Information Security Theory and Practice: Security and Privacy of Mobile Devices in Wireless Communication
5th IFIP WG 11.2 International Workshop, WISTP 2011, Heraklion, Crete, Greece, June 1-3, 2011, Proceedings
Published on 3. June 2011
XIII, 392 pages
978-3-642-21040-2 (ISBN)
Description
This volume constitutes the refereed proceedings of the 5th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Mobile Devices in Wireless Communication, WISTP 2011, held in Heraklion, Crete, Greece, in June 2011. The 19 revised full papers and 8 short papers presented together with a keynote speech were carefully reviewed and selected from 80 submissions. They are organized in topical sections on mobile authentication and access control, lightweight authentication, algorithms, hardware implementation, security and cryptography, security attacks and measures, security attacks, security and trust, and mobile application security and privacy.
More details
Other editions
Additional editions
Claudio Agostino Ardagna | Jianying Zhou
Information Security Theory and Practice: Security and Privacy of Mobile Devices in Wireless Communication
5th IFIP WG 11.2 International Workshop, WISTP 2011, Heraklion, Crete, Greece, June 1-3, 2011, Proceedings
Book
05/2011
Springer
€53.49
Shipment within 7-9 days
Content
- Intro
- Title Page
- Preface
- Organization
- Table of Contents
- Keynote Speech
- Can Code Polymorphism Limit Information Leakage?
- Introduction
- Algorithmic Description
- Bucket Types
- Rewriting Algorithms
- Concrete Implementation
- Experimental Evaluation
- Performance
- Attacking a Standard aes Implementation
- Attacking an Unrolled aes Implementation
- Attacking a Polymorphic aes Implementation
- Can Lisp-Like Languages Help?
- Structure
- Step by Step Explanations
- Rewriter
- Results
- Possible Extensions
- Avoiding Code Growth
- Separating $H$ From $F_i$
- Randomizing Compilers: A Practical Approach
- References
- Mobile Authentication and Access Control
- Mobile Electronic Identity: Securing Payment on Mobile Phones
- Introduction
- Present-Day Payment Solutions
- NFC
- Bluetooth
- SMS
- Other Solutions
- Using a HISP: Mixing Context, Human Trust and Security
- Choosing a HISP
- Tailoring a HISP
- The Human Contribution
- Demonstrating a HISP
- Reverse Authentication
- Implementation
- Implementation of Approach A
- Implementation of Approach B
- Security Analysis
- Phishing/Credential Harvesting
- Malware
- Man in the Middle
- Conclusion
- References
- Role-Based Secure Inter-operation and Resource Usage Management in Mobile Grid Systems
- Introduction
- Relevant Work and Motivation
- The Proposed domRBAC Model for Modern Collaborative Systems
- domRBAC Elements
- domRBAC Definitions
- Use Cases
- Use Case 1: Resource Usage Management
- Use Case 2: Security Violation
- Conclusion
- References
- Lightweight Authentication
- SSL/TLS Session-Aware User Authentication Using a GAA Bootstrapped Key
- Introduction
- Background
- Man in the Middle Attacks
- Generic Authentication Architecture
- Related Work
- TLS-SA Using a GAA Bootstrapped Key
- The Basic Scheme
- Variants
- Analysis
- Informal Security Analysis
- Security-Efficiency Trade-Offs
- Conclusions
- References
- An Almost-Optimal Forward-Private RFID Mutual Authentication Protocol with Tag Control
- Introduction
- Security Model
- Tools
- Protocol Description
- Properties
- Security Reductions
- Conclusions
- References
- Affiliation-Hiding Authentication with Minimal Bandwidth Consumption
- Introduction
- Linkable vs. Unlinkable AHA
- The Challenge of Group Discovery
- Related Work
- Contributions and Organization
- Non-Interactive Key Distribution
- Definition and Security Model of NIKDS
- A Construction of NIKDS Based on Bilinear Maps (Pairings)
- Our Affiliation-Hiding Authentication Protocol
- Syntax of AHA
- Protocol Definition
- Correctness, Efficiency, and Parameter Selection
- Security Model for AHA
- Adversary Model
- Linkable Affiliation-Hiding Security
- Security Analysis of Our Protocol
- Conclusion
- References
- Algorithms
- Formal Framework for the Evaluation of Waveform Resynchronization Algorithms
- Introduction
- Resynchronization Algorithms
- Problem Statement
- AOC: Amplitude-Only Correlation
- POC: Phase-Only Correlation
- POC Flaw and Threshold-POC
- Complexity of AOC, POC and T-POC
- Evaluation of Resynchronization Algorithms
- Formal Framework
- Benchmarking of Representative Waveforms
- Conclusions and Perspectives
- References
- Solving DLP with Auxiliary Input over an Elliptic Curve Used in TinyTate Library
- Introduction
- Preliminaries
- Discrete Logarithm Problem with Auxiliary Input (DLPwAI)
- Cheon's Algorithm
- DLPwAI in Cryptographic Schemes
- Implementation
- BSGS Algorithm
- KKM Improvement
- Experimental Results
- Parameters
- Results
- Estimations
- Concluding Remarks
- References
- Information Leakage Discovery Techniques to Enhance Secure Chip Design
- Introduction
- EMA Analysis as a Design Phase
- Electromagnetic Emission Analysis
- Information Finding Algorithm
- Complexity Analysis
- Experimental Validation
- Workbench
- Experimental Results
- Conclusion
- References
- Hardware Implementation
- A Cryptographic Processor for Low-Resource Devices: Canning ECDSA and AES Like Sardines
- Introduction
- Related Work
- System Overview
- Hardware Architecture
- Arithmetic-Level Implementation
- Algorithm-Level Implementation
- The SHA-1 Algorithm
- The AES Algorithm
- ECC Scalar Multiplication
- ECDSA Implementation
- Results
- Conclusions
- References
- An Evaluation of Hash Functions on a Power Analysis Resistant Processor Architecture
- Introduction
- Background
- Side-Channel Attacks on Hash Functions
- The Power-Trust Platform
- Our Variant of the Power-Trust Platform
- Implementation of Hash Functions on the Power-Trust Platform
- Results
- Instruction Set Agility
- Performance
- Conclusions
- References
- A Comparison of Post-Processing Techniques for Biased Random Number Generators
- Introduction
- Known Techniques for De-Biasing
- Compression with Cryptographic Hash
- Compression Using the Von Neumann Corrector
- Compression Based on Good Linear Codes
- Comparison of Random Bias of Different Post-Processing Functions
- Comparison of Adversary Bias of Different Post-Processing Functions
- Adversary Bias after Linear Compression
- Adversary Bias after Von Neumann Compression
- Linear Compression Outperforming the Von-Neumann Compression
- The Use of Linear Codes with Large d
- Implementation
- Construction of Linear Corrector Functions Based on Cyclic Codes
- Resource Utilization
- Conclusion
- References
- Security and Cryptography
- AES Variants Secure against Related-Key Differential and Boomerang Attacks
- Introduction
- Our Contribution
- Framework for Protection against Related Key Differential and Boomerang Attacks
- Some Definitions and Notation
- Protection against Related-Key Differential Attack of [4]
- Protection against Related-Key Boomerang Attack of [3]
- Security of Improved May et al.'s AES Key Schedule against Related-key Attack
- Equivalent Keys in May et al.'s Key Schedule
- An Improved May et al.'s Key Schedule
- Improved May et al.'s Key Schedule is Secure against Related-Key Differential Attack
- Improved May et al.'s Key Schedule is Secure against Related-Key Boomerang Attack
- A New On-the-fly Key Schedule for AES Secure against Related-Key Differential and Boomerang Attacks
- Hardware Implementation
- References
- Leakage Squeezing Countermeasure against High-Order Attacks
- Introduction
- State of the Art
- First Order Masking Overview
- Vulnerability of the Masking against 1O-Attacks
- Vulnerability of the Masking against 2O-Attacks
- Proposed Masking Method for ``Leakage Squeezing''
- Masking Principle
- Formal Security Assessment and Motivation for Some Bijections
- Experiments on Masked DES Implementations
- ROM Implementation
- USM Implementation
- Complexity and Throughput Results
- Information-Theoretic Evaluation of the Proposed Solutions
- Evaluation of the Implementations against 2O-Attacks
- Conclusion and Perspectives
- References
- Security Attacks and Measures (Short Papers)
- Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault
- Introduction
- Background
- The Advanced Encryption Standard
- The Fault Model
- The Fault Analysis
- The First Step of the Fault Attack
- Analysis of the First Step of the Fault Attack
- The Second Step of the Fault Attack
- Analysis of the Second Step of the Fault Attack
- Attacking other Bytes
- Comparison with Previous Work
- Conclusion
- References
- Entropy of Selectively Encrypted Strings
- Introduction
- Terminology and Definitions
- Languages
- Entropy
- Selective Encryption
- Confidentiality of Selective Encryption
- Zero- and First-Order Languages
- Second-Order Languages
- Third-Order Languages
- $n$-Order Languages
- Concluding Remarks
- References
- Practical Attacks on HB and HB+ Protocols
- Introduction
- Description of the HB and HB+ Protocols
- Passive Attacks on HB Protocol
- Simple Walker Algorithm
- $k$-Basis Walker Algorithm
- Algorithm Analysis
- Experimental Results
- Conclusions
- References
- Attacks on a Lightweight Mutual Authentication Protocol under EPC C-1 G-2 Standard
- Introduction
- Review SRP
- Initialization Phase
- The (i+1)th Authentication Round
- Vulnerabilities of SRP
- Reveal EP$C_s$
- Privacy Analysis
- Revised Protocol
- Security Analysis
- Conclusion
- References
- Security Attacks
- A SMS-Based Mobile Botnet Using Flooding Algorithm
- Introduction
- Background and Motivation
- Related Works
- Challenging Issues
- Our Works and Contributions
- The Overview of the Proposed SMS-Based Botnet
- Stealthiness Study
- Topology Study Based on Simulation
- Simulation Setup
- Simulation Results
- Botnet Construction
- Botnet Maintaining
- Defense Strategies
- Conclusion
- References
- FIRE: Fault Injection for Reverse Engineering
- Introduction
- State of the Art
- Physical Attacks on Cryptographic Systems
- Solving Linear Boolean Systems
- The Case of DES
- The Case of AES
- Fault Injection
- Translation of the FI into Equations
- Random and unknown Faults
- SCARE Conclusion of a FIRE Attack
- Results with Various Fault Models and Contexts
- Conclusion
- References
- Hardware Trojan Side-Channels Based on Physical Unclonable Functions
- Introduction
- Preliminaries
- The Trojan Side-Channel Model
- Physical Unclonable Functions
- PUF-Based TSC Attacks
- A Paradigm on PRESENT
- Performance Analysis
- Other Applications
- Conclusion
- References
- Security and Trust
- Formal Analysis of Security Metrics and Risk
- Introduction
- Contribution
- Background
- Formal Definition of Risk
- Probability vs. Cost
- Relation between Metrics and Risk
- Related Work
- Conclusion
- References
- STORM - Collaborative Security Management Environment
- Introduction
- State of The Art
- STORM Collaborative Environment
- STORM Architecture and Services
- Layer 1 - STORM Users
- Layer 2 - The STORM Framework
- Layer 3 - STORM Services
- Layer 4 - STORM Primary Information Assets
- Implementation
- Conclusions - Future Work
- References
- Trust Agreement in Wireless Mesh Networks
- Introduction
- Differences to MANETs
- Technical Design Goals
- Related Work
- Trust Agreement
- Trust Agreement vs. Web of Trust
- Abstract Trust Requirements
- Definition of Trust in Wireless Mesh Networks
- Creating the Trust Network
- Trust Agreement Scheme
- Startup
- Normal Operation
- Security Considerations
- Evaluating the Behavior of other Nodes
- Conclusion
- References
- Mobile Application Security and Privacy (Short Papers)
- Secure E-Auction for Mobile Users with Low-Capability Devices in Wireless Network
- Introduction
- An Unverifiable Prototype
- Attacks by Dishonest Auctioneers and Bidders
- Verifiable E-Auction for Capability-Limited Mobile Bidders
- Conclusion
- References
- Privacy Respecting Targeted Advertising for Social Networks
- Introduction
- Related Works
- Protection on Smartphones
- Identity Ontologies
- Privacy Protection Ontology-Based Policies
- Our Approach
- Architecture
- Ontology of Identity on Smartphone
- Lightweight Ontology for Privacy Policy
- Rules for Privacy Protection
- Validation
- Conclusions and Future Work
- References
- Privacy Protection for Smartphones: An Ontology-Based Firewall
- Introduction
- Related Works
- Protection on Smartphones
- Identity Ontologies
- Privacy Protection Ontology-Based Policies
- Our Approach
- Architecture
- Ontology of Identity on Smartphone
- Lightweight Ontology for Privacy Policy
- Rules for Privacy Protection
- Validation
- Conclusions and Future Work
- References
- A Study on the Security, the Performance and the Penetration of Wi-Fi Networks in a Greek Urban Area
- Introduction
- Description of the Experiment
- Motivation and Hypotheses
- Subjects
- Methodology and Tools
- Problems
- Results
- Conclusions and Discussion
- Interpretation of Results
- Relation to other Works
- Impact for Practitioners
- Research Agenda
- References
- Author Index
