This is an old revision of the document!


Conference notes: WISTP2015, TRUST2015

Paper: Tassos Dimitriou and Ioannis Krontiris, Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing

  • sensing data via user mobile phones
  • motivation for users - micropayments
  • to keep payments low, auction is used
  • user generates keypair, encrypt bid under public key, then publish private key → winner is selected by report server
  • how to provide payments to anonymous (during auction) users?
  • payment made via tokens later payed by bank (e-cash, problem with colluding report server and bank → reveal user identity)
  • payment made via blind signatures
  • nice attack from audience: user selects N different pseudonyms, set very low bidding price ⇒ wins bids
  • ? can we use bitcoin for that? - can be used
  • ? autonomous execution without user interaction? - can be done, except to improve utilization score
  • ? is report server trusted entity? - trusted to select winner and pay

Paper: Alejandro Calleja, Pedro Peris-Lopez and Juan E. Tapiador, Electrical Heart Signals can be Monitored from the Moon: Security Implications for IPI-based Protocols

  • Implantable medical devices
  • similar to RFID, except need for emergency mode - in problems, direct access from medstaff is possible
  • wireless connectivity used for remote monitoring
  • use of biosignals to authenticate → used in emergency (have access to ECG anyway) - already published paper
  • this paper: how well we can estimate ECG using webcam (malware on computer)?
  • practical experiment PPG sensor (true value) + webcam measurement → similarity measured
  • results: ~60% similarity (50% is baseline random guess)
  • dynamic quantifier - almost no correlation (doesn't work)
  • scalar quantifier - 60-95% success (avg 70% similarity)
  • ? what features were extracted from webcam picture? Movement of nose. But very noisy data, better cam cam improve (but lost of attacker vector with malware-controled webcam)
  • ? Why not use fingerprint as additional factor to authenticate?

Paper: Neyire Deniz Sarier, Private Minutia-based Fingerprint Matching

  • biometrics IBE approach, multimodal biometrics
  • inherent noise in biometric samples → error-tolerant schemes necessary
  • removal of Random oracle model (reason: if hash function is used in ROM, then scheme is insecure (generic result?))
  • naive model for PSI (send multiple hashes of measured biometrics - vulnerable to pre-image recovery in case of low-entropy inputs), DH-base PSI-CA (Enhacing privacy and trust in electonic communities, 1999, acm)
  • Faster private set intersection base on OT extension, usenix 2014

Paper: David Jaeger, Amir Azodi, Feng Cheng and Christoph Meinel, Normalizing Security Events with a Hierarchical Knowledge Base

  • trying to improve situation with system logs normalization
  • then correlate events for security incidents
  • unified extractor and convertor into same log structure
  • speed 37000 events/sec (8 cores) - usable for big company
  • ? implementation of compiler for regular expressions that compiles many RE together and then executed faster then every RE one-by-one.

Paper: Konstantinos Fysarakis, Charalampos Konstantourakis, Konstantinos Rantos, Charalampos Manifavas and Ioannis Papaefstathiou, WSACd - A Usable Access Control Framework for Smart Home Devices

  • XACML - extensible acces control markup language
  • DPWS protocol (UPnP for large networks) used to transfer message of events, server decides based on policy
  • implementation on Android tablet
  • Register device inside system, set own policies for usage, smart device is sensor providing data
  • intended for e-health scenario (combination of requirements from multiple parties)

Invited talk: Formal definitions in crypto

  • inputs and outputs of algorithm
  • security goal and thread model
  • security game: challenger and attacker → asks attacker to breach security goal
  • lack of unconditionally secure schemes ⇒ what are assumptions?
  • proofs of security. Usually in form of reduction scheme → assumption or scheme → known hard problem
    • proof then usually proof by contradiction: I can use my scheme to solve effciently known hard problem → if my scheme is not hard, neither is knwon hard problem
  • semantic security (!even single bit, hard to work with) → ciphetext indistinguishability (Goldwasser, Mically, equivalent) IND-CPA
  • ciphetetxt-only, choosen-plaintext CPA, choosen ciphetext CCA- now also algorithm substitution attacks (incorrect generation of parameters)
  • IND-CPA: attacker is supplying two messages (crafted by an attacker)
  • which IND-xxx is used? Depending on what you can (as an author of scheme) prove 🙂
  • only in 2010: What happens if I will use private key on message not encrypted by my public key? → Robustness property (weak and strong)
  • overall message: many state of the art protocols are insecure, usually because of imprecise of missing proper model assumptions

Keynote: Anand Rajan, “Security for the Internet of Things (IoT) - Challenges & Opportunities”

  • Schoda search engine for iot
  • device will last probably longer then PC → implications for security
  • managebility is problem
  • just enough security for every endpoint as resources as limited (but hard to establish what is enough when device will be planted for 30 years)
  • devices often operates in groups
  • usability is critical (no manual configuration, but possibility to manage large number of devices)
  • how to connect (and discover) devices into group ?- what is right topology and mode of commmuication?
  • secure iot lifecycle: start secure, run secure, stay secure
  • problem of (security) updates
  • autodraha pro simulaci pohyblivych uzlu a jen docasneho kontaktu
  • security needs to be cradle-to-grave - question: why only grave, repurposed chips → reincarnation? Secure erase, secure init again?
  • after time, some devices can start to be insecure (or owner is not sure) → gray area of probabilistic trust - how to deal with partially compromised network? Can we use secrecy amplification protocols to reestablish trust again (our original idea of chain of trust amplification)
  • nice demo with car race hack to change speed of car - “exploit” to get control of car controllers, then patch command to set maximum speed to crash car.
  • intel trusted execution for very small CPU (MCU) - “TrustLite”. Used to isolate to protect memory against attack.

Paper: Hamed Nemati, Mads Dam and Roberto Guanciale. “Trustworthy Memory Isolation of Linux on Embedded Devices”

  • first formally verified design of direct pagging
  • custom slim implemlementation of direct paging, later formally verified
  • MMU virtualization, ARMv7
  • selected slim configuration doable by formal verification
  • blocks are typed (L1/L2 page table, D)
  • minimal API activate, active, create, free table
  • refenrence counter
  • HOL4 theorem prover, extended Cambridge model for ARMv7
  • 5 bugs discovered during verification
  • Beagleboard platform to verify model (4529 LOC C + Assembly, 1500 LOC HOL4 model, 18700 LOC HOL4 proof - script for verifier)
  • overall efford: 19 person month to perform whole proof (!)
  • proof cannot be directly used to verify similar scenario (written directly for particular implementation)

Paper: Sourav Bhattacharya, Otto Huhta and N Asokan. “LookAhead: Augmenting Crowdsourced Website Reputation Systems With Predictive Modeling”

  • target is to notify users with known unsafe webpages
  • based on crowsource rating
  • web of trust WoT (137mills users)
    • two categories for marking: trustwortiness, safe for child
    • browser extension
  • problem with coverage (WoT rating compared with Alexa top 1M) ⇒ still low coverage
  • research question: can we predict rating for unrated pages (based on content of rated pages?)
  • link-related links: take reputation from links target page is linking
    • problem: falsely linking good pages. Solved by taking just links with bad reputation
  • Topic Model-base features: ECDF, Latent xxx something
    • extracted features used for training later
  • performance evalution: 140000 webpages - 80k good, 60k bad, ground truth obatined from WOT
  • Random forest classifier
  • tech report: arxiv.org/pdf/1504.04730.pdf
  • ? bias behind rated pages? Try to rate huge number of unrated pages and wait few months for confirmation (but bias is not completelly removed)

Paper: Analysis of usage patterns in Ripple protocolFrederik Armknecht, Ghassan Karame, Avikarsha Mandal, Franck Youssef and Erik Zenner. “Ripple: Overview and Outlook”

  • Distributed online payment system (2012)
  • trust-based credit network
  • second largerst after bitcoin ($280), already signed with some banks
  • (Stellar network - similar concept)
  • public ledger for transactions, threshold for inclusion into ledger is 80% from special entities called validators - proff of consent rather then proof of work (as in bitcoin)
  • comparison: photo, faster then bitcoin (<20 sec to commit transaction), more centralized
  • forking problem: two ledgers, for current Ripple settings, if 40% nodes will overlap with ledger validation, fork will ocur (doublespending…)
  • official statistics are probably skewed
    • a lot of artificial transaction not finished (only about 15% is real transcation)
    • most of the current accounts are inactive (might be theoretically many accounts for single person because of privacy, but unlikely)
  • ? inactive accounts - not used, different from validators

Paper: Patrick Koeberl, Vinay Phegade, Anand Rajan, Thomas Schneider, Steffen Schulz and Maria Zhdanova. “Time to Rethink: Trust Brokerage using Trusted Execution Environments” - Intel research labs

  • data exists in silos - lack of sharing
  • secure multiparty computations (many protocols over 30 years, but still lacks efficiency and requires custom tailoring from “cryptographer”)
  • Data de-indentification - need to filter data and customize, tough privacy to uitility tradeoff
  • talk's approach: TEE-based Trest Brokerage
    • computing infrastructire based on trusted boot
    • uses Intel's SGX
  • validation part TC is potential bottleneck (a lot of work focused on measurement, not on validation)

Paper: David Förster, Hans Löhr, Jan Zibuschka and Frank Kargl. “REWIRE – Revocation without Resolution: A Privacy-friendly Revocation Mechanism for Vehicular Ad-Hoc Networks”

  • vehicle to vehicle and vehicle to infrastructure communication
  • warnings for out of sight events (strong brakes of close, but not directly visible car)
  • authorization, privacy protection, revocation (misbeahving vehicles)
  • short-term certificates (20 per weaks - used for pseduonyms)
  • long-term certificate (for authentication and renew of certificates)
  • long-term certificate can be replaced by anononymous credentials
  • if vehicle is sending invalid messages, it is reported (by pseudonym 😵 and then certral point sends message to particular location - if you are X, please delete your current keys, you are folty → targets invalid, but honest vehicle
  • enforcement via trusted component for intentionally malicious devices → keys are stored in secure modules
    • but attacker can turn off device → delete comand is issued every time device requires new certificate
    • another protection: keep-alive messages undistinguisable from delete command (turn off will not help) → but problem with car outside reach of messages → if device is blocked, one need to visit car manufacturer ⇒ jam car → block car . Quite controversional defense

Paper: Melanie Volkamer, Karen Renaud, Kristoffer Braun, Gamze Canova and Benjamin Reinheimer. Design and Field Evaluation of PassSec: Raising and Sustaining Web Surfer Risk Awareness

  • PassSec - firefox extension to detect insecure websites
  • paper: mental model of user wrt security, automatic checks → show additional warning in time relevant to expected mental model
  • field experiment → 31 participants → initially 60 (but these didn't replayed for questionarre)
  • problem: small test group
  • problem: the group statistics were not clear - is it average user?
  • problem: dropouts from study were not included in measurement (not even usage statistics from dropouts usage were presented - maybe not collected?)

Paper: Rainer Urian and Liqun Chen. DAA-A: Direct Anonymous Attestation with Attributes

  • based on TPM 2.0 specification
  • flexible use of existing standard to provide new class of protocols