Information Security
13th International Conference, ISC 2010, Boca Raton, FL, USA, October 25-28, 2010, Revised Selected Papers
Published on 18. January 2011
XIV, 446 pages
978-3-642-18178-8 (ISBN)
Description
This book constitutes the refereed proceedings of the 13th International Conference on Information Security, ISC 2010, held in Boca Raton, FL, USA, in October 2010.
The 25 revised full papers and the 11 short papers presented were carefully reviewed and selected from 117 submissions. The papers are organized in topical sections on attacks and analysis; analysis; authentication, PIR and content identification; privacy; malware, crimeware and code injection; intrusion detection; side channels; cryptography; smartphones; biometrics; cryptography, application; buffer overflow; and cryptography, theory.
More details
Other editions
Additional editions
Mike Burmester | Gene Tsudik | Spyros S. Magliveras
Information Security
13th International Conference, ISC 2010, Boca Raton, FL, USA, October 25-28, 2010, Revised Selected Papers
Book
01/2011
Springer
€53.49
Shipment within 5-7 days
Content
- Title Page
- Preface
- Organization
- Table of Contents
- Attacks and Analysis
- Improved Collision Attacks on the Reduced-Round Grøstl Hash Function
- Introduction
- A Short Description of Grøstl
- Cryptanalytic Techniques
- The Start-from-the-Middle Rebound Technique
- The Super-Sbox Rebound Technique
- Collision and Semi-free-Start Collision Attacks on Reduced Round Grøstl
- The Attack Strategy
- Applying the Start-from-the-Middle Rebound Technique to 5-Round, 6-Round, and 7-Round Grøstl-224 and -256
- Applying the Super-Sbox Rebound Technique to 8-Round Grøstl-224 and -256
- Distinguishers for the Round-Reduced Grøstl Permutation
- Distinguishers in the Limited-Birthday Model
- Distinguishers in the Subspace Problem Model
- Conclusion
- References
- Improved Distinguishing Attack on Rabbit
- Introduction
- Review of Rabbit
- Bias Analysis Involving Multiple Keystream Sub-blocks
- Experimental Results
- Finding a Larger Bias within One Keystream Block
- Conclusion
- References
- Cryptanalysis of the Convex Hull Click Human Identification Protocol
- Introduction
- The CHC Human Identification Protocol
- The Protocol
- Description of the Adversary
- Attack 1: Difference in Distributions
- Attack 2
- The Attack
- Why Does Attack 2 Work
- Conclusion
- References
- An Analysis of DepenDNS
- Introduction
- DepenDNS
- DepenDNS Algorithm p
- Scheme Review
- DepenDNS and Content Delivery Networks
- Attacking DepenDNS
- General Assumptions
- DNS Cache Poisoning Attack
- Denial of Service Attack
- Conclusion
- References
- Analysis
- Security Reductions of the Second Round SHA-3 Candidates
- Introduction
- Preliminaries
- Security Notions
- Compression Function Design Strategies
- Hash Function Design Strategies
- SHA-3 Hash Function Candidates
- Summary and Conclusions
- References
- Security Analysis of the Extended Access Control Protocol for Machine Readable Travel Documents
- Introduction
- Security Model
- The Extended Access Control (EAC) Protocol
- Protocol Description of the Terminal Authentication
- Protocol Description of the Chip Authentication
- Protocol Description of the Extended Access Control
- Remarks
- Security of the EAC Protocol
- Security Assumptions
- Security Proof
- Discussion
- References
- Revisiting the Security of the ALRED Design
- Introduction
- Definitions and Basic Notation
- Block Ciphers and PRFs
- The ALRED Construction
- PELICAN and MARVIN Message Authentication Codes
- Accumulation Collisions
- Fixed Point Collisions
- Extinguishing Differential Collisions
- The Security of MARVIN
- Basic Games
- Collisions with the Constant $c$
- Accumulation Collisions: Fixed Points
- Accumulation Collisions: Extinguishing Differentials
- Conclusions on MARVIN's Security
- Applicability to PELICAN
- Conclusions
- References
- Authentication, PIR and Content Identification
- Lightweight Anonymous Authentication with TLS and DAA for Embedded Mobile Devices
- Introduction
- Anonymous Authentication with Mobile Devices
- Our Lightweight Anonymous Authentication Scheme
- Protocol Overview
- Trust Model and Assumptions
- Notation and Preliminaries
- Protocol Specification
- Security Analysis
- Device Authentication
- Unlinkability of Devices
- Architecture and Implementation
- Security Extensions for Embedded CPUs
- Integration of Our Scheme into Transport Layer Security (TLS)
- Overview of the Implementation
- Performance Evaluation
- Related Work
- Conclusion
- References
- Implicit Authentication through Learning User Behavior
- Introduction
- Related Work
- Adversarial Models
- Data Sources and Architecture
- Algorithm
- Modelling User Behavior
- Scoring Recent Behavior
- Selection of Features
- Experiment Design
- Data Collection
- Modelling Adversary Behavior
- Detailed Experimental Design
- Results
- Power of Fusing Multiple Features
- Stronger Adversarial Models
- Future Work
- References
- Efficient Computationally Private Information Retrieval from Anonymity or Trapdoor Groups
- Introduction
- Our Results
- Performance
- Organization
- Anonymity Based cPIR Protocol
- Anonymity Based cPIR Protocol - Analysis
- Trapdoor Group cPIR Protocol
- Correctness
- Trapdoor Group cPIR Protocol Example
- Trapdoor Group cPIR Protocol Security
- Hardness Assumption and Information-Theoretic Bound
- Proof of Security via Reduction
- Implementation Performance
- Summary and Future Work
- References
- Video Streaming Forensic - Content Identification with Traffic Snooping
- Introduction
- System and Threat Model
- Signature Generation
- Modeling Video Matching Using Significance Testing
- Experimental Evaluation
- Conclusion
- References
- Privacy
- Fair and Privacy-Preserving Multi-party Protocols for Reconciling Ordered Input Sets
- Introduction
- Related Work
- Preliminaries
- Ordered Sets and Preferences
- Homomorphic Cryptosystem
- Prior Results on Two-Party Preference-Maximizing Protocols
- Prior Results on Multiset Operations
- Adversary Model
- Multi-party Privacy-Preserving Reconciliation of Ordered Sets
- Round-Based Constructions
- Multiset-Based Constructions
- Performance Comparison
- Conclusions and Future Work
- References
- Enhancing Security and Privacy in Certified Mail Systems Using Trust Domain Separation
- Introduction
- Background
- The Austrian Governmental CMS
- Security Requirements
- Privacy
- Threats
- Security Extensions
- Unique Business Identifier
- Trust Domain Separation
- Protocol Description
- Conclusions
- References
- Privacy-Preserving ECC-Based Grouping Proofs for RFID
- Introduction
- Assumptions and Adversary Model
- ECC-Based Grouping-Proof Protocol with Colluding Tag Prevention
- Notation
- Protocol Description
- Extension to n&2 Parties
- Analysis
- Implementation
- Conclusions
- References
- Malware, Crimeware and Code Injection
- Artificial Malware Immunization Based on Dynamically Assigned Sense of Self
- Introduction
- Design and Implementation
- Goals and Assumptions
- Overall Architecture of Artificial Malware Immunization
- Transparently Immunizing Programs
- Artificial Malware Immunization Infrastructure
- Evaluation
- Effectiveness of the Artificial Malware Immunization
- Performance Measurements
- Related Works
- Conclusions
- References
- Misleading Malware Similarities Analysis by Automatic Data Structure Obfuscation
- Introduction
- System Overview
- The Set of Latent Problems
- Sequence Dependent Access
- Link Consistence
- Operating System API and Standard Library Related
- Flexible Array Member
- Design and Implementation
- Overview
- Compound Literal Initialization
- Identify Type Conversion and Pointer Algorithm
- Flexible Array Member
- Operating System API and Dynamic Link Library Related
- Evaluation
- Effectiveness
- Performance
- Data Structure Obfuscation against Laika
- Limitations and Future Work
- Related Work
- Conclusion
- References
- Crimeware Swindling without Virtual Machines
- Introduction
- Original System
- Personal Workstations
- Evaluation
- Conclusion
- References
- An Architecture for Enforcing JavaScript Randomization in Web2.0 Applications
- Introduction
- Architecture
- References
- Intrusion Detection
- Summary-Invisible Networking: Techniques and Defenses
- Introduction
- Related Work
- Goals and Assumptions
- A SIN Network Framework
- Neighbor Discovery
- Naming
- Data Object Model
- Available Capacity
- Evaluation of SIN for Attacker Workloads
- Flooding and Neighbor Table Broadcast
- Unicast Routing
- Detection of SIN Networks
- Conclusion
- References
- Selective Regular Expression Matching
- Introduction
- Related Work
- Background
- Motivating Example
- A Selective Matching Approach
- Deriving Regex Patterns
- Ensuring Matching Correctness
- Optimizing Regex Tree
- Rule Reduction
- Pattern Reduction
- Pattern Selection
- Selective Matching Algorithm
- Evaluation Results
- Conclusion
- References
- Traceability of Executable Codes Using Neural Networks
- Introduction
- Related Works
- Proposed Approach
- Extraction Process
- Artificial Neural Network
- Experimental Evaluation
- Selection of Meaningful Characteristics
- Evaluation of Malware Modified Binaries
- Conclusions
- References
- Side Channels
- On Side-Channel Resistant Block Cipher Usage
- Introduction
- Preliminaries
- Re-keying Based Block Cipher and Encryption Scheme
- Side-Channel Security Model
- Side-Channel Security of Parallel Re-keying
- Comparison to Alternative Side-Channel Resistant Methodologies
- Conclusions
- References
- Security Implications of Crosstalk in Switching CMOS Gates
- Introduction
- Layout Dependent Phenomena
- Theoretical Considerations
- Security Implications
- Classification Performance
- Simulations
- Conclusion
- References
- On Privacy Leakage through Silence Suppression
- Introduction
- Background
- Problem Definition
- Detecting Speaker of VoIP Calls
- Feature Extraction
- HMM Training
- Speaker Detection
- Empirical Evaluation
- Experiment Setup
- Detection Performance
- Related Work
- Conclusions
- References
- Cryptography
- One-Time Trapdoor One-Way Functions
- Introduction
- Preliminaries
- Notations
- One-Way Function
- Trapdoor One-Way Function
- Signature Scheme
- The Factoring Assumption(s)
- One-Time Trapdoor One-Way Functions
- Definition
- OTTOWF Based on Rabin's TOWF
- OTTOWF Based on Paillier's Trapdoor Permutation
- OTTOWF Based on One-Way Functions
- Application to Fair Exchange
- Fair Exchange of Signatures
- Fair Exchange without STTP
- Fair Exchange with STTP
- Conclusion
- References
- Public Key Encryption Schemes with Bounded CCA Security and Optimal Ciphertext Length Based on the CDH Assumption
- Introduction
- Our Contribution
- Preliminaries
- Public Key Encryption
- Number Theoretic Assumptions
- Goldreich-Levin Hard-Core Function
- Target Collision Resistant Hash Functions
- Strong Pseudo-random Permutation
- Cover Free Families
- Hybrid Encryption
- IND-q-CCA2 Encryption from CDH
- References
- A Short Signature Scheme from the RSA Family
- Introduction
- Contributions
- Preliminaries
- Definition Related to RSA Modulus
- Digital Signature and Its Security Definition
- Security Assumption Related to the RSA Modulus
- A Short Signature Scheme Based on the Strong RSA Subgroup Assumption
- The Scheme
- The Security Property
- A Brief Comparison of Signature Schemes
- Conclusions
- References
- Efficient Message Space Extension for Automorphic Signatures
- Introduction
- Background
- Known Constructions
- Our Contribution
- Preliminaries
- Definitions
- Common Setting
- Review of the Construction in [5]
- Our Construction
- A Scheme for Unbound Message Size
- A Scheme for Small Constant-Size Messages
- Efficiency Comparison
- Conclusion
- References
- Smartphones
- CRePE: Context-Related Policy Enforcement for Android
- Introduction
- Related Work
- Android Overview
- The CRePE System
- Definitions
- Architecture
- Implementation
- System Evaluation
- A Running Example
- Security
- Overhead
- Conclusion
- References
- Privilege Escalation Attacks on Android
- Introduction
- Android
- Android Architecture
- Android Security Mechanisms
- Privilege Escalation Attack on Android
- A Study Example
- Instantiation of Our Privilege Escalation Attack
- Attack Scenario and Assumptions
- Android Scripting Environment
- Attack Technique
- Attack Implementation
- Related Work
- Conclusion
- References
- Biometrics
- Walk the Walk: Attacking Gait Biometrics by Imitation
- Introduction
- Gait Biometrics
- State of the Art
- Security Testing of Gait Biometrics
- Contribution
- Choice of Technology
- Gait Analysis
- Dynamic Time Warping
- Hardware
- Creating Templates
- Comparing Templates
- Experiment Description
- Data Analysis
- Statistical Tools
- The Plateau
- Results
- System Performance
- Mimicking Performance
- Breaking Through
- Conclusion
- Future Research
- References
- Cryptography, Application
- Efficient Multiplicative Homomorphic E-Voting
- Introduction
- Background
- Shuffling in E-Voting
- Vote Validity Check
- Accumulator as an Efficiency Improvement Mechanism
- New Multiplicative Homomorphic E-Voting
- Preparation and System Setting-Up Work
- Voting Procedure: Vote Sealing and Vote Validity Check
- Tallying Procedure: Grouped Tallying and Shuffling of the Groups
- Analysis and Comparison
- Conclusion
- References
- Double Spending Protection for E-Cash Based on Risk Management
- Introduction
- Related Work
- Protocol Framework
- Preliminaries
- E-Cash Purchase and Deposit at the Bank
- Registration and Exit Protocols
- Payments within a Community
- Protocol Analysis
- Risk Management
- Principle
- Fining Fraudsters a Posteriori
- Fining Fraudsters Preemptively
- Conclusion
- References
- Buffer Overflow
- Integrating Offline Analysis and Online Protection to Defeat Buffer Overflow Attacks
- Introduction
- Overview of Our Approach
- Design and Implementation
- Offline Identification
- Online Protection
- Evaluation
- Conclusion
- References
- Cryptography, Theory
- Deciding Recognizability under Dolev-Yao Intruder Model
- Introduction
- Preliminaries
- Recognizability
- Deciding Recognizability
- Constraint
- Reduction
- Our Construction
- Algorithms
- Discussion
- Conclusion
- References
- Indifferentiable Security Reconsidered: Role of Scheduling
- Introduction
- Contribution
- Related Works
- Preliminaries
- Indifferentiability Framework Using ITMs
- Task-PIOA Framework
- Indifferentiability with Non-sequential Scheduling
- Security of Cryptosystems
- Indifferentiability
- Substitutable Security
- Reduction and Reducibility
- Separation of Two Worlds
- Sequential Indifferentiability ? Non-sequential Indifferentiability
- Non-sequential Indifferentiability ? Sequential Indifferentiability
- References
- Author Index
