Differences

This shows you the differences between two versions of the page.

--- public:research:confnotes:wistp2015 [2015-09-01 20:39] – petrs
+++ public:research:confnotes:wistp2015 [2015-09-01 20:41] – petrs
@@ Line 4: / Line 4: @@
   * WISTP 2015: http://wistp2015.wistp.org/
-Paper: Tassos Dimitriou and Ioannis Krontiris, Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing
+**Paper: Tassos Dimitriou and Ioannis Krontiris, Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing**
   * sensing data via user mobile phones
   * motivation for users - micropayments
@@ Line 13: / Line 13: @@
   * payment made via blind signatures
   * nice attack from audience: user selects N different pseudonyms, set very low bidding price => wins bids
-? can we use bitcoin for that? - can be used
+  * ? can we use bitcoin for that? - can be used
-? autonomous execution without user interaction? - can be done, except to improve utilization score
+  * ? autonomous execution without user interaction? - can be done, except to improve utilization score
-? is report server trusted entity? - trusted to select winner and pay
+  * ? is report server trusted entity? - trusted to select winner and pay
-Paper: Alejandro Calleja, Pedro Peris-Lopez and Juan E. Tapiador, Electrical Heart Signals can be Monitored from the Moon: Security Implications for IPI-based Protocols
+**Paper: Alejandro Calleja, Pedro Peris-Lopez and Juan E. Tapiador, Electrical Heart Signals can be Monitored from the Moon: Security Implications for IPI-based Protocols**
   * Implantable medical devices
   * similar to RFID, except need for emergency mode - in problems, direct access from medstaff is possible
@@ Line 28: / Line 28: @@
   * dynamic quantifier - almost no correlation (doesn't work)
   * scalar quantifier - 60-95% success (avg 70% similarity)
-? what features were extracted from webcam picture? Movement of nose. But very noisy data, better cam cam improve (but lost of attacker vector with malware-controled webcam)
+  * ? what features were extracted from webcam picture? Movement of nose. But very noisy data, better cam cam improve (but lost of attacker vector with malware-controled webcam)
-? Why not use fingerprint as additional factor to authenticate?
+  * ? Why not use fingerprint as additional factor to authenticate?
-Paper: Neyire Deniz Sarier, Private Minutia-based Fingerprint Matching
+**Paper: Neyire Deniz Sarier, Private Minutia-based Fingerprint Matching**
   * biometrics IBE approach, multimodal biometrics
   * inherent noise in biometric samples -> error-tolerant schemes necessary
@@ Line 38: / Line 38: @@
   * Faster private set intersection base on OT extension, usenix 2014
-Paper: David Jaeger, Amir Azodi, Feng Cheng and Christoph Meinel, Normalizing Security Events with a Hierarchical Knowledge Base
+**Paper: David Jaeger, Amir Azodi, Feng Cheng and Christoph Meinel, Normalizing Security Events with a Hierarchical Knowledge Base**
   * trying to improve situation with system logs normalization
   * then correlate events for security incidents
   * unified extractor and convertor into same log structure
   * speed 37000 events/sec (8 cores) - usable for big company
-? implementation of compiler for regular expressions that compiles many RE together and then executed faster then every RE one-by-one.
+  * ? implementation of compiler for regular expressions that compiles many RE together and then executed faster then every RE one-by-one.
-Paper: Konstantinos Fysarakis, Charalampos Konstantourakis, Konstantinos Rantos, Charalampos Manifavas and Ioannis Papaefstathiou, WSACd - A Usable Access Control Framework for Smart Home Devices
+**Paper: Konstantinos Fysarakis, Charalampos Konstantourakis, Konstantinos Rantos, Charalampos Manifavas and Ioannis Papaefstathiou, WSACd - A Usable Access Control Framework for Smart Home Devices**
   * XACML - extensible acces control markup language
   * DPWS protocol (UPnP for large networks) used to transfer message of events, server decides based on policy
@@ Line 52: / Line 52: @@
   * intended for e-health scenario (combination of requirements from multiple parties)
-Invited talk: Formal definitions in crypto
+**Invited talk: Formal definitions in crypto**
   * inputs and outputs of algorithm
   * security goal and thread model
@@ Line 66: / Line 66: @@
   * overall message: many state of the art protocols are insecure, usually because of imprecise of missing proper model assumptions
-Keynote: Anand Rajan, "Security for the Internet of Things (IoT) - Challenges & Opportunities"
+**Keynote: Anand Rajan, "Security for the Internet of Things (IoT) - Challenges & Opportunities"**
   * Schoda search engine for iot
   * device will last probably longer then PC -> implications for security
@@ Line 82: / Line 82: @@
   * intel trusted execution for very small CPU (MCU) - "TrustLite". Used to isolate to protect memory against attack.
-Paper: Hamed Nemati, Mads Dam and Roberto Guanciale. "Trustworthy Memory Isolation of Linux on Embedded Devices"
+**Paper: Hamed Nemati, Mads Dam and Roberto Guanciale. "Trustworthy Memory Isolation of Linux on Embedded Devices"**
   * first formally verified design of direct pagging
   * custom slim implemlementation of direct paging, later formally verified
@@ Line 96: / Line 96: @@
   * proof cannot be directly used to verify similar scenario (written directly for particular implementation)
-Paper: Sourav Bhattacharya, Otto Huhta and N Asokan. "LookAhead: Augmenting Crowdsourced Website Reputation Systems With Predictive Modeling"
+**Paper: Sourav Bhattacharya, Otto Huhta and N Asokan. "LookAhead: Augmenting Crowdsourced Website Reputation Systems With Predictive Modeling"**
   * target is to notify users with known unsafe webpages
   * based on crowsource rating
@@ Line 111: / Line 111: @@
   * Random forest classifier
   * tech report: arxiv.org/pdf/1504.04730.pdf
-? bias behind rated pages?  Try to rate huge number of unrated pages and wait few months for confirmation (but bias is not completelly removed)
+  * ? bias behind rated pages?  Try to rate huge number of unrated pages and wait few months for confirmation (but bias is not completelly removed)
-Paper: Analysis of usage patterns in Ripple protocolFrederik Armknecht, Ghassan Karame, Avikarsha Mandal, Franck Youssef and Erik Zenner. "Ripple: Overview and Outlook"
+**Paper: Analysis of usage patterns in Ripple protocolFrederik Armknecht, Ghassan Karame, Avikarsha Mandal, Franck Youssef and Erik Zenner. "Ripple: Overview and Outlook"**
   * Distributed online payment  system (2012)
   * trust-based credit network
@@ Line 124: / Line 124: @@
     * a lot of artificial transaction not finished (only about 15% is real transcation)
     * most of the current accounts are inactive (might be theoretically many accounts for single person because of privacy, but unlikely)
-? inactive accounts - not used, different from validators
+  * ? inactive accounts - not used, different from validators
-Paper: Patrick Koeberl, Vinay Phegade, Anand Rajan, Thomas Schneider, Steffen Schulz and Maria Zhdanova. "Time to Rethink: Trust Brokerage using Trusted Execution Environments" - Intel research labs
+**Paper: Patrick Koeberl, Vinay Phegade, Anand Rajan, Thomas Schneider, Steffen Schulz and Maria Zhdanova. "Time to Rethink: Trust Brokerage using Trusted Execution Environments" - Intel research labs**
   * data exists in silos - lack of sharing
   * secure multiparty computations (many protocols over 30 years, but still lacks efficiency and requires custom tailoring from "cryptographer")
@@ Line 135: / Line 135: @@
   * validation part TC is potential bottleneck (a lot of work focused on measurement, not on validation)
-Paper: David Förster, Hans Löhr, Jan Zibuschka and Frank Kargl. "REWIRE -- Revocation without Resolution: A Privacy-friendly Revocation Mechanism for Vehicular Ad-Hoc Networks"
+**Paper: David Förster, Hans Löhr, Jan Zibuschka and Frank Kargl. "REWIRE -- Revocation without Resolution: A Privacy-friendly Revocation Mechanism for Vehicular Ad-Hoc Networks"**
   * vehicle to vehicle and vehicle to infrastructure communication
   * warnings for out of sight events (strong brakes of close, but not directly visible car)
@@ Line 147: / Line 147: @@
     * another protection: keep-alive messages undistinguisable from delete command (turn off will not help) -> but problem with car outside reach of messages -> if device is blocked, one need to visit car manufacturer => jam car -> block car . Quite controversional defense
-Paper: Melanie Volkamer, Karen Renaud, Kristoffer Braun, Gamze Canova and Benjamin Reinheimer. Design and Field Evaluation of PassSec: Raising and Sustaining Web Surfer Risk Awareness
+**Paper: Melanie Volkamer, Karen Renaud, Kristoffer Braun, Gamze Canova and Benjamin Reinheimer. Design and Field Evaluation of PassSec: Raising and Sustaining Web Surfer Risk Awareness**
   * PassSec - firefox extension to detect insecure websites
   * paper: mental model of user wrt security, automatic checks -> show additional warning in time relevant to expected mental model
@@ Line 155: / Line 155: @@
   * problem: dropouts from study were not included in measurement (not even usage statistics from dropouts usage were presented - maybe not collected?)
-Paper: Rainer Urian and Liqun Chen. DAA-A: Direct Anonymous Attestation with Attributes
+**Paper: Rainer Urian and Liqun Chen. DAA-A: Direct Anonymous Attestation with Attributes**
   * based on TPM 2.0 specification
   * flexible use of existing standard to provide new class of protocols