Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
public:research:confnotes:wistp2015 [2015-09-01 20:39] – petrs | public:research:confnotes:wistp2015 [2015-09-01 20:41] – petrs | ||
---|---|---|---|
Line 4: | Line 4: | ||
* WISTP 2015: http:// | * WISTP 2015: http:// | ||
- | Paper: Tassos Dimitriou and Ioannis Krontiris, Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing | + | **Paper: Tassos Dimitriou and Ioannis Krontiris, Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing** |
* sensing data via user mobile phones | * sensing data via user mobile phones | ||
* motivation for users - micropayments | * motivation for users - micropayments | ||
Line 13: | Line 13: | ||
* payment made via blind signatures | * payment made via blind signatures | ||
* nice attack from audience: user selects N different pseudonyms, set very low bidding price => wins bids | * nice attack from audience: user selects N different pseudonyms, set very low bidding price => wins bids | ||
- | ? can we use bitcoin for that? - can be used | + | * ? can we use bitcoin for that? - can be used |
- | ? autonomous execution without user interaction? | + | |
- | ? is report server trusted entity? - trusted to select winner and pay | + | |
- | Paper: Alejandro Calleja, Pedro Peris-Lopez and Juan E. Tapiador, Electrical Heart Signals can be Monitored from the Moon: Security Implications for IPI-based Protocols | + | **Paper: Alejandro Calleja, Pedro Peris-Lopez and Juan E. Tapiador, Electrical Heart Signals can be Monitored from the Moon: Security Implications for IPI-based Protocols** |
* Implantable medical devices | * Implantable medical devices | ||
* similar to RFID, except need for emergency mode - in problems, direct access from medstaff is possible | * similar to RFID, except need for emergency mode - in problems, direct access from medstaff is possible | ||
Line 28: | Line 28: | ||
* dynamic quantifier - almost no correlation (doesn' | * dynamic quantifier - almost no correlation (doesn' | ||
* scalar quantifier - 60-95% success (avg 70% similarity) | * scalar quantifier - 60-95% success (avg 70% similarity) | ||
- | ? what features were extracted from webcam picture? Movement of nose. But very noisy data, better cam cam improve (but lost of attacker vector with malware-controled webcam) | + | * ? what features were extracted from webcam picture? Movement of nose. But very noisy data, better cam cam improve (but lost of attacker vector with malware-controled webcam) |
- | ? Why not use fingerprint as additional factor to authenticate? | + | |
- | Paper: Neyire Deniz Sarier, Private Minutia-based Fingerprint Matching | + | **Paper: Neyire Deniz Sarier, Private Minutia-based Fingerprint Matching** |
* biometrics IBE approach, multimodal biometrics | * biometrics IBE approach, multimodal biometrics | ||
* inherent noise in biometric samples -> error-tolerant schemes necessary | * inherent noise in biometric samples -> error-tolerant schemes necessary | ||
Line 38: | Line 38: | ||
* Faster private set intersection base on OT extension, usenix 2014 | * Faster private set intersection base on OT extension, usenix 2014 | ||
- | Paper: David Jaeger, Amir Azodi, Feng Cheng and Christoph Meinel, Normalizing Security Events with a Hierarchical Knowledge Base | + | **Paper: David Jaeger, Amir Azodi, Feng Cheng and Christoph Meinel, Normalizing Security Events with a Hierarchical Knowledge Base** |
* trying to improve situation with system logs normalization | * trying to improve situation with system logs normalization | ||
* then correlate events for security incidents | * then correlate events for security incidents | ||
* unified extractor and convertor into same log structure | * unified extractor and convertor into same log structure | ||
* speed 37000 events/sec (8 cores) - usable for big company | * speed 37000 events/sec (8 cores) - usable for big company | ||
- | ? implementation of compiler for regular expressions that compiles many RE together and then executed faster then every RE one-by-one. | + | * ? implementation of compiler for regular expressions that compiles many RE together and then executed faster then every RE one-by-one. |
- | Paper: Konstantinos Fysarakis, Charalampos Konstantourakis, | + | **Paper: Konstantinos Fysarakis, Charalampos Konstantourakis, |
* XACML - extensible acces control markup language | * XACML - extensible acces control markup language | ||
* DPWS protocol (UPnP for large networks) used to transfer message of events, server decides based on policy | * DPWS protocol (UPnP for large networks) used to transfer message of events, server decides based on policy | ||
Line 52: | Line 52: | ||
* intended for e-health scenario (combination of requirements from multiple parties) | * intended for e-health scenario (combination of requirements from multiple parties) | ||
- | Invited talk: Formal definitions in crypto | + | **Invited talk: Formal definitions in crypto** |
* inputs and outputs of algorithm | * inputs and outputs of algorithm | ||
* security goal and thread model | * security goal and thread model | ||
Line 66: | Line 66: | ||
* overall message: many state of the art protocols are insecure, usually because of imprecise of missing proper model assumptions | * overall message: many state of the art protocols are insecure, usually because of imprecise of missing proper model assumptions | ||
- | Keynote: Anand Rajan, " | + | **Keynote: Anand Rajan, " |
* Schoda search engine for iot | * Schoda search engine for iot | ||
* device will last probably longer then PC -> implications for security | * device will last probably longer then PC -> implications for security | ||
Line 82: | Line 82: | ||
* intel trusted execution for very small CPU (MCU) - " | * intel trusted execution for very small CPU (MCU) - " | ||
- | Paper: Hamed Nemati, Mads Dam and Roberto Guanciale. " | + | **Paper: Hamed Nemati, Mads Dam and Roberto Guanciale. " |
* first formally verified design of direct pagging | * first formally verified design of direct pagging | ||
* custom slim implemlementation of direct paging, later formally verified | * custom slim implemlementation of direct paging, later formally verified | ||
Line 96: | Line 96: | ||
* proof cannot be directly used to verify similar scenario (written directly for particular implementation) | * proof cannot be directly used to verify similar scenario (written directly for particular implementation) | ||
- | Paper: Sourav Bhattacharya, | + | **Paper: Sourav Bhattacharya, |
* target is to notify users with known unsafe webpages | * target is to notify users with known unsafe webpages | ||
* based on crowsource rating | * based on crowsource rating | ||
Line 111: | Line 111: | ||
* Random forest classifier | * Random forest classifier | ||
* tech report: arxiv.org/ | * tech report: arxiv.org/ | ||
- | ? bias behind rated pages? | + | * ? bias behind rated pages? |
| | ||
- | Paper: Analysis of usage patterns in Ripple protocolFrederik Armknecht, Ghassan Karame, Avikarsha Mandal, Franck Youssef and Erik Zenner. " | + | **Paper: Analysis of usage patterns in Ripple protocolFrederik Armknecht, Ghassan Karame, Avikarsha Mandal, Franck Youssef and Erik Zenner. " |
* Distributed online payment | * Distributed online payment | ||
* trust-based credit network | * trust-based credit network | ||
Line 124: | Line 124: | ||
* a lot of artificial transaction not finished (only about 15% is real transcation) | * a lot of artificial transaction not finished (only about 15% is real transcation) | ||
* most of the current accounts are inactive (might be theoretically many accounts for single person because of privacy, but unlikely) | * most of the current accounts are inactive (might be theoretically many accounts for single person because of privacy, but unlikely) | ||
- | ? inactive accounts - not used, different from validators | + | * ? inactive accounts - not used, different from validators |
- | Paper: Patrick Koeberl, Vinay Phegade, Anand Rajan, Thomas Schneider, Steffen Schulz and Maria Zhdanova. "Time to Rethink: Trust Brokerage using Trusted Execution Environments" | + | **Paper: Patrick Koeberl, Vinay Phegade, Anand Rajan, Thomas Schneider, Steffen Schulz and Maria Zhdanova. "Time to Rethink: Trust Brokerage using Trusted Execution Environments" |
* data exists in silos - lack of sharing | * data exists in silos - lack of sharing | ||
* secure multiparty computations (many protocols over 30 years, but still lacks efficiency and requires custom tailoring from " | * secure multiparty computations (many protocols over 30 years, but still lacks efficiency and requires custom tailoring from " | ||
Line 135: | Line 135: | ||
* validation part TC is potential bottleneck (a lot of work focused on measurement, | * validation part TC is potential bottleneck (a lot of work focused on measurement, | ||
- | Paper: David Förster, Hans Löhr, Jan Zibuschka and Frank Kargl. " | + | **Paper: David Förster, Hans Löhr, Jan Zibuschka and Frank Kargl. " |
* vehicle to vehicle and vehicle to infrastructure communication | * vehicle to vehicle and vehicle to infrastructure communication | ||
* warnings for out of sight events (strong brakes of close, but not directly visible car) | * warnings for out of sight events (strong brakes of close, but not directly visible car) | ||
Line 147: | Line 147: | ||
* another protection: keep-alive messages undistinguisable from delete command (turn off will not help) -> but problem with car outside reach of messages -> if device is blocked, one need to visit car manufacturer => jam car -> block car . Quite controversional defense | * another protection: keep-alive messages undistinguisable from delete command (turn off will not help) -> but problem with car outside reach of messages -> if device is blocked, one need to visit car manufacturer => jam car -> block car . Quite controversional defense | ||
- | Paper: Melanie Volkamer, Karen Renaud, Kristoffer Braun, Gamze Canova and Benjamin Reinheimer. Design and Field Evaluation of PassSec: Raising and Sustaining Web Surfer Risk Awareness | + | **Paper: Melanie Volkamer, Karen Renaud, Kristoffer Braun, Gamze Canova and Benjamin Reinheimer. Design and Field Evaluation of PassSec: Raising and Sustaining Web Surfer Risk Awareness** |
* PassSec - firefox extension to detect insecure websites | * PassSec - firefox extension to detect insecure websites | ||
* paper: mental model of user wrt security, automatic checks -> show additional warning in time relevant to expected mental model | * paper: mental model of user wrt security, automatic checks -> show additional warning in time relevant to expected mental model | ||
Line 155: | Line 155: | ||
* problem: dropouts from study were not included in measurement (not even usage statistics from dropouts usage were presented - maybe not collected?) | * problem: dropouts from study were not included in measurement (not even usage statistics from dropouts usage were presented - maybe not collected?) | ||
| | ||
- | Paper: Rainer Urian and Liqun Chen. DAA-A: Direct Anonymous Attestation with Attributes | + | **Paper: Rainer Urian and Liqun Chen. DAA-A: Direct Anonymous Attestation with Attributes** |
* based on TPM 2.0 specification | * based on TPM 2.0 specification | ||
* flexible use of existing standard to provide new class of protocols | * flexible use of existing standard to provide new class of protocols |