SECRYPT 2016 Abstracts


Full Papers
Paper Nr: 17
Title:

Dynamic Restoration in Interconnected RBAC-based Cyber-physical Control Systems

Authors:

Cristina Alcaraz, Javier Lopez and Kim-Kwang Raymond Choo

Abstract: Increasingly, automatic restoration is an indispensable security measure in control systems (e.g. those used in critical infrastructure sectors) due to the importance of ensuring the functionality of monitoring infrastructures. Modernizing the interconnection of control systems to provide interoperability between different networks, at a low cost, is also a critical requirement in control systems. However, automated recovery mechanisms are currently costly, and ensuring interoperability particularly at a low cost remains a topic of scientific challenge. This is the gap we seek to address in this paper. More specifically, we propose a restoration model for interconnected contexts, taking into account the theory of supernode and structural controllability, as well as the recommendations given by the IEC-62351-8 standard (which are mainly based on the implementation of a role-based access control system).

Paper Nr: 22
Title:

Combining Invariant Violation with Execution Path Classification for Detecting Multiple Types of Logical Errors and Race Conditions

Authors:

George Stergiopoulos, Panagiotis Katsaros, Dimitris Gritzalis and Theodore Apostolopoulos

Abstract: Context: Modern automated source code analysis techniques can be very successful in detecting a priori de- fined defect patterns and security vulnerabilities. Yet, they cannot detect flaws that manifest due to erroneous translation of the software’s functional requirements into the source code. The automated detection of logical errors that are attributed to a faulty implementation of applications’ functionality, is a relatively uncharted territory. In previous research, we proposed a combination of automated analyses for logical error detection. In this paper, we develop a novel business-logic oriented method able to filter mathematical depictions of software logic in order to augment logical error detection, eliminate previous limitations in analysis and provide a formal tested logical error detection classification without subjective discrepancies. As a proof of concept, our method has been implemented in a prototype tool called PLATO that can detect various types of logical errors. Potential logical errors are thus detected that are ranked using a fuzzy logic system with two scales characterizing their impact: (i) a Severity scale, based on the execution paths’ characteristics and Information Gain, (ii) a Reliability scale, based on the measured program’s Computational Density. The method’s effectiveness is shown using diverse experiments. Albeit not without restrictions, the proposed automated analysis seems able to detect a wide variety of logical errors, while at the same time limiting the false positives.

Paper Nr: 26
Title:

FPGA Implementation of HS1-SIV

Authors:

Gerben Geltink and Sergei Volokitin

Abstract: This work describes a hardware implementation of HS1-SIV with regular cipher parameter settings for the second round of the CAESAR competition. The implementation encompasses both the HS1-SIV hardware implementation, which is conforming to the specifications of the authenticated cipher, as well as a hardware API. The implemented API is conforming to the specifications of the GMU Hardware API for authenticated ciphers. On the target device Xilinx Virtex-7, using Xilinx XST High Level Synthesis, we achieved a throughput of 122.20 Mbit/s and an area of 103,214 LUTs with the data length of the message and the associated data set at 64 bytes and the data length of the key set at 32 bytes. Our performance results suggest that the area overhead of the API is between 8% (8-byte data length) and 15% (2048-byte data length) in comparison the the cipher-core.

Paper Nr: 34
Title:

Subdomain and Access Pattern Privacy - Trading off Confidentiality and Performance

Authors:

Johannes Schneider, Bin Lu, Thomas Locher, Yvonne-Anne Pignolet, Matus Harvan and Sebastian Obermeier

Abstract: Homomorphic encryption and secure multi-party computation enable computations on encrypted data. However, both techniques suffer from a large performance overhead. While advances in algorithms might reduce the overhead, we show that achieving perfect (or even computational) confidentiality is not possible without increasing the running time compared to computations on plaintext more than exponentially in some cases. In practice, however, perfect confidentiality is not always required. The paper discusses mechanisms to trade off confidentiality and performance for computing on ciphertexts. It introduces a fine-grained approach to define security levels for variables called (statistical) subdomain privacy. This concept differs substantially from prior work because it treats a variable as confidential or non-confidential depending on the actual value. We further propose privacy-preserving methods for memory access patterns. We apply our techniques to improve performance of control flow logic (loops, if-then-else logic) and arithmetic operations such as multiplications. The evaluation shows that the resulting speedup can be in the order of several magnitudes depending on the privacy needs.

Paper Nr: 43
Title:

Private Multi-party Matrix Multiplication and Trust Computations

Authors:

Jean-Guillaume Dumas, Pascal Lafourcade, Jean-Baptiste Orfila and Maxime Puys

Abstract: This paper deals with distributed matrix multiplication. Each player owns only one row of both matrices and wishes to learn about one distinct row of the product matrix, without revealing its input to the other players. We first improve on a weighted average protocol, in order to securely compute a dot-product with a quadratic volume of communications and linear number of rounds. We also propose a protocol with five communication rounds, using a Paillier-like underlying homomorphic public key cryptosystem, which is secure in the semi-honest model or secure with high probability in the malicious adversary model. Using ProVerif, a cryptographic protocol verification tool, we are able to check the security of the protocol and provide a countermeasure for each attack found by the tool. We also give a randomization method to avoid collusion attacks. As an application, we show that this protocol enables a distributed and secure evaluation of trust relationships in a network, for a large class of trust evaluation schemes.

Paper Nr: 50
Title:

A Friend or a Foe? Detecting Malware using Memory and CPU Features

Authors:

Jelena Milosevic, Miroslaw Malek and Alberto Ferrante

Abstract: With an ever-increasing and ever more aggressive proliferation of malware, its detection is of utmost importance. However, due to the fact that IoT devices are resource-constrained, it is difficult to provide effective solutions. The main goal of this paper is the development of lightweight techniques for dynamic malware detection. For this purpose, we identify an optimized set of features to be monitored at runtime on mobile devices as well as detection algorithms that are suitable for battery-operated environments. We propose to use a minimal set of most indicative memory and CPU features reflecting malicious behavior. The performance analysis and validation of features usefulness in detecting malware have been carried out by considering the Android operating system. The results show that memory and CPU related features contain enough information to discriminate between execution traces belonging to malicious and benign applications with significant detection precision and recall. Since the proposed approach requires only a limited number of features and algorithms of low complexity, we believe that it can be used for effective malware detection, not only on mobile devices, but also on other smart elements of IoT.

Paper Nr: 51
Title:

Oblivious Voting—Hiding Votes from the Voting Machine in Bingo Voting

Authors:

Dirk Achenbach, Bernhard Löwe, Jörn Müller-Quade and Jochen Rill

Abstract: When designing an electronic voting scheme it is notoriously difficult to guarantee the secrecy of the vote as well as the correctness of the tally, even in the presence of a malicious adversary. Research in (offline) cryptographic voting schemes has largely relied on a trusted voting machine for guaranteeing security. We alleviate part of this trust requirement. Our scheme ensures the confidentiality of the vote even in the presence of an honest-but-curious voting machine. We improve on Bohli et al.’s Bingo Voting scheme (Bohli et al., 2007). Bingo Voting already guarantees the correctness and public verifiability of the election in spite of a malicious voting machine. The voting machine learns the voter’s input however, and is trusted not to violate ballot secrecy. Our novel construction’s output is identical to that of Bingo Voting. We devise an electro-mechanical Physical Oblivious Transfer (pOT) device to remove that trust requirement by hiding the voter’s choice from the voting machine. The pOT device is realised in such a way that the voter merely operates a button to express her choice. Our construction is thus particularly user-friendly.

Paper Nr: 57
Title:

Silent and Continuous Authentication in Mobile Environment

Authors:

Gerardo Canfora, Paolo di Notte, Francesco Mercaldo and Corrado Aaron Visaggio

Abstract: Due to the increasing pervasiveness of mobile technologies, sensitive user information is often stored on mobile devices. Nowadays, mobile devices do not continuously verify the identity of the user while sensitive activities are performed. This enables attackers full access to sensitive data and applications on the device, if they obtain the password or grab the device after login. In order to mitigate this risk, we propose a continuous and silent monitoring process based on a set of features: orientation, touch and cell tower. The underlying assumption is that the features are representative of smartphone owner behaviour and this is the reason why the features can be useful to discriminate the owner by an impostor. Results show that our system, modeling the user behavior of 21 volunteer participants, obtains encouraging results, since we measured a precision in distinguishing an impostor from the owner between 99% and 100%.

Paper Nr: 62
Title:

Evaluating SRAM as Source for Fingerprints and Randomness on Automotive Grade Controllers

Authors:

Bogdan Groza, Pal-Stefan Murvay and Tudor Andreica

Abstract: It is well known that the state of uninitialized SRAM provides a unique pattern on each device due to physical imperfections. Both the affinity toward some fixed state as well as the deviation from it can be successfully exploited in security mechanisms. Fixed values provide an efficient mechanism for physical identification and for extracting cryptographic keys while the randomness of bits that flip can be exploited as input for PRNGs that are vital for the generation of ephemeral keys. In this work we try to give an assessment of these two capabilities on several state-of-the art automotive grade embedded platforms. The security of embedded devices inside vehicles has gained serious attention in the past years due to the impact of emerging technologies, e.g., self-driving cars, vehicle-to-vehicle communication, which are futile in the absence of the appropriate security mechanisms. Our examination of several state-of-the-art automotive grade controllers shows that SRAM can offer sufficient entropy and patterns for identification but careful testing is needed as some models fail to provide the expected results

Paper Nr: 67
Title:

Transitioning to a Javascript Voting Client for Remote Online Voting

Authors:

Jordi Cucurull, Sandra Guasch and David Galindo

Abstract: Voters in remote electronic voting systems typically cast their votes from their own devices, such as PCs and smartphones. The software executed at their devices in charge of performing the ballot presentation, navigation and most of the cryptographic operations required to protect the integrity and privacy of the ballot, is referred to as the voting client. The first voting clients were developed as Java Applets. However, the use of this technology has become relegated in front of web technologies such as Javascript, which provide a better multi-platform user experience. This is the reason why in 2013 Scytl decided it was imperative to develop a voting client purely based on Javascript. This industrial paper shows the implementation experiences and lessons learned during the development and deployment of Javascript voting clients for our remote electronic voting systems. The paper is complemented with a performance study of 1) the main cryptographic primitives used in voting clients and 2) the voting casting process of one of the voting clients used in a real election.

Paper Nr: 71
Title:

PAbAC: A Privacy Preserving Attribute based Framework for Fine Grained Access Control in Clouds

Authors:

Sana Belguith, Nesrine Kaaniche, Abderrazak Jemai, Maryline Laurent and Rabah Attia

Abstract: Several existing access control solutions mainly focus on preserving confidentiality of stored data from unauthorized access and the storage provider. Moreover, to keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired. In addition, access control policies as well as users’ access patterns are also considered as sensitive information that should be protected from the cloud. In this paper, we propose PAbAC, a novel privacy preserving Attribute-based framework, that combines attribute-based encryption and attribute-based signature mechanisms for securely sharing outsourced data via the public cloud. Our proposal is multifold. First, it ensures fine-grained cryptographic access control enforced at the data owner’s side, while providing the desired expressiveness of the access control policies. Second, PAbAC preserves users’ privacy, while hiding any identifying information used to satisfy the access control. Third, PAbAC is proven to be highly scalable and efficient for sharing outsourced data in remote servers, at both the client and the cloud provider side.

Paper Nr: 74
Title:

Security of Mobile Single Sign-On: A Rational Reconstruction of Facebook Login Solution

Authors:

Giada Sciarretta, Alessandro Armando, Roberto Carbone and Silvio Ranise

Abstract: While there exist many secure authentication and authorization solutions for web applications, their adaptation in the mobile context is a new and open challenge. In this paper, we argue that the lack of a proper reference model for Single Sign-On (SSO) for mobile native applications drives many social network vendors (acting as Identity Providers) to develop their own mobile solution. However, as the implementation details are not well documented, it is difficult to establish the proper security level of these solutions. We thus provide a rational reconstruction of the Facebook SSO flow, including a comparison with the OAuth 2.0 standard and a security analysis obtained testing the Facebook SSO reconstruction against a set of identified SSO attacks. Based on this analysis, we have modified and generalized the Facebook solution proposing a native SSO solution capable of solving the identified vulnerabilities and accommodating any Identity Provider.

Paper Nr: 77
Title:

PACCo: Privacy-friendly Access Control with Context

Authors:

Andreas Put and Bart De Decker

Abstract: We propose a secure and privacy friendly way to strengthen authentication mechanisms of online services by taking context into account. The use of context, however, is often of a personal nature (e.g. location) and introduces privacy risks. Furthermore, some context sources can be spoofed, and hence, the level of trust of a verifier in a context source can vary. In this paper, a policy language to express contextual constraints is proposed. In addition, a set of protocols to gather, verify and use contextual information in access control decisions is described. The system protects user privacy as service providers do not learn precise context information, and avoids linkabilities. Finally, we have implemented this system and our experimental evaluation shows that it is practical to use.

Paper Nr: 82
Title:

Towards Access Control for Isolated Applications

Authors:

Kirill Belyaev and Indrakshi Ray

Abstract: With the advancements in contemporary multi-core CPU architectures, it is now possible for a server operating system (OS), such as Linux, to handle a large number of concurrent application services on a single server instance. Individual application components of such services may run in different isolated runtime environments, such as chrooted jails or application containers, and may need access to system resources and the ability to collaborate and coordinate with each other in a regulated and secure manner. We propose an access control framework for policy formulation, management, and enforcement that allows access to OS resources and also permits controlled collaboration and coordination for service components running in disjoint containerized environments under a single Linux OS server instance. The framework consists of two models and the policy formulation is based on the concept of policy classes for ease of administration and enforcement. The policy classes are managed and enforced through a Linux Policy Machine (LPM) that acts as the centralized reference monitor and provides a uniform interface for accessing system resources and requesting application data and control objects. We present the details of our framework and also discuss the preliminary implementation to demonstrate the feasibility of our approach.

Paper Nr: 83
Title:

LP-Cache: Privacy-aware Cache Model for Location-based Apps

Authors:

Asma Patel and Esther Palomar

Abstract: The daily use of smartphones along with third-party apps, which involve location data to be continuously collected, shared and used, have become a significant privacy concern. Besides, taking advantage of the rapid growth of wireless access points, the capability of these location-based services to track users’ lives, even sometimes with their consent, creates an urgent need for the development of more user-friendly and sociallyaccepted approaches to location privacy preservation. In this paper, we introduce a novel privacy-aware model for location-based apps to overcome the shortcomings related to user privacy during the location calculation process. By making the user device play a bigger role in the process, our model prevents users from relying on service providers’ trustworthiness. The model applies a cache-based technique to determine the position of client devices by means of wireless access points and achieve data minimisation in the current process. The model also establishes new personalised permission settings for the users while sharing their location information. We outline possible implementation of the proposal, and preliminary findings of the work-inprogress evaluation on the wireless data feasibility and usability that demonstrate deployment viability.

Short Papers
Paper Nr: 20
Title:

The Mathematical Foundations for Mapping Policies to Network Devices

Authors:

Dinesha Ranathunga, Matthew Roughan, Phil Kernick and Nick Falkner

Abstract: A common requirement in policy specification languages is the ability to map policies to the underlying network devices. Doing so, in a provably correct way, is important in a security policy context, so administrators can be confident of the level of protection provided by the policies for their networks. Existing policy languages allow policy composition but lack formal semantics to allocate policy to network devices. Our research tackles this from first principles: we ask how network policies can be described at a high-level, independent of vendor and network minutiae. We identify the algebraic requirements of the policy-mapping process and propose semantic foundations to formally verify if a policy is implemented by the correct set of policy-arbiters. We show the value of our proposed algebras in maintaining concise network-device configurations by applying them to real-world networks.

Paper Nr: 21
Title:

Sensor-based Wearable PUF

Authors:

Kazuhide Fukushima, Seira Hidano and Shinsaku Kiyomoto

Abstract: The Physically Unclonable Function (PUF) is a technique that generates unique device identifiers based on variations in the manufacturing process. The Internet of Things (IoT) has become widespread, and various kinds of devices are now available. Device authentication and key management are essential to provide a secure service to these devices. We can use the unforgeable identifier generated by the PUF as a key for encryption and authentication. However, the existing PUFs require a dedicated hardware or low-level software, i.e., driver. Thus, they are impractical to use on smartphones or IoT devices due to the severe limitations of production cost and power consumption. In this paper, we propose a sensor-based PUF that utilizes the accelerometer and gyroscope, which are widely available on smartphones and IoT devices. We implement the proposed PUF on a smartwatch and show that accelerometer-based PUF achieves good usability, extreme robustness, and a high entropy of 91.66 bits.

Paper Nr: 28
Title:

Hardware Accelerator for Stream Cipher Spritz

Authors:

Debjyoti Bhattacharjee and Anupam Chattopadhyay

Abstract: RC4, the dominant stream cipher in e-commerce and communication protocols such as, WEP, TLS, is being considered for replacement due to the series of vulnerabilities that have been pointed out in recent past. After a thorough analysis of the possible weaknesses, Spritz, a new stream cipher is proposed to that effect by the author of RC4. The design of Spritz is based on Cryptographic Sponge construction, which permits Spritz to be used in different modes, and therefore, makes it an attractive design choice for security protocols. Initial software performance analysis of Spritz shows that it fares poorly compared to the state-of-the-art hash functions and stream ciphers. In this paper, we extend the analysis to the hardware performance. We propose a fully customized accelerator design for Spritz and identify the highest achievable runtime performance for ASIC and FPGA technology. Our results show that the Spritz accelerator is significantly faster in encryption compared to the software implementation (32.38x speed-up for the SQUEEZE and 64.07x speed-up for the ABSORB function), though fares weakly against hardware implementation of state-of-the-art hash functions and stream ciphers in terms of area-efficiency.

Paper Nr: 35
Title:

Lean and Fast Secure Multi-party Computation: Minimizing Communication and Local Computation using a Helper

Authors:

Johannes Schneider

Abstract: A client wishes to outsource computation on confidential data to a network of servers. He does not trust a single server, but believes that multiple servers do not collude. To solve this problem we introduce a new scheme called JOS for perfect security in the semi-honest model that naturally requires at least three parties. It differs from classical secure multi-party computation (MPC) through three points: (i) a client-server setting, where all inputs and outputs are only known to the client; (ii) the use of three parties, where one party serves merely as “helper” for computation, but does not store any shares of a secret; (iii) distinct use of the distributive and associative nature of well-known linear encryption schemes to derive our protocols. We improve on the total amount of communication needed to compute both an AND and a multiplication compared to all prior schemes (even two party protocols), while matching round complexity or requiring only one more round. For big-data analysis, network bandwidth is often the most severe limitation, thus minimizing the amount of communication is essential. Therefore, we make an important step towards making MPC more practical. We also reduce the total amount of storage needed (eg. in a database setting) compared to all prior schemes using three parties. Our local computation requirements lag behind non-encrypted computation by less than an order of magnitude per party, while improving on other schemes, ie. GRR, by several orders of magnitude.

Paper Nr: 38
Title:

A Template Attack Against VERIFY PIN Algorithms

Authors:

Hélène Le Bouder, Thierno Barry, Damien Couroussé, Jean-Louis Lanet and Ronan Lashermes

Abstract: This paper presents the first side channel analysis from electromagnetic emissions on VERIFY PIN algorithms. To enter a PIN code, a user has a limited number of trials. Therefore the main difficulty of the attack is to succeed with very few traces. More precisely, this work implements a template attack and experimentally verifies its success rate. It becomes a new real threat, and it is feasible on a low cost and portable platform. Moreover, this paper shows that some protections for VERIFY PIN algorithms against fault attacks introduce new vulnerabilities with respect to side channel analysis.

Paper Nr: 41
Title:

A Practical Encrypted Microprocessor

Authors:

Peter T. Breuer, Jonathan P. Bowen, Esther Palomar and Zhiming Liu

Abstract: This paper explores a new approach to encrypted microprocessing, potentiating new trade-offs in security versus performance engineering. The coprocessor prototype described runs standard machine code (32-bit OpenRISC v1.1) with encrypted data in registers, on buses, and in memory. The architecture is ‘superscalar’, executing multiple instructions simultaneously, and is sophisticated enough that it achieves speeds approaching that of contemporary off-the-shelf processor cores. The aim of the design is to protect user data against the operator or owner of the processor, and so-called ‘Iago’ attacks in general, for those paradigms that require trust in data-heavy computations in remote locations and/or overseen by untrusted operators. A single idea underlies the architecture, its performance and security properties: it is that a modified arithmetic is enough to cause all program execution to be encrypted. The privileged operator, running unencrypted with the standard arithmetic, can see and try their luck at modifying encrypted data, but has no special access to the information in it, as proven here. We test the issues, reporting performance in particular for 64-bit Rijndael and 72-bit Paillier encryptions, the latter running keylessly.

Paper Nr: 47
Title:

Two Secure Anonymous Proxy-based Data Storages

Authors:

Olivier Blazy, Xavier Bultel and Pascal Lafourcade

Abstract: Unidirectional proxy re-encryption (PRE) can be used to realize an efficient and secure shared storage. However, this type of storage does not yet protect its users' privacy: to retrieve some data a user must give his identity and his query to the proxy. We propose two secure data storage systems that allow authorized users to anonymously get access to the content of encrypted data on a storage. Each scheme corresponds to a certain economic model. In the first one, a user has to pay for each downloaded file, whereas in the second one, users pay each month a subscription to get an unlimited access to all their files.

Paper Nr: 55
Title:

User-friendly Manual Transfer of Authenticated Online Banking Transaction Data - A Case Study that Applies the What You Enter Is What You Sign Transaction Authorization Information Scheme

Authors:

Sven Kiljan, Harald Vranken and Marko van Eekelen

Abstract: Online banking relies on user-owned home computers and mobile devices, all vulnerable to man-in-the-middle attacks which are used to steal money from bank accounts. Banks mitigate this by letting users verify information that originates from these untrusted devices. This is not user-friendly since the user has to process the same information twice. It also makes the user an unnecessary critical factor and risk in the security process. This paper concerns a case study of an information scheme which allows the user to enter critical information in a trusted device, which adds data necessary for the recipient to verify its integrity and authenticity. The output of the device is a code that contains the information and the additional verification data, which the user enters in the computer used for online banking. With this, the bank receives the information in a secure manner without requiring an additional check by the user, since the data is protected from the moment the user entered it in the trusted device. This proposal shows that mundane tasks for the user in online banking can be automated, which improves both security and usability.

Paper Nr: 58
Title:

Web-based Fingerprinting Techniques

Authors:

Vítor Bernardo and Dulce Domingos

Abstract: The concept of device fingerprinting is based in the assumption that each electronic device holds a unique set of physical and/or logical features that others can capture and use to differentiate it from the whole. Web-based fingerprinting, a particular case of device fingerprinting, allows website owners to differentiate devices based on the set of information that browsers transmit. Depending on the techniques being used, a website can track a device based on its browser features (browser fingerprinting) or based on system settings (cross-browser fingerprinting). The latter allows identification of the device even when more than one browser is used. Several different works have introduced new techniques over the last years proving that fingerprinting can be done in multiple ways, but there is not a consolidated work gathering all of them. The current work identifies known web-based fingerprinting techniques, categorizing them as which ones are browser and which are cross-browser and showing real examples of the data that can be captured with each technique. The study is synthesized in a taxonomy, which provides a clear separation between techniques, making it easier to identify the threats to security and privacy inherent to each one.

Paper Nr: 61
Title:

3DCrypt: Privacy-preserving Pre-classification Volume Ray-casting of 3D Images in the Cloud

Authors:

Manoranjan Mohanty, Muhammad Rizwan Asghar and Giovanni Russello

Abstract: With the evolution of cloud computing, organizations are outsourcing the storage and rendering of volume (i.e., 3D data) to cloud servers. Data confidentiality at the third-party cloud provider, however, is one of the main challenges. In this paper, we address this challenge by proposing – 3DCrypt – a modified Paillier cryptosystem scheme for multi-user settings that allows cloud datacenters to render the encrypted volume. The rendering technique we consider in this work is pre-classification volume ray-casting. 3DCrypt is such that multiple users can render volumes without sharing any encryption keys. 3DCrypt’s storage and computational overheads are approximately 66.3 MB and 27 seconds, respectively when rendering is performed on a 256 × 256 × 256 volume for a 256×256 image space.

Paper Nr: 68
Title:

Protecting Databases from Schema Disclosure - A CRUD-Based Protection Model

Authors:

Óscar Mortágua Pereira, Diogo Domingues Regateiro and Rui L. Aguiar

Abstract: Database schemas, in many organizations, are considered one of the critical assets to be protected. From database schemas, it is not only possible to infer the information being collected but also the way organizations manage their businesses and/or activities. One of the ways to disclose database schemas is through the Create, Read, Update and Delete (CRUD) expressions. In fact, their use can follow strict security rules or be unregulated by malicious users. In the first case, users are required to master database schemas. This can be critical when applications that access the database directly, which we call database interface applications (DIA), are developed by third party organizations via outsourcing. In the second case, users can disclose partially or totally database schemas following malicious algorithms based on CRUD expressions. To overcome this vulnerability, we propose a new technique where CRUD expressions cannot be directly manipulated by DIAs any more. Whenever a DIA starts-up, the associated database server generates a random codified token for each CRUD expression and sends it to the DIA that the database servers can use to execute the correspondent CRUD expression. In order to validate our proposal, we present a conceptual architectural model and a proof of concept.

Paper Nr: 69
Title:

FPGA Implementation of F2-Linear Pseudorandom Number Generators based on Zynq MPSoC: A Chaotic Iterations Post Processing Case Study

Authors:

Bakiri Mohammed, Jean-François Couchot and Christophe Guyeux

Abstract: Pseudorandom number generation (PRNG) is a key element in hardware security platforms like fieldprogrammable gate array FPGA circuits. In this article, 18 PRNGs belonging in 4 families (xorshift, LFSR, TGFSR, and LCG) are physically implemented in a FPGA and compared in terms of area, throughput, and statistical tests. Two flows of conception are used for Register Transfer Level (RTL) and High-level Synthesis (HLS). Additionally, the relations between linear complexity, seeds, and arithmetic operations on the one hand, and the resources deployed in FPGA on the other hand, are deeply investigated. In order to do that, a SoC based on Zynq EPP with ARM Cortex-A9 MPSoC is developed to accelerate the implementation and the tests of various PRNGs on FPGA hardware. A case study is finally proposed using chaotic iterations as a post processing for FPGA. The latter has improved the statistical profile of a combination of PRNGs that, without it, failed in the so-called TestU01 statistical battery of tests.

Paper Nr: 70
Title:

How I Met Your Mother? - An Empirical Study about Android Malware Phylogenesis

Authors:

Gerardo Canfora, Francesco Mercaldo, Antonio Pirozzi and Corrado Aaron Visaggio

Abstract: Android malware is becoming more and more aggressive, in terms of impact on the victim’s device and in terms of capability of evading detection. Not only smartphones with their sensitive information are targeted by attackers, but also devices such as watches, glasses and everything that can be connected to the Internet of Things. Current signature based antimalware or anomaly based detection are not able to detect zero-day attacks: even trivial code transformation can overcome detection. New malware is often not really new: malware writers are used to add functionality to existing malware, or merge different pieces of existing malware code: this determines the families of Android malware i.e. malware programs that have in common some essential features or behaviors and modify some other parts. To be able to recognize the malware familiy a malware belongs to is useful for malware analysis, fast infection response, and quick incident resolution. In this paper we introduce DescentDroid, a tool that traces back the malware descendant family. We experiment our technique with an extended dataset comprising malware and trusted applications, obtaining high precision in recognizing the malware family membership.

Paper Nr: 76
Title:

On the Evaluation of the Privacy Breach in Disassociated Set-valued Datasets

Authors:

Sara Barakat, Bechara Al Bouna, Mohamed Nassar and Christophe Guyeux

Abstract: Data anonymization is gaining much attention these days as it provides the fundamental requirements to safely outsource datasets containing identifying information. While some techniques add noise to protect privacy others use generalization to hide the link between sensitive and non-sensitive information or separate the dataset into clusters to gain more utility. In the latter, often referred to as bucketization, data values are kept intact, only the link is hidden to maximize the utility. In this paper, we showcase the limits of disassociation, a bucketization technique that divides a set-valued dataset into km-anonymous clusters. We demonstrate that a privacy breach might occur if the disassociated dataset is subject to a cover problem. We finally evaluate the privacy breach using the quantitative privacy breach detection algorithm on real disassociated datasets.

Paper Nr: 80
Title:

OSCIDS: An Ontology based SCADA Intrusion Detection Framework

Authors:

Abdullah Al Balushi, Kieran McLaughlin and Sakir Sezer

Abstract: This paper presents the design, development, and validation of an ontology based SCADA intrusion detection system. The proposed system analyses SCADA network communications and can derive additional information based on the background knowledge and ontology models to enhance the intrusion detection data. The developed intrusion model captures network communications, cyber attacks and the context within the SCADA domain. Moreover, a set of semantic rules were constructed to detect various attacks and extract logical relationships among these attacks. The presented framework was extensively evaluated and a comparison to the state of the art is provided.

Paper Nr: 86
Title:

Differential Addition in Edwards Coordinates Revisited and a Short Note on Doubling in Twisted Edwards Form

Authors:

Srinivasa Rao Subramanya Rao

Abstract: Cryptographic algorithms in smart cards and other constrained environments increasingly rely on Elliptic Curves and thus it is desirable to have fast algorithms for elliptic curve arithmetic. In this paper, we provide (i) faster differential addition formulae for elliptic curve arithmetic on Generalized Edwards’ Curves improving upon the currently known formulae in the literature, proposed by Justus and Loebenberger at IWSEC 2010, (ii) more efficient affine differential addition formulae for a new model of Binary Edwards Curves proposed by Wu, Tang and Feng at INDOCRYPT 2012 and (iii) an algorithm for point doubling on Twisted Edwards Curves with a smaller footprint when the implementation is desired to work across Homogeneous Projective, Inverted and Extended Homogeneous Projective Coordinates.

Paper Nr: 89
Title:

Verifiable Policy-defined Networking for Security Management

Authors:

Dinesha Ranathunga, Matthew Roughan, Phil Kernick, Nick Falkner, Hung Nguyen, Marian Mihailescu and Michelle McClintock

Abstract: A common goal in network-management is security. Reliable security requires confidence in the level of protection provided. But, many obstacles hinder reliable security management; most prominent is the lack of built-in verifiability in existing management paradigms. This shortfall makes it difficult to provide assurance that the expected security outcome is consistent pre- and post-deployment. Our research tackles the problem from first principles: we identify the verifiability requirements of robust security management, evaluate the limitations of existing paradigms and propose a new paradigm with verifi- ability built in: Formally-Verifiable Policy-Defined Networking (FV-PDN). In particular, we pay attention to firewalls which protect network data and resources from unauthorised access. We show how FV-PDN can be used to configure firewalls reliably in mission critical networks to protect them from cyber attacks.

Paper Nr: 90
Title:

Practical Application of Order-preserving Encryption in Wide Column Stores

Authors:

Tim Waage, Daniel Homann and Lena Wiese

Abstract: Order-preserving encryption (OPE) produces ciphertexts that preserve the relative order of the underlying plaintexts. Thus, it is very suitable for range queries over encrypted outsourced data, as it is a popular case in cloud database scenarios. Unfortunately, most schemes suffer from infeasibility in practice due to requirements like hardly maintainable data structures or additional architectural components. While OPE is a widely discussed topic in theory, to our knowledge only one OPE scheme received noticeable practical attention ((Boldyreva et al., 2009) for SQL-based systems in (Popa et al., 2011; Tu et al., 2013)). Therefore, our work identifies the practical requirements for utilizing OPE in real world usage with focus on existing NoSQL cloud database technologies. We evaluate a variety of popular schemes and propose improvements for two of them in order to further improve their practicability. Then we assess the performance of our modifications in comparison to the approach of (Boldyreva et al., 2011) (which can be considered the successor of (Boldyreva et al., 2009) by a runtime analysis in combination with two popular NoSQL wide column store databases.

Paper Nr: 98
Title:

Threats to 5G Group-based Authentication

Authors:

Rosario Giustolisi and Christian Gehrmann

Abstract: The fifth generation wireless system (5G) is expected to handle an unpredictable number of heterogeneous connected devices and to guarantee at least the same level of security provided by the contemporary wireless standards, including the Authentication and Key Agreement (AKA) protocol. The current AKA protocol has not been designed to efficiently support a very large number of devices. Hence, a new group-based AKA protocol is expected to be one of the security enhancement introduced in 5G. In this paper, we advance the group-based AKA threat model, reflecting previously neglected security risks. The threat model presented in the paper paves the way for the design of more secure protocols.

Paper Nr: 103
Title:

Efficient Randomized Regular Modular Exponentiation using Combined Montgomery and Barrett Multiplications

Authors:

Andrea Lesavourey, Christophe Negre and Thomas Plantard

Abstract: Cryptographic operations performed on an embedded device are vulnerable to side channel analysis and particularly to differential and correlation power analysis. The basic protection against such attacks is to randomize the data all along the cryptographic computations. In this paper we present a modular multiplication algorithm which can be used for randomization. We show that we can use it to randomize the modular exponentiation of the RSA cryptosystem. The proposed randomization is free of computation and induces a level of randomization from 210 to 215 for practical RSA modulus size.

Paper Nr: 111
Title:

ISDSR: Secure DSR with ID-based Sequential Aggregate Signature

Authors:

Kenta Muranaka, Naoto Yanai, Shingo Okamura and Toru Fujiwara

Abstract: Wireless sensor networks are often more vulnerable than wired ones. Especially, an adversary can attack the networks by utilizing false route information. A countermeasure against the attack is a secure routing protocol with digital signatures to guarantee the validity of route information. However, existing secure routing protocols are inefficient because the memory size and the computational overhead are heavy. To overcome these problems, we focus on ID-based sequential aggregate signatures (IBSAS) (Boldyreva et al., 2007). IBSAS allow users to aggregate individual signatures into a single signature. Moreover, certificates of public keys are unnecessary for IBSAS. Therefore, IBSAS can drastically decrease the memory size and the computational overhead. Besides, one of the main concerns for practical use is to construct a protocol specification with IBSAS. Moreover, since IBSAS are sometimes weak against compromising secret keys, another concern is to construct its countermeasure. For these purposes, we propose a secure dynamic source routing with ID-based sequential aggregate signatures, called ISDSR for short and discuss the key management to revoke/update compromised keys. We also show that the performance of ISDSR is the best in comparison with the existing protocols.

Posters
Paper Nr: 31
Title:

A Pre-clustering Method To Improve Anomaly Detection

Authors:

Denis Hock, Martin Kappes and Bogdan Ghita

Abstract: While Anomaly Detection is commonly accepted as an appropriate technique to uncover yet unknown network misuse patterns and malware, detection rates are often diminished by, e.g., unpredictable user behavior, new applications and concept changes. In this paper, we propose and evaluate the benefits of using clustering methods for data preprocessing in Anomaly Detection in order to improve detection rates even in the presence of such events. We study our pre-clustering approach for different features such as IP addresses, traffic characteristics and application layer protocols. Our results obtained by analyzing detection rates for real network traffic with actual intrusions indicates that our approach does indeed significantly improve detection rates and, moreover, is practically feasible.

Paper Nr: 33
Title:

A Metaphone based Chaotic Searchable Encryption Algorithm for Border Management

Authors:

Abir Awad and Brian Lee

Abstract: In this paper, we consider a use case for national border control and management involving the assurance of privacy and protection of personally identifiable information (PII) in a shared multi-tenant environment, i.e. the cloud. A fuzzy searchable encryption scheme is applied on a watch list of names which are used as indexes for the identification files that are in their turn encrypted and stored on the cloud. Two propositions are described and tested in this paper. The first entails the application of a chaotic fuzzy searchable encryption scheme directly on the use case and its subsequent verification on a number of phonetics synonyms for each name. In the second version, a metaphone based chaotic fuzzy transformation method is used to perform a secure search and query. In this latter case, the fuzzy transformation is performed in two stages: the first stage is the application of the metaphone algorithm which maps all the words pronounced in the same way to a single code and the second stage is the application of the chaotic Local Sensitive Hashing (LSH) to the code words. In both the first and second propositions, amplification of the LSH is also performed which permits controlled fuzziness and ranking of the results. Extensive tests are performed and experimental results show that the proposed scheme can be used for secure searchable identification files and a privacy preserving scheme on the cloud.

Paper Nr: 39
Title:

Towards a Software Approach to Mitigate Correlation Power Analysis

Authors:

Ibraheem Frieslaar and Barry Irwin

Abstract: In this research we present a novel implementation for a software countermeasure to mitigate Correlation Power Analysis (CPA). This countermeasure combines pseudo controlled-random dummy code and a task scheduler using multi threads to form dynamic power traces which obscures the occurrence of critical operations of the AES-128 algorithm. This work investigates the use of a task scheduler to generate noise at specific areas in the AES-128 algorithm to mitigate the CPA attack. The dynamic power traces have shown to be an effective contermeasure, as it obscures the CPA into predicting the incorrect secret key. Furthermore, the countermeasure is tested on an ATmega and an ATxmega microcontroller. The basic side channel analysis attack resistance has been increased and in both scenarios the proposed countermeasure has reduced the correlation accuracy and forced the CPA to predict the incorect key. The correlation accuracy decreased from 97.6% to 53.6% on the ATmega microntroller, and decreased from 82% to 51.4% on the ATxmega microcontroller.

Paper Nr: 49
Title:

Towards Practical k-Anonymization: Correlation-based Construction of Generalization Hierarchy

Authors:

Tomoaki Mimoto, Anirban Basu and Shinsaku Kiyomoto

Abstract: The privacy of individuals included in the datasets must be preserved when sensitive datasets are published. Anonymization algorithms such as k-anonymization have been proposed in order to reduce the risk of individuals in the dataset being identified. k-anonymization is the most common technique of modifying attribute values in a dataset until at least k identical records are generated. There are many algorithms that can be used to achieve k-anonymity. However, existing algorithms have the problem of information loss due to a tradeoff between data quality and anonymity. In this paper, we propose a novel method of constructing a generalization hierarchy for k anonymization algorithms. Our method analyses the correlation between attributes and generates an optimal hierarchy according to the correlation. The effect of the proposed scheme has been verified using the actual data: the average of k of the datasets is 83:14, and it is around 1=3 of the value obtained by conventional methods.

Paper Nr: 60
Title:

The Cost of Breaking a Quantum Bit Commitment Protocol on Equivalence Classes

Authors:

Ahmet Emin Tatar, Marius Nagy and Naya Nagy

Abstract: The importance of designing a secure quantum bit commitment (QBC) can be seen from its potential applications: remote coin tossing, zero-knowledge proofs, and secure two-party computation. Unconditionally secure QBC has been shown to be impossible (Mayers, 1996). This means that for any QBC protocol to date, there exist cheating that reveal more information than simple guessing. Nevertheless, the effort to break a QBC protocol may be impractical. The present paper explores the cheating strategy for a QBC designed within two equivalence classes and evaluates the complexity of a cheating attack and its practicality.

Paper Nr: 64
Title:

A Second Order Derivatives based Approach for Steganography

Authors:

Jean-François Couchot, Raphaël Couturier, Yousra Ahmed Fadil and Christophe Guyeux

Abstract: Steganography schemes are designed with the objective of minimizing a defined distortion function. In most existing state of the art approaches, this distortion function is based on image feature preservation. Since smooth regions or clean edges define image core, even a small modification in these areas largely modifies image features and is thus easily detectable. On the contrary, textures, noisy or chaotic regions are so difficult to model that the features having been modified inside these areas are similar to the initial ones. These regions are characterized by disturbed level curves. This work presents a new distortion function for steganography that is based on second order derivatives, which are mathematical tools that usually evaluate level curves. Two methods are explained to compute these partial derivatives and have been completely implemented. The first experiments show that these approaches are promising.

Paper Nr: 75
Title:

A Code-based Group Signature Scheme with Shorter Public Key Length

Authors:

Hafsa Assidi, Edoukou Berenger Ayebie and El Mamoun Souidi

Abstract: Group signatures allow members to sign on behalf of a group while maintaining signer’s identity anonymous. In this paper, we show that it is possible to reduce the public key length of the first provably secure group signature scheme from code-based assumptions without losing the security properties. More precisely, the public key can be 466 times shorter than the original scheme, typically for a group of 16 users when the public key length is 1:34 kilo-bytes, while the size is 625 kilo-bytes in the original scheme (Ezerman et al., 2015). Our technic consist in using a Quasi-cyclic Moderate Density Parity-Check McEliece variant for encrypting user identity and a random double circulant matrix for the Underlying Zero Knowledge Argument System.

Paper Nr: 91
Title:

Distributed Data Aggregation in Wireless Sensor Network - with Peer Verification

Authors:

Sumanta Chatterjee, Alwyn R. Pais and Sumit Saurabh

Abstract: Data aggregation in wireless sensor network is implemented to reduce the communication overhead and to reduce bandwidth utilization. Data confidentiality requires the sensor node to transmit the data in a secure manner so that the adversary is unable to read the data or transmit false data even if it compromises some of the sensor nodes or aggregation node. In this paper a distributed aggregation protocol using homomorphic trapdoor permutation is proposed. This protocol distributes the responsibility of key generation , aggregation and verification to different nodes to reduce the overall power consumption of the sensor network. The peer verification scheme is also proposed as a part of the protocol. Peer verification ensures the authentication of the data and sender node in the network, by at least k peer nodes. Security of the proposed protocol is analyzed against passive and active adversary model.

Paper Nr: 94
Title:

Enhancing Operation Security using Secret Sharing

Authors:

Mohsen Ahmadvand, Antoine Scemama, Martín Ochoa and Alexander Pretschner

Abstract: Storing highly confidential data and carrying out security-related operations are crucial to many systems. Starting from an industrial use case we propose a generic architecture based on secret sharing which address critical operation authorization. By comparing and benchmarking different scheme from the literature we analyze the different trade-offs (security, functionality, performance) which can be achieved. Finally by providing an open source .NET implementation of several secret sharing schemes, this paper aims to rise awareness regarding the capabilities of such algorithms to increase security in industrial setting.

Paper Nr: 95
Title:

Computations on Private Sets and their Application to Biometric based Authentication Systems

Authors:

Wojciech Wodo, Lucjan Hanzlik and Kamil Kluczniak

Abstract: In this paper we investigate the concept of cancelable biometrics and propose a new scheme for user authorisation providing anonymity based on privacy-preserving computations on sets. We define a problem called (t;n) -Threshold Subset Problem and apply it to a biometric-based security system. Our solution implements biometric template protection based on one-way transformations and Bloom filters. Users authentication data is stored in form of a whitelist and the authorisation process is based on a zero-knowledge proof approach. Using oblivious polynomial evaluation (OPE) a legitimate user is able to recreate a secret polynomial and answer the challenge send by a verifier. We assume that biometric data can be acquired and digitized to the form of a vector representation.

Paper Nr: 102
Title:

Thermal Imaging Attacks on Keypad Security Systems

Authors:

Wojciech Wodo and Lucjan Hanzlik

Abstract: The paper discusses the issue of thermal imaging attacks on a variety of keyboard devices, such as cash machines, payment terminals, combination locks or computer keyboards. The aim of the research was to obtain the entered code or password in the most non-invasive way. As it turned out, attacks based on images from thermal imaging cameras are very easy to carry out and work in almost every case, which calls for extra safety measures. The authors consider various attack scenarios and come up with recommendations for both manufacturers and users of electronic keyboard security systems.

Paper Nr: 104
Title:

Predicting Outcomes of ElimLin Attack on Lightweight Block Cipher Simon

Authors:

Nicolas T. Courtois, Pouyan Sepehrdad, Guangyan Song and Iason Papapanagiotakis-Bousy

Abstract: There are two major families in cryptanalytic attacks on symmetric ciphers: statistical attacks and algebraic attacks. In this position paper we argue that algebraic cryptanalysis has not yet been developed properly due to the weakness of the theory which has substantial difficulty to prove most basic results on the number of linearly independent equations in algebraic attacks. Consequently most authors present a restricted range of attacks which are shown experimentally to work with their computer but refrain from claiming results which would work on a larger computer but have not yet been tested. For example in recent 2015 work of Raddum we discover that (experimentally) ElimLin attack breaks up to 16 rounds of Simon block cipher however it is hard to know what happens for 17 rounds. In this paper we argue that one CAN predict and model the behavior of such attacks and evaluate complexity of the attacks which we cannot yet execute. To the best of our knowledge this has never been done before.

Paper Nr: 106
Title:

Efficient Proxy Signature Scheme from Pairings

Authors:

Francesco Buccafurri, Rajeev Anand Sahu and Vishal Saraswat

Abstract: A proxy signature enables an entity to transfer its signing rights to another entity, called the proxy signer, without actually sharing its signing key. Most of the proxy signatures in literature have been designed using bilinear pairing on the elliptic curve group with the aim of providing either the property of being identity-based or efficiency or security. But almost all of these schemes do not provide all these three desirable properties together and most of the identity-based proxy signature (IBPS) schemes are either too inefficient or their security is based on non-standard assumptions to have practical significance. In this paper, we propose an efficient and provably secure identity-based proxy signature scheme from bilinear pairing based on a standard assumption, the hardness of the computational Diffie-Hellman problem. The proposed scheme is secure against existential forgery on adaptive chosen-message and adaptive chosen-ID attack in the random oracle model. Moreover, we do an efficiency analysis and show that our scheme is significantly more efficient in the view of computation and operation time than the existing similar schemes.

Paper Nr: 107
Title:

Predictive Model for Exploit Kit based Attacks

Authors:

Slim Trabelsi, Skander Ben Mahmoud and Anis Zouaoui

Abstract: Exploit kits are becoming frequently used to generate attacks against systems and software components. These exploit kits are really popular among the non-expert community (script kiddies) and are publicly available on Social Medias. In this paper we demonstrate how this popularity of such exploit kits on social media can impact the severity of the attacks generated from these tools. We propose we propose a new predictive model to estimate in advance the possible attacks that could be generated from trendy kits.

Paper Nr: 108
Title:

Multi-Device Authentication using Wearables and IoT

Authors:

Jan Hajny, Petr Dzurenda and Lukas Malina

Abstract: The paper presents a novel cryptographic authentication scheme that makes use of the presence of electronic devices around users. The scheme makes authentication more secure by involving devices that are usually worn by users (such as smart-watches, fitness bracelets and smart-cards) or are in their proximity (such as sensors, home appliances, etc.). In our scheme, the user private key is distributed over all personal devices thus cannot be compromised by breaking into only a single device. Furthermore, involving wearables and IoT devices makes it possible to use multiple authentication factors, such as user's position, his behavior and the state of the surrounding environment. We provide the full cryptographic specification of the protocol, its formal security analysis and the implementation results in this paper.