Computer Security - ESORICS 2021
26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4-8, 2021, Proceedings, Part II
Published on 1. October 2021
XXIV, 786 pages
978-3-030-88428-4 (ISBN)
Description
The two volume set LNCS 12972 + 12973 constitutes the proceedings of the 26
th
European Symposium on Research in Computer Security, ESORICS 2021, which took place during October 4-8, 2021.
The 71 full papers presented in this book were carefully reviewed and selected from 351 submissions. They were organized in topical sections as follows:
Part I: network security; attacks; fuzzing; malware; user behavior and underground economy; blockchain; machine learning; automotive; anomaly detection;
Part II: encryption; cryptography; privacy; differential privacy; zero knowledge; key exchange; multi-party computation.
More details
Series
Edition
1st ed. 2021
Language
English
Place of publication
Cham
Switzerland
Publishing group
Springer International Publishing
Product notice
Reflowable
Illustrations
XXIV, 786 p. 158 illus., 83 illus. in color.
File size
34,00 MB
ISBN-13
978-3-030-88428-4 (9783030884284)
DOI
10.1007/978-3-030-88428-4
Schweitzer Classification
Other editions
Additional editions
Elisa Bertino | Haya Shulman | Michael Waidner
Computer Security - ESORICS 2021
26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4-8, 2021, Proceedings, Part II
Book
10/2021
Springer
€117.69
Shipment within 7-9 days
Content
- Intro
- Preface
- Organization
- Contents - Part II
- Contents - Part I
- Encryption
- Bestie: Very Practical Searchable Encryption with Forward and Backward Security
- 1 Introduction
- 2 Background
- 3 Construction of Bestie
- 3.1 Our Construction
- 3.2 An Example of Bestie
- 4 Evaluation
- 4.1 Implementation
- 4.2 Data Description
- 4.3 Experimental Results
- 5 Other Related Works
- 6 Conclusion
- A Proof of Theorem 1
- References
- Geo-DRS: Geometric Dynamic Range Search on Spatial Data with Backward and Content Privacy
- 1 Introduction
- 1.1 Our Contributions
- 1.2 Motivation and Related Works
- 2 Building Blocks
- 2.1 Notation
- 2.2 R-Tree and R+tree
- 2.3 Secure Bitwise Comparison
- 3 Definitions, Security Notions and Model
- 3.1 Syntax of Our Geometric Dynamic Range Search (Geo-DRS+)
- 3.2 Generic Dynamic SSE Leakage Functions
- 3.3 Range Search Leakage Functions
- 3.4 Security Notions and Definitions
- 3.5 Security Model
- 4 Dynamic Secure Range Search on Encrypted Spatial Data
- 4.1 Geo-DRS Scheme
- 4.2 Geo-DRS+: Optimised Geometric Dynamic Range Search
- 5 Evaluation
- 6 Conclusion
- A Security analysis
- References
- Efficient Multi-client Order-Revealing Encryption and Its Applications
- 1 Introduction
- 1.1 Related Work
- 2 Preliminaries
- 2.1 Notation
- 2.2 Bilinear Maps
- 2.3 Complexity Assumption
- 3 Property-Preserving Hash
- 3.1 PPH from Bilinear Maps
- 3.2 Security Analysis
- 4 Multi-client Order-Revealing Encryption (m-ORE)
- 4.1 Definition of m-ORE
- 4.2 m-ORE Scheme from PPH
- 4.3 Security Analysis
- 5 Multi-client Range Query from m-ORE
- 5.1 The Proposed Construction
- 6 Experimental Evaluation
- 6.1 Setup
- 6.2 Evaluation
- 7 Conclusion
- A Security Analysis of Range Query Scheme
- References
- Versatile and Sustainable Timed-Release Encryption and Sequential Time-Lock Puzzles (Extended Abstract)
- 1 Introduction
- 2 Technical Overview and Contributions
- 3 Definitions and Constructions of Time Lock-Puzzles
- 4 Sequential Time-Lock Puzzles
- 5 (Sequential) Timed-Release Encryption
- 5.1 Basic TRE Construction
- 5.2 Sequential TRE
- 5.3 Integrating Timed-Release Features into Functional Encryption
- A Concurrent and Independent Work
- B Applications: Simpler and More Efficient Instantiations
- C On the Necessity of the Gap Sequential Squaring Assumption
- References
- Multipath TLS 1.3
- 1 Introduction
- 1.1 Multipath Key Exchange
- 1.2 Our Contribution
- 2 Preliminaries
- 2.1 Multipath TCP
- 2.2 Transport Layer Security
- 3 Security Model
- 3.1 Overview
- 3.2 Security of Multi-path Key Exchange
- 4 Multipath Extension for TLS 1.3
- 4.1 Protocol
- 4.2 Security Assumptions
- 4.3 Security
- 4.4 Sub Flow Resumption
- 4.5 Practical Considerations
- 5 Conclusions
- A Transport Layer Security
- References
- SyLPEnIoT: Symmetric Lightweight Predicate Encryption for Data Privacy Applications in IoT Environments
- 1 Introduction
- 1.1 Overview of SyLPEnIoT
- 1.2 Our Contributions
- 2 Related Work
- 3 Background and Assumptions
- 3.1 SyLPEnIoT's Model and Threat Model
- 3.2 Definitions
- 4 Main Constructions in SyLPEnIoT
- 4.1 Pseudo-Random Function
- 4.2 Symmetric-Key Encryption
- 4.3 Construction
- 5 Evaluation
- 5.1 Microbenchmarks
- 5.2 SyLPEnIoT Construction
- 5.3 SyLPEnIoT on Ultra Low-Power Devices
- A Security Proof
- References
- Security Analysis of SFrame
- 1 Introduction
- 1.1 Our Contributions
- 2 SFrame
- 2.1 Specification
- 2.2 Available Implementations
- 3 Adversary Models and Security Goals
- 3.1 Adversary Models
- 3.2 Security Goals of E2EE
- 3.3 Security Goals of AEAD for E2EE
- 3.4 Security Goals of Hash Functions
- 4 Security Analysis
- 4.1 Security of AEAD Under SFrame
- 4.2 Impersonation Against AES-CM-HMAC with Short Tags
- 4.3 Security of AES-CM-HMAC with Long Tags
- 4.4 Impersonation Against AES-GCM with Any Long Tags
- 4.5 Considerations on Authentication Key Recovery
- 4.6 Recommendations
- 5 Conclusions
- References
- Attribute-Based Conditional Proxy Re-encryption in the Standard Model Under LWE
- 1 Introduction
- 1.1 Contribution
- 1.2 Related Work
- 1.3 Organization
- 2 Preliminaries
- 2.1 Lattice Background
- 2.2 Trapdoor and Sampling
- 2.3 Key Homomorphism and Vector Decomposition
- 3 Model of Attribute-Based CPRE
- 3.1 Multi-hop AB-CPRE
- 3.2 Single-Hop AB-CPRE
- 3.3 Security Notation
- 4 Single-Hop AB-CPRE Scheme
- 4.1 Technique Review
- 4.2 Construction
- 4.3 Correctness
- 4.4 Security Proof
- 5 Extension: Multi-hop AB-CPRE Scheme
- 5.1 Construction
- 5.2 Correctness and Security Proof
- 6 Conclusion
- A Proof for Single-hop AB-CPRE
- B Correctness for Multi-hop AB-CPRE
- C Simulator Algorithms for Multi-hop AB-CPRE
- References
- Lattice-Based HRA-secure Attribute-Based Proxy Re-Encryption in Standard Model
- 1 Introduction
- 1.1 Motivation and Related Works
- 1.2 Our Contributions and Future Direction
- 1.3 Technical Overview
- 2 Preliminaries
- 3 Key-Policy Attribute-Based Proxy Re-Encryption
- 3.1 Re-Encryption Simulatability
- 4 Construction of HRA-secure KP-ABPRE
- 4.1 Correctness and Security
- References
- Server-Aided Revocable Attribute-Based Encryption Revised: Multi-User Setting and Fully Secure
- 1 Introduction
- 1.1 Motivation
- 1.2 Our Approach
- 1.3 Our Contributions
- 2 Preliminaries
- 2.1 Composite Order Bilinear Groups
- 2.2 Access Structures and Linear Secret Sharing
- 2.3 Binary Tree
- 3 Framework and Security Model
- 3.1 Security Model
- 4 Construction
- 5 Security Analysis
- 6 Conclusion
- A Proof of Lemma 2
- B Proof of Lemma 4
- C Proof of Lemma 5
- References
- Cryptography
- Precomputation for Rainbow Tables has Never Been so Fast
- 1 Introduction
- 2 Background
- 2.1 Rainbow Tables
- 2.2 Clean Rainbow Tables
- 2.3 Maximum Rainbow Tables
- 3 Filtering Chains
- 3.1 Preliminary Result on Quantifying Precomputation
- 3.2 Intermediary Filtration
- 3.3 Filtration in Each Column
- 3.4 Filtration in Chosen Columns
- 4 Distributing Precomputation
- 4.1 Distribution and Filtration
- 4.2 Distributed Architecture
- 4.3 Estimation of the Precomputation Time
- 4.4 Optimal Configuration
- 5 Experiments
- 5.1 Computing Environments
- 5.2 Filtration Implementation
- 5.3 Positions of the Filters
- 5.4 Considered Parameters
- 5.5 Results
- 6 Conclusion
- A Proof of Theorem 3
- B Online Phase Improvements and Their Impact on Precomputation
- C Intermediary Filtration
- D Notation Through this Paper
- References
- Cache-Side-Channel Quantification and Mitigation for Quantum Cryptography
- 1 Introduction
- 2 Basic Notions and Notation
- 2.1 Cache-Side-Channel Quantification
- 2.2 Quantum Key Distribution
- 3 Analysis for Cache-Side-Channel Quantification
- 3.1 Execution Model
- 3.2 Abstract Reachability Analysis
- 3.3 Automation Through Tool Support
- 4 Practical Evaluation
- 5 Vulnerability in the QKD Implementation
- 6 Security of the Hardened Implementation
- 7 Combining Rewriting and Privacy Amplification
- 8 Related Work
- 9 Conclusion
- References
- Genetic Algorithm Assisted State-Recovery Attack on Round-Reduced Xoodyak
- 1 Introduction
- 2 Preliminaries
- 2.1 Notations
- 2.2 Xoodoo
- 2.3 Xoodyak
- 3 Related Works
- 4 Remodel Xoodoo
- 4.1 Remodel Linear Layer
- 4.2 Remodel Non-linear Layer
- 4.3 Assemble into Xoodoo'
- 5 State-Recovery Attack on Round-Reduced Xoodyak
- 5.1 4/5-Round Attack Against Xoodyak
- 5.2 Extended to 5/6-Round
- 5.3 Attack Against Xoodyak Under the Nonce-Reuse Setting
- 6 Conclusion
- References
- Moving the Bar on Computationally Sound Exclusive-Or
- 1 Introduction
- 2 Background and Related Work
- 3 Symbolic Preliminaries
- 4 Symbolic and Computational Models
- 4.1 The Computational Model
- 4.2 Relationship Between Computational and Symbolic Models
- 4.3 MOO Cryptosystems and Symbolic Histories
- 5 MOO Games and Security Proofs
- 5.1 MOO Games Grstr and Grsymb
- 5.2 Conditions Implying IND$-CPA Security
- 6 Using Our Results to Analyze Modes
- 7 Conclusion and Open Problems
- References
- Optimal Verifiable Data Streaming Protocol with Data Auditing
- 1 Introduction
- 1.1 Our Contribution
- 1.2 Related Work
- 1.3 Organization
- 2 Preliminaries
- 2.1 Notations
- 2.2 Bilinear Groups and CDH Assumption
- 2.3 Groups of Unknown Order and RSA Accumulator
- 2.4 Hashing to Primes
- 3 Verifiable and Auditable Data Streaming Protocol
- 4 The Construction of VADS
- 4.1 Overview
- 4.2 The Construction
- 5 Performance Analysis
- 6 Conclusion
- References
- One-More Unforgeability of Blind ECDSA
- 1 Introduction
- 1.1 ECDSA-ROS Attack on Blind ECDSA
- 1.2 Generic Construction
- 1.3 Algebraic Bijective Random Oracle Model
- 1.4 Security Proof of Blind ECDSA
- 1.5 Related Work
- 2 Preliminaries
- 2.1 ECDSA
- 2.2 Blind Signature
- 3 Algebraic Bijective Random Oracle Model
- 3.1 AGM and BRO
- 3.2 Algebraic Bijective Random Oracle Model
- 4 Blind ECDSA
- 4.1 Building Blocks
- 4.2 Construction
- 4.3 Assumptions
- 4.4 Security Proof
- 4.5 EUF-CMA Security of ECDSA in the ABRO Model
- 5 Hardness of the ECDSA-ROS Problem
- 6 Conclusion
- A Comparison with Existing Blind ECDSA Protocols
- B Blindness
- B.1 Security Model of Blindness
- B.2 Security Proof of Blindness
- References
- MPC-in-Multi-Heads: A Multi-Prover Zero-Knowledge Proof System
- 1 Introduction
- 1.1 Related Works
- 2 Preliminaries
- 2.1 Basic Notations
- 2.2 Secure Computation
- 2.3 Helper Functionalities
- 3 Multi-Prover Zero-Knowledge
- 3.1 Relation and Language
- 3.2 Proof System Syntax
- 3.3 Formal Definition
- 3.4 Public-Coin and Non-interactive Proof
- 4 MPC-in-Multi-Heads: A Black-Box Construction from MPC
- 4.1 Intuitions
- 4.2 Protocol Description
- 4.3 Instantiation with Different Inner Protocols
- 5 Implementation and Experimental Results
- 6 Conclusion and Future Directions
- A Missing Proofs
- References
- Complexity and Performance of Secure Floating-Point Polynomial Evaluation Protocols
- 1 Introduction
- 2 Secure Floating-Point Arithmetic
- 3 Secure Polynomial Evaluation
- 3.1 Generic Protocols for Secure Polynomial Evaluation
- 3.2 Optimized Protocols for Polynomials Defined by Coefficients
- 3.3 Optimized Protocols for Polynomials Defined by Roots
- 4 Performance Measurements
- 5 Conclusions
- References
- SERVAS! Secure Enclaves via RISC-V Authenticryption Shield
- 1 Introduction
- 2 Challenges of Memory Isolation
- 3 RISC-V Authenticryption Shield (RVAS)
- 3.1 RVAS Tweak Design
- 3.2 Solving the Challenges
- 4 SERVAS
- 4.1 Threat Model
- 4.2 Enclave Life Cycle
- 4.3 Enclave Memory Management
- 5 SERVAS Implementation Details
- 5.1 Instruction Set Extension
- 5.2 Tweak
- 5.3 Page Types
- 5.4 Security Monitor (SM)
- 5.5 Caching
- 5.6 Encryption Bypass Optimization
- 6 Security Analysis
- 6.1 Attacks on Physical Memory
- 6.2 Attacks on Virtual Memory
- 7 Evaluation
- 7.1 Performance Overhead
- 7.2 Hardware Overhead
- 7.3 Prototype Limitations
- 8 Related Work
- 9 Future Work
- 10 Conclusion
- A Detailed Evaluation Results
- References
- Privacy
- Privacy-Preserving Gradient Descent for Distributed Genome-Wide Analysis
- 1 Introduction
- 2 System Design
- 2.1 Frag Overview
- 2.2 Attacker Model and Assumptions
- 3 Privacy-Preserving Gradient Descent
- 4 Modeling Attacks for Privacy Analysis
- 4.1 Modeling the LFS Attack
- 4.2 Modeling the Genotype Imputation
- 5 Analysis of Privacy Preservation
- 5.1 The Collection-Level Analysis
- 5.2 The Individual-Level Analysis
- 6 Performance Evaluation
- 7 Discussion
- 8 Related Work
- 9 Conclusion
- A Notation Table
- B Functionalities in Genome-Wide Analysis
- References
- Privug: Using Probabilistic Programming for Quantifying Leakage in Privacy Risk Analysis
- 1 Introduction
- 2 Overview
- 3 Privug
- 4 Evaluation
- 5 Related Work and Concluding Remarks
- References
- Transparent Electricity Pricing with Privacy
- 1 Introduction
- 2 Electricity Pricing
- 3 System and Security Model
- 3.1 Security Model
- 3.2 Security Properties
- 4 Baseline Protocol
- 4.1 Preliminaries
- 4.2 Instantiation
- 4.3 Security Analysis
- 4.4 Performance Analysis
- 4.5 Discussion
- 5 Merkle Tree Protocol
- 5.1 Overview
- 5.2 Instantiation
- 5.3 Security Analysis
- 5.4 Performance Analysis
- 6 Implementation
- 7 Related Work
- 8 Conclusions
- References
- CoinJoin in the Wild
- 1 Introduction
- 1.1 Empirical Analysis of Anonymity
- 1.2 Cookie Monster Mixing
- 1.3 Responsible Disclosure
- 1.4 Related Work
- 2 Preliminaries
- 2.1 Transaction
- 2.2 Multi-Input Heuristic
- 2.3 CoinJoin
- 2.4 Cluster-Intersection Attack
- 3 Dash
- 3.1 Overview
- 3.2 PrivateSend
- 4 Empirical Anonymity Analysis
- 4.1 Transaction Type Detection
- 4.2 Backlink Attack
- 4.3 DC Attack
- 5 Enhancing Privacy of Mixing
- 5.1 Preventing backlinks
- 5.2 Cookie Monster Mixing
- A Differences in the Analysis in Bitcoin
- B Limitations to Arbitrary-Value Mixing
- References
- One-Time Traceable Ring Signatures
- 1 Introduction
- 1.1 Our Contribution
- 1.2 Our Technique
- 1.3 Performance Comparison
- 2 Related Work
- 3 Definitions
- 3.1 One-Time Traceable Ring Signatures
- 4 One-Time Traceable Ring Signature Scheme
- References
- PACE with Mutual Authentication - Towards an Upgraded eID in Europe
- 1 Introduction
- 1.1 Role of eIDs
- 1.2 New Regulations for eIDs
- 1.3 Rationale for Including Mutual Authentication
- 1.4 Other extensions and Modifications of PACE
- 2 PACE with Mutual Authentication
- 2.1 PACE with Mutual Authentication
- 2.2 A Lightweight Version
- 2.3 Backwards Compatibility
- 3 Security and Privacy Issues
- 3.1 Fragility
- 3.2 Protection of Secrets
- 3.3 Impersonation
- 3.4 Security of the Session Key
- 3.5 Resistance to Tracing
- 3.6 Simultability
- 4 PACE-MA Versus PACE-CAM
- References
- Differential Privacy
- Secure Random Sampling in Differential Privacy
- 1 Introduction
- 2 Background
- 2.1 Floating Point Numbers
- 2.2 Random Number Sampling
- 2.3 Mironov Attack
- 2.4 Gaussian Attack
- 2.5 Existing Defences
- 3 General Principles
- 4 Divisibility of Probability Distributions
- 4.1 Preliminaries
- 4.2 Gaussian Distribution
- 4.3 Laplace Distribution
- 5 Sampling Implementations
- 5.1 Gaussian Sampling
- 5.2 Laplace Sampling
- 5.3 Choosing n
- 6 Gaussian Attack Complexity
- 7 Related Work
- 8 Conclusion
- A Probability Density Functions
- A.1 Uniform Distribution
- A.2 Gaussian Distribution
- A.3 Laplace Distribution
- A.4 Exponential Distribution
- A.5 Gamma Distribution
- A.6 Chi-Squared Distribution
- B Code Samples
- B.1 Naïve Sampling
- B.2 Theorem 1 Sampling
- B.3 Sampling with math and random
- B.4 Sampling with Numpy
- References
- Training Differentially Private Neural Networks with Lottery Tickets
- 1 Introduction
- 2 Preliminaries
- 2.1 Differential Privacy
- 2.2 Lottery Ticket Hypothesis
- 3 Differentially Private Lottery Ticket Hypothesis
- 3.1 Overview
- 3.2 DPLTH Walkthrough
- 3.3 Differential Privacy Guarantees of DPLTH
- 3.4 Discussion
- 4 Experiments
- 4.1 Datasets
- 4.2 Competitor
- 4.3 Setup
- 4.4 Main Comparison
- 4.5 Convergence and Early Stopping
- 4.6 Investigating the Score Function
- 4.7 Robustness to P
- 5 Related Work
- 6 Conclusion
- References
- Locality Sensitive Hashing with Extended Differential Privacy
- 1 Introduction
- 2 Related Work
- 2.1 Extended DP
- 2.2 Privacy-Preserving Friend Matching
- 2.3 Privacy-Preserving LSH
- 3 Preliminaries
- 3.1 Locality Sensitive Hashing (LSH)
- 3.2 Examples of LSHs
- 3.3 Approximate Nearest Neighbor Search
- 3.4 Privacy Measures and Privacy Mechanisms
- 4 Privacy Properties of LSH
- 5 LSH-Based Privacy Mechanisms
- 6 Privacy Analyses of the Mechanisms
- 6.1 LSHRR's Privacy W.r.t. the Particular LSH Function
- 6.2 LSHRR's Privacy W.r.t. the Distribution of LSH Functions
- 6.3 Privacy Guarantee for LapLSH
- 7 Experimental Evaluation
- 7.1 Datasets and Experimental Setup
- 7.2 Comparing Privacy and Utility
- 7.3 Experimental Results
- 7.4 Inapplicability of the RAPPOR
- 8 Conclusion
- A Total Privacy Budgets in Extended DP and LDP
- B More Details on the Privacy Analyses
- References
- Zero Knowledge
- MLS Group Messaging: How Zero-Knowledge Can Secure Updates
- 1 Introduction
- 2 Backgrounds
- 3 MLS Updates
- 3.1 Message Layer Security
- 3.2 Securing MLS Updates
- 4 ZK for a PRF on Committed Input and Output
- 4.1 ComInOutZK: A Bit-Wise Solution
- 4.2 A Second Solution: CopraZK
- 5 Conclusion
- A Key Size and Group Orders in MLS Updates
- B Security of Our Zero-Knowledge Protocols
- References
- More Efficient Amortization of Exact Zero-Knowledge Proofs for LWE
- 1 Introduction
- 1.1 Prior Work
- 1.2 Our Results
- 1.3 Technical Overview
- 2 Preliminaries
- 3 Basic Protocol
- 3.1 Proof Size and Concrete Parameter Choices
- 4 Amortized Protocol for a Fixed Public Randomness
- 4.1 Proof Size
- A The Hiding Property of Reed-Solomon Codes
- References
- Zero Knowledge Contingent Payments for Trained Neural Networks
- 1 Introduction
- 2 Preliminaries
- 3 Design Overview
- 4 Instantiation
- 4.1 zk-SNARKs-Based Solution
- 4.2 Libra-Based Solution
- 5 Security Analysis
- 6 Implementation and Experiments
- 7 Related Work
- 8 Conclusion
- A The Main Building Blocks of Libra
- B Proof of Theorem 1
- References
- Key Exchange
- Identity-Based Identity-Concealed Authenticated Key Exchange
- 1 Introduction
- 2 Preliminaries
- 2.1 Notation
- 2.2 Bilinear Pairings and Assumptions
- 2.3 Authenticated Encryption
- 3 Security Model
- 3.1 System and Adversary Setting
- 3.2 Definition of Security
- 4 Construction of IB-CAKE Protocol
- 5 Security Analysis of IB-CAKE
- 5.1 Proof of Label Security
- 5.2 Proof of ID-Concealed Session-Key Security
- 6 Comparison and Implementation
- A Structures of IB-CAKE Protocol with Asymmetric Bilinear Pairing
- A.1 Protocol Structure with Bilinear Pairing of Type-II
- A.2 Protocol Structure with Bilinear Pairing of Type-III
- B Review of the TFNS19-Protocol
- References
- Privacy-Preserving Authenticated Key Exchange: Stronger Privacy and Generic Constructions
- 1 Introduction
- 2 On Modeling Privacy in AKE
- 2.1 What Can(not) Be Handled by PPAKE
- 2.2 Privacy Goals in PPAKE
- 3 Our PPAKE Model
- 3.1 Security Model
- 3.2 Relation Between Privacy Notions
- 3.3 Discussion and Limitations of Our PPAKE Model
- 4 Constructing PPAKE with Strong Privacy
- 4.1 Achieving Weak MITM Private PPAKE Using Shared Secrets
- 4.2 Generic Construction of Strongly MITM Private PPAKE
- 4.3 Two-Move PPAKE Protocol Without Forward Privacy
- 5 Discussion and Future Work
- References
- Multi-party Computation
- Correlated Randomness Teleportation via Semi-trusted Hardware-Enabling Silent Multi-party Computation
- 1 Introduction
- 2 Preliminaries
- 3 Security Model
- 3.1 Semi-trusted Hardware Model
- 4 Correlated Randomness Teleportation
- 4.1 Random OT Teleportation
- 4.2 GC Teleportation with Applications to Silent 2PC
- 5 Security
- 6 Implementation and Benchmarks
- 7 Related Work
- 8 Conclusion
- A Appendix
- A.1 Security Proof of Our Main Theorems
- References
- Polynomial Representation Is Tricky: Maliciously Secure Private Set Intersection Revisited
- 1 Introduction
- 2 Related Work
- 3 Background
- 3.1 Representing Sets by Polynomials
- 3.2 Oblivious Linear Function Evaluation
- 3.3 Oblivious Polynomial Addition
- 3.4 Two-Party PSI
- 4 Attack 1: Making Honest Party Learn Incorrect Result
- 4.1 Attack Description
- 4.2 Attack Analysis
- 4.3 Candidate Mitigation
- 5 Attack 2: Learning Honest Party's Element Beyond the Intersection
- 5.1 Attack Description
- 5.2 Attack Analysis
- 5.3 Candidate Mitigations
- 6 Attack 3: Deleting Honest Party's Set Elements
- 6.1 Attack Description
- 6.2 Attack Analysis
- 6.3 Candidate Mitigation
- 7 Conclusion and Future Work
- A Identified Flaws In The Security Proofs
- A.1 Class 1: Not All Checks Have Been Included
- A.2 Class 2: Incomplete Simulator
- A.3 Class 3: Incomplete Definition Of Malformed Input
- B Attack 3 Theorems
- References
- Posters
- RIoTPot: A Modular Hybrid-Interaction IoT/OT Honeypot
- 1 Introduction
- 2 RIoTPot Design
- 3 Preliminary Results
- 4 Conclusion
- References
- Towards Automatically Generating Security Analyses from Machine-Learned Library Models
- 1 Introduction and Motivation
- 2 Vision
- 2.1 Phase 1: Generate Library Models
- 2.2 Phase 2: Generate Security Analyses
- 3 Experiments and Preliminary Results
- 4 Related Work
- 5 Conclusion and Future Work
- References
- Jamming of NB-IoT Synchronisation Signals
- 1 Introduction
- 2 The UE and eNodeB Synchronisation Process
- 3 Jamming the NB-IoT Synchronization Process
- 4 Jamming Evaluation
- 5 Conclusions
- References
- TPRou: A Privacy-Preserving Routing for Payment Channel Networks
- 1 Introduction
- 2 Our Design
- 3 Security Analysis
- 4 Performance Evaluation
- 5 Conclusion
- References
- Determining Asset Criticality in Cyber-Physical Smart Grid
- Abstract
- 1 Introduction: Context and Motivation
- 2 Related Work
- 3 Approach
- 3.1 System Model and Simulation Scenario
- 3.2 Proposed Method
- 4 Experimental Results and Evaluation
- 4.1 System Operations Under No Attack Scenario
- 4.2 System Operations Under Attack Scenario
- 5 Conclusion and Future Work
- References
- Signature-in-Signature: The Last Line of Defence in Case of Signing Key Compromise
- 1 Example Sig-in-Sig Scheme
- A Appendix
- References
- Author Index
