in a signal is analyzing the trajectory of a system’s dynamics in phase space. Chaotic systems have significantly different trajectories than non-chaotic systems where the trajectory of the chaotic system tends to have high fractal dimension due to its space filling nature, while non-chaotic systems have trajectories with much lower fractal dimensions. We investigate the fractal nature of network traffic in phase space and verify that indeed traffic from coordinated attacks have significantly lower fractal dimensions in phase space. We also show that tracking the signals in either number of ports or number of addresses provides superior detectability over tracking the number of bytes.

Paper Nr: 56
Title:

DRIVER AUTHENTICATION USING BRAIN WAVES WHILE ROUTE TRACING AS A MENTAL TASK

Authors:

Isao Nakanishi

Abstract: From the viewpoint of user management, continuous or on-demand biometric authentication is effective for achieving higher security. In such a case, the biometrics which is able to present biometric data unconsciously is needed and we have proposed to use the brain wave as the unconscious biometrics. In this paper, assuming driver authentication, we measure brain waves of drivers when they are tracing routes as a mental task. And we evaluate verification performance using the difference between the mean power spectrum at a-b band in relaxed condition and that in mental-tasked condition as an individual feature. As a result, the EER of 31 % is obtained among 12 subjects.

Paper Nr: 58
Title:

EMBEDDING RATIO ESTIMATION BASED ON WEIGHTED STEGO IMAGE FOR EMBEDDING IN 2LSB

Authors:

Chunfang Yang and Tao Zhao

Abstract: For two different steganography paradigms of 2LSB steganography, two corresponding steganalysis methods are proposed based on weighted stego image. This paper gives and improves two theorems that for two cases of 2LSB steganography, when the weight parameters are equal to the embedding ratios, the weighted stego image is closest to the cover image in the least square sense. Afterward, based on the two theorems and a predictor of cover image, two steganalysis methods are proposed to estimate the embedding ratios. Experimental results show that the new steganalysis methods outperform the structural steganalysis when the embedding ratio in any bit plane is middling or large. And this can fetch up the defect of structural steganalysis.

Paper Nr: 74
Title:

A TINY RSA COPROCESSOR BASED ON OPTIMIZED SYSTOLIC MONTGOMERY ARCHITECTURE

Authors:

Zongbin Liu and Luning Xia

Abstract: In this paper we propose a new hardware architecture of modular exponentiation, which is based on the optimized Montgomery multiplication. At CHES 1999, Tenca introduced a new architecture for implementing the Montgomery multiplication which was later improved by Huang et al. at PKC 2008. In this paper we improve the architecture of Huang and the improved one occupies less hardware resource, at the same time we add the final subtraction of the Montgomery algorithm into the architecture in order to do the exponentiation computation. Finally we use this improved architecture to build a RSA coprocessor. Compared with the previous work, the new 1024-bit RSA coprocessor saved nearly 50% of area, and the area utilization is greatly improved. This design is the smallest design as we know in the literature, and we verified the correctness by huge test data.

Paper Nr: 77
Title:

PRIVACY-PRESERVING SMART METERING WITHOUT A TRUSTED-THIRD-PARTY

Authors:

Tobias Jeske

Abstract: Smartmeters report the current electricity consumption over the internet back to their energy providers. Finelysampled power consumption enables the energy provider to learn the habits of the customer’s household in which the smart meter is installed. This paper presents a protocol which preserves customer privacy but also allows the detection of unregistered smart meters and prevents spamming and replay attacks. A trustedthird- party is not needed. This protocol, whose security proof relies on the strong RSA assumption and the random oracle model, is based on zero-knowledge techniques. The protocol has been implemented on different hardware platforms and benchmark results are given.

Paper Nr: 86
Title:

BYTE SLICING GRØSTL - Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl

Authors:

Kazumaro Aoki and Günther Roland

Abstract: Grøstl is an AES-based hash function and one of the 5 finalists of the SHA-3 competition. In this work we present high-speed implementations of Grøstl for small 8-bit CPUs and large 64-bit CPUs with the recently introduced AES instructions set. Since Grøstl does not use the same MDS mixing layer as the AES, a direct application of the AES instructions seems difficult. In contrast to previous findings, our Grøstl implementations using the AES instructions are currently by far the fastest known. To achieve optimal performance we parallelize each round of Grøstl by taking advantage of the whole bit width of the used processor. This results in implementations running at 12.2 cylces/byte for Grøstl-256 and 18.6 cylces/byte for Grøstl-512.

Paper Nr: 88
Title:

INFORMATION-LEAKAGE IN HYBRID RANDOMIZED PROTOCOLS

Authors:

Stefan Rass and Peter Schartner

Abstract: In light of the vast number of existing cryptographic protocols, performance tradeoffs become a major obstacle when selecting one for practical usage. For instance, protocols known to be secure but inefficient compete with others being efficient but offering less security. We tackle such tradeoffs by investigating sequences of random protocol instances randomized protocols) and analyzing the rate at which information leaks from such a sequence. Remarkably, it can be demonstrated that the mutual information between an eavesdropped ciphertext and the plain text decays exponentially fast with the length of the protocol sequence. Using simple tools from game-theory, we devise a generic technique to assemble several protocols of different performance into a single protocol, unifying the advantages of its ingredients. We call this a hybrid randomized protocol. We illustrate our technique by using simplified multipath transmission as an example, while observing that our general construction is in no way restricted to this scenario.

Paper Nr: 90
Title:

ATTACK INTERFERENCE IN NON-COLLABORATIVE SCENARIOS FOR SECURITY PROTOCOL ANALYSIS

Authors:

M.-Camilla Fiazza

Abstract: In security protocol analysis, the traditional choice to consider a single Dolev-Yao attacker is supported by the fact that models with multiple collaborating Dolev-Yao attackers have been shown to be reducible to models with one Dolev-Yao attacker. In this paper, we take a fundamentally different approach and investigate the case of multiple non-collaborating attackers. After formalizing the framework for multi-attacker scenarios, we show with a case study that concurrent competitive attacks can interfere with each other. We then present a new strategy to defend security protocols, based on active exploitation of attack interference. The paper can be seen as providing two proof-of-concept results: (i) it is possible to exploit interference to mitigate protocol vulnerabilities, thus providing a form of protection to protocols; (ii) the search for defense strategies requires scenarios with at least two attackers.

Paper Nr: 91
Title:

ON THE STRENGTH OF EGGLUE AND OTHER LOGIC CAPTCHAs

Authors:

Carlos Javier Hernández-Castro

Abstract: CAPTCHAs or HIPs are tests able to tell humans and computers apart, remotely and over an untrustworthy channel. They rely on abilities that are though to be hard for algorithms, yet easy for humans. General logic reasoning, based on common sense knowledge, is one of the areas that are still considered hard for AI. On the other hand, logic reasoning targeting very specific areas has achieved success in AI. In this article, we list current Semantic and Logic CAPTCHAs and examine how strong they are. We also discuss wether this model is suited or not for automatic challenge generation and grading.

Paper Nr: 95
Title:

A FRESH LOOK INTO THE BIOMETRIC AUTHENTICATION - Perspective from Shannon's Secrecy System and a Special Wiretap Channel

Authors:

Yanling Chen and A. J. Han Vinck

Abstract: In this paper, we first look at the biometric authentication scheme as an extension of Shannon's secrecy system with an error-prone key, and derive the necessary condition for the perfect secrecy. Furthermore, we show that the Juels-Wattenberg scheme is optimal by fulfilling such a condition once the biometric key and its error pattern satisfy certain statistical distributions; otherwise, it is possible to improve its performance by coding on basis of the biometric. We further confirm this proposition by reformulating the Juels-Wattenberg scheme with a smart encoder to a specific model of wiretap channel with side information, where the side information is the enrolled biometric template and assumed to be known at the encoder. The idea of the smart encoder is inspired by the fact that the authorities are collecting the biometric information from people since years, and this knowledge could in turn be used to better design the biometric systems for people's good. From an information theoretic perspective, we explore the secrecy capacity of this specific wiretap channel and demonstrate that the knowledge of the enrolled biometric template at the smart encoder does provide an advantage so as to enhance the performance of the biometric authentication scheme.

Paper Nr: 108
Title:

Authors:

Abstract: Providing a balanced trade-off among performances, security, and energy consumption is a key challenge in embedded systems. Traditional security solutions assume a well-known and static operating environment, thus leading to a static system configuration that cannot be tailed to the system conditions. Wireless sensor networks are a good example of typical embedded systems. In this work we propose a framework that reduces energy consumption in nodes of wireless sensor networks. The framework allows the system to self-modify its security and workload settings. Adaptations are performed by moving to adjacent configuration and, thus, this mechanism is named gradual adaptation. In this paper we discuss the policies that can be used to control the adaptations and we present the results obtained when implementing a case study on Sun SPOT nodes. The results show that the use of the framework increases the energy efficiency of the network nodes. Furthermore, they show the effects of the different policies on the behavior of nodes.

Paper Nr: 109
Title:

HIGHER LAYER AUTHENTICATION FOR BROADCAST IN CONTROLLER AREA NETWORKS

Authors:

Bogdan Groza and Pal-Stefan Murvay

Abstract: Controller Area Network (CAN) is a bus commonly used by controllers. The traditional view assumes that controllers operate in secure perimeters, but, as the degree of interconnectivity with the outside world increases, these networks may become open to intruders and CAN has no protection against Dolev-Yao adversaries. For this purpose one can implement security on higher layers. Here we design and implement a broadcast authentication protocol based on the well known paradigm of using one-way chains and time synchronization. In this way we can benefit from the use of symmetric primitives without the need of secret shared keys. As process control is a time critical operation, different to sensor networks where the life-time of the node is potentially the main limitation, here the authentication delay is the main optimization criteria. Several trade-offs are studied for this purpose in order to alleviate shortcomings on computational speed, memory, bandwidth and to assure a uniform bus-load. As for the experimental setup, we used S12 microcontrollers from Freescale to implement the proposed solution. To speed up cryptographic operations we also make use of the XGATE co-processor available on S12X.

Paper Nr: 112
Title:

A SNORT-BASED MOBILE AGENT FOR A DISTRIBUTED INTRUSION DETECTION SYSTEM

Authors:

Imen Brahmi

Abstract: Due to the rapid growth of the network application, new kinds of network attacks are endlessly emerging. Thus, it is of paramount importance to protect the networks from attackers. Consequently, the Intrusion Detection Systems (IDS) are quickly becoming a popular requirement in building a network security infrastructure. Most existing and commercial IDS are generally centralized and suffer from a number of drawbacks, e.g., high rates of false positives, low efficiency, etc, especially when they face distributed attacks. In this paper, we introduce a novel mobile agent-based intrusion detection system focusing on the misuse detection approach, called DIDMAS (Distributed Intrusion Detection using Mobile Agents and Snort). DIDMAS takes advantages of the mobile agent paradigm to implement an efficient distributed system, as well as the integration of existing techniques, i.e., the well-known IDS Snort. Carried out experiments showed that our proposed system presents better performance as well as a good scalability compared to the pioneer known centralized IDS Snort system over real traffic and a set of simulated attacks.

Paper Nr: 136
Title:

CCA SECURE CERTIFICATELESS ENCRYPTION SCHEMES BASED ON RSA

Authors:

S. Sree Vivek

Abstract: Certificateless cryptography, introduced by Al-Riyami and Paterson eliminates the key escrow problem inherent in identity based cryptosystem. In this paper, we present two novel and completely different RSA based adaptive chosen ciphertext secure (CCA2) certificateless encryption schemes. For the first scheme, the security against Type-I adversary is reduced to RSA problem, while the security against Type-II adversary is reduced to the CCDH problem. For teh second scheme both Type-I and Type-II security is related to the RSA problem. The new schemes are efficient when compared to other existing certificatless encryption schemes that are based on the costly bilinear pairing operation and are quite comparable with the certificateless encryption scheme based on multiplicative groups (without bilinear pairing) by Sun et al. (Sun et al., 2007) and the RSA based CPA secure certificateless encryption scheme by Lai et al. (Lai et al., 2009). We consider a slightly stronger security model than the ones considered in (Lai et al., 2009) and (Sun et al., 2007) to prove the security of our schemes.

Paper Nr: 142
Title:

CHAOTIC ITERATIONS FOR STEGANOGRAPHY - Stego-security and Chaos-security

Authors:

Nicolas Friot

Abstract: In this paper is proposed a novel steganographic scheme based on chaotic iterations. This research work takes place into the information hiding security fields. We show that the proposed scheme is stego-secure, which is the highest level of security in a well defined and studied category of attack called watermark-only attack''. Additionally, we prove that this scheme presents topological properties so that it is one of the firsts able to face, at least partially, an adversary when considering the others categories of attacks defined in the literature.

Short Papers
Paper Nr: 22
Title:

A STATIC SOFTWARE BIRTHMARK BASED ON USE-DEFINE CHAINS FOR DETECTING THE THEFT OF JAVA PROGRAMS

Authors:

Xin Xie, Fenlin Liu and Bin Lu

Abstract: Software birthmarking is a new technique used to detect the theft of programs. In the technique, a software birthmark is the inherent invariable features of a program that can be used to identify the program. Some typical semantics-preserving transformations will have a significant impact on order and frequency of in-structions in programs. By introducing dataflow analysis techniques, dependencies of instructions that define or use variables in programs are established. The relations between these instructions can reduce the effect of semantics-preserving transformations such as shuffle stack operation, add fake exception, change switch statements and encrypt string in SmokeScreen. Classes are compared by the optimal matching algorithm. Thus a novel method of software birthmarking based on use-define chains is presented.

Paper Nr: 31
Title:

A SMART-GENTRY BASED SOFTWARE SYSTEM FOR SECRET PROGRAM EXECUTION

Authors:

Michael Brenner and Jan Wiebelitz

Abstract: Currently generic executable programs can only be encrypted during transmission and storage. To execute the program itself and the data it operates on must be decrypted. If the execution system is not trusted or compromised, both the program code and data are endangered. Recent advances in homomorphic cryptography show how additions and multiplications can be executed in encrypted space, i.e. without decrypting the information, the arithmetic operations themselves are not encrypted. To date, a universal implementation of a homomorphic system, capable of executing arbitrary programs and allowing for practical experiences is still missing. In this paper we present the first method to compute a non-linear arbitrary secret program on an untrusted resource using fully homomorphic encrypted circuits. We use our own implementation of the Smart-Gentry crypto-system as a foundation and define a processor architecture which is capable of executing encrypted programs on encrypted data. Unlike other approaches, such as static one-pass boolean circuit simulations, our system supports read and write memory access, dynamic parameters and non-linear programs, that render branch-decisions at runtime and cannot be represented in a circuit with hard-wired in-circuit parameters and data. Our implementation comprises the runtime environment for an encrypted program and an assembler to generate the encrypted machine code. The system represents a first step to show the capabilities of homomorphic encryption in software and system architecture.

Paper Nr: 34
Title:

A SECURITY METRICS FRAMEWORK FOR THE CLOUD

Authors:

Jesus Luna and Hamza Ghani

Abstract: Cloud computing is redefining the on-demand usage of remotely-located, and highly available computing resources to the user. Unfortunately, while the many economic and technological advantages are apparent, the migration of key sector applications to the Cloud has been limited due to a major show-stopper: the paucity of quantifiable metrics to evaluate the tradeoffs (features, problems and the economics) of security. Despite the obvious value ofmetrics in different scenarios to evaluate such tradeoffs, a formal and standard-based approach for the addressing of security metrics in the Cloud is a much harder and very much an open issue. This paper presents our views on the importance and challenges for developing a security metrics framework for the Cloud, also taking into account our ongoing research with organizations like the Cloud Security Alliance and European projects like ABC4Trust, CoMiFin and INSPIRE. This paper also introduces the basic building blocks of a proposed security metrics framework for elements such as a Cloud provider’s security assessment, taking into account the different service and deployment models of the Cloud.

Paper Nr: 43
Title:

COLLECTIVE CLASSIFICATION FOR UNKNOWN MALWARE DETECTION

Authors:

Igor Santos

Abstract: Malware is any type of computer software harmful to computers and networks. The amount of malware is increasing every year and poses as a serious global security threat. Signature-based detection is the most broadly used commercial antivirus method, however, it fails to detect new and previously unseen malware. Supervised machine-learning models have been proposed in order to solve this issue, but the usefulness of supervised learning is far to be perfect because it requires a significant amount of malicious code and benign software to be identified and labelled in beforehand. In this paper, we propose a new method that adopts a collective learning approach to detect unknown malware. Collective classification is a type of semi-supervised learning that presents an interesting method for optimising the classification of partially-labelled data. In this way, we propose here, for the first time, collective classification algorithms to build different machine-learning classifiers using a set of labelled (as malware and legitimate software) and unlabelled instances. We perform an empirical validation demonstrating that the labelling efforts are lower than when supervised learning is used, while maintaining high accuracy rates.

Paper Nr: 47
Title:

ANALYSIS OF BOTNETS THROUGH LIFE-CYCLE

Authors:

R. A. Rodríguez-Gómez

Abstract: Among all the existent threats to cybersecurity, botnets are clearly situated in the top list. As a consequence of this importance, the research community is enormously increasing its interest on this problem and the number of publications on botnets is exponentially growing in the last years. We perform an analysis of botnets aimed at giving order to all these research contributions. This analysis is different from the previous contributions because it considers the problem of botnets from a global perspective, and not only studying certain technical aspects like type of architecture, protocols or detection techniques. The starting point to do this is the own botnet life-cycle, understood as the sequence of stages that a botnet should successfully traverse in order to reach the success. As a consequence of our study, we have deducted that the interruption of any of the stages makes it possible to thwart a botnet purpose and, thus, make it useless.

Paper Nr: 66
Title:

ON THE SECURITY OF LOCATION DETERMINATION AND VERIFICATION METHODS FOR WIRELESS NETWORKS

Authors:

Günther Lackner

Abstract: Location awareness in wireless networks could improve existing security systems. Access control or intrusion detection mechanisms would greatly benefit if reliable location information of connected devices was available. This article describes and classifies relevant location determination and location verification approaches. Further on, it validates their applicability, performance and security properties in the aspect of their possible integration into security relevant systems.

Paper Nr: 73
Title:

A SMART CARD BASED GENERIC CONSTRUCTION FOR ANONYMOUS AUTHENTICATION IN MOBILE NETWORKS

Authors:

Jing Xu

Abstract: The global mobility network can offer effective roaming services for a mobile wireless user between his home network and a visited network. For the sake of privacy, user anonymity has recently become an important security requirement for roaming services, and is a topic of concern in designing related protocols such as mutual authentication and key agreement. In this paper we present a generic construction, which converts any password authentication scheme based on the smart card into an anonymous authentication protocol for roaming services. Compared with the original password authentication scheme, the transformed protocol does not sacrifice authentication efficiency, and additionally, an agreed session key can be securely established between an anonymous mobile user and the foreign agent in charge of the network being visited.

Paper Nr: 97
Title:

IS IP MULTIMEDIA SUBSYSTEM AFFECTED BY ‘MALFORMED MESSAGE’ ATTACKS? - An Evaluation of OpenIMS

Authors:

Nikos Vrakas

Abstract: In this paper we assess the open IP Multimedia Subsystem (IMS) robustness against malformed message attacks. We employ an IMS test-bed architecture using two different testing suites; the PROTOS which is publicly available, and a proprietary one, that has been develop for the purpose of this specific work. Results have highlighted that although IMS can effectively handle well-known malformed messages, such as those utilized in PROTOS, it cannot manage satisfactorily unknown malformed messages. During the attack scenarios memory consumption increases up to 25%, while the end-to-end delay experienced by the users increases up to 4000%.

Paper Nr: 99
Title:

ON THE PRIVACY THREATS OF ELECTRONIC POLL BOOKS

Authors:

Stefan Popoveniuc

Abstract: Electronic poll books can rapidly check the eligibility of a voter due to their ability to quickly search lists. However, they also introduce a factor of concern: if the electronic poll book records the order of sign-ins and the voting machine or optical scanner records the order in which the voters cast their ballots, ballot secrecy can be compromised. Worse, if the time at which each voter signs-in and the time at which each ballot is cast are recorded, ballot secrecy is lost. It is surprisingly difficult to avoid saving such timing information, for example in event logs, and even more difficult to verify that no such information is saved. In addition, due to operational complexities, even the more efficient electronic poll books can act as a bottleneck in the voting process. We propose a simple technique to address these concerns, by allowing voters to sign-in from home, and print out a bar-coded ticket to be presented at the check-in table. Using blind signatures, this ticket need not reveal information on the voter’s identity to the check-in table at the precinct. The ticket proves than the voter is authorized to vote on a particular ballot style without disclosing her identity.

Paper Nr: 104
Title:

A FORWARD PRIVATE PROTOCOL BASED ON PRNG AND LPN FOR LOW-COST RFID

Authors:

Xiaolin Cao and Maire O’Neill

Abstract: Low-cost Radio Frequency IDentification (RFID) tags are extremely resource-constrained devices, therefore, difficult to defend against corruption attacks. Meanwhile, forward privacy considers how to preserve the privacy of compromised tags. The majority of existing authentication protocols uses cryptographic hash functions to preserve forward privacy under the random oracle model, but the expensive hardware cost of a cryptographic hash function exceeds the budget of low-cost tags. In this paper, a novel forward private protocol for low-cost RFID applications is proposed. It is composed of a pseudorandom number generator (PRNG) and a learning parity with noise (LPN) problem. In comparison to previous protocols, the proposed protocol achieves a high forward privacy level and requires a small hardware cost. The proofs of security, correctness and forward privacy for the proposed protocol are provided under the standard model.

Paper Nr: 105
Title:

COLLUDING TAGS ATTACK ON THE ECC-BASED GROUPING PROOFS FOR RFIDS

Authors:

Abstract: Recently, a new privacy-preserving elliptic curve based grouping proof protocol with colluding tag prevention (CTP) has been proposed. The CTP protocol is claimed to be resistant against colluding tags attacks in which the involved tags can exchange some messages via another reader before the protocol starts without revealing their private keys. In this paper, we show that the CTP protocol is vulnerable to some colluding tag attacking scenario. In addition, we propose a new elliptic curve based grouping protocol which can fix the problem. Our proposal is based on a formally proved privacy preserving authentication protocol and has the advantage of being resistant against colluding tags attacks with the same amount of computation.

Paper Nr: 106
Title:

UNOBSERVABLE INTRUSION DETECTION BASED ON CALL TRACES IN PARAVIRTUALIZED SYSTEMS

Authors:

Carlo Maiero and Marino Miculan

Abstract: We present a non-invasive system for intrusion and anomaly detection, based on system call tracing in paravirtualized machines over Xen. System calls from guest user programs and operating systems are intercepted stealthy within Xen hypervisor, and passed to a detection system running in Dom0 via a suitable communication channel. Guest applications and machines are left unchanged, and an intruder on the virtual machine cannot tell whether the system is under inspection or not. As for the detection algorithm, we present and study a variant of Stide, which we verify experimentally to have a good performance on intrusion detection with an acceptable overhead—in fact, online real-time intrusion detection feasible. However, since the interception mechanism is kept separated from the detection system, the latter can be replaced according to further needs.

Paper Nr: 114
Title:

BOTNET DETECTION BASED ON DNS RECORDS AND ACTIVE PROBING

Authors:

Iria Prieto and Eduardo Magaña

Abstract: Computers connected to Internet are constantly threatened by different types of malware. One of the most important malware are botnets that convert infected computers into agents that follow actions instructed by a command-and-control server. A botmaster can control thousands of agents. This means a significant capacity to accomplish any kind of network attack (DoS), email spam or phishing. In this paper, communication peculiarities with the command-and-control server are used to provide an identification of computers infected by a botnet. This identification is based mainly in DNS records of registered domains where command-and-control servers are hosted. Therefore, processing overhead is reduced avoiding per packet or per flow network supervision.

Paper Nr: 116
Title:

E-COMMERCE AND FAIR EXCHANGE - The Problem of Item Validation

Authors:

Fabio Piva and Ricardo Dahab

Abstract: Fair exchange protocols have been widely studied since their proposal, but are still not implemented on most e-commerce transactions available. For several types of digital items (e-goods), the current e-commerce business models fail to provide fairness to customers. The item validation problem is a critical step in fair exchange, and is yet to receive the proper attention from researchers. We believe these issues should be addressed in a comprehensive and integrated fashion before fair exchange protocols can be effectively deployed in the marketplace. This is the aim of our research, and drawing attention to these problems and possible solutions is the goal of this paper.

Paper Nr: 125
Title:

BLACK-BOX COLLISION ATTACKS ON THE COMPRESSION FUNCTION OF THE GOST HASH FUNCTION

Authors:

Nicolas T. Courtois and Theodosis Mourouzis

Abstract: The GOST hash function and more precisely GOST 34.11-94 is a cryptographic hash function and the official government standard of the Russian Federation. It is a key component in the national Russian digital signature standard. The GOST hash function is a 256-bit iterated hash function with an additional checksum computed over all input message blocks. Inside the GOST compression function, we find the standard GOST block cipher, which is an instantiation of the official Russian national encryption standard GOST 28147-89. In this paper we focus mostly on the problem of finding collisions on the GOST compression function. At Crypto 2008 a collision attack on the GOST compression function requiring $2^{96}$ evaluations of this function was found. In this paper, we present a new collision attack on the GOST compression function which is fundamentally different and more general than the attack published at Crypto 2008. Our new attack is a black-box attack which does not need any particular weakness to exist in the GOST block cipher, and works also if we replace GOST by another cipher with the same block and key size. Our attack is also slightly faster and we also show that the complexity of the previous attack can be slightly improved as well. Since GOST has an additional checksum computed over all blocks, it is not obvious how a collision attack on the GOST compression function can be extended to a collision attack on the hash function. In 2008 Gauravaram and Kelsey develop a technique to achieve this, in the case in which the checksum is linear or additive, using the Camion-Patarin-Wagner generalized birthday algorithm. Thus at Crypto 2008 the authors were also able to break the collision resistance of the complete GOST Hash function. Our attack is more generic and shows that the GOST compression function can be broken whatever is the underlying block cipher, but remains an attack on the compression function. It remains an open problem how and if this new attack can be extended to a collision attack on the full GOST hash function.

Paper Nr: 129
Title:

TOWARDS AN AUTHORIZATION SYSTEM FOR CLOUD INFRASTRUCTURE PROVIDERS

Authors:

Jorge Bernal Bernabe, Juan M. Marin Perez, Jose M. Alcaraz Calero and Felix J. Garcia Clemente

Abstract: The provision of security services is a key enabler in cloud computing architectures. Focusing on multi-tenancy authorization systems, the provision of different models including role based access control (RBAC), hierarchical RBAC (hRBAC), conditional RBAC (cRBAC) and hierarchical objects (HO) is the main objective of this paper. Our proposal is based on the Common Information Model (CIM) and Semantic Web technologies, which have been demonstrated as valid tools for describing authorization models. As the same language is being used for the information and the authorization models they are both well aligned and thus reducing the potential mismatch that may appear between the semantics of both models. A trust model enabling the establishment of coalitions and federations across tenants is also an objective being covered as part of the research being presented in this paper.

Posters
Paper Nr: 59
Title:

PRIVATE SEARCHING FOR SENSITIVE FILE SIGNATURES

Authors:

John Solis

Abstract: We consider the problem of privately searching for sensitive or classified file signatures on an untrusted server. Inspired by the private stream searching system of Ostrovsky and Skeith, we propose a new scheme optimized for matching individual file signatures (versus keyword matching in documents). Our optimization stems from the simple observation that a complete list of matching file signatures can be replaced by a much smaller encrypted bitmask. This approach reduces a server’s response overhead from being linear in the number of matched documents to linear with respect to a system robustness parameter.

Paper Nr: 60
Title:

THE IMAGE PROTECTOR - A Flexible Security Rule Specification Toolkit

Authors:

Bechara Al Bouna

Abstract: The tremendous sharing of multimedia objects on the web shed the light on several privacy concerns related in essence to the safe publishing of end users’ personal data. Providing techniques to protect multimedia objects faces several difficulties due to multimedia objects’ heterogeneous and complex structure on one hand, and on the other hand, the wide range of information that could be used to describe their content. In this paper, we present a flexible security rule specification toolkit for multimedia objects. Our toolkit is based on a security model and a core ontology in which we populate the model’s related information and multimedia objects data. To specify security rules, we use the SWRL language in order to address both, the content and the context of multimedia objects.

Paper Nr: 75
Title:

A NEW STEGANOGRAPHIC SCHEME BASED ON FIRST ORDER REED MULLER CODES - A New Steganographic Scheme

Authors:

Houda Jouhari and El Mamoun Souidi

Abstract: Reed-Muller codes are widely used in communications and they have fast decoding algorithms. In this paper we present an improved data hiding technique based on the first order binary Reed-Muller syndrome coding. The proposed data hiding method can hide the same amount of data as known methods with reduction of time complexity from 2m(2m-1)2m+1 binary operations to 2m(2m -1)m binary operations .

Paper Nr: 79
Title:

DIFFERENTIAL FAULT ANALYSIS OF HUMMINGBIRD

Authors:

Yaser Esmaeili Salehani and Amr Youssef

Abstract: Hummingbird is a lightweight encryption algorithm proposed by Engels, Fan, Gong, Hu and Smith at FC'10. Unlike other lightweight cryptographic primitives which can be classified as either block ciphers or stream ciphers, Hummingbird has a hybrid structure of block cipher and stream cipher with 16-bit block size, 256-bit key size, and 80-bit internal state. Preliminary analysis conducted by the cipher's designers show that it is resistant to most common attacks against block ciphers and stream ciphers. In this paper, we present a differential fault analysis attack on Hummingbird. The fault model in which we analyze the cipher is the one in which the attacker is assumed to be able to fault a random word before the linear transform, after the s-boxes, of the four block ciphers which are used in the Hummingbird encryption process but cannot control the exact location of injected faults. Our attack, which recovers the 256-bit key, requires around 50 faults and 266 steps.

Paper Nr: 83
Title:

A NEW TREE-STRUCTURE-SPECIFIED MULTISIGNATURE SCHEME FOR A DOCUMENT CIRCULATION SYSTEM

Authors:

Masaki Inamura, Keiichi Iwamura and Ryu Watanabe

Abstract: In this paper, the authors propose a new multisignature scheme with pairing-based cryptography, which can describe the tree structure of signers. In order to denote the relationship among a parent and its child signers, a dedicated middle key is generated on our scheme. In addition, we prove that our scheme is provably secure under the Gap-Diffie-Hellman assumption. Based on our proposal, we also implement the prototype of a document circulation system. In this system, a document is signed by members, who are divided into multiply layered groups. The browsing history can be confirmed by verifying the final signature on the document. The computational performance of the system is evaluated, and the result shows a good performance.

Paper Nr: 85
Title:

OPBUS: RISK-AWARE FRAMEWORK FOR THE CONFORMANCE OF SECURITY-QUALITY REQUIREMENTS IN BUSINESS PROCESSES

Authors:

A. J. Varela-Vaca

Abstract: Several reports indicate that one of the most important business priorities is the improvement of business and IT management. Nowadays, business processes and in general service-based ones use other external services which are not under their jurisdiction. Organizations do not usually consider their exposition to security risks when business processes cross organizational boundaries. In this paper, we propose a risk-aware framework for security-quality requirements in business processes management. This framework is focused on the inclusion of security issues from design to execution. The framework provides innovative mechanisms based on model-based diagnosis and constraint programming in order to carry out the risk assessment of business processes and the automatic check of the conformance of security requirements.

Paper Nr: 87
Title:

SYNEMA: VISUAL MONITORING OF NETWORK AND SYSTEM SECURITY SENSORS

Authors:

Aline Bousquet

Abstract: This paper presents a new monitoring tool called SYNEMA that helps to visualize different types of alerts from well-known security sensors. The architecture of the proposed tool is distributed and enables centralizing the collected information into a lightweight visualizer. The front-end proposes many display modes in order to give the ability to clearly see malicious activities and to be able to visually monitor information collected at system, network and user level in the hosts. The paper concludes with development perspectives about an auto-configurable plugin for visual correlation of attacks.

Paper Nr: 92
Title:

PRIVACY--ENHANCING CRYPTOGRAPHY--BASED MATERIALS

Authors:

Almudena Alcaide and Esther Palomar

Abstract: In this paper, we offer a comprehensible survey and classification on cryptographic schemes which serve as the building blocks for most privacy–enhancing protocols and systems being deployed nowadays. For each cryptography material here described we offer a brief description of its foundations, the privacy–related features it possesses and an illustration of its application to some real life scenarios. The classification proposed is, to the best of our knowledge, pioneer in collecting all cryptography material with regard to privacy.

Paper Nr: 110
Title:

TOWARDS A CALCULUS FOR NON REPUDIATION PROTOCOLS

Authors:

Abdesselam Redouane

Abstract: We describe a calculus that is specific to non-repudiation protocols. The calculus uses the correspondence assertion of Woo and Lam, that is, if there is a non-repudiation of receipt there should be a corresponding non-repudiation of origin. The calculus is a subset of the Pi calculus. The basic constructs are modified in order to handle properties of non-repudiation. We offer a formal syntax and an operational semantics of the calculus. We show the usefulness of the calculus by describing Zhou optimistic protocol.

Paper Nr: 117
Title:

HOW TO TRANSMIT MESSAGES VIA WSN IN A HOSTILE ENVIRONMENT

Authors:

Marek Klonowski

Abstract: In this paper we present a scheme for secure message transmission in WSN in the presence of an adversary. We assume that the adversary can easily find \emph{some random} nodes. However it is much harder for it to find all of them (or even a concrete subset) quickly. Security of the proposed scheme is based on this practical assumption. The protocol can be easily combined with various routing schemes as a security layer preserving all merits of the underlying protocol for the price of reasonable communicational and storage overhead.

Paper Nr: 118
Title:

APOLLON: TOWARDS A SEMANTICALLY EXTENSIBLE POLICY FRAMEWORK

Authors:

Julian Schütte

Abstract: Pervasive systems with ad hoc connectivity and semantic service discovery are a challenging environment when it comes to dynamically managing access rights and security settings. Most policy frameworks come with a pre-defined policy model whose expressiveness can usually not be extended and is thus not adaptable to a high-level security model as it might be predetermined by a company or a specific application. In order to overcome these limitations we designed Apollon, a policy framework featuring a modular policy model which can be extended or reduced as required by an application. In this paper, we present the software architecture of Apollon, and show by the example of a DRBAC-model how the expressiveness of Apollon can be successively extended.

Paper Nr: 124
Title:

BYZANTINE DECISIONS FOR INFERRING TRUST IN SENSOR NETWORKS

Authors:

Björn Stelte

Abstract: A secure Wireless Sensor Network consists of highly secured and trustworthy sensor nodes. But making one single node secure is impossible due to low computational power, memory and cost constraints. Sensor nodes are not tamper proof nor will be in future. In our concept we use low-cost redundant sensors and the Byzantine Fault Tolerance to overcome attacks on the network especially concerning insider attacks. Every sensor node calculates a trust-level of its peer neighbors by a Bayesian probabilistic reputation system. An efficient real-time based communication protocol is used to reduce communication overhead and to transport local trust-levels to the gateway node to calculate a common trust-level.

Paper Nr: 126
Title:

DISTRIBUTED THRESHOLD CRYPTOGRAPHY CERTIFICATION WITH NO TRUSTED DEALER

Authors:

Apostolos P. Fournaris

Abstract: Threshold cryptography offers an elegant approach in evenly sharing certificate responsibilities to all participants of a distributed system through Shamir’s secret sharing scheme, where a secret (the Certificate Authority’s (CA) private key) is split and shared among all participants. However, existing threshold cryptography distributed key generation and certification systems still rely on a single, centralized, trusted entity at some point during the certification process (usually during initialization) to split the secret and distribute it to all distributed system participants. This centralized entity, denoted as trusted dealer, can cancel participant equality and can become a single point of failure. In this paper, we deal with this problem by extending the a key generation scheme of Noack and Spitz (2009) and by proposing a certification scheme that has no need for a trusted dealer to create, split and distribute the proposed certification scheme’s private-public key pair. The proposed scheme uses the participant addition-removal procedure described in (Noack and Spitz, 2009) that does not affect the scheme’s public key (used for certificate verification) and has small interference to the certification process as a whole. To reduce the computational cost the proposed system employs Elliptic Curve Cryptography (ECC) principles.

Paper Nr: 148
Title:

PRACTICAL ANONYMOUS AUTHENTICATION - Designing Anonymous Authentication for Everyday Use

Authors:

Jan Hajny

Abstract: We use authentication services many times a day. Without user authentication, it would be impossible to use e-mail accounts, discussion boards, e-banking or even electronic communication. On the other hand, we release a lot of personal information during every authentication process. Our login can be linked to used services and assets by service providers. The frequency of usage and therefore the map of our behaviour on the Internet can be created to make more focused advertisement, to track us or even to steal our electronic identity. The goal of this paper is to state the requirements and provide the initial design for an anonymous authentication scheme which prevents the leakage of private information. The new scheme, to be widely acceptable, must be beneficial for both users and service providers, who implement the authentication systems. Therefore we claim that the new authentication system must provide a feature for revealing dishonest users. These users can be eventually deanonymized and charged for damages. We provide such a responsibility-protecting feature in our scheme. We also compare our scheme design with current anonymous authentication schemes and provide initial performance results from our smart-card implementation.

Paper Nr: 153
Title:

TOWARDS AN INFORMATION CONTROL POLICY MODEL - Achieving More Transparency in Internet Filtering Approaches

Authors:

Andreas Kasten

Abstract: Internet filtering is the manipulation of Internet communication in order to prevent the access and exchange of unwanted data. According to the reports of the OpenNet Initiative, Internet filtering emerges all over the world. Although many filtering techniques are legitimated by a similar legal basis, most of them are imple-mented differently. This paper explains the need for a policy language model that is able to describe Internet filtering techniques on different levels of abstraction including their legal basis and their technical imple-mentation aspects. The paper further explains the requirements for such a model and outlines a first concept.

Paper Nr: 155
Title:

FAST SELECTIVE ENCRYPTION SCHEME FOR MP3 FILES - Using GRAIN Stream Cipher

Authors:

Praloy Kr. Biswas

Abstract: This paper explores the possibility of fast encryption of compressed audio data so as to be used in real time, information-sensitive audio transmission. To this end MP3 files were used as compressed audio files and some characteristic of the MP3 frames have been exploited to selectively encrypt the side information instead of whole data through stream cipher. The proposed scheme processes fast and hence is more congenial to real time audio transfer. The results to substantiate the claim of being faster than the usual way of encryption have been furnished here. And a detailed analysis of the security claim has been furnished here too.

Paper Nr: 157
Title:

NO SECURITY BY OBSCURITY – WHY TWO FACTOR AUTHENTICATION SHOULD BE BASED ON AN OPEN DESIGN

Authors:

Jinying Yu and Philipp Brune

Abstract: The recently reported security issue possibly compromising the security tokens sold by a major vendor of two factor authentication (2FA) solutions (Schneier, 2011) demonstrates the importance of the basic principle of using an open design for security solutions (Saltzer and Schroeder, 1974). In particular, the safety of such devices should not be based on the use of a secret algorithm or seed value to generate a sequence of one-time passwords (OTP) inside the security token. Instead, we argue in favour of using an open design using pre-generated sequences of OTP that are stored encrypted on the security token. Here, the safety of the solution only relies on the confidentiality of the decryption key and not the design of the solution itself. We illustrate our argumentation by describing a respective authentication scheme and a prototype based on an open design, the latter being used as the basis for the security analysis.

Paper Nr: 158
Title:

ARTIFICIAL IMMUNITY-BASED CORRELATION SYSTEM

Authors:

Guillermo Suarez-Tangil and Esther Palomar

Abstract: Security information event management (SIEM) technologies focus on developing effective methods and tools to assist network administrators during the whole network security management. Though there is a vast number of novel initiatives and contributions in providing adaptiveness and intelligence in this research field, there are still many problems that need be solved. In particular, event correlation are currently emerging as an essential field to be optimized specially due to the widespread adoption of botnets to launch attacks. This position paper explores the biological immune system's characteristics of learning and memory to solve the semi-automatic generation of event correlation rules by applying Artificial Immune Systems (AISs).

Paper Nr: 160
Title:

INTERNATIONALLY STANDARDIZED EFFICIENT CRYPTOGRAPHIC HASH FUNCTION

Authors:

Danilo Gligoroski and Svein Johan Knapskog

Abstract: We claim that the European research and development community can initiate and sustain a process of designing a secure cryptographic hash function that will be widely accepted by the industry due to its superior performances in software compared to any of the hash functions MD5, SHA-1, SHA-2 or SHA-3. We base our claim on three main arguments: 1. The industry demands very fast cryptographic hash functions due to the increased volume of information that needs to be processed in a secure way. 2. The current trends of increased degree of instructional level parallelism and development of vector extensions of recent CPUs have a potential for being efficiently exploited by new cryptographic hash designs. 3. The list of the SHA-3 finalists does not contain algorithms which are significantly faster than SHA-2.

Paper Nr: 162
Title:

A PUBLIC RANDOMNESS SERVICE

Authors:

Michael J. Fischer

Abstract: We argue that it is time to design, implement, and deploy a trusted public randomness server on the Internet. NIST plans to deploy a prototype during 2011. We discuss some of the engineering choices that have been made as well as some of the issues currently under discussion.