Financial Cryptography and Data Security
15th International Conference, FC 2011, Gros Islet, St. Lucia, February 28 - March 4, 2011, Revised Selected Papers
Published on 2. February 2012
XIV, 334 pages
978-3-642-27576-0 (ISBN)
Description
This book constitutes the thoroughly refereed post-conference proceedings of the 15th International Conference on Financial Cryptography and Data Security, FC 2011, held in Gros Islet, St. Lucia, in February/March 2011.
The 16 revised full papers and 10 revised short papers presented were carefully reviewed and selected from 65 initial submissions. The papers cover all aspects of securing transactions and systems and feature current research focusing on fundamental and applied real-world deployments on all aspects surrounding commerce security; as well as on systems security and inter-disciplinary efforts.
More details
Other editions
Additional editions
George Danezis
Financial Cryptography and Data Security
15th International Conference, FC 2011, Gros Islet, St. Lucia, February 28 - March 4, 2011, Revised Selected Papers
Book
01/2012
1st Edition
Springer
€53.49
Shipment within 7-9 days
Content
- Title page
- Preface
- Organization
- Table of Contents
- Finacial Cryptography and Data Security (FC 2011)
- Collective Exposure: Peer Effects in Voluntary Disclosure of Personal Data
- Financial Privacy and Human Behavior
- Approach
- Hypotheses
- Data
- Method
- Results
- Length of Description
- Provision of a Picture
- Personal Data Disclosure by Type
- Identifiability
- Discussion
- Summary and Interpretation
- Related Work
- Limitations and Future Work
- References
- It's All about the Benjamins: An Empirical Study on Incentivizing Users to Ignore Security Advice
- Introduction
- Related Work
- Experimental Methodology
- Results
- Price Points
- Participant Behavior
- Self-reported Data
- Discussion and Conclusions
- References
- Evaluating the Privacy Risk of Location-Based Services
- Introduction
- State of the Art
- System Model
- Network Model
- Threat Model
- Privacy Erosion
- Collection of Traces by LBSs
- Attacks by LBSs
- Evaluation
- Setup
- Mobility Traces
- Modeling the Collection of Traces by LBSs
- Results
- Conclusion
- References
- Selections: Internet Voting with Over-the-Shoulder Coercion-Resistance
- Introductory Remarks
- Contributions
- Related Work
- Preliminaries
- Selections: High-Level Overview
- Coercion-Resistance
- Untappable Channels
- Registration Authority
- Panic Passwords
- The Selections Protocol
- Registration Setup
- Voter Preparation
- Registration
- Election Set-Up
- Casting
- Pre-tallying
- Voter Revocation
- Performance
- Security Analysis (Abstract)
- Soundness of Registration
- Coercion-Resistance
- Concluding Remarks
- References
- Malice versus AN.ON: Possible Risks of Missing Replay and Integrity Protection
- Introduction
- Description of AN.ON
- Attacker Model and Assumptions
- Attack 1: Redirection Attack
- Redirecting the User
- History Recovery
- From Theory to Practice
- Evaluation
- Attack 2: Replay Attack
- Methodology
- Measurement Results
- Related Works
- Conclusion
- References
- Absolute Pwnage: A Short Paper about the Security Risks of Remote Administration Tools
- Introduction
- Background
- Vulnerabilities
- Defective Encryption
- Defective Authentication
- Attacks
- Sniffing Attacks
- Guessing Attacks
- Global Attacks
- Defenses and Lessons
- Risks of Remote Administration Tools
- Hard-Coded Keys as a Vulnerability Pattern
- Related Work
- Conclusions
- References
- A Protocol for Anonymously Establishing Digital Provenance in Reseller Chains (Short Paper)
- Introduction
- The Tagged Transactions Protocol
- Threat Model
- Definitions and Techniques
- Stage 1 - Supplier Generating Tag with TGC
- Stage 2 - Reseller Instantiating Tag with TGC
- Security Analysis
- Anonymity and Verification of the TGC
- Performance
- Related Work
- Conclusions and Future Work
- References
- Impeding Individual User Profiling in Shopper Loyalty Programs
- Introduction
- Threat Model
- System Architecture
- Tag Retrieval
- System Evaluation and Analysis
- Experimental Setup
- Microbenchmarks
- Field Testing Experience
- Conclusion
- References
- Beyond Risk-Based Access Control: Towards Incentive-Based Access Control
- Introduction
- Overview of Incentive-Based Access Control
- Basic Concepts
- Putting Things Together
- Effort-Based Contract
- Cooperative User and Deterministic Cost
- Considering Non-deterministic Cost
- Consequence-Based Contract
- Human-Subject Evaluation
- Subject Recruitment
- Experimental Design
- Reducing Organizational Risks
- Encouraging Risk-Mitigation Effort
- Conclusions
- References
- Authenticated Key Exchange under Bad Randomness
- Introduction
- Related Work
- Security Models and Definitions
- AKE Protocol Descriptions
- Security Models
- Resettable Security of Existing AKE Protocols
- From Reset-2 Security to Reset-1 and Reset-2 Security
- A New SIG-DH Protocol
- References
- Oblivious Outsourced Storage with Delegation
- Introduction
- Applications
- Contributions
- Building Blocks and Related Work
- Cryptographic Primitives
- Oblivious RAM
- Related Work
- Model
- The Delegated ORAM Solution
- D-ORAM Operations
- Security Analysis
- Complexity
- Discussion
- Beyond a Curious Server
- Efficient Access Right Updates Using Broadcast Encryption Schemes
- Conclusions
- References
- Homomorphic Signatures for Digital Photographs
- Introduction
- Related Work
- Redactable Signatures
- A Naive 2-Dimensional Construction
- Merkle Hashing for Multi-dimensional Data
- PRNGs for Croppable Signatures
- Cropping-Homomorphic Signatures
- Other Homomorphic Signatures for Photographs
- Experimental Results
- Conclusion
- References
- Revisiting the Computational Practicality of Private Information Retrieval
- Introduction
- Preliminaries
- Related Work
- Efficient Single-Server PIR (LPIR-A)
- Multi-server PIR
- First Scheme (MPIR-C)
- Second Scheme (MPIR-G)
- Response Time Measurement Experiment
- Comparing the Trivial and Non-trivial PIR Schemes
- Conclusions
- References
- Optimal One Round Almost Perfectly Secure Message Transmission (Short Paper)
- Introduction
- Background
- 1-Round Optimal APSMT Protocol for n=2t+k
- 1-Round Optimal APSMT Protocol for n=(2+c)t
- Conclusion and Open Problems
- References
- A New Approach towards Coercion-Resistant Remote E-Voting in Linear Time
- Introduction
- The JCJ Protocol
- Description of the Protocol
- Security Properties and Assumptions
- Coercion-Resistance in Linear Time
- Description of the Enhanced Protocol
- Security Properties and Assumptions
- Conclusion and Future Work
- References
- An Attack on PUF-Based Session Key Exchange and a Hardware-Based Countermeasure: Erasable PUFs
- Introduction
- A Problem with PUF-Based Session Key Establishment
- The Protocol of Tuyls and Skoric
- Problems Arising from Repeated Access to the PUF
- Consequences for CRP Refreshment and Identification
- Generality and Difficulty of the Problem
- Erasable PUFs
- Obstacles in the Implementation of Erasable PUFs
- Strong PUFs Based on Crossbar Structures
- Erasing Information from Crossbar Structures
- Summary
- References
- Peeling Away Layers of an RFID Security System
- Introduction
- RFID Reverse Engineering
- Silicon Reverse Engineering
- Black Box Analysis
- Legic Prime Protocol
- Card Layout
- Weaknesses
- Legic Trust Delegation
- Card Hierarchy Concept
- Legic Prime Implementation
- Weaknesses
- Improvement Potential
- Conclusion
- References
- Might Financial Cryptography Kill Financial Innovation? - The Curious Case of EMV
- Introduction
- Micro-merchant Transactions
- Adapting EMV
- Typical EMV Transaction Flow
- Breaking Tamper-Resistance in Court
- Peer-to-Peer EMV - SDA
- Peer-to-Peer EMV - Mixed-Mode
- Going Outside the Banking System
- Merchant Authentication
- Using a Bank Card as a General-Purpose Key
- Trustworthy Hardware
- Conclusions
- References
- hPIN/hTAN: A Lightweight and Low-Cost E-Banking Solution against Untrusted Computers
- Introduction
- The Proposed hPIN/hTAN System
- The hPIN Part
- The hTAN Part
- Security of hPIN/hTAN
- PIN Confidentiality
- User/Server Authenticity
- Transaction Authenticity/Integrity
- Usability of hPIN/hTAN
- Related Work
- Conclusion
- References
- Certified Lies: Detecting and Defeating Government Interception Attacks against SSL (Short Paper)
- Introduction
- Certificate Authorities and the Browser Vendors
- Compelled Assistance
- Protecting Users
- Related Work
- Conclusion and Future Work
- References
- Proximax: Measurement-Driven Proxy Dissemination
- Introduction
- Design
- Challenges
- System Tasks
- Analysis
- Model
- Estimating Risk
- Resource Advertisement Policy
- Discussion
- Conclusion
- References
- BNymble More Anonymous Blacklisting at Almost No Cost (A Short Paper)
- Introduction
- Background and Related Work
- BNymble Protocol
- Evaluation
- Security Analysis
- Efficiency
- Extensions and Future Work
- References
- Towards Secure Bioinformatics Services
- Introduction
- Related Work
- Efficient Computations on Encrypted Non-integer Values
- Secure Bioinformatics
- Implementation and Experimental Results
- References
- Quo Vadis? A Study of the Evolution of Input Validation Vulnerabilities in Web Applications
- Introduction
- Methodology
- Data Gathering
- Vulnerability Classification
- The Exploit Data Set
- Analysis of the Vulnerabilities Trends
- Attack Sophistication
- Application Popularity
- Vulnerability Lifetime
- Related Work
- Discussion and Conclusion
- References
- Re-evaluating the Wisdom of Crowds in Assessing Web Security
- Introduction
- The Wisdom of Crowds for Security
- Related Work
- The Web of Trust (WOT)
- Data Collection
- Analysis
- The Reliability of WOT
- The Few Dominating Contributors
- Exploitability, Disagreement and Subjectivity
- User Concerns on Web Security
- Discussion
- Conclusions
- References
- Mercury: Recovering Forgotten Passwords Using Personal Devices
- Introduction and Motivation
- New Approach: Mercury
- Components and Threat Model
- Setup and Recovery Operation
- Key Generation and Backup
- Variants
- Features and Limitations
- Prototype Implementation on Android
- Existing Approaches, Related Work and Comparison
- Existing Password Recovery Approaches
- Comparison: Mercury vs. Current Approaches
- Other Related Work
- Concluding Remarks
- References
- Author Index
