ICT Systems Security and Privacy Protection
33rd IFIP TC 11 International Conference, SEC 2018, Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18-20, 2018, Proceedings
Published on 10. September 2018
XIII, 400 pages
978-3-319-99828-2 (ISBN)
Description
This book constitutes the refereed proceedings of the 33rd IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2018, held at the 24th IFIP World Computer Congress, WCC 2018, in Poznan, Poland, in September 2018.
The 27 revised full papers presented were carefully reviewed and selected from 89 submissions. The papers present novel research on theoretical and practical aspects of security and privacy protection in ICT systems. They are organized in the following topical sections: authentication, failures of security management, security management/forensic, and software security/attacks.
The 27 revised full papers presented were carefully reviewed and selected from 89 submissions. The papers present novel research on theoretical and practical aspects of security and privacy protection in ICT systems. They are organized in the following topical sections: authentication, failures of security management, security management/forensic, and software security/attacks.
More details
Series
Language
English
Place of publication
Cham
Switzerland
Publishing group
Springer International Publishing
Target group
Professional and scholarly
Product notice
Reflowable
Illustrations
XIII, 400 p. 100 illus.
File size
20,15 MB
ISBN-13
978-3-319-99828-2 (9783319998282)
DOI
10.1007/978-3-319-99828-2
Schweitzer Classification
Other editions
Additional editions
Lech Jan Janczewski | Miroslaw Kutylowski
ICT Systems Security and Privacy Protection
33rd IFIP TC 11 International Conference, SEC 2018, Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18-20, 2018, Proceedings
Book
08/2018
Springer
€106.99
Shipment within 10-15 days
Content
- Intro
- Preface
- IFIP TC-11 SEC 2018
- Contents
- Authentication
- Design Weaknesses in Recent Ultralightweight RFID Authentication Protocols
- 1 Introduction
- 2 Preliminaries: Transforms
- 3 KMAP
- 4 RCIA
- 5 SASI+
- 6 SLAP
- 7 Conclusions
- References
- CPMap: Design of Click-Points Map-Based Graphical Password Authentication
- 1 Introduction
- 2 Related Work
- 3 A Study on PassMap
- 4 CPMap and Evaluation
- 4.1 Design of CPMap
- 4.2 User Study
- 4.3 Discussion and Limitations
- 5 Conclusion
- References
- The Influence of Native Language on Password Composition and Security: A Socioculture Theoretical View
- Abstract
- 1 Introduction
- 2 Theoretical Foundation
- 2.1 The Generic Law of Development
- 2.2 Mediation
- 2.3 Generic Domains
- 3 Methodology
- 3.1 The Experimental Design and Administration
- 3.2 Data Analysis
- 4 Findings and Results
- 4.1 Demographics
- 4.2 Social Context Overview
- 4.3 Mediating Symbolic Tools and Password Composition
- 4.4 Password Generation Strategy
- 4.5 Password Strength
- 5 Recommendations and Conclusion
- References
- A Hypergame Analysis for ErsatzPasswords
- 1 Introduction
- 2 Mathematical Formulation of Hypergames
- 2.1 Two-Player Game and Hypergames Definitions
- 3 Misperception in Cyber Conflicts
- 3.1 Misinterpretation
- 3.2 Over-Perception
- 3.3 Under-Perception
- 3.4 Stability Analysis
- 3.5 Information Security and Stability Analysis
- 4 Modeling the ErsatzPassword Scenarios
- 4.1 Background on Security Control
- 4.2 Players and Actions
- 4.3 Outcomes
- 4.4 Preference Lists
- 4.5 Overall Equilibrium Analysis
- 4.6 Misinterpretation Analysis
- 4.7 Risk-Tolerant/Averse Attacker Analysis
- 5 Discussion and Related Work
- 6 Conclusion
- References
- Walking Through the Deep: Gait Analysis for User Authentication Through Deep Learning
- 1 Introduction
- 2 Background
- 2.1 Gait Analysis
- 2.2 Deep Learning
- 3 Dataset Description and Processing
- 3.1 Dataset Description
- 3.2 Data Processing
- 4 Data Analysis
- 4.1 Network Description and Training
- 4.2 Evaluation Metrics
- 5 Experimental Analysis
- 5.1 Sensor Filtering
- 5.2 Unknown Identities Recognition
- 6 Related Work
- 7 Conclusion and Future Work
- References
- Failures of Security Management
- Practical Cryptographic Data Integrity Protection with Full Disk Encryption
- 1 Introduction
- 2 Threat Model and Use Cases
- 2.1 Attackers
- 2.2 FDE Protection Types
- 2.3 Data Corruption and Forgery
- 2.4 Replay Attacks
- 3 Length-Preserving and Authenticated Encryption
- 3.1 Authenticated Encryption
- 3.2 Initialization Vectors
- 3.3 Error Propagation in Encrypted Sector
- 4 Metadata Storage Placement
- 4.1 Metadata in Hardware Sector
- 4.2 Metadata Stored Separately
- 4.3 Interleaved Metadata Sectors
- 4.4 Recovery on Write Failure
- 5 Linux Kernel Implementation
- 5.1 Sector Authenticated Encryption
- 5.2 The dm-integrity and the dm-crypt Module
- 6 Performance
- 6.1 Linear Access
- 6.2 Random I/O Throughput
- 7 Conclusions
- 7.1 Future Work
- References
- When Your Browser Becomes the Paper Boy
- 1 Motivation
- 2 The Attack
- 3 Proof of Concept
- 4 Scalability Evaluation
- 5 Stealthiness, Resources and Network Conditions
- 6 Countermeasure Discussion
- 7 Related Work
- 8 Conclusion
- References
- EMPower: Detecting Malicious Power Line Networks from EM Emissions
- 1 Introduction
- 2 Security Risk
- 3 Threat Model
- 4 Related Work
- 5 Background
- 5.1 HomePlug AV
- 6 Designing EMPower
- 7 The EMPower Detector
- 7.1 Frequency Domain
- 7.2 Time Domain
- 8 Evaluation
- 8.1 Experimental Setup
- 8.2 Detection Accuracy
- 9 Discussion
- 10 Conclusion
- References
- Attacking RO-PUFs with Enhanced Challenge-Response Pairs
- 1 Introduction
- 2 Construction
- 3 Attack
- 4 Discussion
- References
- A Security Analysis of FirstCoin
- 1 Introduction
- 2 Background
- 3 Related Work
- 4 FirstCoin
- 5 Proposed Attack
- 6 Evaluation
- 6.1 Evaluation Setup
- 6.2 Implementation
- 6.3 Results
- 6.4 Discussion
- 7 Conclusions
- 8 Responsible Disclosure
- References
- PRETT: Protocol Reverse Engineering Using Binary Tokens and Network Traces
- 1 Introduction
- 2 Overall Description
- 3 State Machine Inference
- 3.1 Message Generation
- 3.2 State Machine Expansion
- 3.3 State Machine Minimization
- 4 Evaluation
- 4.1 Inferred State Machine
- 4.2 Comparative Evaluation
- 4.3 Discovery of Unexpected Behaviors
- 5 Limitation
- 6 Related Work
- 7 Conclusion
- References
- Assessing Privacy Policies of Internet of Things Services
- 1 Introduction
- 2 Background
- 2.1 General Data Protection Regulation
- 2.2 ePrivacy Regulation
- 3 Related Work
- 4 Methodology
- 4.1 Framework Development
- 4.2 Policy Selection
- 4.3 Assessment Procedure
- 5 Assessment Framework for Privacy Policies
- 5.1 Parameters
- 5.2 Transparency Score
- 5.3 Privacy Score
- 6 Results
- 6.1 Ranking Results
- 6.2 Statistics on the Privacy Policies
- 7 Discussion
- 7.1 Limitations and Threats to Validity
- 7.2 Future Extension of the Framework
- 8 Conclusion and Future Work
- References
- JonDonym Users' Information Privacy Concerns
- 1 Introduction
- 2 Background and Related Work
- 3 Methodology
- 3.1 Research Hypotheses
- 3.2 Questionnaire Composition and Data Collection Procedure
- 4 Results
- 4.1 Assessment of the Measurement Model
- 4.2 Assessment and Results of the Structural Model
- 5 Discussion and Conclusion
- A Questionnaire
- References
- Security Management / Forensic
- Optimal Security Configuration for Cyber Insurance
- 1 Introduction
- 2 Problem Specification
- 3 Utility Maximisation
- 3.1 Indemnity
- 3.2 Security Controls
- 3.3 Security Investments
- 3.4 Algorithm for Computation of Optimal Self-investments
- 4 Case Study
- 5 Related Work
- 6 Conclusion
- References
- The Tweet Advantage: An Empirical Analysis of 0-Day Vulnerability Information Shared on Twitter
- 1 Introduction
- 2 Related Work and Background Information
- 2.1 Related Work
- 2.2 Vulnerability Lifecycle
- 2.3 Assignment of CVE Identifiers
- 3 Research Methodology
- 4 Results
- 4.1 General Observations
- 4.2 Mapping the Collected Tweets to the Vulnerability Lifecycle
- 4.3 Contents of the Collected Tweets
- 5 Discussion and Limitations
- 5.1 Discussion of Results
- 5.2 Limitations
- 6 Conclusion and Future Work
- References
- Anti-forensic = Suspicious: Detection of Stealthy Malware that Hides Its Network Traffic
- 1 Introduction
- 2 Proposed Method
- 2.1 Customized Secure Processor
- 3 Evaluation of the Proposed Method
- 3.1 Experimental Setup
- 3.2 Attack Model
- 3.3 Malware Dataset Characteristics and Evaluation
- 3.4 False Positives and Runtime Performance
- 4 Related Work
- 5 Conclusion and Discussion
- References
- Usability Characteristics of Security and Privacy Tools: The User's Perspective
- Abstract
- 1 Introduction
- 2 Background: Usability Characteristics
- 3 Research Method
- 3.1 Research Design
- 3.2 Description of Scenarios
- 4 Research Findings
- 4.1 Usability Characteristics Relevant to Installation
- 4.2 Available Information and Support
- 4.3 Language Used
- 4.4 Locatability
- 4.5 Understandability
- 4.6 Feedback
- 4.7 Visibility
- 4.8 Undo
- 4.9 Error Prevention
- 4.10 Control
- 4.11 Learnability
- 4.12 Satisfaction
- 4.13 Effectiveness
- 4.14 Efficiency
- 4.15 Design and Accessibility
- 4.16 Consistency
- 4.17 Control of User's Personal Data and Transparency
- 4.18 Availability of Tools Among Various Platforms
- 5 Discussion
- 6 Conclusions
- References
- Efficient Identification of Applications in Co-resident VMs via a Memory Side-Channel
- 1 Introduction
- 2 Background and Related Work
- 2.1 Memory Deduplication
- 2.2 Attacker Model
- 2.3 Memory-Deduplication-Based Detection of Applications
- 2.4 Related Work
- 3 Detecting Groups of Application Versions
- 3.1 Attack Procedure
- 3.2 Group Identification and Signature Generation
- 4 Evaluation
- 4.1 Signature Generation and Measurements
- 4.2 Datasets
- 4.3 Size of Group Signatures
- 4.4 Optimised Classification
- 4.5 Attack Complexity
- 5 Countermeasures
- 6 Conclusion
- References
- Software Security / Attacks
- Follow the WhiteRabbit: Towards Consolidation of On-the-Fly Virtualization and Virtual Machine Introspection
- 1 Introduction
- 2 Virtualization Technology
- 3 Threat Model
- 4 The WhiteRabbit VMM
- 5 On-the-Fly Virtualization
- 6 Bridging the Semantic Gap
- 7 Hiding Techniques
- 8 Evaluation
- 8.1 Effectiveness
- 8.2 Performance
- 9 Limitations
- 10 Countermeasures
- 11 Related Work
- 12 Conclusion
- References
- Hunting Password Leaks in Android Applications
- 1 Introduction
- 2 Background and Related Work
- 3 Static Slicing of Smali Code
- 3.1 Slicing Patterns
- 3.2 Static Slicing
- 3.3 Graph-Based Output
- 3.4 Slicing Accuracy
- 4 Passwords on Android
- 4.1 XML Resources
- 4.2 Generated Input Fields
- 5 Finding Password Leaks
- 5.1 Detection Strategy
- 6 Evaluation
- 6.1 Methodology
- 6.2 Results
- 7 Conclusion
- References
- Smashing the Stack Protector for Fun and Profit
- 1 Introduction
- 2 Background and Related Work
- 2.1 Stack Smashing Protection
- 2.2 Function Pointer Protection
- 2.3 Attacks Against Stack Canaries
- 2.4 Thread Control Block
- 2.5 Modern Defense Mechanisms
- 3 Dissecting Implementation Choices
- 3.1 Qualitative Features
- 3.2 Empirical Features
- 3.3 CookieCrumbler
- 4 Smashing the Stack Protector
- 4.1 Qualitative Results
- 4.2 Empirical Results
- 4.3 Introduced Attack Vectors
- 4.4 Impact
- 5 Attack Mitigations
- 6 Improving Sophisticated Protection Mechanisms
- 7 Conclusion
- References
- Formal Analysis of Sneak-Peek: A Data Centre Attack and Its Mitigations
- 1 Introduction
- 2 Simple Timing Channels
- 2.1 An Analytic Model
- 2.2 A Formal Model in UPPAAL
- 3 Timing Channels with Background Traffic
- 3.1 Modelling Background Traffic
- 3.2 Extending the UPPAAL Model
- 4 Mitigating Timing Channel Attacks
- 4.1 A Mathematical Analysis of Path Hopping
- 4.2 Modelling and Analysing Path Hopping in UPPAAL
- 5 Considering Network Topology
- 6 Conclusions and Related Work
- References
- An Evaluation of Bucketing in Systems with Non-deterministic Timing Behavior
- 1 Introduction
- 2 Timing Side Channels
- 3 Bucketing
- 4 Implementations of Bucketing Mechanisms
- 4.1 Terminologies and Design Goals
- 4.2 Design Space
- 4.3 Application Level Implementation
- 4.4 Kernel Level Implementation
- 5 Evaluation
- 5.1 Empirical Results for the Leakage Bounds
- 5.2 Empirical Assessment of Key Indistinguishability
- 5.3 Empirical Comparison of Our Implementations
- 6 Related Work
- 7 Conclusion
- References
- Detection and Response to Data Exfiltration from Internet of Things Android Devices
- 1 Introduction
- 2 Background
- 2.1 USB Mass Storage
- 2.2 Picture Transfer Protocol
- 2.3 Media Transfer Protocol
- 2.4 Open Authorization Framework 2
- 2.5 JSON Web Token
- 3 Target Threat Model
- 4 The Proposed Protocol
- 5 Protocol Design and Deployment
- 5.1 Android IoT Devices
- 5.2 Computer
- 5.3 Authentication Server
- 6 Evaluation and Results
- 6.1 Security Evaluation
- 6.2 Results
- 6.3 Performance Evaluation
- 7 Related Work
- 8 Conclusion
- References
- When George Clooney Is Not George Clooney: Using GenAttack to Deceive Amazon's and Naver's Celebrity Recognition APIs
- 1 Introduction
- 2 Related Work
- 3 Design of Our Approach
- 3.1 Adversarial Examples for Image Classification
- 3.2 Creating Adversarial Examples Using Genetic Algorithm (GA)
- 3.3 Genetic Algorithm-Based Attack (GenAttack)
- 4 Experiment
- 4.1 Dataset
- 4.2 Experimental Setup
- 5 Results
- 5.1 Attack Success Rate
- 5.2 Noise and Image Analysis
- 6 Transfer Learning for Attacks
- 7 Discussions, and Limitations
- 8 Conclusion
- References
- Performance Improvements in Behavior Based Malware Detection Solutions
- 1 Introduction
- 2 Related Work
- 3 Research Description
- 3.1 Main Performance Issues
- 3.2 Asynchronous Heuristics
- 3.3 Dynamic Reputation of Processes
- 3.4 Further Performance Improvements
- 4 Results
- 4.1 Detection Tests
- 4.2 Performance Tests
- 4.3 Limitations of the Solution
- 5 Conclusions
- References
- On the Integrity of Cross-Origin JavaScripts
- 1 Introduction
- 2 Background
- 2.1 The Same-Origin Policy
- 2.2 Integrity of Cross-Origin JavaScripts
- 2.3 Practical Integrity Challenges
- 3 Data
- 3.1 Sampling
- 3.2 Polling
- 4 Results
- 4.1 Descriptive Statistics
- 4.2 Classification
- 5 Discussion
- References
- Author Index
