ICISSP 2020 Abstracts


Full Papers
Paper Nr: 24
Title:

AMNESIA: A Technical Solution towards GDPR-compliant Machine Learning

Authors:

Christoph Stach, Corinna Giebler, Manuela Wagner, Christian Weber and Bernhard Mitschang

Abstract: Machine Learning (ML) applications are becoming increasingly valuable due to the rise of IoT technologies. That is, sensors continuously gather data from different domains and make them available to ML for learning its models. This provides profound insights into the data and enables predictions about future trends. While ML has many advantages, it also represents an immense privacy risk. Data protection regulations such as the GDPR address such privacy concerns, but practical solutions for the technical enforcement of these laws are also required. Therefore, we introduce AMNESIA, a privacy-aware machine learning model provisioning platform. AMNESIA is a holistic approach covering all stages from data acquisition to model provisioning. This enables to control which application may use which data for ML as well as to make models “forget” certain knowledge.
Download

Paper Nr: 33
Title:

Secure Ownership Transfer for the Internet of Things

Authors:

Martin Gunnarsson and Christian Gehrmann

Abstract: With the increasing number of IoT devices deployed, the problem of switching ownership of devices is becoming more apparent. Especially, there is a need for transfer protocols not only addressing a single unit ownership transfer but secure transfer of a complete infrastructure of IoT units including also resource constraint devices. In this paper we present our novel ownership transfer protocol for an infrastructure of IoT devices. The protocol is light-weight as it only uses symmetric key operations on the IoT side. The ownership transfer protocol is carefully security evaluated both using a theoretical analysis and with automatic protocol verification. In addition, we show the feasibility of the ownership transfer protocol through a proof of concept implementation including performance figures.
Download

Paper Nr: 37
Title:

Host Fingerprinting for Web Servers Authentication

Authors:

Ezio Lefons, Sebastiano Pizzutilo and Filippo Tangorra

Abstract: Fingerprinting is a biometric technique for computing a unique profile associated to a physical person for authentication purpose. It has been successfully applied also to software entities by using hash functions for integrity checking after downloading. In the paper, we propose a fingerprinting algorithm to identify a machine during a client-server authentication process. In detail, this host identifier can be used for connecting to a database server without using an account storing a plain-text password. After the presentation of experimental results, we show some real scenarios where this solution can be applied.
Download

Paper Nr: 42
Title:

A Formal Approach for the Analysis of the XRP Ledger Consensus Protocol

Authors:

Lara Mauri, Stelvio Cimato and Ernesto Damiani

Abstract: Distributed ledger technology is envisioned as one of the cornerstones of promising solutions for building the next generation of critical applications. However, there is still quite a bit of confusion and hype around the real security guarantees this technology offers. This is especially due to the fact that for the vast majority of existing blockchain-based consensus protocols it is really hard to find sufficiently detailed documentation that fully captures their behavior. A number of recent papers have formalized the behavior of Bitcoin-like protocols in order to rigorously study the security and privacy properties of their underlying structure, but surprisingly very little work has been devoted to the formalization of distributed ledger systems using BFT-like approaches. In this work, we focus on XRP Ledger, better known as Ripple, and take the first steps towards the complete formalization of its consensus protocol. To this end, we have investigated all the existing documentation and analyzed its source code. We present a formal description of its consensus protocol for every step. Furthermore, we provide an accurate view of its security guarantees in terms of safety and liveness and show how to increase the desired tolerance by changing the value of specific protocol parameters.
Download

Paper Nr: 43
Title:

Email Spoofing Attack Detection through an End to End Authorship Attribution System

Authors:

Giacomo Giorgi, Andrea Saracino and Fabio Martinelli

Abstract: This paper proposes a novel email author verification aimed at tackling email spoofing attacks. The proposed approach exploits an authorship technique based on the analysis of the author’s writing style. The problem has been studied under two viewpoints, i.e. the typical sender verification viewpoint, already exploited in previous works, and the sender-receiver interaction verification, which to the best of our knowledge is a novel approach. Hence, we introduced the concept of end-to-end email authorship verification, which is focused on the analysis of the sender-receiver interactions. The proposed method implements a binary classification exploiting both standard machine learning classifiers based on the well-known text stylometric features and deep learning classifiers based on the automatic feature extraction phase. We have used a well-known email dataset, i.e. the Enron dataset to benchmark our approach, with the experiments showing an authorship verification accuracy reaching 99% and 93% respectively for the sender and the end to end verification scenarios. The proposed method has been implemented as an end-user support system in the Android environment for email spoofing attack detection.
Download

Paper Nr: 52
Title:

Lightweight Authentication and Secure Communication Suitable for IoT Devices

Authors:

Simona Buchovecká, Róbert Lórencz, Jiří Buček and Filip Kodýtek

Abstract: In this paper we present the protocols for lightweight authentication and secure communication for IoT and embedded devices. The protocols are using a PUF/TRNG combined circuit as a basic building block. The goal is to show the possibilities of securing communication and authentication of the embedded systems, using PUF and TRNG for secure key generation, without requirement to store secrets on the device itself, thus allowing to significantly simplify the problem of key management on the simple hardware devices and microcontrollers, while allowing secure communication.
Download

Paper Nr: 56
Title:

CoRA: A Scalable Collective Remote Attestation Protocol for Sensor Networks

Authors:

Aída Diop, Maryline Laurent, Jean Leneutre and Jacques Traoré

Abstract: Embedded Internet of Things (IoT) devices are deployed in the functioning of a number of applications such as industrial control, building automation, and the smart grid. The lack of robustness of IoT devices has however rendered such systems vulnerable to a number of remote cyber-attacks. Remote attestation is a security mechanism which enables to remotely verify the integrity of the software running on IoT devices. Similarly, collective remote attestation protocols are designed to efficiently verify the integrity of a group of devices. Existing collective attestation protocols do not provide an efficient and secure mechanism to detect compromised devices. In particular, it is not possible to efficiently trace the origin of an erroneous attestation response back to the concerned node. In this paper, we introduce CoRA, a highly scalable collective attestation protocol, which leverages the aggregating property of the underlying cryptographic scheme during the attestation process. CoRA is the first collective attestation protocol to also provide sequential detection, where the identity of the compromised node is revealed. We provide rigorous security proofs for our protocol and its underlying cryptographic primitive, and demonstrate its efficiency in highly scalable networks.
Download

Paper Nr: 57
Title:

Track Down Identity Leaks using Threat Intelligence

Authors:

Timo Malderle, Sven Knauer, Martin Lang, Matthias Wbbeling and Michael Meier

Abstract: Leakage of identity data is a precursor of identity theft in the Internet. Prevention measures are neither established to counteract identity theft nor is there any effective way to inform affected subjects after identity leakage has been discovered. To build an identity theft early warning system, it is crucial to find evidence of identity leakage that happened in the past. News sites in the Internet regularly report about organizations suffering from data leakage. Those leaked data mostly contains member, customer or employee databases including private information. This paper presents a framework that automatically crawls and classifies news articles with respect to identity data leakage. The framework is designed to monitor an arbitrary set of websites and to extract corresponding articles. The articles found are provided to analysts and security researchers with extracted information about the covered leaks. This lowers the amount of work that is necessary to stay up to date regarding leaks of identity data. The developed framework is a proof of concept and a foundation for further projects aiming to proactively warn affected users.
Download

Paper Nr: 67
Title:

Assessing Testing Strategies for Access Control Systems: A Controlled Experiment

Authors:

Said Daoudagh, Francesca Lonetti and Eda Marchetti

Abstract: This paper presents a Controlled Experiment (CE) for assessing testing strategies in the context of Access Control (AC); more precisely, the CE is performed by considering the AC Systems (ACSs) based on the XACML Standard. We formalized the goal of the CE, and we assessed two available test cases generation strategies in terms of three metrics: Effectiveness, Size and Average Percentage Faults Detected (APFD). The experiment operation is described and the main results are analyzed.
Download

Paper Nr: 69
Title:

Secrecy and Authenticity Properties of the Lightning Network Protocol

Authors:

Hans Hüttel and Vilim Staroveski

Abstract: The Lightning Network is a second layer protocol that sits on top of the Bitcoin cryptocurrency. It is a decentralized network of payment channels first conceptualized in 2014 and its first implementation was released in 2017. Being a fairly new technology, it may have security issues that we do not know of and the goal of this report is to analyse the Lightning Network to further investigate its security properties. The focus of this analysis is on answering whether the confidential data is kept secret and whether the user authenticity holds in the protocol. In the analysis we use the process algebra to formally describe cryptographic protocols that form the Lightning Network and an automatic cryptographic protocol analyser called ProVerif for their analysis.
Download

Paper Nr: 70
Title:

Privacy with Health Information Technologies: What Story Do Data Breaches in US Tell Us?

Authors:

Sylvestre Uwizeyemungu and Placide Poba-Nzaou

Abstract: Over the last decades, health policy makers have encouraged healthcare organizations to leverage health information technology (HIT) for improving the accessibility, the quality, and the efficiency of health service delivery. The adoption of HIT has contributed to the digitization of health data, which has made these data vulnerable to information technology (IT) related security breaches. Based on data published by the US Department of Health and Human Services (DHHS), we analyze the portrait of health data breaches in the USA from 2009 to 2018 in order to figure out whether there are clear patterns of breach that stand out. In addition to descriptive statistics characterizing health data breaches, this study suggests three well-separated patterns of these breaches: (1) breaches mainly related to hacking / IT incident, (2) breaches due to unauthorized access / disclosure, and (3) breaches due to theft. All these patterns of breaches have different implications regarding priorities for health IT security and privacy professionals. However, further investigations with additional data are needed to fully comprehend the phenomenon of health data breaches and their implications in terms of IT security and privacy.
Download

Paper Nr: 75
Title:

Evaluating the Effect of Justification and Confidence Information on User Perception of a Privacy Policy Summarization Tool

Authors:

Vanessa Bracamonte, Seira Hidano, Welderufael B. Tesfay and Shinsaku Kiyomoto

Abstract: Privacy policies are long and cumbersome for users to read. To support understanding of the information contained in privacy policies, automated analysis of textual data can be used to obtain a summary of their content, which can then be presented in a shorter, more usable format. However, these tools are not perfect and users indicate concern about the trustworthiness of their results. Although some of these tools provide information about their performance, the effect if this information has not been investigated. In order to address this, we conducted an experimental study to evaluate whether providing explanatory information such as result confidence and justification influences users’s understanding of the privacy policy content and perception of the tool. The results suggest that presenting a justification of the results, in the form of a policy fragment, can increase intention to use the tool and improve perception of trustworthiness and usefulness. On the other hand, showing only a result confidence percentage did not improve perception of the tool, nor did it help to communicate the possibility of incorrect results. We discuss these results and their implications for the design of privacy policy summarization tools.
Download

Paper Nr: 76
Title:

Harmonized Group Mix for ITS

Authors:

Mirja Nitschke, Christian Roth, Christian Hoyer and Doğan Kesdoğan

Abstract: Vehicle-to-Vehicle (V2V) communication is crucial for almost all future applications in the context of smart traffic, such as autonomous driving. However, while current standards like WAVE provide a technical platform for communication and management, they lack aspects of privacy for their participants. In this paper, we introduce a Harmonized Group Mix (HGM), an architecture suited to exchange information in ITS, compatible with current standards. HGM does not rely on expensive Road-Side-Units (RSUs) or complex organizational relationships to introduce a trust anchor but is built on the concept of peer-to-peer networks. Hence, our proposal does not require any changes to current environments and is eventually easy to deploy in the real world. Our proposed method provides k-anonymity using group signatures and splits trust between multiple parties. At the same time, the integrity of the system is preserved. We evaluate our approach using the simulation framework Veins. Our experiments show that HGM is feasible from a performance and privacy perspective in the given context.
Download

Paper Nr: 90
Title:

A Quantitative Study of Vulnerabilities in the Internet of Medical Things

Authors:

Hervé Debar, Razvan Beuran and Yasuo Tan

Abstract: Medical objects, small or large, increasingly rely on digital technologies to monitor patients or deliver care. They form a part of our digital critical infrastructure, that can be significantly impacted by cyberattacks. For example, the Wannacry ransomware shut down hospitals in Europe for hours, even days. This paper analyzes recent vulnerabilities that have affected medical objects, and present findings related to the characteristics of these vulnerabilities. It will then use these findings to propose ideas for improved cybersecurity in the medical IoT. One of the key findings of the paper is that it demonstrates the effect of regulations enacted worldwide in early 2017, requiring critical infrastructure operators and providers to proactively publish information about vulnerabilities.
Download

Paper Nr: 93
Title:

Speeding Up the Computation of Elliptic Curve Scalar Multiplication based on CRT and DRM

Authors:

Mohammad Anagreh, Eero Vainikko and Peeter Laud

Abstract: In this paper, we study the parallel implementations of elliptic curve scalar multiplication over prime fields using signed binary representations. Our implementation speeds up the calculation of scalar multiplication in comparison with the standard case. We introduce parallel algorithms for computing elliptic curve scalar multiplication based on representing the scalar by the Complementary Recoding Technique (CRT) and the Direct Recording Method (DRM). Both implementations of the proposed algorithms show speed-ups reaching up to 60% in comparison with execution time for sequential cases of the algorithms. We find that ECC-DRM is faster than ECC-CRT in both parallel and sequential counterparts.
Download

Paper Nr: 94
Title:

External Contextual Factors in Information Security Behaviour

Authors:

D. P. Snyman and H. A. Kruger

Abstract: Human behaviour is often considered to be irrational, difficult to understand, and challenging to manage. This phenomenon has a direct impact on the way in which humans behave when confronted with information security which, in turn, complicates how security is to be managed. This research attempts to investigate the role that contextual factors play in how humans behave, specifically with regards to information security. Contextual factors are identified that influence human behaviour in general. These factors are conceptualised in relation to existing models of behaviour and subsequently mapped to information security behaviour. A practical research exercise, relating to information security behaviour, is conducted with a university residence as the contextual environment. The specific contextual factors, and how they relate to information security, are discussed. Information security behavioural threshold analysis is employed to evaluate the impact of the identified contextual factors on the residence’s security behaviour. The results are reflected upon, based on the results from the threshold analysis. The paper concludes by highlighting the contributions that were made towards understanding contextual factors in information security.
Download

Paper Nr: 101
Title:

A Homomorphic Proxy Re-authenticators based Efficient Multi-client Non-interactive Verifiable Computation Scheme

Authors:

Shuaijianni Xu and Liang Feng Zhang

Abstract: In TCC 2013, Choi, Katz, Kumaresan, and Cid introduced a multi-client verifiable computation (MVC) model for outsourcing computations to cloud. MVC allows multiple non-communicating clients to outsource the computation of a function f over a series of joint inputs to a powerful but untrusted cloud server, ensuring that the input of each client will be secret from all the other entities and rejects any incorrect results from the server. They also proposed a construction of MVC, which heavily depends on fully homomorphic encryption (FHE) and garbled circuits (GCs), thus lacks practical relevance. In this paper, we propose a general transformation from the homomorphic proxy re-authenticator (HPRA) of Derler, Ramacher and Slamanig (FC 2017) to MVC. Our MVC schemes will be significantly more efficient, as long as the underlying HPRA is free of FHE and GCs. By applying the transformation to an HPRA scheme of Derler, Ramacher and Slamanig, we obtained an MVC scheme for computing the linear combinations of vectors. Our implementation shows that the new MVC scheme is significantly more efficient, both in terms of client computation and server computation. To our best knowledge, this is the first implementable MVC scheme to date.
Download

Paper Nr: 113
Title:

MedBIoT: Generation of an IoT Botnet Dataset in a Medium-sized IoT Network

Authors:

Alejandro Guerra-Manzanares, Jorge Medina-Galindo, Hayretdin Bahsi and Sven Nõmm

Abstract: The exponential growth of the Internet of Things in conjunction with the traditional lack of security mechanisms and resource constraints associated with these devices have posed new risks and challenges to security in networks. IoT devices are compromised and used as amplification platforms by cyber-attackers, such as DDoS attacks. Machine learning-based intrusion detection systems aim to overcome network security limitations relying heavily on data quantity and quality. In the case of IoT networks these data are scarce and limited to small-sized networks. This research addresses this issue by providing a labelled behavioral IoT data set, which includes normal and actual botnet malicious network traffic, in a medium-sized IoT network infrastructure (83 IoT devices). Three prominent botnet malware are deployed and data from botnet infection, propagation and communication with C&C stages are collected (Mirai, BashLite and Torii). Binary and multi-class machine learning classification models are run on the acquired data demonstrating the suitability and reliability of the generated data set for machine learning-based botnet detection IDS testing, design and deployment. The generated IoT behavioral data set is released publicly available as MedBIoT data set∗.
Download

Short Papers
Paper Nr: 10
Title:

Revisiting Higher-order Computational Attacks against White-box Implementations

Authors:

Houssem Maghrebi and Davide Alessio

Abstract: White-box cryptography was first introduced by Chow et al. in 2002 as a software technique for implementing cryptographic algorithms in a secure way that protects secret keys in an untrusted environment. Ever since, Chow et al.’s design has been subject to the well-known Differential Computation Analysis (DCA). To resist DCA, a natural approach that white-box designers investigated is to apply the common side-channel countermeasures such as masking. In this paper, we suggest applying the well-studied leakage detection methods to assess the security of masked white-box implementations. Then, we extend some well-known side-channel attacks (i.e. the bucketing computation analysis, the mutual information analysis, and the collision attack) to the higher-order case to defeat higher-order masked white-box implementations. To illustrate the effectiveness of these attacks, we perform a practical evaluation against a first-order masked white-box implementation. The obtained results have demonstrated the practicability of these attacks in a real-world scenario.
Download

Paper Nr: 12
Title:

Modeling Cyber Threat Intelligence

Authors:

Siri Bromander, Morton Swimmer, Martin Eian, Geir Skjotskift and Fredrik Borg

Abstract: For a strong, collective defense in the digital domain we need to produce, consume, analyze and share cyber threat intelligence. With an increasing amount of available information, we need automation in order to be effective. We propose a strict data model for cyber threat intelligence which enables consumption of all relevant data, data validation and analysis of consumed content. The main contribution of this paper is the strictness of the data model which enforces input of information and enables automation and deduction of new knowledge.
Download

Paper Nr: 15
Title:

Phishing URL Detection Through Top-level Domain Analysis: A Descriptive Approach

Authors:

Orestis Christou, Nikolaos Pitropakis, Pavlos Papadopoulos, Sean McKeown and William J. Buchanan

Abstract: Phishing is considered to be one of the most prevalent cyber-attacks because of its immense flexibility and alarmingly high success rate. Even with adequate training and high situational awareness, it can still be hard for users to continually be aware of the URL of the website they are visiting. Traditional detection methods rely on blocklists and content analysis, both of which require time-consuming human verification. Thus, there have been attempts focusing on the predictive filtering of such URLs. This study aims to develop a machine-learning model to detect fraudulent URLs which can be used within the Splunk platform. Inspired from similar approaches in the literature, we trained the SVM and Random Forests algorithms using malicious and benign datasets found in the literature and one dataset that we created. We evaluated the algorithms’ performance with precision and recall, reaching up to 85% precision and 87% recall in the case of Random Forests while SVM achieved up to 90% precision and 88% recall using only descriptive features.
Download

Paper Nr: 28
Title:

CoProtect: Collaborative Management of Cryptographic Keys for Data Security in Cloud Systems

Authors:

Lorenzo Bracciale, Pierpaolo Loreti, Emanuele Raso, Maurizio Naldi and Giuseppe Bianchi

Abstract: Cryptography key management system plays a very central role in the cloud data security. Nonetheless, a great part of the current commercial solutions rely on cloud providers that hold both the encrypted data and the related private master key of their served customers in their secure key vaults, having a de-facto total control on their customer digital assets. Conversely, entrusting customer companies for key holding can be dangerous as witnessed by many cases of key loss or theft. In this work we present CoProtect, a novel architecture to protect the cryptography keys in cloud systems that leverage on the cooperation between the cloud provider and the customer company. With such trust model, we present the proposed data management strategy, the key generation and the crypto procedures, and a proof of concept.
Download

Paper Nr: 32
Title:

Bident Structure for Neural Network Model Protection

Authors:

Hsiao-Ying Lin, Chengfang Fang and Jie Shi

Abstract: Deep neural networks are widely deployed in a variety of application areas to provide real-time inference services, such as mobile phones, autonomous vehicles and industrial automation. Deploying trained models in end-user devices rises high demands on protecting models against model stealing attacks. To tackle this concern, applying cryptography algorithms and using trusted execution environments have been proposed. However, both approaches cause significant overhead on inference time. With the support of trusted execution environment, we propose bident-structure networks to protect the neural networks while maintaining inference efficiency. Our main idea is inspired by the secret-sharing concept from cryptography community, where we treat the neural network as the secret to be protected. We prove the feasibility of bident-structure methods by empirical experiments on MNIST. Experimental results also demonstrate that efficiency overhead can be reduced by compressing sub-networks running in trusted execution environments.
Download

Paper Nr: 44
Title:

Securing IoT Devices using Geographic and Continuous Login Blocking: A Honeypot Study

Authors:

Fredrik Heiding, Mohammad-Ali Omer, Andreas Wallström and Robert Lagerström

Abstract: IoT (Internet of Things) devices have grown exponentially in the last years, both in the sheer number of devices and concerning areas of applications being introduced. Together with this rapid development we are faced with an increased need for IoT Security. Devices that have previously been analogue, such as refrigerators, door locks, and cars are now turning digital and are exposed to the threats posed by an Internet connection. This paper investigates how two existing security features (geographic IP Blocking with GeoIP and rate-limited connections with fail2ban) can be used to enhance the security of IoT devices. We analyze the success of each method by comparing units with and without the security features, collecting and comparing data about the received attacks for both kinds. The result shows that the GeoIP security feature can reduce attacks by roughly 93% and fail2ban by up to 99%. Further work in the field is encouraged to validate our findings, create better GeoIP tools, and to better understand the potential of the security techniques at a larger scale. The security features are implemented in aws instances made to simulate IoT devices, and measured with honeypots and IDSs (Intrusion Detection Systems) that collect data from the received attacks. The research is made as a fundamental work to later be extended by implementing the security features in more devices, such as single board computers that will simulate IoT devies even more accurately.
Download

Paper Nr: 47
Title:

CCA Secure Unidirectional PRE with Key Pair in the Standard Model without Pairings

Authors:

Anass Sbai, Cyril Drocourt and Gilles Dequen

Abstract: Secure Data sharing has become an ubiquitous need. One way of pursuing it is to use Proxy Re-Encryption (PRE), which allows delegation of decryption rights selectively. This work tackles the problem of designing a Proxy Re-Encryption that is unidirectional and CCA-secure in the standard model without pairings. In (Zhang et al., 2013) they propose a solution that makes the Cramer-Shoup encryption scheme publicly verifiable and use their result to construct a CCA secure PRE in the standard model. However, we show that their scheme is vulnerable against adaptive chosen ciphertexts attacks. Then we propose a new construction based on Cramer-Shoup crypto-system (Cramer and Shoup, 1998), that is CCA secure without pairings nor random oracle.
Download

Paper Nr: 49
Title:

Email Image Spam Classification based on ResNet Convolutional Neural Network

Authors:

Vít Listík, Jan Šedivý and Václav Hlaváč

Abstract: The problem with email image spam classification is known from the year 2005. There are several approaches to this task. Lately, those approaches use convolutional neural networks (CNN). We propose a novel approach to the image spam classification task. Our approach is based on CNN and transfer learning, namely Resnet v1 used for semantic feature extraction and one layer Feedforward Neural Network for classification. We have shown that this approach can achieve state-of-the-art performance on publicly available datasets. 99% F1- score on two datasets (Dredze et al., 2007), Princeton and 96% F1-score on the combination of these datasets. Due to the availability of GPUs, this approach may be used for just-in-time classification in anti-spam systems handling huge amounts of emails. We have observed also that mentioned publicly available datasets are no longer representative. We overcame this limitation by using a much richer dataset from a one-week long real traffic of the freemail provider Email.cz. The training data annotation was created by user labeling of the emails. The image spam (and image ham even more) tackles privacy issues. We overcame it by publishing extracted feature vectors with associated classes (instead of images itself). This data does not violate privacy issues. We have published Email.cz image spam dataset v1 via the AcademicTorrents platform and propose a system, which achieves up to 96% F1-score with presented model architecture on this novel dataset. Providing our dataset to the community may help others with solving similar tasks.
Download

Paper Nr: 54
Title:

A Practical Approach to Stakeholder-driven Determination of Security Requirements based on the GDPR and Common Criteria

Authors:

Sandra Domenique Zinsmaier, Hanno Langweg and Marcel Waldvogel

Abstract: We propose and apply a requirements engineering approach that focuses on security and privacy properties and takes into account various stakeholder interests. The proposed methodology facilitates the integration of security and privacy by design into the requirements engineering process. Thus, specific, detailed security and privacy requirements can be implemented from the very beginning of a software project. The method is applied to an exemplary application scenario in the logistics industry. The approach includes the application of threat and risk rating methodologies, a technique to derive technical requirements from legal texts, as well as a matching process to avoid duplication and accumulate all essential requirements.
Download

Paper Nr: 55
Title:

Achieving Privacy, Security, and Interoperability among Biometric Networks using Symmetric Encryption

Authors:

Eduardo M. Lacerda Filho and Vinicius P. Gonçalves

Abstract: Privacy, security, and interoperability of biometrics systems are fundamental for any segment of a society that uses it. In this work, we developed a network that uses a symmetric encryption scheme, to ensure the anonymous index data exchange and registration of a person, and an interoperability communication protocol to process identification requests between different biometric systems. Our main contribution is the construction of a non-reversible encryption index that can safely traverse, without decrypting it, the network of connections between different biometric systems with an interoperability and data integrity communication protocol. The advantages of our work are the mitigation of known encryption and network attacks, the creation of a random initialization vector, without sending it over the network, but feasible to be calculated for all the accredited Biometric Service Providers, the increased security of biometric database, that not only relies about templates, and the improvement of IEEE Biometric Open Protocol Standard. The security analysis of the scheme and the results confirm that the network holds anonymity of a person and that it is possible to interoperate this data with an enhanced integrity protocol.
Download

Paper Nr: 65
Title:

The Root Causes of Compromised Accounts at the University

Authors:

Philip Nyblom, Gaute Wangen, Mazaher Kianpour and Grethe Østby

Abstract: Compromised usernames and passwords are a continuous problem that several organizations struggle with even though this is a known problem with known solutions. Passwords remain a problem for the modern University as it struggles to balance the goals of academic openness and availability versus those of modern cybersecurity. Through a case study, this paper researches the root causes of why compromised user accounts are causing incidents at a Scandinavian University. The applied method was root cause analysis combined with a socio-technical analysis to provide insight into the complexity of the problem and to propose solutions. The study used an online questionnaire targeting respondents who had their accounts compromised (N=72) to determine the probable root causes. Furthermore, the socio-technical approach consisted of the Security by Consensus model to analyze how causes interact in the system layers. We constructed a scoring scheme to help determine the plausible root causes of compromise, and here we identified password re-use across multiple sites (41.7%) as the most probable cause of individual compromise, followed by weak passwords (25.0%), malware infections (19.4%) and phishing (9.7%). Furthermore, the socio-technical analysis revealed structural problems, especially at the ethical-cultural and administrative-managerial layers in the organization as the primary root causes.
Download

Paper Nr: 66
Title:

Patients to Mobilize Their Data: Secure and Flexible mHealth Delegation

Authors:

Rafael Almeida, Pedro Vieira-Marques and Ana Ferreira

Abstract: This work describes the development of a prototype of a secure and flexible delegation architecture, to be applied to an mHealth scenario where a mobile app is used for monitoring and coaching asthma patients. The motivation is the fact that mHealth apps are not security prepared and patients still have no trust in using them, on a regular basis. Nonetheless, patients can acknowledge mHealth potential and see the relevance of sharing/delegating health data to others, e.g., healthcare professionals, depending not only on the necessity and security, but also on the level of control they can have over it. This proposal empowers the patient to control, in a flexible, easy and secure way, fine-grained delegation features within a real mHealth setting.
Download

Paper Nr: 68
Title:

Accountant: Protection of Data Integrity and Identification of Malicious Nodes in In-network Data Processing

Authors:

David Jost and Mathias Fischer

Abstract: Data integrity in distributed data sensing and processing platforms or middlewares is an important issue, especially if those platforms are open to anyone. To leverage the resources of participating nodes and to enhance the scalability, nodes can be included in the data processing, e.g., in the aggregation of results. In an open system, it is also likely that some participating nodes are malicious and lie about their sensed values or about the results of data processed by them. Current approaches that preserve data integrity for in-network processing require expensive cryptographic operations. With Accountant we propose a new approach, which requires significantly less computation at the expense of slightly more signalling overhead. Furthermore, our approach cannot only preserve data integrity, but also allows to identify malicious nodes. For that, Accountant uses multiple inner node-disjoint trees for data dissemination and hash trees for preserving the data integrity. We compare it to existing solutions, showing that with only minor additional messaging overhead, Accountant can protect the data integrity and can identify attackers at the same time.
Download

Paper Nr: 80
Title:

Systematization of Threats and Requirements for Private Messaging with Untrusted Servers: The Case of e-Mailing and Instant Messaging

Authors:

Iraklis Symeonidis and Gabriele Lenzini

Abstract: Modern email and instant messaging applications often offer private communications. In doing so, they share common concerns about how security and privacy can be compromised, how they should face similar threats, and how to comply with comparable system requirements. Assuming a scenario where servers may not be trusted, we review and analyze a list of threats specifically against message delivering, archiving, and contact synchronization. We also describe a list of requirements intended for whom undertakes the task of implementing secure and private messaging. The cryptographic solutions available to mitigate the threats and to comply with the requirements may differ, as the two applications are built on different assumptions and technologies.
Download

Paper Nr: 81
Title:

An Analytical Scanning Technique to Detect and Prevent the Transformed SQL Injection and XSS Attacks

Authors:

Mohammad Qbea’h, Saed Alrabaee and Djedjiga Mouheb

Abstract: Among the most critical and dangerous attacks is the one that exploits Base64 or Hex encoding technique in SQL Injection (SQLIA) and Cross Site Scripting (XSS) attacks, instead of using plain text. This technique is widely used in most dangerous attacks because it evades detection. Therefore, it is possible to bypass many filters such as IDS, without taking into account the transformation methodologies of the symbols and characters. Moreover, it reserves the same semantics with different syntax. Attackers can exploit this serious technique to reach unseen data and gain valuable benefits. To the best of our knowledge, this paper presents the first technique that focuses on detecting and preventing transformed SQLIA and XSS from Base64 and Hex encoding. We perform scanning and analyzing methods by targeting two places: (i) Input boxes and (ii) Strings in page URLs. Then, we decode the inputs and compare them with our stored suspicious tokens. Finally, we perform string matching and mutation mechanisms to revoke the activity of malicious inputs. We have evaluated our technique and the results showed that it is capable to detect and prevent this transformed attack.
Download

Paper Nr: 85
Title:

Presence Metadata in the Internet of Things: Challenges and Opportunities

Authors:

Robert Hegarty and John Haggerty

Abstract: The Internet of Things is an emerging computing paradigm that promises to revolutionise society. The widespread capture and aggregation of data from sensors and smart devices combined with processing using machine learning in cloud computing platforms provides unrivalled insights into our environment. In addition to the numerous benefits (smart healthcare, cities, transportation, etc.) such insights potentially jeopardise the privacy of individuals, organisations, and society as whole. This is despite UK and EU regulations attempting to mitigate the risk of individuals’ data exposure and the impact of it on their security. To demonstrate the exploitation of metadata and its threat to privacy, this paper presents Meta-Blue, a Bluetooth Low Energy metadata capture, analysis, and visualisation tool. The results of a case study are combined with an overview of literature on IoT privacy to provide a holistic overview of the challenges and opportunities presented by IoT metadata.
Download

Paper Nr: 86
Title:

A Study of Classification of Texts into Categories of Cybersecurity Incident and Attack with Topic Models

Authors:

Masahiro Ishii, Satoshi Matsuura, Kento Mori, Masahiko Tomoishi, Yong Jin and Yoshiaki Kitaguchi

Abstract: To improve and automate cybersecurity incident handling in security operations centers (SOCs) and computer emergency response teams (CERTs), security intelligences extracted from various internal and external sources, including incident response playbooks, incident reports in each SOCs and CERTs, the National Vulnerability Database, and social media, must be utilized. In this paper, we apply various topic models to classify text related to cybersecurity intelligence and incidents according to topics derived from incidents and cyber attacks. We analyze cybersecurity incident reports and related text in our CERT and security blog posts using naive latent Dirichlet allocation (LDA), seeded LDA, and labeled LDA topic models. Labeling text based on designated categories is difficult and time-consuming. Training the seeded model does not require text to be labeled; instead, seed words are given to allow the model to infer topic-word and document-topic distributions for the text. We show that a seeded topic model can be used to extract and classify intelligence in our CERT, and we infer text more precisely compared with a supervised topic model.
Download

Paper Nr: 89
Title:

New General Secret Sharing Scheme using Hierarchical Threshold Scheme: Improvement of Information Rates for Specified Participants

Authors:

Kouya Tochikubo

Abstract: In 2015, a new secret sharing scheme realizing general access structures was proposed (T15). This scheme is based on authorized subsets and the first scheme that can reduce the number of shares distributed to specified participants. Reducing the numbers of shares distributed to specified participants is quite useful in secret sharing schemes. However, this scheme needs to use many secret sharing schemes to obtain shares. In this paper, we propose a new secret sharing scheme realizing general access structures. The proposed scheme can reduce the number of secret sharing schemes to obtain shares by using Tassa’s (k,n)-hierarchical threshold scheme instead of Shamir’s (k,n)-threshold scheme. Thus, the proposed scheme is more efficient than the scheme A of T15 from the viewpoint of the number of secret sharing schemes to obtain shares.
Download

Paper Nr: 95
Title:

Greater Control and Transparency in Personal Data Processing

Authors:

Giray Havur, Miel Vander Sande and Sabrina Kirrane

Abstract: Although the European General Data Protection Regulation affords data subjects more control over how their personal data is stored and processed, there is a need for technical solutions to support these legal rights. In this position paper we assess the level of control, transparency and compliance offered by three different approaches (i.e., defacto standard, SPECIAL, Solid). We propose a layered decentralised architecture based on combining SPECIAL and Solid. Finally, we introduce our usage control framework, which we use to compare and contrast the level of control and compliance offered by the four different approaches.
Download

Paper Nr: 98
Title:

Introducing a Verified Authenticated Key Exchange Protocol over Voice Channels for Secure Voice Communication

Authors:

Piotr Krasnowski, Jerome Lebrun and Bruno Martin

Abstract: Increasing need for secure voice communication is leading to new ideas for securing voice transmission. This work relates to a relatively new concept of sending encrypted speech as pseudo-speech in audio domain over existing civilian voice communication infrastructure, like 2G-4G networks and VoIP. Such a setting is more universal compared to military “Crypto Phones” and can be opened for public evaluation. Nevertheless, secure communication requires a prior exchange of cryptographic keys over voice channels, without reliance on any Public Key Infrastructure (PKI). This work presents the first formally verified and authenticated key exchange (AKE) over voice channels for secure military-grade voice communications. It describes the operational principles of the novel communication system and enlists its security requirements. The voice channel characteristics in the context of AKE protocol execution is thoroughly explained, with a strong emphasis on differences to classical store-and-forward data channels. Namely a robust protocol has been designed specifically for voice channels with double authentication based on signatures and Short Authentication Strings (SAS). The protocol is detailed and analyzed in terms of fundamental security properties and successfuly verified in a symbolic model using Tamarin Prover.
Download

Paper Nr: 100
Title:

Legislation and the Negative Impact on Cybersecurity in Healthcare

Authors:

Jesse Daniels and Sajal Bhatia

Abstract: Healthcare is a rapidly growing industry that is continuously expanding with technological advances. Similar to many other critical industries, healthcare faces an onslaught of daily cybersecurity challenges, however is largely at a disadvantage due to outdated and antiquated legislation. As of 2019, no legislation or regulatory body in healthcare adequately cover the needs of cybersecurity. However, regulations have forced healthcare to deploy technology at an expansive rate as well as having them deploy FDA, a regulatory body, approved medical devices from the assembly line that are inherently insecure. By looking at reported incidents, the authors will examine modifications to legislation in healthcare and the impact on cybersecurity-related events facing the organizational vertical. Legislation such as the Ethics in Patient Referrals Act of 1989 adversely impacts healthcare as cybersecurity is not considered a “service,” and as such, cannot be shared between two healthcare organizations. By bringing light to the inadequacies of cybersecurity in legislation and regulation of the United States healthcare system, the paper aim to bring cybersecurity to the forefront of future legislation and regulation.
Download

Paper Nr: 109
Title:

Recommender Systems Robust to Data Poisoning using Trim Learning

Authors:

Seira Hidano and Shinsaku Kiyomoto

Abstract: Recommender systems have been widely utilized in various e-commerce systems for improving user experience. However, since security threats, such as fake reviews and fake ratings, are becoming apparent, users are beginning to have their doubts about trust of such systems. The data poisoning attack is one of representative attacks for recommender systems. While acting as a legitimate user on the system, the adversary attempts to manipulate recommended items using fake ratings. Although several defense methods also have been proposed, most of them require prior knowledge on real and/or fake ratings. We thus propose recommender systems robust to data poisoning without any knowledge.
Download

Paper Nr: 115
Title:

Tool Support for Risk-driven Planning of Trustworthy Smart IoT Systems within DevOps

Authors:

Andreas Thompson and Gencer Erdogan

Abstract: There is a serious lack of support for trustworthy smart IoT systems within DevOps. Security and privacy are often overlooked in DevOps cultures and almost absent in the context of IoT. In this paper, we focus on the planning stage of DevOps and propose a tool-supported method for risk-driven planning considering security and privacy risks. Our method consists of five steps: establish context, analyse dataflow, model privacy and security risk, develop risk assessment algorithm based on risk model, and execute risk assessment algorithm. Our tool supports this method in the first and the last step and facilitates dynamic risk assessment based on input provided by the user or collected from the monitoring stage into predefined risk models. The output of the tool is a risk assessment which the end users, e.g. developers, can use as decision support to prioritize certain parts of the target under analysis in the next cycle of DevOps. The tool and the method are evaluated in a real-world smart home case. Our initial evaluation indicates that the approach is comprehensible for our intended users, supports the planning stage in terms of security and privacy risk assessment, and feasible for use in the DevOps practice.
Download

Paper Nr: 117
Title:

Methodology and Feedback about Systematic Cybersecurity Experts Auditing in Belgium

Authors:

Christophe Ponsard, Jeremy Grandclaudon and Nicolas Point

Abstract: Increasing the maturity of SMEs with respect to cybersecurity threats is crucial as they are less prepared and less resilient. They are also increasingly exposed and targeted by malicious actors. Providing support means ensuring an effective ecosystem is available to help companies all along the process. Resources have to be available, from raising awareness to performing audit, increasing protection and building response capabilities. In this paper, we report about the progress achieved after one year of deployment of a Belgian cybersecurity initiative focusing on SMEs. An important goal is to make sure minimal requirements will be checked and enforced by cybersecurity experts while letting them use their own methodology. We explain how the expertise is validated using an evaluation grid based on the NIST Cybersecurity framework and CIS 20 criteria directly reflecting protection priorities for SMEs. We also highlight some interesting characteristics and lessons learned in our data set of 25 experts evaluated so far.
Download

Paper Nr: 2
Title:

Security of Digital Banking Systems in Poland: Users Study 2019

Authors:

Wojciech Wodo and Damian Stygar

Abstract: Our aim of this study was to discover believes, behaviors, thoughts and habits of digital banking users in Poland, we wanted to understand their motivation and drivers while using electronic and mobile financial services. Thanks to using Design Thinking research methodology we empathized users deeply and defined personas - representing user groups of common features and way of thinking and acting. Our desk research and users interview resulted in the identification of a number of aspects of e-banking, that can/should be taken into consideration by its users and, possibly, providers in order to assess the security of the service from the perspective of usability. We have interviewed 62 people in Poland (age span 16-72, different professions and familiarity level with e-banking solutions) in a form of qualitative study – in-depth survey (one hour per person) and discussed security issues with several Polish banks representatives. This paper is essence extract of full research conducted in this area. It presents and summarises the main assumptions and results.
Download

Paper Nr: 4
Title:

Comparison of the Paillier and ElGamal Cryptosystems for Smart Grid Aggregation Protocols

Authors:

Fabian Knirsch, Andreas Unterweger, Maximilian Unterrainer and Dominik Engel

Abstract: Many smart grid applications require the collection of fine-grained load data from customers. In order to protect customer privacy, secure aggregation protocols have been proposed that aggregate data spatially without allowing the aggregator to learn individual load data. Many of these protocols build on the Paillier cryptosystem and its additively homomorphic property. Existing works provide little or no justification for the choice of this cryptosystem and there is no direct performance comparison to other schemes that allow for an additively homomorphic property. In this paper, we compare the ElGamal cryptosystem with the established Paillier cryptosystem, both, conceptually and in terms of runtime, specifically for the use in privacy-preserving aggregation protocols. We find that, in the ElGamal cryptosystem, when made additively homomorphic, the runtime for encryption and decryption is distributed more asymmetrically between the smart meter and the aggregator than it is in the Paillier cryptosystem. This better reflects the setup typically found in smart grid environments, where encryption is performed on low-powered smart meters and decryption is usually performed on powerful machines. Thus, the ElGamal cryptosystem is a better, albeit overlooked, choice for secure aggregation protocols.
Download

Paper Nr: 7
Title:

Privacy-preserving Surveillance Methods using Homomorphic Encryption

Authors:

William Bowditch, Will Abramson, William J. Buchanan, Nikolaos Pitropakis and Adam J. Hall

Abstract: Data analysis and machine learning methods often involve the processing of cleartext data, and where this could breach the rights to privacy. Increasingly, we must use encryption to protect all states of the data: in-transit, at-rest, and in-memory. While tunnelling and symmetric key encryption are often used to protect data in-transit and at-rest, our major challenge is to protect data within memory, while still retaining its value. Homomorphic encryption, thus, could have a major role in protecting the rights to privacy, while providing ways to learn from captured data. Our work presents a novel use case and evaluation of the usage of homomorphic encryption and machine learning for privacy respecting state surveillance.
Download

Paper Nr: 8
Title:

Maturity Modelling to Prepare for Cyber Crisis Escalation and Management

Authors:

Grethe Østby and Basel Katt

Abstract: The aim of this study is to evaluate a newly developed maturity escalation model, that is based on ISO 27005 and ISO 27035 standards. The evaluation is done by applying the model to assess the maturity escalation level of an organization in the healthcare domain in Norway, which is called the Inland Hospital Trust. In this study, we applied several theories, including escalation management modelling. After using and analysing the maturity model in the healthcare organization context, we identified drawbacks of the current maturity escalation model, and suggest improvements.
Download

Paper Nr: 9
Title:

Translating Data Protection into Software Requirements

Authors:

Ralf Kneuper

Abstract: With the growth of data processing and digitalisation in many environments, data protection is also growing more and more important. This is for example reflected by the General Data Protection Regulation (GDPR) which came into effect in May 2018 and defines what organisations need to do to protect individuals and their personal data. This paper provides a summary of the main data protection concepts, using GDPR as an example, and from these derives the resulting software requirements that apply to software systems which process private data within the European Union (and to some extent beyond). This way, the paper supports software developers as well as requirements analysts in their task of identifying and defining the data protection requirements, even though they will have to be adapted and additional detail provided for any specific case.
Download

Paper Nr: 13
Title:

Integration of Data Envelopment Analysis in Business Process Models: A Novel Approach to Measure Information Security

Authors:

Agnes Åkerlund and Christine Große

Abstract: This article explores the question of how to measure information security. Organisational information security is difficult to evaluate in this complex area because it includes numerous factors. The human factor has been acknowledged as one of the most challenging factors to consider in the field of information security. This study models the application of data envelopment analysis to business processes in order to facilitate the evaluation of information security that includes human factors. In addition to the model, this study demonstrates that data envelopment analysis provides an efficiency measure to assess the information security level of a business process. The novel approach that is proposed in this paper is exemplified with the aid of three fictive processes. The Business Process Model and Notation has been used to map the processes because it facilitates the visualisation of human interactions in processes and the form of the processed information. The combination of data envelopment analysis with process modelling and analyses of process deficiencies and threats to information security enables the evaluation of information security to include human factors in the analyses. Moreover, it provides a measure to benchmark information security in organisational processes.
Download

Paper Nr: 16
Title:

An Approach to Secure Legacy Software Systems

Authors:

Stefanie Jasser and Jonas Kelbert

Abstract: When analyzing legacy software for security huge result lists may be generated. These lists may contain more than 1,000,000 potential vulnerabilities. In this paper, we propose an approach to secure such legacy systems: we define a process to systematically assess and process potential vulnerabilities using contextual system knowledge. The process is complemented with tool-supported technical measures to actually mitigate the vulnerabilities and code injection. The approach allows to efficiently repair vulnerabilities in legacy systems while ensuring system availability for critical systems using a safe go-live technique. We evaluate our approach by an industrial case study to show the applicability and flexibility of our code security cleansing approach.
Download

Paper Nr: 17
Title:

Is Ethereum’s ProgPoW ASIC Resistant?

Authors:

Jason Orender, Ravi Mukkamala and Mohammad Zubair

Abstract: Cryptocurrencies are more than a decade old and several issues have been discovered since their then. One of these issues is a partial negation of the intent to “democratize” money by decentralizing control of the infrastructure that creates, transmits, and stores monetary data. The Programmatic Proof of Work (ProgPoW) algorithm is intended as a possible solution to this problem for the Ethereum cryptocurrency. This paper examines ProgPow’s claim to be Application Specific Integrated Circuit (ASIC) resistant. This is achieved by isolating the proof-of-work code from the Ethereum blockchain, inserting the ProgPoW algorithm, and measuring the performance of the new implementation as a multithread CPU program, as well as a GPU implementation. The most remarkable difference between the ProgPoW algorithm and the currently implemented Ethereum Proof-of Work is the addition of a random sequence of math operations in the main loop that require increased memory bandwidth. Analyzing and comparing the performance of the CPU and GPU implementations should provide an insight into how the ProgPoW algorithm might perform on an ASIC.
Download

Paper Nr: 18
Title:

Exploring Vulnerabilities in Solidity Smart Contract

Authors:

Phitchayaphong Tantikul and Sudsanguan Ngamsuriyaroj

Abstract: A smart contract is a decentralized program executed automatically, reliably, and transparently on a blockchain. It is now commonly used in financial-related applications, which require heavily secure operations and transactions. However, like other programs, smart contracts might contain some flaws. Thus, developers are encouraged to write secure smart contracts, and some approaches are proposed to detect vulnerabilities of smart contracts before deployment. Due to the immutability property of a blockchain, developers cannot modify the smart contract even though there is a vulnerability which may cause financial losses. In this paper, we propose the comparison of vulnerability detection tools to deployed smart contracts on the Ethereum blockchain. We also present the analysis of the state of vulnerabilities in smart contracts as well as their characteristics.
Download

Paper Nr: 20
Title:

Quantifying the Significance of Cybersecurity Text through Semantic Similarity and Named Entity Recognition

Authors:

Otgonpurev Mendsaikhan, Hirokazu Hasegawa, Yamaguchi Yukiko and Hajime Shimada

Abstract: In order to proactively mitigate the risks of cybersecurity, security analysts have to continuously monitor threat information sources. However, the sheer amount of textual information that needs to be processed is overwhelming and requires a great deal of mundane labor. We propose a novel approach to automate this process by analyzing the text document using semantic similarity and Named Entity Recognition (NER) methods. The semantic representation of the given text has been compared with pre-defined “significant” text and, by using a NER model, the assets relevant to the organization are identified. The analysis results then act as features of the linear classifier to generate the significance score. The experimental result shows that the overall system could determine the significance of the text with 78% accuracy.
Download

Paper Nr: 21
Title:

A Comparison of Blockchain-based PKI Implementations

Authors:

Clemens Brunner, Fabian Knirsch, Andreas Unterweger and Dominik Engel

Abstract: Blockchain technology has recently been proposed by many authors for decentralized key management in the context of Public Key Infrastructures (PKIs). Instead of relying on trusted key servers – centralized or decentralized –, the confirmation and revocation of keys is distributed over a multitude of participants. A pletheora of implementations exist, all of which rely on different properties of blockchains. In this paper, we motivate the most relevant properties of blockchains as well as PKI and how they are linked. Furthermore, we provide an overview of state-of-the-art blockchain-based PKI implementations and compare them with respect to these properties. While all analyzed implementations fullfil the basic requirements of PKIs, we find that (i) privacy is very often neglected; and (ii) only a small subset is evaluated with respect to both, complexity and cost. In order to provide a guideline for future blockchain-based PKI implementations, we conclude with a set of recommendations based on our findings.
Download

Paper Nr: 23
Title:

A Domain-specific Modeling Framework for Attack Surface Modeling

Authors:

Tithnara Nicolas Sun, Bastien Drouot, Fahad R. Golra, Joël Champeau, Sylvain Guerin, Luka Le Roux, Raúl Mazo, Ciprian Teodorov, Lionel Van Aertryck and Bernard L’Hostis

Abstract: Cybersecurity is becoming vital as industries are gradually moving from automating physical processes to a higher level automation using cyber physical systems (CPS) and internet of things (IoT). In this context, security is becoming a continuous process that runs in parallel to other processes during the complete life cycle of a system. Traditional threat analysis methods use design models alongside threat models as an input for security analysis, hence missing the life-cycle-based dynamicity required by the security concern. In this paper, we argue for an attacker-aware systems modeling language that exposes the systems attack surfaces. For this purpose, we have designed Pimca, a domain specific modeling language geared towards capturing the attacker point of view of the system. This study introduces the formalism along with the Pimca workbench, a framework designed to ease the development and manipulation of the Pimca models. Finally, we present two relevant use cases, serving as a preliminary validation of our approach.
Download

Paper Nr: 25
Title:

Visualizing Syscalls using Self-organizing Maps for System Intrusion Detection

Authors:

Max Landauer, Florian Skopik, Markus Wurzenberger, Wolfgang Hotwagner and Andreas Rauber

Abstract: Monitoring syscall logs provides a detailed view on almost all processes running on a system. Existing approaches therefore analyze sequences of executed syscall types for system behavior modeling and anomaly detection in cyber security. However, failures and attacks that do not manifest themselves as type sequences violations remain undetected. In this paper we therefore propose to incorporate syscall parameter values with the objective of enriching analysis and detection with execution context information. Our approach thereby first selects and encodes syscall log parameters and then visualizes the resulting high-dimensional data using self-organizing maps to enable complex analysis. We thereby display syscall occurrence frequencies and transitions of consecutively executed syscalls. We employ a sliding window approach to detect changes of the system behavior as anomalies in the SOM mappings. In addition, we use SOMs to cluster aggregated syscall data for classification of normal and anomalous system behavior states. Finally, we validate our approach on a real syscall data set collected from an Apache web server. Our experiments show that all injected attacks are represented as changes in the SOMs, thus enabling visual or semi-automatic anomaly detection.
Download

Paper Nr: 29
Title:

Threat Modeling and Attack Simulations of Smart Cities: A Literature Review and Explorative Study

Authors:

Robert Lagerström, Wenjun Xiong and Mathias Ekstedt

Abstract: Digitization has made enterprises and inter-enterprise organizations (e.g. smart cities) increasingly vulnerable to cyber attacks. Malicious actors compromising computers can have potential damage and disruptions. To mitigate cyber threats, the first thing is to identify vulnerabilities, which is difficult as it requires (i) a detailed understanding of the inter-enterprise architecture, and (ii) significant security expertise. Threat modeling supports (i) by documenting the design of the system architecture, and attack simulation supports (ii) by automating the identification of vulnerabilities. This paper presents a systematic literature review and provides a research outlook for threat modeling and attack simulations of smart cities. The results show that little research has been done in this area, and promising approaches are being developed.
Download

Paper Nr: 34
Title:

Risk Identification: From Requirements to Threat Models

Authors:

Roman Wirtz and Maritta Heisel

Abstract: Security is a key factor for providing high-quality software. In the last few years, a significant number of security incidents has been reported. Considering scenarios that may lead to such incidents right from the beginning of software development, i.e. during requirements engineering, reduces the likelihood of such incidents significantly. Furthermore, the early consideration of security reduces development effort since identified scenarios do not need to be fixed in later stages of the development lifecycle. Currently, the identification of possible incident scenarios requires high expertise from security engineers and is often performed in brainstorming sessions. Those sessions often lack a systematic process which can lead to overlooking relevant aspects. Our aim is to bring together security engineers and requirements engineers. In this paper, we propose a systematic, tool-based and model-based method to identify incident scenarios based on functional requirements by following the principle of security-by-design. Our method consists of two parts: First, we enhance the initial requirements model with necessary domain knowledge, and second we systematically collect relevant scenarios and further refine them. For all steps, we provide validation conditions to detect errors as early as possible when carrying out the method. The final outcome of our method is a CORAS threat model that contains the identified scenarios in relation with the requirements model.
Download

Paper Nr: 35
Title:

A Systematic Approach toward Extracting Technically Enforceable Policies from Data Usage Control Requirements

Authors:

Arghavan Hosseinzadeh, Andreas Eitel and Christian Jung

Abstract: Solutions for data sovereignty are in high demand as companies are willing to exchange their data in decentralized infrastructures. Data sovereignty is tightly coupled with data security and therefore, with data usage control policy specification. In this paper, we propose an approach to facilitate the processes of policy specification by data owners, policy transformation from a technology-independent to a technology-dependent language, and policy negotiation between the parties who exchange their data. We extracted an enterprise-relevant set of policy classes from the parties’ security requirements in order to implement an editor that supports users in creating their machine-readable policies. Then, we developed an algorithm that benefits from the policy classes and constructs technology-dependent security policy instances. In addition, we proposed a policy negotiation approach which is based on the parameters of the extracted policy classes.
Download

Paper Nr: 38
Title:

Computer Viruses: The Abstract Theory Revisited

Authors:

Nikolai Gladychev

Abstract: Identifying new viral threats, and developing long term defences against current and future computer viruses, requires an understanding of their behaviour, structure and capabilities. This paper aims to advance this understanding by further developing the abstract theory of computer viruses. A method of providing abstract definitions for classes of viruses is presented in this paper, which addresses inadequacies of previous techniques. Formal definitions for some classes of viruses are then provided, which correspond to existing informal definitions. The use of the proposed method in studying the fundamental properties of computer viruses is discussed.
Download

Paper Nr: 40
Title:

Revisiting Privacy-aware Blockchain Public Key Infrastructure

Authors:

Paul Plessing and Olamide Omolola

Abstract: Privacy-aware Blockchain Public Key Infrastructure (PB-PKI) is a recent proposal by Louise Axon (2017) to create a privacy-preserving Public Key Infrastructure on the Blockchain. However, PB-PKI suffers from operational problems. We found that the most important change, i.e., the key update process proposed in PB-PKI for privacy is broken. Other issues include authenticating a user during key update and ensuring proper key revocation. In this paper, we provide solutions to the problems of PB-PKI. We suggest generating fresh keys during key update. Furthermore, we use ring signatures for authenticating the user requesting key updates and use Asynchronous accumulators to handle the deletion of revoked keys. We show that the approach is feasible and implement a proof of concept.
Download

Paper Nr: 45
Title:

Active Directory Kerberoasting Attack: Monitoring and Detection Techniques

Authors:

Lukáš Kotlaba, Simona Buchovecká and Róbert Lórencz

Abstract: The paper focus is the detection of Kerberoasting attack in Active Directory environment. The purpose of the attack is to extract service accounts’ passwords without need for any special user access rights or privilege escalation, which makes it suitable for initial phases of network compromise and further pivot for more interesting accounts. The main goal of the paper is to discuss the monitoring possibilities, setting up detection rules built on top of native Active Directory auditing capabilities, including possible ways to minimize false positive alerts.
Download

Paper Nr: 48
Title:

Using Eyetracker to Find Ways to Mitigate Ransomware

Authors:

Budi Arief, Andy Periam, Orcun Cetin and Julio Hernandez-Castro

Abstract: Ransomware is a form of malware designed to prevent access to data by either locking out the victims from their system or encrypting some or all of their files until a ransom has been paid to the attacker. Victims would know that they had been hit by ransomware because a ransom demand (splash screen) would be displayed on their compromised device. This study aims to identify key user interface features of ransomware splash screens and see how these features affect victims’ likelihood to pay, and how this information may be used to create more effective countermeasures to mitigate the threat of ransomware. We devised an experiment that contained three broad types of splash screens (Text, Time-Sensitive Counter, and Other). A total of nine splash screens were shown to each participant, from which data on the participants’ eye behaviour were collected. After each splash screen, participants were also asked a set of questions that would help describe their experience and be cross-referenced with the eye tracking data to aid analysis. Our experiment collected quantitative eye tracker data and qualitative data regarding willingness to pay from 25 participants. Several key components of the splash screens such as the text, logo, images, and technical information were analysed. Comments from the participants on whether they would pay the ransom or not, and the reasons behind their decision were also recorded. We found that there is no clear indication that one type of splash screen would have a higher chance of success with regard to ransom payment. Our study revealed that there are some characteristics in splash screens that would strongly discourage some victims from paying. Further investigation will be carried out in this direction, in order to design and develop more effective countermeasures to ransomware.
Download

Paper Nr: 53
Title:

Evaluation to Classify Ransomware Variants based on Correlations between APIs

Authors:

Jiaxing Zhou, Miyuki Hirose, Yoshio Kakizaki and Atsuo Inomata

Abstract: Research into ransomware subspecies classification is ongoing in many organizations, but it is proving difficult to extract feature quantities from specimens and the accuracy achieved thus far remains unsatisfactory. In this paper, we propose a method to classify subspecies that using the correlation coefficient between API groups calculated by Application Programming Interfaces (API) frequencies as the Support Vector Machines’ (SVM) feature quantities. The motivation for using the correlation coefficient between API groups as the feature quantity is that different ransomware families have different behavior patterns that can be reflected by the correlation between API groups. Based on the results of an evaluation experiment, we found that the accuracy of the proposed method was 98%, proving that the subspecies were classified correctly. Otherwise, it is determined that the contribution of each API for classifying ransomware families is different via analysis of the contribution of API.
Download

Paper Nr: 58
Title:

Improving Accuracy and Speed of Network-based Intrusion Detection using Gradient Boosting Trees

Authors:

Ryosuke Terado and Morihiro Hayashida

Abstract: As computers become more widespread, they are exposed to threats such as cyber-attacks. In recent years, attacks have gradually changed, and security software’s must be frequently updated. Network-based intrusion detection systems (NIDSs) have been developed for detecting such attacks. It, however, is difficult to detect unknown attacks by the signature-based NIDS that decides whether or not an access is malicious based on known attacks. We aim at developing a methodology to efficiently detect new unidentified attacks by constructing a model from latest access records. Kyoto 2016 dataset was constructed for the evaluation of such methods, and machine learning methods including random forest (RF) were applied to the dataset. In this paper, we examine a deep neural network and gradient boosting tree methods additionally for session data with twelve features excluding IP addresses and port numbers on Kyoto 2016 dataset. The average accuracy by a gradient boosting method XGBoost achieved 0.9622 more than five times faster than RF. The results suggest that XGBoost outperforms other machine learning classifiers, and the elapsed time for the classification is significantly shorter.
Download

Paper Nr: 59
Title:

Anomaly Detection in Communication Networks of Cyber-physical Systems using Cross-over Data Compression

Authors:

Hubert Schölnast, Paul Tavolato and Philipp Kreimel

Abstract: Anomaly detection in operational communication data of cyber-physical systems is an important part of any monitoring activity in such systems. This paper suggests a new method of anomaly detection named crossover data compression (CDC). The method belongs to the group of information theoretic approaches and is based on the notion of Kullback-Leibler Divergence. Data blocks are compressed by a Sequitur-like algorithm and the resulting grammars describing the compression are applied cross-over to the all the other data blocks. Divergences are calculated from the length of the different compressions and the mean values of these divergences are used to classify the data in normal and anomalous. The paper describes the method in detail and shows the results derived from a real-world example (communication data from a substation).
Download

Paper Nr: 60
Title:

Privacy-preserving Measures in Smart City Video Surveillance Systems

Authors:

Shizra Sultan and Christian D. Jensen

Abstract: Smart city video surveillance systems collect data from all around the city, and this aggregated data is used by several entities for achieving different city administrative tasks such as ensuring public safety and traffic management, to provide citizens with better services. This data, when combined with other smart city data sources, can reveal sensitive information about individuals, which if not used carefully can spawn grave privacy breach. In order to extract useful information from surveillance data without causing privacy invasion, it is important to see how, where and what information is collected about individuals, and how it is further used for said purposes.
Download

Paper Nr: 62
Title:

Homomorphic Encryption at Work for Private Analysis of Security Logs

Authors:

Aymen Boudguiga, Oana Stan, Hichem Sedjelmaci and Sergiu Carpov

Abstract: One important component of incident handling in cyber-security is log management. In practice, different software and/or hardware components of a system such as Intrusion Detection Systems (IDS) or firewalls analyze network traffic and log suspicious events or activities. These logs are timestamped, gathered by a log collector and centralized within a log analyzer. Security Incidents and Events Management (SIEM) system is an example of a such log analysis tool. SIEM can be a dedicated network device or a Cloud service offered by a security services provider. Providing SIEM as a cloud service raises privacy issues as logs contain confidential information that must not be disclosed to third parties. In this work, we investigate the possible use of homomorphic encryption to provide a privacy preserving log management architecture. We explain how SIEM can be adapted to treat encrypted logs. In addition, we evaluate the homomorphic classification of IDS alerts from NSL-KDD set with an SVM linear model.
Download

Paper Nr: 63
Title:

Radical Text Detection based on Stylometry

Authors:

Álvaro de Pablo, Óscar Araque and Carlos A. Iglesias

Abstract: The Internet has become an effective tool for terrorist and radical groups to spread their propaganda. One of the current problems is to detect these radical messages in order to block them or promote counter-narratives. In this work, we propose the use of stylometric methods for characterizing radical messages. We have used a machine learning approach to classify radical texts based on a corpus of news from radical sources such as the so-called ISIS online magazines Dabiq and Rumiyah, as well as news from general newspapers. The results show that stylometric features are effective for radical text classification.
Download

Paper Nr: 64
Title:

On Analyzing Third-party Tracking via Machine Learning

Authors:

Alfonso Guarino, Delfina Malandrino, Rocco Zaccagnino, Federico Cozza and Antonio Rapuano

Abstract: Nowadays, websites rely on services provided by third party sites to track users and offer personalized experiences. However, this practice threatens the privacy of individuals through the use of valuable information to create a digital personal profile. The existing client-side countermeasures to protect privacy, exhibit performance issues, mainly due to the use of blacklisting mechanisms (list of resources to be filtered out). In this paper, we study the use of machine learning methods to classify the thirdy-party privacy intrusive resources (trackers). To this end, we first downloaded (browsing Alexa’s Top 10 websites for each category like sports, shopping etc.) a dataset of 1000 web resources split into functional and tracking, and then we identified suitable metrics to distinguish between the two classes. In order to evaluate the effectiveness of the proposed metrics we have compared the performances of several machine learning models based on supervised learning among the most used in literature. As a result, we obtained that the Random Forest can classify functional and tracking resources with an accuracy of 91%.
Download

Paper Nr: 74
Title:

Building Competitive Advantage from Ubuntu: An African Information Security Awareness Model

Authors:

Tapiwa Gundu and Nthabiseng Modiba

Abstract: Research shows an increase in information security threats originating from the human element. These threats are being aggravated by organizations continuing to only invest in technical controls like antivirus and firewall technologies to guard cyber assets. However, a well-planned information security awareness campaign can potentially alter the employees’ behaviour towards security. The body of knowledge is continuously growing within the information security space, yet it seems that there is a lack of supporting theories or models for the African context. This paper argues that African information security awareness and compliance initiatives can only be addressed effectively by the consideration that an African employee is not a solitary agent but actually a member of the wider community. The purpose of this study is to propose and validate a model for information security awareness and compliance that builds its competitive advantage from the Ubuntu philosophy.
Download

Paper Nr: 77
Title:

A Curious Exploration of Malicious PDF Documents

Authors:

Julian Lindenhofer, Rene Offenthaler and Martin Pirker

Abstract: The storage, modification and exchange of digital information are core processes in our internet connected world. Common document formats enable this digital information infrastructure. More specifically, the widely used PDF document format is a commodity container for digital information. Although PDF files are a well established format, users may not know that they contain not only simple textual information, but can also embed pieces of program code, sometimes malicious code. This paper explores the capabilities of the PDF format and the potential of its built-in functions for malicious purposes. PDF file processors that implement the full PDF standard also potentially enable credential phishing, loss of privacy, malicious code execution and similar attacks via PDF documents. Furthermore, this paper discusses the results of practically evaluated, working code snippets of PDF feature misuse and strategies to obfuscate and hide malicious code parts in a PDF document, while still conforming to the PDF standard.
Download

Paper Nr: 78
Title:

Dual-use Research in Ransomware Attacks: A Discussion on Ransomware Defence Intelligence

Authors:

Ziya Alper Genç and Gabriele Lenzini

Abstract: Previous research has shown that developers rely on public platforms and repositories to produce functional but insecure code. We looked into the matter for ransomware, enquiring whether also ransomware engineers re-use the work of others and produce insecure code. By methodically reverse-engineering 128 malware executables, we have found that, out of 21 ransomware samples, 9 contain copy-paste code from public resources. Thanks to this finding, we managed to retrieve the decryption keys with which to nullify the ransomware attacks. From this fact, we recall critical cases of code disclosure in the recent history of ransomware and, arguing that ransomware are components in cyber-weapons, reflect on the dual-use nature of this research. We further discuss benefits and limits of using cyber-intelligence and counter-intelligence strategies that could be used against this threat.
Download

Paper Nr: 83
Title:

Neural Network Security: Hiding CNN Parameters with Guided Grad-CAM

Authors:

Linda Guiga and A. W. Roscoe

Abstract: Nowadays, machine learning is prominent in most research fields. Neural Networks (NNs) are considered to be the most efficient and popular architecture nowadays. Among NNs, Convolutional Neural Networks (CNNs) are the most popular algorithms for image processing and image recognition. They are therefore widely used in the industry, for instance for facial recognition software. However, they are targeted by several reverse-engineering attacks on embedded systems. These attacks can potentially find the architecture and parameters of the trained neural networks, which might be considered Intellectual Property (IP). This paper introduces a method to protect a CNN’s parameters against one of these attacks (Tramèr et al., 2016). For this, the victim model’s first step consists in adding noise to the input image so as to prevent the attacker from correctly reverse-engineering the weights
Download

Paper Nr: 84
Title:

Distributed Defence of Service (DiDoS): A Network-layer Reputation-based DDoS Mitigation Architecture

Authors:

Andikan Otung and Andrew Martin

Abstract: The predominant strategy for DDoS mitigation involves resource enlargement so that victim services can handle larger demands, however, with growing attack strengths, this approach alone is unsustainable. This paper proposes DiDoS (Distributed Defence of Service), a collaborative DDoS defence architecture that leverages victim feedback to build network-level sender reputations that are applied to identify and thwart attack traffic – thus alleviating the need for resource enlargement. Since attack traffic is dropped at points of contention in the Internet, (rather than rote blocking at source) DiDoS reduces the impact of false positives and enables the traversal of legitimate traffic from said devices across the Internet. Through anti-spoofing protection and preferential treatment of DiDoS-compliant devices, DiDoS offers adoption incentives that help offset the Tragedy of the Commons effect of DDoS mitigation, which commonly sees non-victim intermediary entities benefit little from DDoS defence expenditure. In this paper, the tenets and fundamentals of the architecture are described, before being analysed against the presented threat model. Simulation results, demonstrating the effectiveness of the reputation convergence of the scheme, in the use-case of a local access network, are also presented and discussed.
Download

Paper Nr: 96
Title:

Securing Industrial Production from Sophisticated Cyberattacks

Authors:

Andrew Sundstrom, Damas Limoge, Vadim Pinskiy and Matthew Putman

Abstract: Sophisticated industrial cyberattacks focus on machine level operating systems to introduce process variations that are undetected by conventional process control, but over time, are detrimental to the system. We propose a novel approach to industrial security, by treating suspect malicious activity as a process variation and correcting for it by actively tuning the operating parameters of the system. As threats to industrial systems increase in number and sophistication, conventional security methods need to be overlaid with advances in process control to reinforce the system as a whole.
Download

Paper Nr: 97
Title:

A Meta Model for a Comprehensive Description of Network Protocols Improving Security Tests

Authors:

Steffen Pfrang, David Meier, Andreas Fleig and Jürgen Beyerer

Abstract: Modern industrial automation and control systems (IACS) are highly interconnected via Ethernet. Performing security tests to detect possible vulnerabilities in IACS is one of the measures requested by the IEC 62443 series of standards in order to improve their security. However, security testing tools and frameworks which exceed the power of random fuzzing require precise network protocol definitions. Unfortunately, those definitions vary greatly from tool to tool. Additionally, their creation and maintenance is time-consuming and error-prone. In consequence, especially common IACS protocols like Profinet IO or OPC UA are seldom to never implemented. To overcome this issue, this work proposes and implements an approach of a generic meta model for a comprehensive description of arbitrary network protocols. An important use case of this meta model is the export of network protocol definitions for different testing tools.
Download

Paper Nr: 103
Title:

Secure Comparison and Interval Test Protocols based on Three-party MPC

Authors:

Wataru Fujii, Keiichi Iwamura and Masaki Inamura

Abstract: Multiparty Computation (MPC) is a technology that enables computations to be performed without exposing private data. Three main approaches are employed to construct an MPC: secret-sharing schemes, homomorphic encryption, and garbled circuit. Although secret-sharing based MPC involves lower communication cost generally, it requires more round communications for concrete protocols such as comparisons or interval tests. Herein, we propose a five-round secure comparison protocol and a five-round interval test protocol using a shuffling protocol based on a three-party secret-sharing scheme. Additionally, we compare our protocols with existing protocols based on rounds and multiplications.
Download

Paper Nr: 104
Title:

Multi-level Distributed Intrusion Detection System for an IoT based Smart Home Environment

Authors:

Simone Facchini, Giacomo Giorgi, Andrea Saracino and Gianluca Dini

Abstract: This paper proposes a novel multi-level Distributed Intrusion Detection System in a Smart Home environment. The proposed approach aims to detect unexpected behaviors of a network component by exploiting the collaboration between the different IoT devices. The problem has been addressed by implementing an architecture based on a distributed hash table (DHT) that allows sharing network and system information between nodes. A distributed Intrusion Detection System, located in each node of the network, represents the core component to detect malicious behavior. The proposed Intrusion Detection system implements a binary classifier, based on a machine learning mechanism, which analyzes, in a novel way, the aggregation of features extracted from data coming from kernel, network and DHT level. In this work we present our idea with some preliminary experiments performed in order to compare different classifiers results on this kind of data with respect to a specific malicious behavior.
Download

Paper Nr: 105
Title:

Ontology-based Automation of Penetration Testing

Authors:

Ge Chu and Alexei Lisitsa

Abstract: Ontology is a widely used knowledge representation formalism in artificial intelligence area in recent years. In this paper, we propose an ontology-based automated penetration testing approach. We use protege to create the ontology, which is constructed based on attack taxonomy. SWRL rules are used to create penetration testing knowledge base and reasoning. We use agent-based(BDI) framework to achieve the process of automated penetration testing.
Download

Paper Nr: 110
Title:

Distance Metric Learning using Particle Swarm Optimization to Improve Static Malware Detection

Authors:

Martin Jureček and Róbert Lórencz

Abstract: Distance metric learning is concerned with finding appropriate parameters of distance function with respect to a particular task. In this work, we present a malware detection system based on static analysis. We use k-nearest neighbors (KNN) classifier with weighted heterogeneous distance function that can handle nominal and numeric features extracted from portable executable file format. Our proposed approach attempts to specify the weights of the features using particle swarm optimization algorithm. The experimental results indicate that KNN with the weighted distance function improves classification accuracy significantly.
Download

Paper Nr: 112
Title:

Security and Privacy in Smart Grids: Challenges, Current Solutions and Future Opportunities

Authors:

Ismail Butun, Alexios Lekidis and Daniel Ricardo dos Santos

Abstract: Smart grids are a promising upgrade to legacy power grids due to enhanced cooperation of involved parties, such as consumers and utility providers. These newer grids improve the efficiency of electricity generation and distribution by leveraging communication networks to exchange information between those different parties. However, the increased connection and communication also expose the control networks of the power grid to the possibility of cyber-attacks. Therefore, research on cybersecurity for smart grids is crucial to ensure the safe operation of the power grid and to protect the privacy of consumers. In this paper, we investigate the security and privacy challenges of the smart grid; present current solutions to these challenges, especially in the light of intrusion detection systems; and discuss how future grids will create new opportunities for cybersecurity.
Download