Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revisionBoth sides next revision
public:research:confnotes:wistp2015 [2015-09-01 20:39] petrspublic:research:confnotes:wistp2015 [2015-09-01 20:41] petrs
Line 4: Line 4:
   * WISTP 2015: http://wistp2015.wistp.org/   * WISTP 2015: http://wistp2015.wistp.org/
  
-Paper: Tassos Dimitriou and Ioannis Krontiris, Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing+**Paper: Tassos Dimitriou and Ioannis Krontiris, Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing**
   * sensing data via user mobile phones   * sensing data via user mobile phones
   * motivation for users - micropayments   * motivation for users - micropayments
Line 18: Line 18:
  
  
-Paper: Alejandro Calleja, Pedro Peris-Lopez and Juan E. Tapiador, Electrical Heart Signals can be Monitored from the Moon: Security Implications for IPI-based Protocols+**Paper: Alejandro Calleja, Pedro Peris-Lopez and Juan E. Tapiador, Electrical Heart Signals can be Monitored from the Moon: Security Implications for IPI-based Protocols**
   * Implantable medical devices   * Implantable medical devices
   * similar to RFID, except need for emergency mode - in problems, direct access from medstaff is possible   * similar to RFID, except need for emergency mode - in problems, direct access from medstaff is possible
Line 31: Line 31:
 ? Why not use fingerprint as additional factor to authenticate?  ? Why not use fingerprint as additional factor to authenticate? 
  
-Paper: Neyire Deniz Sarier, Private Minutia-based Fingerprint Matching+**Paper: Neyire Deniz Sarier, Private Minutia-based Fingerprint Matching**
   * biometrics IBE approach, multimodal biometrics   * biometrics IBE approach, multimodal biometrics
   * inherent noise in biometric samples -> error-tolerant schemes necessary   * inherent noise in biometric samples -> error-tolerant schemes necessary
Line 38: Line 38:
   * Faster private set intersection base on OT extension, usenix 2014   * Faster private set intersection base on OT extension, usenix 2014
  
-Paper: David Jaeger, Amir Azodi, Feng Cheng and Christoph Meinel, Normalizing Security Events with a Hierarchical Knowledge Base+**Paper: David Jaeger, Amir Azodi, Feng Cheng and Christoph Meinel, Normalizing Security Events with a Hierarchical Knowledge Base**
   * trying to improve situation with system logs normalization   * trying to improve situation with system logs normalization
   * then correlate events for security incidents   * then correlate events for security incidents
Line 45: Line 45:
 ? implementation of compiler for regular expressions that compiles many RE together and then executed faster then every RE one-by-one. ? implementation of compiler for regular expressions that compiles many RE together and then executed faster then every RE one-by-one.
  
-Paper: Konstantinos Fysarakis, Charalampos Konstantourakis, Konstantinos Rantos, Charalampos Manifavas and Ioannis Papaefstathiou, WSACd - A Usable Access Control Framework for Smart Home Devices+**Paper: Konstantinos Fysarakis, Charalampos Konstantourakis, Konstantinos Rantos, Charalampos Manifavas and Ioannis Papaefstathiou, WSACd - A Usable Access Control Framework for Smart Home Devices**
   * XACML - extensible acces control markup language    * XACML - extensible acces control markup language 
   * DPWS protocol (UPnP for large networks) used to transfer message of events, server decides based on policy    * DPWS protocol (UPnP for large networks) used to transfer message of events, server decides based on policy 
Line 52: Line 52:
   * intended for e-health scenario (combination of requirements from multiple parties)   * intended for e-health scenario (combination of requirements from multiple parties)
  
-Invited talk: Formal definitions in crypto+**Invited talk: Formal definitions in crypto**
   * inputs and outputs of algorithm   * inputs and outputs of algorithm
   * security goal and thread model   * security goal and thread model
Line 66: Line 66:
   * overall message: many state of the art protocols are insecure, usually because of imprecise of missing proper model assumptions   * overall message: many state of the art protocols are insecure, usually because of imprecise of missing proper model assumptions
    
-Keynote: Anand Rajan, "Security for the Internet of Things (IoT) - Challenges & Opportunities"+**Keynote: Anand Rajan, "Security for the Internet of Things (IoT) - Challenges & Opportunities"**
   * Schoda search engine for iot   * Schoda search engine for iot
   * device will last probably longer then PC -> implications for security   * device will last probably longer then PC -> implications for security
Line 82: Line 82:
   * intel trusted execution for very small CPU (MCU) - "TrustLite". Used to isolate to protect memory against attack.    * intel trusted execution for very small CPU (MCU) - "TrustLite". Used to isolate to protect memory against attack. 
  
-Paper: Hamed Nemati, Mads Dam and Roberto Guanciale. "Trustworthy Memory Isolation of Linux on Embedded Devices"+**Paper: Hamed Nemati, Mads Dam and Roberto Guanciale. "Trustworthy Memory Isolation of Linux on Embedded Devices"**
   * first formally verified design of direct pagging   * first formally verified design of direct pagging
   * custom slim implemlementation of direct paging, later formally verified    * custom slim implemlementation of direct paging, later formally verified 
Line 96: Line 96:
   * proof cannot be directly used to verify similar scenario (written directly for particular implementation)    * proof cannot be directly used to verify similar scenario (written directly for particular implementation) 
  
-Paper: Sourav Bhattacharya, Otto Huhta and N Asokan. "LookAhead: Augmenting Crowdsourced Website Reputation Systems With Predictive Modeling"+**Paper: Sourav Bhattacharya, Otto Huhta and N Asokan. "LookAhead: Augmenting Crowdsourced Website Reputation Systems With Predictive Modeling"**
   * target is to notify users with known unsafe webpages   * target is to notify users with known unsafe webpages
   * based on crowsource rating   * based on crowsource rating
Line 113: Line 113:
 ? bias behind rated pages?  Try to rate huge number of unrated pages and wait few months for confirmation (but bias is not completelly removed) ? bias behind rated pages?  Try to rate huge number of unrated pages and wait few months for confirmation (but bias is not completelly removed)
      
-Paper: Analysis of usage patterns in Ripple protocolFrederik Armknecht, Ghassan Karame, Avikarsha Mandal, Franck Youssef and Erik Zenner. "Ripple: Overview and Outlook"+**Paper: Analysis of usage patterns in Ripple protocolFrederik Armknecht, Ghassan Karame, Avikarsha Mandal, Franck Youssef and Erik Zenner. "Ripple: Overview and Outlook"**
   * Distributed online payment  system (2012)   * Distributed online payment  system (2012)
   * trust-based credit network   * trust-based credit network
Line 126: Line 126:
 ? inactive accounts - not used, different from validators  ? inactive accounts - not used, different from validators 
  
-Paper: Patrick Koeberl, Vinay Phegade, Anand Rajan, Thomas Schneider, Steffen Schulz and Maria Zhdanova. "Time to Rethink: Trust Brokerage using Trusted Execution Environments" - Intel research labs+**Paper: Patrick Koeberl, Vinay Phegade, Anand Rajan, Thomas Schneider, Steffen Schulz and Maria Zhdanova. "Time to Rethink: Trust Brokerage using Trusted Execution Environments" - Intel research labs**
   * data exists in silos - lack of sharing   * data exists in silos - lack of sharing
   * secure multiparty computations (many protocols over 30 years, but still lacks efficiency and requires custom tailoring from "cryptographer")   * secure multiparty computations (many protocols over 30 years, but still lacks efficiency and requires custom tailoring from "cryptographer")
Line 135: Line 135:
   * validation part TC is potential bottleneck (a lot of work focused on measurement, not on validation)   * validation part TC is potential bottleneck (a lot of work focused on measurement, not on validation)
  
-Paper: David Förster, Hans Löhr, Jan Zibuschka and Frank Kargl. "REWIRE -- Revocation without Resolution: A Privacy-friendly Revocation Mechanism for Vehicular Ad-Hoc Networks"+**Paper: David Förster, Hans Löhr, Jan Zibuschka and Frank Kargl. "REWIRE -- Revocation without Resolution: A Privacy-friendly Revocation Mechanism for Vehicular Ad-Hoc Networks"**
   * vehicle to vehicle and vehicle to infrastructure communication   * vehicle to vehicle and vehicle to infrastructure communication
   * warnings for out of sight events (strong brakes of close, but not directly visible car)   * warnings for out of sight events (strong brakes of close, but not directly visible car)
Line 147: Line 147:
     * another protection: keep-alive messages undistinguisable from delete command (turn off will not help) -> but problem with car outside reach of messages -> if device is blocked, one need to visit car manufacturer => jam car -> block car . Quite controversional defense      * another protection: keep-alive messages undistinguisable from delete command (turn off will not help) -> but problem with car outside reach of messages -> if device is blocked, one need to visit car manufacturer => jam car -> block car . Quite controversional defense 
  
-Paper: Melanie Volkamer, Karen Renaud, Kristoffer Braun, Gamze Canova and Benjamin Reinheimer. Design and Field Evaluation of PassSec: Raising and Sustaining Web Surfer Risk Awareness+**Paper: Melanie Volkamer, Karen Renaud, Kristoffer Braun, Gamze Canova and Benjamin Reinheimer. Design and Field Evaluation of PassSec: Raising and Sustaining Web Surfer Risk Awareness**
   * PassSec - firefox extension to detect insecure websites   * PassSec - firefox extension to detect insecure websites
   * paper: mental model of user wrt security, automatic checks -> show additional warning in time relevant to expected mental model   * paper: mental model of user wrt security, automatic checks -> show additional warning in time relevant to expected mental model
Line 155: Line 155:
   * problem: dropouts from study were not included in measurement (not even usage statistics from dropouts usage were presented - maybe not collected?)   * problem: dropouts from study were not included in measurement (not even usage statistics from dropouts usage were presented - maybe not collected?)
      
-Paper: Rainer Urian and Liqun Chen. DAA-A: Direct Anonymous Attestation with Attributes+**Paper: Rainer Urian and Liqun Chen. DAA-A: Direct Anonymous Attestation with Attributes**
   * based on TPM 2.0 specification   * based on TPM 2.0 specification
   * flexible use of existing standard to provide new class of protocols    * flexible use of existing standard to provide new class of protocols