Information Security Theory and Practice
11th IFIP WG 11.2 International Conference, WISTP 2017, Heraklion, Crete, Greece, September 28-29, 2017, Proceedings
Published on 20. June 2018
XII, 189 pages
978-3-319-93524-9 (ISBN)
Description
This volume constitutes the refereed proceedings of the 11th IFIP WG 11.2 International Conference on Information Security Theory and Practices, WISTP 2017, held in Heraklion, Crete, Greece, in September 2017.
The 8 revised full papers and 4 short papers presented were carefully reviewed and selected from 35 submissions. The papers are organized in the following topical sections: security in emerging systems; security of data; trusted execution; defenses and evaluation; and protocols and algorithms.More details
Other editions
Additional editions
Gerhard P. Hancke | Ernesto Damiani
Information Security Theory and Practice
11th IFIP WG 11.2 International Conference, WISTP 2017, Heraklion, Crete, Greece, September 28-29, 2017, Proceedings
Book
06/2018
Springer
€53.49
Shipment within 10-15 days
Content
- Intro
- Preface
- Organization
- Contents
- Security in Emerging Systems
- A Secure and Trusted Channel Protocol for UAVs Fleets
- 1 Introduction
- 1.1 Contribution
- 1.2 Structure of the Paper
- 2 UAVs Fleet and Rationale for a STCP
- 2.1 Assets to Protect, Adversary Model and SE
- 2.2 SE Usage and Its Security Features
- 2.3 Rationale for a STCP
- 3 Related Work
- 3.1 Related Work on Security Concerns of UAVs Fleets
- 3.2 Related Work on Secure Channel Protocols
- 4 Secure and Trusted Channel Protocol
- 4.1 Security Comparison Criteria
- 4.2 Protocol Notation
- 4.3 Pre-protocol Setup
- 4.4 Proposed Protocol
- 4.5 Post-protocol Process
- 4.6 Protocol Resumption
- 5 Protocol Evaluation
- 5.1 Brief Informal Analysis
- 5.2 Revisiting the Requirements and Goals
- 5.3 Protocol Verification by CasperFDR and AVISPA
- 6 Conclusion and Future Research Directions
- Appendix A CasperFDR Script
- Appendix B AVISPA Script
- References
- Philanthropy on the Blockchain
- 1 Introduction
- 2 Benefits of Blockchain Solutions for Charities/Donors
- 3 The Blockchain Philanthropic Model
- 3.1 Bitcoin Transaction Methods
- 4 The Philanthropic Model in an Offline Environment
- 4.1 SMS Payments and Bitcoin
- 4.2 Security Requirements and Adversarial Model
- 4.3 Proposed SMS-Based Bitcoin Payment Scheme
- 4.4 Processing a Bitcoin Payment Request
- 5 Analysis
- 6 Conclusion and Future Work
- References
- Security of Data
- Long White Cloud (LWC): A Practical and Privacy-Preserving Outsourced Database
- 1 Introduction
- 2 Related Work
- 3 Overview of LWC
- 3.1 System Model
- 3.2 Threat Model
- 3.3 System Interactions
- 4 Key Management and Data Representation
- 4.1 Key Management
- 4.2 Data Structure for the CS
- 4.3 Data Structure for the OPS
- 5 Query Execution
- 5.1 Encryption on the DBU
- 5.2 Index Search on the OPS
- 5.3 Oblivious Access
- 5.4 Data Decryption
- 6 Security Analysis
- 7 Experimental Evaluation
- 8 Conclusion and Future Work
- References
- JACPoL: A Simple but Expressive JSON-Based Access Control Policy Language
- 1 Introduction
- 2 Problem Statement
- 3 JACPoL Detailed Design
- 3.1 Fundamental Design Choices
- 3.2 Policy Structure
- 3.3 Syntax and Conventions
- 3.4 Policy Sets, Policies and Rules
- 3.5 Targets and Conditions
- 3.6 Combining Algorithms
- 3.7 Obligations
- 3.8 Implementation
- 4 Comparative Analysis
- 5 Application of JACPoL to Security Models
- 5.1 RBAC vs ABAC
- 5.2 Attribute-Centric RBAC Application
- 5.3 Role-Centric ABAC Application
- 6 Conclusion
- References
- Trusted Execution
- EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs
- 1 Introduction
- 2 Related Work
- 2.1 Secure Untrusted System Logging
- 2.2 Secure Logging with Trusted Hardware
- 2.3 Discussion
- 3 Trusted Execution Environments (TEEs)
- 4 System Requirements
- 5 EmLog Architecture Design
- 5.1 Log Collection
- 5.2 Block Generation
- 5.3 Secure Storage and Remote Retrieval
- 6 Implementation
- 7 Evaluation
- 7.1 Discussion
- 7.2 Requirements Comparison
- 8 Conclusion
- References
- How TrustZone Could Be Bypassed: Side-Channel Attacks on a Modern System-on-Chip
- 1 Introduction
- 2 Trusted Execution Environment and TrustZone
- 2.1 Trusted Execution Environment
- 2.2 TrustZone
- 3 Side Channel Attacks
- 3.1 Definition
- 3.2 Previous Works
- 3.3 Use Cases
- 4 Experiments
- 4.1 Targeted Device
- 4.2 Software Implementation
- 4.3 Test Bench
- 4.4 Preliminary Experiments
- 4.5 Experimental Results
- 5 Conclusion
- References
- Defences and Evaluation
- Formalising Systematic Security Evaluations Using Attack Trees for Automotive Applications
- 1 Introduction
- 2 Related Work
- 2.1 Attack Trees
- 2.2 Model-Based Security Testing
- 3 Semantic Models
- 3.1 Attack Trees
- 3.2 CSP
- 4 Methodology
- 4.1 Transforming Attack Trees into CSP Processes
- 5 Implementation
- 5.1 Test Case Generation
- 5.2 Test Case Execution
- 6 Case Study
- 6.1 Vehicular Communications
- 6.2 Attack Tree Translation
- 6.3 Results
- 7 Conclusion and Future Work
- References
- Examination of a New Defense Mechanism: Honeywords
- 1 Introduction
- 2 Offline Brute-Force and Dictionary Attacks
- 3 Review of Honeywords System
- 4 Our Proposed Solutions
- 4.1 Defending Against Malicious Code Modifications
- 5 Security Analysis
- 6 Conclusion
- References
- AndroNeo: Hardening Android Malware Sandboxes by Predicting Evasion Heuristics
- 1 Introduction
- 2 Background and Related Work
- 2.1 Sandbox Detection
- 2.2 Sandbox Hardening
- 3 AndroNeo
- 3.1 Reconnaissance
- 3.2 Calculating Distinguishers
- 3.3 Patch Generation
- 4 Experimentation
- 4.1 Experiment Setup
- 4.2 Distinguisher Profiles
- 4.3 Case Studies
- 5 Scope Extension
- 5.1 Limitations
- 5.2 Proposed Extensions
- 6 Conclusion
- References
- Protocols and Algorithms
- A More Efficient 1-Checkable Secure Outsourcing Algorithm for Bilinear Maps
- 1 Introduction
- 1.1 Related Work
- 1.2 Our Contributions
- 2 Security Model
- 3 Verifiable Secure Outsourcing of Bilinear Maps
- 3.1 Bilinear Maps
- 3.2 Precomputations
- 3.3 Our Algorithm: OutPair
- 3.4 Security Analysis
- 4 Comparison
- 5 Conclusion
- References
- A Selective Privacy-Preserving Identity Attributes Protocol for Electronic Coupons
- 1 Introduction
- 2 Related Work
- 3 Scheme: Scenario and Security
- 3.1 Scenario
- 3.2 Security Requirements
- 3.3 Cryptographic Background
- 4 Proposal
- 4.1 System Set-Up
- 4.2 Phases
- 5 Security Analysis
- 6 Conclusions and Further Work
- References
- Revisiting Two-Hop Distance-Bounding Protocols: Are You Really Close Enough?
- 1 Introduction
- 2 Two-Hop Distance Bounding
- 2.1 Security Analysis
- 2.2 Effects of Possible Positions of the Linker
- 3 The Proposed Two-Hop DB Protocol
- 3.1 Security Analysis
- 3.2 Extension to the Multi-hop DB Setting
- 4 Conclusion
- References
- Author Index
