Security Protocols XIX
19th International Workshop, Cambridge, UK, March 28-30, 2011, Revised Selected Papers
Published on 11. January 2012
IX, 383 pages
978-3-642-25867-1 (ISBN)
Description
This book constitutes the thoroughly refereed post-workshop proceedings of the 19th International Workshop on Security Protocols, held in Cambridge, UK, in March 2011.
Following the tradition of this workshop series, each paper was revised by the authors to incorporate ideas from the workshop, and is followed in these proceedings by an edited transcription of the presentation and ensuing discussion. The volume contains 17 papers with their transcriptions as well as an introduction, i.e. 35 contributions in total. The theme of the workshop was "Alice doesn't live here anymore".
More details
Other editions
Additional editions
Bruce Christianson | Bruno Crispo | James Malcolm
Security Protocols XIX
19th International Workshop, Cambridge, UK, March 28-30, 2011, Revised Selected Papers
Book
12/2011
Springer
€53.49
Shipment within 7-9 days
Content
- Intro
- Title Page
- Preface
- Previous Proceedings in this Series
- Table of Contents
- Introduction: Alice Doesn't Live Here Anymore(Transcript)
- His Late Master's Voice: Barking for Location Privacy
- Introduction
- RFID Tags Know the Current Time and Their Location
- Applications
- Threat Model
- RFID Tags Know Their Location
- RFID Tags Know the Current Time
- RFID Tags Do Not Know the Time or Location
- Proofs for Protocols 2, 3 and 4
- References
- His Late Master's Voice (Transcript of Discussion)
- Can We Fix the Security Economics of Federated Authentication?
- Case 1 - SSO
- Case 2 - SSL
- Case 3 - 3DS
- Case 4 - OpenID
- Mobile Wallets
- A Security-Economics Proposal
- Conclusion
- References
- Can We Fix the Security Economics of Federated Authentication?
- Pico: No More Passwords!
- Why Users Are Right to Be Fed Up
- Pico: A Usable and Secure Memory Prosthesis
- User Authentication with the Pico
- Core Design of the Pico
- Main Button: Offer Credentials
- Pairing Button: Initial Pairing
- Replacing All Passwords
- Details of Pico Operation
- Locking and Unlocking the Pico with the Picosiblings
- Continuous Authentication
- Backup
- Escrow
- Coercion Resistance
- Revocation
- Optimizations (As Roger Needham Would Call Them)
- Using a Smart Phone as the Pico
- Typing Passwords
- Removing Fancy Features
- Gradual Adoption
- Related Work
- Conclusions
- References
- Pico: No More Passwords! (Transcript of Discussion)
- Getting Web Authentication Right A Best-Case Protocol for the Remaining Life of Passwords
- Introduction
- Previous Work
- Our Proposal
- Notation
- Enrolment
- Login
- Site Interaction
- Optimisations
- Password Recovery
- Security Properties
- References
- Getting Web Authentication Right (Transcript of Discussion)
- When Context Is Better Than Identity: Authentication by Context Using Empirical Channels
- Introduction
- Defining Proper Context
- Authentication by Context
- The Impact of Social Networks
- Authenticating Online Identities
- Ratings on Social Networks
- The Evaluation of Risks and Trust
- Human Interactive Security Protocols
- Using a HISP
- Mobile Payment
- On-Body Sensor Registration
- Future Research: Group Authentication by Context
- Conclusion
- References
- When Context Is Better Than Identity (Transcript of Discussion)
- Selective Location Blinding Using Hash Chains
- Introduction
- General Architecture
- Selective Location Blinding
- Locations and Hash Chains
- A Selective Location Blinding Protocol
- Validation
- Related Work
- Conclusion
- References
- Selective Location Blinding Using Hash Chains(Transcript of Discussion)
- Risks of Blind Controllers and Deaf Views in Model View Controller Patterns for Multitag User Interfaces
- Introduction
- Multitag Interfaces
- Cut and Paste Attack
- Man in the Middle Attack
- Possible General Solutions
- Possibility of an Impossibility Result
- Conclusion
- References
- Risk of Blind Controller Patterns for Multitag User Interfaces (Transcript of Discussion)
- How to Sync with Alice
- Introduction
- Background
- Password Authenticated Key Exchange
- J-PAKE
- Sync Solutions in Browsers
- Overview
- Chrome Sync
- Firefox Sync
- Discussion
- Comparison between Firefox and Chrome
- Outlook of PAKE
- Conclusion
- References
- How to Sync with Alice (Transcript of Discussion)
- Attack Detection vs. Privacy - How to Find the Link or How to Hide It?
- Introduction
- Possible Problems
- Problems that Privacy Mechanisms May Cause to IDSs
- Problems That IDSs May Cause to Privacy Mechanisms
- Towards a Successful Cooperation of IDSs and Privacy Mechanisms
- Both Privacy Mechanisms and IDSs Are Designed in a Non-interfering Way and Still Achieve Their Goals
- Privacy Mechanisms and IDS Cooperate
- Involvement of a Trusted Third Party
- IDSs and Privacy Mechanisms Leverage Properties of Each Other
- Sketching Some Solutions
- How to Hide a Link
- How to Find a Link
- Conclusion and Further Work
- References
- Attack Detection vs Privacy - How to Find the Link or How to Hide It (Transcript of Discussion)
- The Sense of Security and a Countermeasure for the False Sense
- Introduction
- Related Work
- User Survey on Anshin
- Questionnaire Survey
- Survey with the Students in Japan
- Survey of CS Students
- Survey of Non-CS Students
- Survey of Non-computer Science, University Students in the U.S.A.
- Survey of Local Government Officers
- Discussion
- An Interface Causing Discomfort
- Related Work
- User Survey
- Conclusions
- References
- The Sense of Security and a Countermeasure for the False Sense (Transcript of Discussion)
- Towards a Theory of Trust in Networks of Humans and Computers
- Introduction
- Impact of a Theory of Trust
- A Simple Communication Model
- Computational Trust Overview
- Isolation
- Trustworthiness and Correctness
- The Act of Trusting the Sender
- Behavioral Trust Overview
- Usefulness of Behavioral Trust in Networks of Humans and Computers
- Directions for Further Research
- Foundations
- Computer Systems, Network Architecture, Computer Security
- Promoting Cooperation in Networks of Humans and Computers
- References
- Towards a Theory of Trust in Networks of Humans and Computers (Transcript of Discussion)
- Gearing Up: How to Eat Your Cryptocake and Still Have It
- Gearing Up: How to Eat Your Cryptocake and Still Have It (Transcript of Discussion)
- Make Noise and Whisper: A Solution to Relay Attacks
- Introduction
- The Relay Attack Problem
- Our Solution: Hop-Count Metric by Introducing Noise
- Implementation
- Method 1
- Method 2
- Evaluation
- Limitations
- Related Work
- Conclusions and Further Work
- References
- Make Noise and Whisper: A Solution to Relay Attacks (Transcript of Discussion)
- Scrambling for Lightweight Censorship Resistance
- Introduction
- Scrambling
- Required Properties of a Scrambling Function
- Outline of a Practical Implementation
- Future Desirable Properties
- References
- Scrambling for Lightweight Censorship Resistance(Transcript of Discussion)
- The Metaplace Security Model
- Introduction
- Qualitative Approach
- Social vs. Game-Like
- The Metaplace Architecture
- Comparison with Second Life
- Threat Model
- Security Issues: Attacker with User-Level Access
- State Transferred via the Client
- Security Issues: Attacker Imports a Module
- Properties have Global Scope
- Triggers Have Global Scope
- The Stylesheet Attack
- Is Metaplace too Secure?
- Cross-World State
- Neighbours
- User-Generated Avatar Clothing
- Shops
- Conclusions
- References
- The Metaplace Security Model (Transcript of Discussion)
- One-Way Cryptography
- A (Perhaps Typical) One-Way Protocol
- One-Way Encryption Is Hard
- One-Way Protocols Reverse the ``safe'' Assumption
- Error Detection and Recovery Is Important
- Where Have We Seen This Before?
- References
- One-Way Cryptography (Transcript of Discussion)
- How to Keep Bad Papers Out of Conferences (with Minimum Reviewer Effort)
- Introduction
- Threat Model
- Mechanical Assistance
- Clustering Submissions
- Signalling That Authors Possess What They Cite
- Checking That Authors Have Read What They Cite
- Encouraging Diversity
- Future Work
- Conclusion
- References
- How to Keep Bad Papers Out of Conferences(Transcript of Discussion)
- Postscript: Alice Reflects upon the State of the Art in Security Protocol Design
- Author Index
