Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revisionBoth sides next revision | ||
public:research:confnotes:wistp2015 [2015-09-01 20:39] – petrs | public:research:confnotes:wistp2015 [2015-09-01 20:41] – petrs | ||
---|---|---|---|
Line 4: | Line 4: | ||
* WISTP 2015: http:// | * WISTP 2015: http:// | ||
- | Paper: Tassos Dimitriou and Ioannis Krontiris, Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing | + | **Paper: Tassos Dimitriou and Ioannis Krontiris, Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing** |
* sensing data via user mobile phones | * sensing data via user mobile phones | ||
* motivation for users - micropayments | * motivation for users - micropayments | ||
Line 18: | Line 18: | ||
- | Paper: Alejandro Calleja, Pedro Peris-Lopez and Juan E. Tapiador, Electrical Heart Signals can be Monitored from the Moon: Security Implications for IPI-based Protocols | + | **Paper: Alejandro Calleja, Pedro Peris-Lopez and Juan E. Tapiador, Electrical Heart Signals can be Monitored from the Moon: Security Implications for IPI-based Protocols** |
* Implantable medical devices | * Implantable medical devices | ||
* similar to RFID, except need for emergency mode - in problems, direct access from medstaff is possible | * similar to RFID, except need for emergency mode - in problems, direct access from medstaff is possible | ||
Line 31: | Line 31: | ||
? Why not use fingerprint as additional factor to authenticate? | ? Why not use fingerprint as additional factor to authenticate? | ||
- | Paper: Neyire Deniz Sarier, Private Minutia-based Fingerprint Matching | + | **Paper: Neyire Deniz Sarier, Private Minutia-based Fingerprint Matching** |
* biometrics IBE approach, multimodal biometrics | * biometrics IBE approach, multimodal biometrics | ||
* inherent noise in biometric samples -> error-tolerant schemes necessary | * inherent noise in biometric samples -> error-tolerant schemes necessary | ||
Line 38: | Line 38: | ||
* Faster private set intersection base on OT extension, usenix 2014 | * Faster private set intersection base on OT extension, usenix 2014 | ||
- | Paper: David Jaeger, Amir Azodi, Feng Cheng and Christoph Meinel, Normalizing Security Events with a Hierarchical Knowledge Base | + | **Paper: David Jaeger, Amir Azodi, Feng Cheng and Christoph Meinel, Normalizing Security Events with a Hierarchical Knowledge Base** |
* trying to improve situation with system logs normalization | * trying to improve situation with system logs normalization | ||
* then correlate events for security incidents | * then correlate events for security incidents | ||
Line 45: | Line 45: | ||
? implementation of compiler for regular expressions that compiles many RE together and then executed faster then every RE one-by-one. | ? implementation of compiler for regular expressions that compiles many RE together and then executed faster then every RE one-by-one. | ||
- | Paper: Konstantinos Fysarakis, Charalampos Konstantourakis, | + | **Paper: Konstantinos Fysarakis, Charalampos Konstantourakis, |
* XACML - extensible acces control markup language | * XACML - extensible acces control markup language | ||
* DPWS protocol (UPnP for large networks) used to transfer message of events, server decides based on policy | * DPWS protocol (UPnP for large networks) used to transfer message of events, server decides based on policy | ||
Line 52: | Line 52: | ||
* intended for e-health scenario (combination of requirements from multiple parties) | * intended for e-health scenario (combination of requirements from multiple parties) | ||
- | Invited talk: Formal definitions in crypto | + | **Invited talk: Formal definitions in crypto** |
* inputs and outputs of algorithm | * inputs and outputs of algorithm | ||
* security goal and thread model | * security goal and thread model | ||
Line 66: | Line 66: | ||
* overall message: many state of the art protocols are insecure, usually because of imprecise of missing proper model assumptions | * overall message: many state of the art protocols are insecure, usually because of imprecise of missing proper model assumptions | ||
- | Keynote: Anand Rajan, " | + | **Keynote: Anand Rajan, " |
* Schoda search engine for iot | * Schoda search engine for iot | ||
* device will last probably longer then PC -> implications for security | * device will last probably longer then PC -> implications for security | ||
Line 82: | Line 82: | ||
* intel trusted execution for very small CPU (MCU) - " | * intel trusted execution for very small CPU (MCU) - " | ||
- | Paper: Hamed Nemati, Mads Dam and Roberto Guanciale. " | + | **Paper: Hamed Nemati, Mads Dam and Roberto Guanciale. " |
* first formally verified design of direct pagging | * first formally verified design of direct pagging | ||
* custom slim implemlementation of direct paging, later formally verified | * custom slim implemlementation of direct paging, later formally verified | ||
Line 96: | Line 96: | ||
* proof cannot be directly used to verify similar scenario (written directly for particular implementation) | * proof cannot be directly used to verify similar scenario (written directly for particular implementation) | ||
- | Paper: Sourav Bhattacharya, | + | **Paper: Sourav Bhattacharya, |
* target is to notify users with known unsafe webpages | * target is to notify users with known unsafe webpages | ||
* based on crowsource rating | * based on crowsource rating | ||
Line 113: | Line 113: | ||
? bias behind rated pages? | ? bias behind rated pages? | ||
| | ||
- | Paper: Analysis of usage patterns in Ripple protocolFrederik Armknecht, Ghassan Karame, Avikarsha Mandal, Franck Youssef and Erik Zenner. " | + | **Paper: Analysis of usage patterns in Ripple protocolFrederik Armknecht, Ghassan Karame, Avikarsha Mandal, Franck Youssef and Erik Zenner. " |
* Distributed online payment | * Distributed online payment | ||
* trust-based credit network | * trust-based credit network | ||
Line 126: | Line 126: | ||
? inactive accounts - not used, different from validators | ? inactive accounts - not used, different from validators | ||
- | Paper: Patrick Koeberl, Vinay Phegade, Anand Rajan, Thomas Schneider, Steffen Schulz and Maria Zhdanova. "Time to Rethink: Trust Brokerage using Trusted Execution Environments" | + | **Paper: Patrick Koeberl, Vinay Phegade, Anand Rajan, Thomas Schneider, Steffen Schulz and Maria Zhdanova. "Time to Rethink: Trust Brokerage using Trusted Execution Environments" |
* data exists in silos - lack of sharing | * data exists in silos - lack of sharing | ||
* secure multiparty computations (many protocols over 30 years, but still lacks efficiency and requires custom tailoring from " | * secure multiparty computations (many protocols over 30 years, but still lacks efficiency and requires custom tailoring from " | ||
Line 135: | Line 135: | ||
* validation part TC is potential bottleneck (a lot of work focused on measurement, | * validation part TC is potential bottleneck (a lot of work focused on measurement, | ||
- | Paper: David Förster, Hans Löhr, Jan Zibuschka and Frank Kargl. " | + | **Paper: David Förster, Hans Löhr, Jan Zibuschka and Frank Kargl. " |
* vehicle to vehicle and vehicle to infrastructure communication | * vehicle to vehicle and vehicle to infrastructure communication | ||
* warnings for out of sight events (strong brakes of close, but not directly visible car) | * warnings for out of sight events (strong brakes of close, but not directly visible car) | ||
Line 147: | Line 147: | ||
* another protection: keep-alive messages undistinguisable from delete command (turn off will not help) -> but problem with car outside reach of messages -> if device is blocked, one need to visit car manufacturer => jam car -> block car . Quite controversional defense | * another protection: keep-alive messages undistinguisable from delete command (turn off will not help) -> but problem with car outside reach of messages -> if device is blocked, one need to visit car manufacturer => jam car -> block car . Quite controversional defense | ||
- | Paper: Melanie Volkamer, Karen Renaud, Kristoffer Braun, Gamze Canova and Benjamin Reinheimer. Design and Field Evaluation of PassSec: Raising and Sustaining Web Surfer Risk Awareness | + | **Paper: Melanie Volkamer, Karen Renaud, Kristoffer Braun, Gamze Canova and Benjamin Reinheimer. Design and Field Evaluation of PassSec: Raising and Sustaining Web Surfer Risk Awareness** |
* PassSec - firefox extension to detect insecure websites | * PassSec - firefox extension to detect insecure websites | ||
* paper: mental model of user wrt security, automatic checks -> show additional warning in time relevant to expected mental model | * paper: mental model of user wrt security, automatic checks -> show additional warning in time relevant to expected mental model | ||
Line 155: | Line 155: | ||
* problem: dropouts from study were not included in measurement (not even usage statistics from dropouts usage were presented - maybe not collected?) | * problem: dropouts from study were not included in measurement (not even usage statistics from dropouts usage were presented - maybe not collected?) | ||
| | ||
- | Paper: Rainer Urian and Liqun Chen. DAA-A: Direct Anonymous Attestation with Attributes | + | **Paper: Rainer Urian and Liqun Chen. DAA-A: Direct Anonymous Attestation with Attributes** |
* based on TPM 2.0 specification | * based on TPM 2.0 specification | ||
* flexible use of existing standard to provide new class of protocols | * flexible use of existing standard to provide new class of protocols |