ICISSP 2017 Abstracts


Full Papers
Paper Nr: 2
Title:

An Anti-Phishing Kit Scheme for Secure Web Transactions

Authors:

A. A. Orunsolu and A. S. Sodiya

Abstract: In this work, an anti-phishing approach was proposed against phishing pages generated by phishing kits. The architecture consists of a Sorter Module (SM) and Signature Detection Module (SDM). The SM is used to separate pages with login attributes and obfuscated scripts from other pages within the system. These sorted pages are fed into the SDM, where the signature of the suspicious page is generated. In SDM, a two-tier classifier is employed to generate phishing label based on signature analysis. Experimental results of the approach indicated a detection accuracy of 100% on specific phishing kit-generated sites and 98% on general phishing/legitimate data. To determine the detection time of the approach, latency analysis of the system was performed. The results indicated a latency 0.3s and standard deviation of 0.367s for the various operations performed by the system during detection. Thus, the approach effectively detects phishing pages by using ‘fingerprints’ from phishing kits.
Download

Paper Nr: 4
Title:

Rest in Protection - A Kernel-level Approach to Mitigate RIP Tampering

Authors:

Vincent Haupert and Tilo Müller

Abstract: We present RIProtection (Rest In Protection), a novel Linux kernel-based approach that mitigates the tampering of return instruction pointers. RIProtection uses single stepping on branches for instruction-level monitoring to guarantee the integrity of the ret-based control-flow of user-mode programs. Our modular design of RIProtection allows an easy adoption of several security approaches relying on instruction-level monitoring. For this paper, we implemented two exclusive approaches to protect RIPs: XOR-based encryption as well as a shadow stack. Both approaches provide reliable protection of RIPs, while the shadow stack additionally prevents return-oriented programming and withstands information leakages of the user-mode stack. While the performance of RIProtection is a severe drawback, its compatibility with regard to hardware and software requirements is outstanding because it supports virtually all 64-bit programs without recompilation or binary rewriting.
Download

Paper Nr: 8
Title:

Exploration of the Potential of Process Mining for Intrusion Detection in Smart Metering

Authors:

Günther Eibl, Cornelia Ferner, Tobias Hildebrandt, Florian Stertz, Sebastian Burkhart, Stefanie Rinderle-Ma and Dominik Engel

Abstract: Process mining is a set of data mining techniques that learn and analyze processes based on event logs. While process mining has recently been proposed for intrusion detection in business processes, it has never been applied to smart metering processes. The goal of this paper is to explore the potential of process mining for the detection of intrusions into smart metering systems. As a case study the remote shutdown process has been modeled and a threat analysis was conducted leading to an extensive attack tree. It is shown that currently proposed process mining techniques based on conformance checking do not suffice to find all attacks of the attack tree; an inclusion of additional perspectives is necessary. Consequences for the design of a realistic testing environment based on simulations are discussed.
Download

Paper Nr: 17
Title:

SELint: An SEAndroid Policy Analysis Tool

Authors:

Elena Reshetova, Filippo Bonazzi and N. Asokan

Abstract: SEAndroid enforcement is now mandatory for Android devices. In order to provide the desired level of security for their products, Android OEMs need to be able to minimize their mistakes in writing SEAndroid policies. However, existing SEAndroid and SELinux tools are not very useful for this purpose. It has been shown that SEAndroid policies found in commercially available devices by multiple manufacturers contain mistakes and redundancies. In this paper we present a new tool, SELint, which aims to help OEMs to produce better SEAndroid policies. SELint is extensible and configurable to suit the needs of different OEMs. It is provided with a default configuration based on the AOSP SEAndroid policy, but can be customized by OEMs.
Download

Paper Nr: 19
Title:

Gamification of Information Security Awareness and Training

Authors:

Eyvind Garder B. Gjertsen, Erlend Andreas Gjære, Maria Bartnes and Waldo Rocha Flores

Abstract: Security Awareness and Training (SAT) programs are commonly put in place to reduce risk related to insecure behaviour among employees. There are however studies questioning how effective SAT programs are in terms of improving end-user behaviours. In this context, we have explored the potential of applying the concept of gamification – i.e. using game mechanics – to increase motivation and learning outcomes. An interactive SAT prototype application was developed, based on interviews with security experts and a workshop with regular employees at two companies. The prototype was tested by employees in a second workshop. Our results indicate that gamification has potential for use in SAT programs, in terms of potential strengths in areas where current SAT efforts are believed to fail. There are however significant pitfalls one must avoid when designing such applications, and more research is needed on long-term effects of a gamified SAT application.
Download

Paper Nr: 21
Title:

Outsourcing Scheme of ABE Encryption Secure against Malicious Adversary

Authors:

Go Ohtake, Reihaneh Safavi-Naini and Liang Feng Zhang

Abstract: Integrated broadcast-broadband services allow viewers to simultaneously receive broadcast content over the airwaves and additional information related to the content over the Internet. This integration provides opportunities for new services to be tailored and offered to individual viewers. Viewing histories provide a rich variety of data for service providers to learn the preferences of individual viewers and fine-tune their offerings. Each person’s viewing history, however, is privacy-sensitive data and may reveal information that the viewer does not want revealed. In this paper, we propose a system that allows viewers to specify a policy that they would like to be applied to their viewing history, when shared with service providers, by using attribute-based encryption (ABE). A ciphertext is associated with a policy, and it can be decrypted only by service providers who conform to the policy. To reduce the computations of the user terminal, we develop a system with provable security that allows the encryption to be outsourced to a cloud server, without the need to trust the cloud server. Although our solution is described for integrated broadcast-broadband services, the architecture and results could also be used for sharing viewing histories of services such as Netflix. We implemented our scheme and showed that it significantly reduces the computation cost of a user terminal.
Download

Paper Nr: 22
Title:

User Feedback Analysis for Mobile Malware Detection

Authors:

Tal Hadad, Bronislav Sidik, Nir Ofek, Rami Puzis and Lior Rokach

Abstract: With the increasing number of smartphone users, mobile malware has become a serious threat. Similar to the best practice on personal computers, the users are encouraged to install anti-virus and intrusion detection software on their mobile devices. Nevertheless, their devises are far from being fully protected. Major mobile application distributors, designated stores and marketplaces, inspect the uploaded application with state of the art malware detection tools and remove applications that turned to be malicious. Unfortunately, many malicious applications have a large window of opportunity until they are removed from the marketplace. Meanwhile users install the applications, use them, and leave comments in the respective marketplaces. Occasionally such comments trigger the interest of malware laboratories in inspecting a particular application and thus, speedup its removal from the marketplaces. In this paper, we present a new approach for mining user comments in mobile application marketplaces with a purpose of detecting malicious apps. Two computationally efficient features are suggested and evaluated using data collected from the "Amazon Appstore". Using these two features, we show that feedback generated by the crowd is effective for detecting malicious applications without the need for downloading them.
Download

Paper Nr: 37
Title:

Attribute Permutation Steganography Detection using Attribute Position Changes Count

Authors:

Iman Sedeeq, Frans Coenen and Alexei Lisitsa

Abstract: An approach to detecting the presence of HTML Attribute Permutation Steganography (APS) is proposed and founded on the idea of using a classification (prediction) model. To this end a position changes count metric, the Attribute Position Changes Count (APCC), is presented with which to capture attribute ordering information. The main advantage offered by the APCC metric, unlike other APS detection metrics, which tend to use average values, is that it captures the full range of attribute position changes. A second advantage is that it can be readily used to define a feature space from which feature vectors can be generated which in turn can be used to generate a steganography classification model. With a combination of three most known attribute permutation steganography algorithms and three well known classifiers APCC showed high performance in each case compared with alternative attribute detection approaches. In terms of AUC metric APCC achieved best eight out of nine cases and in terms of ACC metric APCC produced best seven out of nine cases. The reported evaluation demonstrates that the APCC APS detection can be successfully employed to detect hidden messages embedded in WWW pages using APS, outperforming a number of alternative approaches.
Download

Paper Nr: 38
Title:

Towards an Understanding of the Misclassification Rates of Machine Learning-based Malware Detection Systems

Authors:

Nada Alruhaily, Behzad Bordbar and Tom Chothia

Abstract: A number of machine learning based malware detection systems have been suggested to replace signature based detection methods. These systems have shown that they can provide a high detection rate when recognising non-previously seen malware samples. However, in systems based on behavioural features, some new malware can go undetected as a result of changes in behaviour compared to the training data. In this paper we analyse misclassified malware instances and we investigated whether there were recognisable patterns across these misclassifications. Several questions needed to be understood: Can we claim that malware changes over time directly affect the detection rate? Do changes that affect classification occur in malware at the level of families, where all instances that belong to certain families are hard to detect? Alternatively, can such changes be traced back to certain malware variants instead of families? Our experiments showed that these changes are mostly due to behavioural changes at the level of variants across malware families where variants did not behave as expected. This is can be due to the adoption of anti-virtualisation techniques, the fact that these variants were looking for a specific argument to be activated or it can be due to the fact that these variants were actually corrupted.
Download

Paper Nr: 39
Title:

SitAC – A System for Situation-aware Access Control - Controlling Access to Sensor Data

Authors:

Marc Hüffmeyer, Pascal Hirmer, Bernhard Mitschang, Ulf Schreier and Matthias Wieland

Abstract: This paper addresses situation-aware access control for sensitive data produced in sensor networks. It describes how an attribute-based access control system can be combined with a situation recognition system to create a highly flexible, well performing, and situation-aware access control system. This access control system is capable of automatically granting or prohibiting access depending on situation occurrences and other dynamic or static security attributes. Besides a high-level architecture, this work also describes concepts and mechanisms that can be used to build such a system.
Download

Paper Nr: 45
Title:

Quantification of De-anonymization Risks in Social Networks

Authors:

Wei-Han Lee, Changchang Liu, Shouling Ji, Prateek Mittal and Ruby Lee

Abstract: The risks of publishing privacy-sensitive data have received considerable attention recently. Several de-anonymization attacks have been proposed to re-identify individuals even if data anonymization techniques were applied. However, there is no theoretical quantification for relating the data utility that is preserved by the anonymization techniques and the data vulnerability against de-anonymization attacks. In this paper, we theoretically analyze the de-anonymization attacks and provide conditions on the utility of the anonymized data (denoted by anonymized utility) to achieve successful de-anonymization. To the best of our knowledge, this is the first work on quantifying the relationships between anonymized utility and de-anonymization capability. Unlike previous work, our quantification analysis requires no assumptions about the graph model, thus providing a general theoretical guide for developing practical de-anonymization/anonymization techniques. Furthermore, we evaluate state-of-the-art de-anonymization attacks on a real-world Facebook dataset to show the limitations of previous work. By comparing these experimental results and the theoretically achievable de-anonymization capability derived in our analysis, we further demonstrate the ineffectiveness of previous de-anonymization attacks and the potential of more powerful de-anonymization attacks in the future.
Download

Paper Nr: 49
Title:

A Methodology of Security Pattern Classification and of Attack-Defense Tree Generation

Authors:

Loukmen Regainia and Sébastien Salva

Abstract: Security at the design stage of the software life cycle can be performed by means of security patterns, which are viable and reusable solutions to regular security problems. Their generic nature and growing number make their choice difficult though, even for experts in system design. To guide them through the appropriate choice of patterns, we present a methodology of security pattern classification and the classification itself, which exposes relationships among attacks, weaknesses and security patterns. Given an attack of the CAPEC (Common Attack Patterns Enumeration and Classification) database , the classification expresses the security pattern combinations that overcome the attack. The methodology, which generates the classification is composed of five steps, which decompose patterns and attacks into sets of more precise sub-properties that are associated. These steps provide the justifications of the classification and can be followed again to upgrade it. From the classification, we also generate Attack-Defense Trees (ADTtrees), which depict an attack, its sub-attacks and the related defenses in the form of security pattern combinations. Without loss of generality, this classification has been established for Web applications and covers 215 attacks, 136 software weaknesses and 26 security patterns.
Download

Paper Nr: 55
Title:

A Technique for Extraction and Analysis of Application Heap Objects within Android Runtime (ART)

Authors:

Alberto Magno Muniz Soares and Rafael Timóteo de Sousa Jr.

Abstract: This paper describes a technique for analysing objects in memory within the execution environment Android Runtime (ART) using a volatile memory data extraction. A study of the AOSP (Android Open Source Project) source code was necessary to understand the runtime environment used in the modern Android operating system, and software tools were developed allowing the location, extraction and interpretation of useful data for the forensic context. Built by the authors as extensions for the Volatility Framework, these tools help to locate, in a memory extraction from a device compliant with the ARM architecture, arbitrary instances of classes and their data properties.
Download

Paper Nr: 58
Title:

CyTrONE: An Integrated Cybersecurity Training Framework

Authors:

Razvan Beuran, Cuong Pham, Dat Tang, Ken-ichi Chinen, Yasuo Tan and Yoichi Shinoda

Abstract: In a world in which cyber-attacks occur on a daily basis, cybersecurity education and training are indispensable. Current training programs rely on manual setup and configuration for hands-on activities, which is a tedious and error-prone task. In this paper we present CyTrONE, an integrated cybersecurity training framework that we designed and implemented to address such shortcomings. The key insight is automating the training content generation and environment setup tasks. The advantages of this approach are: (i) improve the accuracy of the training setup; (ii) decrease the setup time and cost; (iii) make training possible repeatedly, and for a large number of participants. In the paper we thoroughly discuss the architecture and implementation of the framework, and we evaluate it from several perspectives in order to demonstrate that CyTrONE meets the aforementioned objectives.
Download

Paper Nr: 63
Title:

Analysis of Data Sharing Agreements

Authors:

Gianpiero Costantino, Fabio Martinelli, Ilaria Matteucci and Marinella Petrocchi

Abstract: An electronic Data Sharing Agreement (DSA) is the machine-processable transposition of a traditional paper contract regulating data sharing among different organizations. DSA conveys different information, like the purpose of data sharing, the parties stipulating the contract, the kind of data, and a set of rules stating which actions are authorized, prohibited, and obliged on such data. Possibly edited by different actors from various perspectives - such as the legal and the business ones - a DSA could quite naturally include conflictual data sharing rules: the same data access request could be permitted according to some rules and denied according to others. Starting from the DSA definition, this paper describes the design of a DSA analysis framework and the development of the associated analysis tool. The DSA-Analyser proposed here evaluates the DSA rules by simulating all the possible contextual conditions, which may occur at access request time and which are linked to the vocabulary associated to the rules themselves. The output of the tool conveniently guides the editor, pointing to those rules, which are potentially conflicting, and highlighting the reasons leading to those conflicts. We have experimented the DSA-Analyser performances in terms of execution time, by varying the number of rules in the DSA, as well as the terms in the DSA vocabulary. Our findings highlight the capability of the analyser to deal with hundreds of rules and dozens of contexts in a reasonable amount of time. These results pave the way to the employment of the analyser in a real-use context.
Download

Paper Nr: 70
Title:

Tracking Dependent Information Flows

Authors:

Zeineb Zhioua, Yves Roudier, Rabéa Ameur Boulifa, Takoua Kechiche and Stuart Short

Abstract: Ensuring the compliance of developed software with security requirements is a challenging task due to imprecision on the security guidelines definition, and to the lack of automatic and formal means to lead this verification. In this paper, we present our approach that aims at integrating the formal specification and verification of security guidelines in early stages of the development life cycle by combining the model checking together with information flow analysis. We formally specify security guidelines that involve dependent information flows as a basis to lead formal verification through model checking, and provide precise feedback to the developer.
Download

Paper Nr: 72
Title:

On Usage Control in Relational Database Management Systems - Obligations and Their Enforcement in Joining Datasets

Authors:

Mortaza S. Bargh, Marco Vink and sunil choenni

Abstract: When datasets are collected and accessed legitimately, they must still be used appropriately according to policies, guidelines, rules, laws, and/or the (current) preferences of data subjects. Any inconsistency between the data collection and data usage processes can conflict with many principles of privacy like the transparency principle, no secondary use principle, or intended purpose usage principle. In this contribution we show how the usage control for the inner join operation in vertically separated relational datasets can be characterized as pre and post obligations of the Usage Control (UCON) model. This type of obligations is defined not only by the state of the UCON object (i.e., a dataset) itself, but also with respect to the state of another dataset. Such dependency on two datasets/objects provides a new insight in UCON obligation constructs when applied to the join operation. We describe also a mechanism to realize the identified obligation in a database management system and present an example realization of the proposed mechanism. Furthermore, we enlist a number of methods to determine whether two given datasets can be joined.
Download

Paper Nr: 77
Title:

Distance-bounding Identification

Authors:

Ahmad Ahmadi and Reihaneh Safavi-Naini

Abstract: Distance bounding (DB) protocols allow a prover to convince a verifier that they are within a distance bound. We propose a new approach to formalizing the security of DB protocols that we call distance-bounding identification (DBID), and is inspired by the security definition of cryptographic identification protocols. Our model provides a natural way of modeling the strongest man-in-the-middle attack, making security of DB protocols in line with identification protocols. We compare our model with other existing models, and give a construction that is secure in the proposed model.
Download

Paper Nr: 78
Title:

From Situation Awareness to Action: An Information Security Management Toolkit for Socio-technical Security Retrospective and Prospective Analysis

Authors:

Jean-Louis Huynen and Gabriele Lenzini

Abstract: Inspired by the root cause analysis procedures common in safety, we propose a methodology for a prospective and a retrospective analysis of security and a tool that implements it. When applied prospectively, the methodology guides analysts to assess socio-technical vulnerabilities in a system, helping them to evaluate their choices in designing security policies and controls. But the methodology works also retrospectively. It assists analysts in retrieving the causes of an observed socio-technical attack, guiding them to understand where the information security management of the system has failed. The methodology is tuned to find causes that root in the human-related factors that an attacher can exploit to execute its intrusion.
Download

Paper Nr: 100
Title:

Improved Greedy Nonrandomness Detectors for Stream Ciphers

Authors:

Linus Karlsson, Martin Hell and Paul Stankovski

Abstract: We consider the problem of designing distinguishers and nonrandomness detectors for stream ciphers using the maximum degree monomial test. We construct an improved algorithm to determine the subset of key and IV-bits used in the test. The algorithm is generic, and can be applied to any stream cipher. In addition to this, the algorithm is highly tweakable, and can be adapted depending on the desired computational complexity. We test the algorithm on the stream ciphers Grain-128a and Grain-128, and achieve significantly better results compared to an earlier greedy approach.
Download

Paper Nr: 103
Title:

A Design of Secure and ReliableWireless Transmission Channel for Implantable Medical Devices

Authors:

Lake Bu and Mark G. Karpovsky

Abstract: Implantable medical devices (IMDs) have increasing impact in people’s life nowadays. With the development of electrical and computer engineering, the IMDs are of great convenience to patients by their small sizes and portable wireless monitors or controllers. However, because of the insecure wireless communication between the devices and their controllers, it makes way for attackers to passively and actively attack the devices and so the patients. Unlike other attacks which target on victims’ information or property, the medical attacks threat victims’ life directly. Up to now there are few efficient solutions to those attacks which balance security, reliability, and power consumption. In response to the situation, this paper proposes a scheme against the existing and potential attacks to IMDs while keeping a low overhead in hardware and power consumption.
Download

Short Papers
Paper Nr: 3
Title:

System for Executing Encrypted Java Programs

Authors:

Michael Kiperberg, Amit Resh, Asaf Algawi and Nezer J. Zaidenberg

Abstract: An important aspect of protecting software from attack, theft of algorithms, or illegal software use, is eliminating the possibility of performing reverse engineering. One common method to deal with these issues is code obfuscation. However, it is proven to be ineffective. Code encryption is a much more effective means of defying reverse engineering, but it requires managing a secret key available to none but the permissible users. Adequate systems for managing secret keys in a protected trust-zone and supporting execution of encrypted native code have been proposed in the past. Nevertheless, these systems are not suitable as is for protecting managed code. In this paper we propose enhancements to these systems so they support execution of encrypted Java programs that are resistant to reverse engineering. The main difficulty underlying Java protection with encryption is the interpretation that is performed by the JVM. The JVM will require the key to decrypt the encrypted portions of Java code and there is no feasible way of securing the key inside the JVM. To solve this, the authors propose implementing a Java bytecode interpreter inside a trust-zone, governed by a thin hypervisor. This interpreter will run in parallel to the standard JVM, both cooperating to execute encrypted Java programs.
Download

Paper Nr: 10
Title:

Characterization of Tor Traffic using Time based Features

Authors:

Arash Habibi Lashkari, Gerard Draper Gil, Mohammad Saiful Islam Mamun and Ali A. Ghorbani

Abstract: Traffic classification has been the topic of many research efforts, but the quick evolution of Internet services and the pervasive use of encryption makes it an open challenge. Encryption is essential in protecting the privacy of Internet users, a key technology used in the different privacy enhancing tools that have appeared in the recent years. Tor is one of the most popular of them, it decouples the sender from the receiver by encrypting the traffic between them, and routing it through a distributed network of servers. In this paper, we present a time analysis on Tor traffic flows, captured between the client and the entry node. We define two scenarios, one to detect Tor traffic flows and the other to detect the application type: Browsing, Chat, Streaming, Mail, Voip, P2P or File Transfer. In addition, with this paper we publish the Tor labelled dataset we generated and used to test our classifiers.
Download

Paper Nr: 12
Title:

White-box Implementation of Stream Cipher

Authors:

Kazuhide Fukushima, Seira Hidano and Shinsaku Kiyomoto

Abstract: White-box cryptography is a software obfuscation technique for cryptography implementation. It can protect the secret key even if an attacker has full access and control over the cryptosystem implementation and its execution platform. There have been several proposals for a white-box implementation of cryptography. We propose a white-box implementation of a stream cipher that can achieve the same asymptotic performance as the standard implementation. Our black-box implementation of KCipher-2 achieves low storage consumption of no more than 2 megabytes and is suitable for a PC, tablet, and smartphone. On the other hand, we can achieve space hard implementation to protect against a code-lifting attack. Furthermore, the implementation can protect against black-box attacks and a BGE attack.
Download

Paper Nr: 14
Title:

Traffic Statistics of a High-Bandwidth Tor Exit Node

Authors:

Michael Sonntag and René Mayrhofer

Abstract: The Tor anonymization network supports (and is widely used for) circumventing censorship, evading intrusive mass-surveillance, and generally protecting privacy of Internet users. However, it also carries traffic that is illegal in various jurisdictions. It is still an open question how to deal with such illegal traffic in the Tor network, balancing the fundamental human right for privacy with the need for assisting executive forces. By operating and monitoring a high-bandwidth Tor exit node as both a technical and legal experiment, we statistically analyse where popular servers are located and how they are used based on connection metadata of actual exit node usage. Through this we identify inter alia that cooperation only in comparatively few countries would be needed – or any illegal use would be very small. In this paper, we provide more in-depth statistical insight into Tor exit node traffic than previously publicly available.
Download

Paper Nr: 15
Title:

There’s Wally! Location Tracking in Android without Permissions

Authors:

Efthimios Alepis and Constantinos Patsakis

Abstract: Context-awareness can be considered as one of the biggest advantage of smart mobile devices as it provides advanced features for developers revolutionizing user interaction and making users more engaged to the applications. Perhaps, the most important factor is location awareness as applications can refine their results according to users’ whereabouts. Nonetheless, users’ location is a very sensitive attribute as it can disclose a lot of personal information about them. To address such issues, mobile operating systems require users to grant specific permissions to the applications. This work studies a relatively new feature of Android, namely Wi-Fi P2P, illustrating that the location of the user can be easily disclosed, without using location permissions even in the recent version of Android.
Download

Paper Nr: 16
Title:

Hypervisor based Memory Introspection: Challenges, Problems and Limitations

Authors:

Andrei Lutas, Daniel Ticle and Octavian Cret

Abstract: Hypervisor-based memory introspection is a well-known topic, in both academia and the industry. It is accepted that this technique brings great advantages from a security perspective, but it is known, as well, that this comes at greater implementation complexity and performance penalty. While the most obvious challenges, such as the semantic gap, have been greatly discussed in the literature, we aim to elaborate on the engineering and implementation challenges encountered while developing a hypervisor-based memory introspection solution and to offer theoretical and practical solutions for them.
Download

Paper Nr: 24
Title:

Macro Malware Detection using Machine Learning Techniques - A New Approach

Authors:

Sergio De los Santos and José Torres

Abstract: A malware macro (also called "macro virus") is the code that exploits the macro functionality of office documents (especially Microsoft Office’s Excel and Word) to carry out malicious action against the systems of the victims that open the file. This type of malware was very popular during the late 90s and early 2000s. After its rise when it was created as a propagation method of other malware in 2014, macro viruses continue posing a threat to the user that is far from being controlled. This paper studies the possibility of improving macro malware detection via machine learning techniques applied to the properties of the code.
Download

Paper Nr: 26
Title:

Batch-verifiable Secret Sharing with Unconditional Privacy

Authors:

Stephan Krenn, Thomas Lorünser and Christoph Striecks

Abstract: We propose the first batch-verifiable secret sharing scheme with a significant security property, namely that of unconditional privacy. Verifiability and privacy of secret-shared messages are a crucial feature, e.g., in distributed computing scenarios, and verifiable secret sharing schemes with unconditional privacy (but without a batching feature) exist for a long time, e.g., Ben-Or, Goldwasser, and Wigderson (STOC 1988). Unfortunately, those schemes are able to verify only a single message at a time which, however, is not a very realistic scenario in a more practical setting. Namely, large files in real-world implementations are often split into many message blocks on a several-byte level and, thus, many known single-message verifiable secret sharing schemes tend to behave inefficiently in such a scenario. To improve practicability, batch-verifiable secret sharing was proposed by Bellare, Garay, and Rabin (ACM PODC 1996). In their scheme, the servers are able to verify a batch of messages (instead of only one) at almost the same amortized efficiency costs in comparison to efficient existing verifiable secret sharing schemes that only deal with single messages. However, the Bellare-Garay-Rabin scheme does not consider the important security property of unconditional privacy. Unconditionally private schemes information-theoretically guarantee privacy even against computationally unbounded adversaries and, hence, can be seen to be private in a long-term sense. In this work, we lift the Bellare-Garay-Rabin scheme to the unconditional privacy setting in a rigorous manner while preserving the practicability of their scheme simultaneously.
Download

Paper Nr: 29
Title:

A Collaborative Tool for Modelling Multi-stage Attacks

Authors:

Ian Herwono and Fadi Ali El-Moussa

Abstract: Cyber-attacks that are conducted in multiple stages over short or long periods of time are becoming more common. One approach for detecting such attacks at an early stage is to make use of attack patterns and attack signatures to provide a structure for correlating events collected from various sensors in the network. In this paper, we present our ongoing work on a pattern recognition system that aims to support cyber-defence analysts in sharing their attack knowledge and threat intelligence in the form of attack patterns or scenarios that can later be used to discover potential security breaches in their network. Our main goal is to allow the analysts to associate the attack patterns with their own organisation’s security data and thus benefit from the collective attack knowledge without revealing any confidential information. We present the architecture of the system and describe a typical process for modelling multi-stage attacks. We demonstrate how its analytics engine interprets an attack pattern, tasks the data source agents to fetch and correlate relevant security events, and reports the results back for visualisation and further investigation.
Download

Paper Nr: 30
Title:

Assessing Information Security Risks using Pairwise Weighting

Authors:

Henrik Karlzén, Johan Bengtsson and Jonas Hallberg

Abstract: In practice, assessing information security risks is difficult since available methods lack specificity on how to perform the assessments as well as what input should be used. Thus, the process becomes resource demanding with fairly large rater-dependency. An established way of facilitating rating processes is to weight objects against each other, rather than rating each object independently on an absolute scale. In this paper, we investigate whether such a method, inspired by the Analytic Hierarchy Process, can be useful for assessing information security risks. However, the new method did not result in higher inter-rater reliability or lower cognitive load. This result was true both for experts and non-experts, as well as among raters with different cognitive styles.
Download

Paper Nr: 35
Title:

Analysis and Assessment of Situational Awareness Models for National Cyber Security Centers

Authors:

Timea Pahi, Maria Leitner and Florian Skopik

Abstract: National cyber security centers (NCSCs) are gaining more and more importance to ensure the security and proper operations of critical infrastructures (CIs). As a prerequisite, NCSCs need to collect, analyze, process, assess and share security-relevant information from infrastructure operators. A vital capability of mentioned NCSCs is to establish Cyber Situational Awareness (CSA) as a precondition for understanding the security situation of critical infrastructures. This is important for proper risk assessment and subsequent reduction of potential attack surfaces at national level. In this paper, we therefore survey theoretical models relevant for Situational Awareness (SA) and present a collaborative CSA model for NCSCs in order to enhance the protection of CIs at national level. Additionally, we provide an application scenario to illustrate a hands-on case of utilizing a CSA model in a NCSC, especially focusing on information sharing. We foresee this illustrative scenario to aid decision makers and practitioners who are involved in establishing NCSCs and cyber security processes on national level to better understand the specific implications regarding the application of the CSA model for NCSCs.
Download

Paper Nr: 36
Title:

Longkit - A Universal Framework for BIOS/UEFI Rootkits in System Management Mode

Authors:

Julian Rauchberger, Robert Luh and Sebastian Schrittwieser

Abstract: The theoretical threat of malware inside the BIOS or UEFI of a computer has been known for almost a decade. It has been demonstrated multiple times that exploiting the System Management Mode (SMM), an operating mode implemented in the x86 architecture and executed with high privileges, is an extremely powerful method for implanting persistent malware on computer systems. However, previous BIOS/UEFI malware concepts described in the literature often focused on proof-of-concept implementations and did not have the goal of demonstrating the full range of threats stemming from SMM malware. In this paper, we present Longkit, a novel framework for BIOS/UEFI malware in the SMM. Longkit is universal in nature, meaning it is fully written in position-independent assembly and thus also runs on other BIOS/UEFI implementations with minimal modifications. The framework fully supports the 64-bit Intel architecture and is memory-layout aware, enabling targeted interaction with the operating system's kernel. With Longkit we are able to demonstrate the full potential of malicious code in the SMM and provide researchers of novel SMM malware detection strategies with an easily adaptable rootkit to help evaluate their methods.
Download

Paper Nr: 40
Title:

Privacy Preserving Transparent Mobile Authentication

Authors:

Julien Hatin, Estelle Cherrier, Jean-Jacques Schwartzmann and Christophe Rosenberger

Abstract: Transparent authentication on mobile phones suffers from privacy issues especially when biometric information is involved. In this paper, we propose a solution to address those two issues using the Biohashing algorithm on behavioral information extracted from a mobile phone. The authentication scenario is tested on a dataset composed of 100 users and shows promising results with a 10% EER in the worst case scenario (i.e when protection key is compromised) and a 1% EER in the best case one. In addition, privacy concerns are discussed and experimentally evaluated both in a quantitative and qualitative ways. This opens new perspectives concerning online authentication using smartphone sensing abilities.
Download

Paper Nr: 41
Title:

Non-interactive Privacy-preserving k-NN Classifier

Authors:

Hilder V. L. Pereira and Diego F. Aranha

Abstract: Machine learning tasks typically require large amounts of sensitive data to be shared, which is notoriously intrusive in terms of privacy. Outsourcing this computation to the cloud requires the server to be trusted, introducing a non-realistic security assumption and high risk of abuse or data breaches. In this paper, we propose privacy-preserving versions of the k-NN classifier which operate over encrypted data, combining order-preserving encryption and homomorphic encryption. According to our experiments, the privacy-preserving variant achieves the same accuracy as the conventional k-NN classifier, but considerably impacts the original performance. However, the performance penalty is still viable for practical use in sensitive applications when the additional security properties provided by the approach are considered. In particular, the cloud server does not need to be trusted beyond correct execution of the protocol and computes the algorithm over encrypted data and encrypted classes. As a result, the cloud server never learns the real dataset values, the number of classes, the query vectors or their classification.
Download

Paper Nr: 46
Title:

Enhancing Accuracy of Android Malware Detection using Intent Instrumentation

Authors:

Shahrooz Pooryousef and Morteza Amini

Abstract: Event-driven actions in Android malwares and complexity of extracted profiles of applications’ behaviors are two challenges in dynamic malware analysis tools to find malicious behaviors. Thanks to ability of event-driven actions in Android applications, malwares can trigger their malicious behaviors at specific conditions and evade from detection. In this paper, we propose a framework for instrumenting Intents in Android applications’ source code in a way that different parts of the application be triggered automatically at runtime. Our instrumented codes force the application to exhibit its behaviors and so we can have a more complete profile of the application’s behaviors. Our framework, which is implemented as a tool, first uses static analysis to extract an application’s structure and components and then, instruments Intents inside the application’s Smali codes. Experimental results show that applying our code instrumentation framework on applications help exhibiting more data leakage behaviors such as disclosing Android ID in 79 more applications in a data set containing 6,187 malwares in comparison to using traditional malware analysis tools.
Download

Paper Nr: 48
Title:

A Review of Risk Identification Approaches in the Telecommunication Domain

Authors:

Ahmed Seid Yesuf

Abstract: Risks in the telecommunication (telco) domain are complex to identify due to the involvement of several independent stakeholders and the difficulty of predicting emerging threats to the services. This is costing the Telecom operators billions of dollars. We believe the little emphasis given to the important step of risk assessment process – risk identification (RI) – is the main reason for this loss. Unlike other domains, the proprietary nature of Telecom systems makes it challenging to show the risk assessment approaches in the domain. In this paper, we investigate the classifications of the RI approaches from the literature written on the telco and other related domains. We also investigate the research trends in the last 16 years when Telecom risks are evolving and the revenue loss of Telecom operators is largely affected. Based on our review, we also show future research directions in the domain.
Download

Paper Nr: 56
Title:

Design of an Anomaly-based Threat Detection & Explication System

Authors:

Robert Luh, Sebastian Schrittwieser, Stefan Marschalek and Helge Janicke

Abstract: Current signature-based malware detection systems are heavily reliant on fixed patterns that struggle with unknown or evasive applications, while behavior-based solutions usually leave most of the interpretative work to a human analyst. In this paper, we propose a system able to explain anomalous behavior within a user session by considering anomalies identified through their deviation from a set of baseline process graphs. To minimize computational requirements we adapt star structures, a bipartite representation used to approximate the edit distance between two graphs. Baseline templates are generated automatically and adapt to the nature of the respective process. We prototypically implement smart anomaly explication through a number of competency questions derived and evaluated using the decision tree algorithm. The determined key factors are ultimately mapped to a dedicated APT attack stage ontology that considers actions, actors, as well as target assets.
Download

Paper Nr: 60
Title:

Privacy Preserving Data Classification using Inner-product Functional Encryption

Authors:

Damien Ligier, Sergiu Carpov, Caroline Fontaine and Renaud Sirdey

Abstract: In the context of data outsourcing more and more concerns raise about the privacy of user’s data. Simultaneously, cryptographers are designing schemes enabling computation on ciphertexts (homomorphic encryption, functional encryption, etc.). Their use in real world applications is difficult. In this work we focus on functional encryption schemes enabling computation of inner-product on encrypted vectors and their use in real world scenarios. We propose a protocol combining such type of functional encryption schemes with machine learning algorithms. Indeed, we think that being able to perform classification over encrypted data is useful in many scenarios, in particular when the owners of the data are not ready to share it. After explaining our protocol, we detail the implemented handwritten digit recognition use case, and then, we study its security.
Download

Paper Nr: 66
Title:

Limited Use Cryptographic Tokens in Securing Ephemeral Cloud Servers

Authors:

Gautam Kumar and Brent Lagesse

Abstract: Many enterprises and consumers today are dependent on services deployed on Infrastructure as a Service (IaaS) cloud providers. Such cloud deployments can have hundreds of virtual servers running. Each virtual server needs to have access to sensitive information such as database passwords and API keys. In such as scenario, verifying that a large number of servers have not been compromised is an arduous task. In this paper we propose an architecture which limits the extent to which an attacker can exploit a compromised server in a large scale cloud deployment. To achieve such a limitation we propose the use of hash chains as an authentication mechanism for virtual server with a Central Trusted Authority (CTA) acting as a proxy to sensitive resources. This architecture shifts the requirement of security validation from hundreds of public facing servers to a few servers without public interfaces which comprise the CTA. Since hash chains offer an inherent limitation in their use, our architecture leans towards using ephemeral virtual servers, thus also providing a moving target defence.
Download

Paper Nr: 71
Title:

Malware Detection based on Graph Classification

Authors:

Khanh-Huu-The Dam and Tayssir Touili

Abstract: Malware detection is nowadays a big challenge. The existing techniques for malware detection require a huge effort of engineering to manually extract the malicious behaviors. To avoid this tedious task of manually discovering malicious behaviors, we propose in this paper to apply learning for malware detection. Given a set of malwares and a set of benign programs, we show how learning techniques can be applied in order to detect malware. For that, we use abstract API graphs to represent programs. Abstract API graphs are graphs whose nodes are API functions and whose edges represent the order of execution of the different calls to the API functions (i.e., functions supported by the operating system). To learn malware, we apply well-known learning techniques based on Random Walk Graph Kernel (combined with Support Vector Machines). We can achieve a high detection rate with only few false alarms (98.93% for detection rate with 1.24% of false alarms). Moreover, we show that our techniques are able to detect several malwares that could not be detected by well-known and widely used antiviruses such as Avira, Kaspersky, Avast, Qihoo-360, McAfee, AVG, BitDefender, ESET-NOD32, F-Secure, Symantec or Panda.
Download

Paper Nr: 74
Title:

Extending the Same Origin Policy with Origin Attributes

Authors:

Tanvi Vyas, Andrea Marchesini and Christoph Kerschbaumer

Abstract: : The Same Origin Policy (SOP) builds the foundation of the current web security model. As the web evolves, numerous new specifications propose extensions to the SOP in order to improve site security or improve user privacy. Site operators benefit from an extension to the SOP because it allows sites to partition their physical origin space into many different contexts, each representing their own abstract origin. Users benefit from an extension to the SOP because it allows users to separate user data for privacy purposes and enables richer browsing experiences. Implementing any of these new features requires tremendous engineering effort for browser vendors and entails the risk of introducing new privacy concerning vulnerabilities for end users. Instead of spending considerable engineering effort to patch the browser for every new specification that proposes to extend the SOP, we re-design a web browsers architecture and build Origin Attributes directly into a browsers rendering engine. Our implementation allows any specification or web technology to integrate into Origin Attributes with minimal engineering effort and reduces the risk of jeopardizing an end user’s security or privacy.
Download

Paper Nr: 79
Title:

Platform-agnostic Low-intrusion Optical Data Exfiltration

Authors:

Arthur Costa Lopes and Diego F. Aranha

Abstract: Information leakage through covert channels is a growing and persistent threat, even for physical perimeters considered as highly secure. We study a new approach for data exfiltration using a malicious storage device which subtly transmits data through blinking infrared LEDs. This approach could be used by an attacker trying to leak sensitive data stored in the device, such as credentials, cryptographic keys or a small classified document. An ideal application for this approach is when an attacker is capable of sneaking a malicious device inside a protected perimeter and has remote control over a camera inside such perimeter. The device can then collect information and transmit directly to the attacker, without the need of recovering the device to obtain the captured information, erase evidence or prevent a forensic investigation. We discuss techniques for improving communication efficiency up to 15 bits per second per LED, and possible countermeasures for mitigation.
Download

Paper Nr: 81
Title:

Memory Forensics of Insecure Android Inter-app Communications

Authors:

Mark Vella and Rachel Cilia

Abstract: Android is designed in a way to promote the implementation of user task flows among multiple applications inside mobile devices. Consequently, app permissions may be leaked to malicious apps without users noticing any compromise to their devices’ security. In this work we explore the possibility of detecting insecure inter-app communications inside memory dumps, with forensic analysis results indicating the possibility of doing so across the various layers of Android’s architecture. Yet, for the detailed evidence reconstruction that could be required during digital investigation, current capabilities have to be complemented with evidence collected through live forensics. We propose that this process should still be based on carving forensic artifacts directly from memory.
Download

Paper Nr: 86
Title:

Distributed Protocols at the Rescue for Trustworthy Online Voting

Authors:

Robert Riemann and Stéphane Grumbach

Abstract: While online services emerge in all areas of life, the voting procedure in many democracies remains paper-based as the security of current online voting technology is highly disputed. We address the issue of trustworthy online voting protocols and recall therefore their security concepts with its trust assumptions. Inspired by the Bitcoin protocol, the prospects of distributed online voting protocols are analysed. No trusted authority is assumed to ensure ballot secrecy. Further, the integrity of the voting is enforced by all voters themselves and without a weakest link, the protocol becomes more robust. We introduce a taxonomy of notions of distribution in online voting protocols that we apply on selected online voting protocols. Accordingly, blockchain-based protocols seem to be promising for online voting due to their similarity with paper-based protocols.
Download

Paper Nr: 89
Title:

Enhanced Identification of Sensitive User Inputs in Mobile Applications

Authors:

Mashael Aldayel and Mohammad Alhussain

Abstract: While smartphones and its apps have a fundamental role in our lives, privacy is a critical issue. With the constantly growth of mobile applications, smartphones are now capable of satisfying all kinds of users’ needs, dealing with more private and restricted tasks by the users and gain more access to sensitive and private data. This issue is even worse with the current absence of methods that can notify users of possibly dangerous privacy leaks in mobile apps without disturbing users with apps’ legitimate privacy exposes. Previous mobile privacy disclosure approaches are mostly concentrated on well-defined sources controlled by smartphones. They do not cover all sensitive data associated with users’ privacy. Also, they cannot filter out legitimate privacy disclosures that are commonly found in detection results and consecutively conceal true threats. Sensitive user inputs through UI (User Interface), are the dominant type of sensitive data that has been almost ignored. Defending this kind of information cannot be accomplished automatically using existing techniques because it necessitates understanding of user inputs' semantics in apps, before identifying its positions. Moreover, eliminating legitimate privacy disclosures necessaries tracking of the related app data flows form these users’ inputs to various sinks. Such tracking will help to determine if this privacy disclosure is valid or suspicious. To address all these important issues, we propose an enhanced approach for detecting users’ inputs privacy disclosures that are truly suspicious.
Download

Paper Nr: 92
Title:

A Formal Model of Web Security Showing Malicious Cross Origin Requests and Its Mitigation using CORP

Authors:

Krishna Chaitanya Telikicherla, Akash Agrawall and Venkatesh Choppella

Abstract: This document describes a web security model to analyse cross origin requests and block them using CORP, a browser security policy proposed for mitigating Cross Origin Request Attacks (CORA) such as CSRF, Click-jacking, Web application timing, etc. CORP is configured by website administrators and sent as an HTTP response header to the browser. A browser which is CORP-enabled will interpret the policy and enforce it on all cross-origin HTTP requests originating from other tabs of the browser, thus preventing malicious crossorigin requests. In this document we use Alloy, a finite state model finder, to formalize a web security model to analyse malicious cross-origin attacks and verify that CORP can be used to mitigate such attacks.
Download

Paper Nr: 93
Title:

Brute Force Cryptanalysis of MIFARE Classic Cards on GPU

Authors:

Cihangir Tezcan

Abstract: MIFARE Classic is the most widely deployed contactless smartcard on the market. However, many active and passive attacks are provided after its proprietary stream cipher CRYPTO1 was reverse engineered. The short 48-bit key of the CRYPTO1 cipher, leaked parity bits and the encrypted error code that is sent after a failed authentication (which is corrected in the hardened new cards) allow the adversary to perform offline brute force attack and avoid detection. Such an attack requires wireless interaction with a card for less than a second and then a brute force attack which was shown to take around 9 days on a single GTX280 GPU.We optimized this brute force attack on modern GPUs by using bitsliced implementation technique and observed that a brute force attack on a GTX970 GPU can be performed in less than 5 hours. Although this attack is not applicable to hardened MIFARE Classic cards, a similar attack using the short key length and the leaked parity bits can be performed when a single key is known, possibly using the default keys for unused sectors. Such an attack requires wireless interaction with a card for less than a second and then a brute force attack which was shown to take approximately one month on a single GTX460 GPU. Our bitsliced implementation of this attack takes less than 7 hours on a GTX970 GPU.
Download

Paper Nr: 95
Title:

Health Information Exchange and Related IT-security Practices in European Hospitals

Authors:

Sylvestre Uwizeyemungu and Placide Poba-Nzaou

Abstract: Alongside other health information technologies (HIT), several projects aimed at implementing electronic health information exchange (HIE) have been initiated in European countries, with the hope of improving the coordination, safety, and efficiency in healthcare systems. However, the electronic exchange exposes health data to information technology (IT)-related vulnerabilities and threats, raising concerns among patients, health care providers, and policy-makers. Drawing on data from a sample of 1123 European hospitals, we conducted a cluster analysis to determine to what extent hospitals do live up to the IT security and privacy challenges of electronic HIE. We produced two sets of clusters, one related to HIE usage and another related to the implementation of IT-security practices. Through a cross-comparison, we proceeded to a match/mis-match analysis. The results of this study depict a mixed situation: even though most of surveyed hospitals (79.2%) have implemented IT-security practices consistent with their HIE usage levels, hospitals that have failed to do so (20.8%) pose a threat to the entire healthcare system which is becoming more and more interconnected.
Download

Paper Nr: 96
Title:

Security Issues with BACnet Value Handling

Authors:

Matthew Peacock, Michael N. Johnstone and Craig Valli

Abstract: Building automation systems, or building management systems, control services such as heating, air-conditioning and security access in facilities. A common protocol used to transmit data regarding the status of components is BACnet. Unfortunately, whilst security is included in the BACnet standard, it is rarely implemented by vendors of building automation systems. This lack of attention to security can lead to vulnerabilities in the protocol being exploited with the result that the systems and the buildings they control can be compromised. This paper describes a proof-of-concept protocol attack on a BACnet system and examines the potential of modeling the basis of the attack.
Download

Paper Nr: 98
Title:

Secure APIs for Applications in Microkernel-based Systems

Authors:

Mohammad Hamad and Vassilis Prevelakis

Abstract: The Internet evolved from a collection of computers to today’s agglomeration of all sort of devices (e.g. printers, phones, coffee makers, cameras and so on) a large part of which contain security vulnerabilities. The current wide scale attacks are, in most cases, simple replays of the original Morris Worm of the mid-80s. The effects of these attacks are equally devastating because they affect huge numbers of connected devices. The reason for this lack of progress is that software developers will keep writing vulnerable software due to problems associated with the way software is designed and implemented and market realities. So in order to contain the problem we need effective control of network communications and more specifically, we need to vet all network connections made by an application on the premise that if we can prevent an attacker from reaching his victim, the attack cannot take place. This paper presents a comprehensive network security framework, including a well-defined applications programming interface (API) that allows fine-grained and flexible control of network connections. In this way, we can finally instantiate the principles of dynamic network control and protect vulnerable applications from network attacks.
Download

Paper Nr: 101
Title:

Stealth Address and Key Management Techniques in Blockchain Systems

Authors:

Nicolas T. Courtois and Rebekah Mercer

Abstract: Bitcoin is an open source payment system with a market capitalization of about 15 G$. During the years several key management solutions have been proposed to enhance bitcoin. The common characteristic of these techniques is that they allow to derive public keys independently of the private keys, and that these keys match. In this paper we overview the historical development of such techniques, specify and compare all major variants proposed or used in practical systems. We show that such techniques can be designed based on 2 distinct ECC arithmetic properties and how to combine both. A major trend in blockchain systems is to use by Stealth Address (SA) techniques to make different payments made to the same payee unlikable. We review all known SA techniques and show that early variants are less secure. Finally we propose a new SA method which is more robust against leakage and against various attacks.
Download

Paper Nr: 107
Title:

Towards a Privacy Scorecard – Initial Design Exemplified on an Intelligent Transport Systems Service

Authors:

Aida Omerovic, Marit Kjøsnes Natvig and Isabelle C. R. Tardy

Abstract: Increasingly many services depend on access to data that are traceable to individuals, the so-called "personally identifiable information" (PII). The ecosystem of PII-dependent services is growing, becoming highly complex and dynamic. As a result, a wide variety of PII is constantly collected, stored, exchanged, and applied by all kinds of services. Practice of PII handling among service providers varies, as does the insight and influence of the end-users on how their own PII is treated. For a user, privacy represents a condition for his/her trust and service adoption. It is moreover essential for a service provider to be able to claim privacy awareness over time. This is particularly important as the new EU privacy regulation is about to become operative, thus enforcing strict privacy requirements on the service providers and giving new rights to the users. In order to preserve user trust and manage the technical and legal privacy requirements, a practically usable support to continuously and transparently plan and follow-up privacy compliance, is needed. To this end, we propose an initial version of a so-called "Privacy Scorecard", that is, a decision support for a service provider aimed to facilitate identification, specification, measurement and follow-up of fulfilment of privacy goals in a relatively transparent and comprehensible manner. In this position paper, we present initial design and intended usage of the Privacy Scorecard. We also exemplify how it can be applied to a concrete service. The initial findings indicate feasibility of the approach and suggest directions for further work, including refinement of the scorecard design and usage guidelines, tool support for visualization, as well as further empirical evaluation.
Download

Paper Nr: 34
Title:

Towards Confidentiality-strengthened Personalized Genomic Medicine Embedding Homomorphic Cryptography

Authors:

Kalpana Singh, Renaud Sirdey, François Artiguenave, David Cohen and Sergiu Carpov

Abstract: In this paper, we analyze and propose a solution for the challenges that come with personalized genomic and, most importantly, of performing queries on sequenced dataset sitting on a cloud server. This work provides scenarios for its application in personalized genomic medicine, and tests homomorphic encryption technique to assist in improving the strength of their privacy at non-prohibitive performance cost. By experimental testing using HElib, we make a first step towards performing practical computation over the relevant portions of the genomic dataset of an individual for a first round of practical diagnosis rules.
Download

Paper Nr: 43
Title:

Network and Topology Models to Support IDS Event Processing

Authors:

Jörg Kippe and Steffen Pfrang

Abstract: This paper describes our work on network models to provide awareness to the process of correlating network security alerts as well as to support the asset assessment process within the security analysis of IT infrastructures. Various means of discovery methods mostly known from network management are used to discover nodes, their properties as well as the links connecting the nodes and building a network. Our implementation is based on existing open source components which have been integrated together and are using an information model according to proposed open standards.
Download

Paper Nr: 57
Title:

Fingerprint Class Recognition for Securing EMV Transaction

Authors:

B. Vibert, J. M. Le Bars, C. Rosenberger and C. Charrier

Abstract: Fingerprint analysis is a very important issue in biometry. The minutiae representation of a fingerprint is the most used modality to identify people or authorize access when using a biometric system. In this paper, we propose some features based on triangle parameters from the Delaunay triangulation of minutiae. We show the benefit of these features to recognize the type of a fingerprint without any access to the associated fingerprint image.
Download

Paper Nr: 59
Title:

Towards Optimized Security-aware (O-Sec) VM Placement Algorithms

Authors:

Motlatsi i Isaac Thulo and J. H. P. Eloff

Abstract: Cloud computing is a technology that takes advantage of virtualization. Through virtualization, Virtual Machines (VMs) within the same host machine share physical resources. Cloud service providers (CSP) take advantage of virtualization by providing on-demand computing resources through the use of the Internet. In order to provide good Quality of Service (QoS) and to lower costs, CSPs need to optimize the cloud environment. This optimization can be achieved by the strategic placement of Virtual Machines (VMs) in cloud architecture, usually through VM placement algorithms. Despite these efforts, there are some remaining problems that need to be addressed. Amongst these are threats introduced by the cloud’s architectural vulnerabilities. This paper, therefore, focuses on evaluating currently available VM placement algorithms. The objective is to identify VM placement algorithms that show potential to be further augmented with security features or that can be improved from a security perspective. Future work will investigate how these algorithms can be adapted to be security-aware.
Download

Paper Nr: 61
Title:

Why Snoopy Loves Online Services: An Analysis of (Lack of) Privacy in Online Services

Authors:

Vittoria Cozza, Zisis Tsiatsikas, Mauro Conti and Georgios Kambourakis

Abstract: Over the last decade online services have penetrated the market and for many of us became an integral part of our software portfolio. On the one hand online services offer flexibility in every sector of the social web, but on the other hand these pros do not come without a cost in terms of privacy. This work focuses on online services, and in particular on the possible inherent design errors which make these services an easy target for privacy invaders. We demonstrate the previous fact using a handful of real-world cases pertaining to popular online web services. More specifically, we show that despite the progress made in raising security/privacy awareness amongst all the stakeholders (developers, admins, users) and the existence of mature security/privacy standards and practices, there still exist a plethora of poor implementations that may put user’s privacy at risk. We particularly concentrate on cases where a breach can happen even if the aggressor has limited knowledge about their target and/or the attack can be completed with limited resources. In this context, the main contribution of the paper at hand revolves around the demonstration of effortlessly exploiting privacy leaks existing in widely-known online services due to software development errors.
Download

Paper Nr: 65
Title:

Real-time DSP Implementations of Voice Encryption Algorithms

Authors:

Cristina-Loredana Duta, Laura Gheorghe and Nicolae Tapus

Abstract: In the last decades, digital communications and network technologies have been growing rapidly, which makes secure speech communication an important issue. Regardless of the communication purposes, military, business or personal, people want a high level of security during their conversations. In this context, many voice encryption methods have been developed, which are based on cryptographic algorithms. One of the major issues regarding these algorithms is to identify those that can ensure high throughput when dealing with reduced bandwidth of the communication channel. A solution is to use resource constrained embedded systems because they are designed such that they consume little system resources, providing at the same time very good performances. To fulfil all the strict requirements, hardware and software optimizations should be performed by taking into consideration the complexity of the chosen algorithm, the mapping between the selected architecture and the cryptographic algorithm, the selected arithmetic unit (floating point or fixed point) and so on. The purpose of this paper is to compare and evaluate based on several criteria the Digital Signal Processor (DSP) implementations of three voice encryption algorithms in real time. The algorithms can be divided into two categories: asymmetric ciphers (NTRU and RSA) and symmetric ciphers (AES). The parameters taken into consideration for comparison between these ciphers are: encryption, decryption and delay time, complexity, packet lost and security level. All the previously mentioned algorithms were implemented on Blackfin and TMS320C6x processors. Making hardware and software level optimizations, we were able to reduce encryption/decryption/delay time, as well as to reduce the energy consumed. The purpose of this paper is to determine which is the best system hardware (DSP platform) and which encryption algorithm is feasible, safe and best suited for real-time voice encryption.
Download

Paper Nr: 83
Title:

Machine Learning Meets iOS Malware: Identifying Malicious Applications on Apple Environment

Authors:

Aniello Cimitile, Fabio Martinelli and Francesco Mercaldo

Abstract: The huge diffusion of the so-called smartphone devices is boosting the malware writer community to write more and more aggressive software targeting the mobile platforms. While scientific community has largely studied malware on Android platform, few attention is paid to iOS applications, probably to their closed-source nature. In this paper, in order to fill this gap, we propose a method to identify malicious application on Apple environment. Our method relies on a feature vector extracted by static analysis. Experiments, performed with 20 different machine learning algorithms, demonstrate that malware iOS applications are discriminated by trusted ones with a precision equal to 0.971 and a recall equal to 1.
Download

Paper Nr: 85
Title:

On the Security of Safety-critical Embedded Systems: Who Watches the Watchers? Who Reprograms the Watchers?

Authors:

Carlos Moreno and Sebastian Fischmeister

Abstract: The increased level of connectivity makes security an essential aspect to ensure that safety-critical embedded systems deliver the level of safety for which they were designed. However, embedded systems designers face unique technological and economics challenges when incorporating security into their products. In this paper, we focus on two of these challenges unique to embedded systems, and propose novel approaches to address them. We first deal with the difficulties in successfully implementing runtime monitoring to ensure correctness in the presence of security threats. We highlight the necessity to implement runtime monitors as physically isolated subsystems, preferably with no (direct) connectivity, and we propose the use of program tracing through power consumption to this end. A second critical aspect is that of remote firmware upgrades: this is an essential mechanism to ensure the continuing security of a system, yet the mechanism itself can introduce severe security vulnerabilities. We propose a novel approach to ensure secure remote upgrades and sketch the details of an eventual implementation. It is our goal and hope that the computer security and embedded systems communities will discuss and evaluate the ideas that we present in this paper, to assess their effectiveness and applicability in practice.
Download

Paper Nr: 94
Title:

Cyber-interdependency in Smart Energy Systems

Authors:

Razgar Ebrahimy and Zoya Pourmirza

Abstract: Critical infrastructures are highly interdependent due to the services they receive and provide to one another. These interdependencies include physical, logical, geographical and cyber. Most of these interdependencies have been studied extensively apart from the cyber interdependency which is the main focus of this paper. Critical infrastructures have cyber interdependency when the state of a physical infrastructure (energy, transport, water, waste, etc.) depends on the information transmitted through the information infrastructure. The communication network is the backbone of smart energy systems and is responsible for transmission of data from all sub-systems in both directions. Due to the complexity and combination of many sub-systems that form smart energy systems, data is generated at different levels within such systems. The data at each layer is different and has its own cyber characteristics. Knowing these characteristics and interdependencies at each layer provides the foundation for designing an appropriate ICT architecture that fits that segment (layer) rather than having an ICT architecture that is generic and designed for all layers but susceptible to risks. This paper outlines a new approach by focusing only on the cyber interdependencies in smart energy systems and how they effect the Smart Grid.
Download

Paper Nr: 102
Title:

Improving the Automatic Identification of Malicious Android Apps in Unofficial Stores through Logo Analysis

Authors:

L. Vollero, D. Biondo, R. Setola, G. Bocci, R. Mammoliti and A. Toma

Abstract: The wide diffusion of mobile devices and the ability of users to customize their experience through applications (Apps) is opening to new problems related to privacy, security and data integrity for the mobile ecosystem. Smartphones, in general, and Android devices, in particular, are rapidly becoming emerging threat vectors of cybercrime activities. Unofficial Android markets, especially those with weak controls on published Apps, are the places where frauds may easily start and spread. Hence, the ability to identify and quickly shut down deceptive Apps is of paramount importance in the protection of users, services and infrastructures. Traditional approaches that aim at mitigating the presence of malicious Apps in unofficial markets, are based on crawlers for scanning stores and checking the words used in Apps’ description. These methods works very well when the App’s title, keywords and description match specific patterns that identify services to protect and the application owner or App’s signature do not match expected ones. Unluckily, the performance of such methods reduce sharply when the store adopts a language that is not supported by the recognition system or the App publisher uses misleading words in the App’s description. Nevertheless, App publishers always use a logo which is familiar to the user in order to highlight the application and increase the probability that the users install it. In this paper we presents a system that overcomes the limitation of traditional approaches including logo analysis in the process of App recognition. Our contribution is the definition and evaluation of a logo-based complementary system to be used in conjunction with traditional approaches based on word lists checking. The system and the performance of the proposed solution are presented and analyzed in the paper.
Download

Paper Nr: 104
Title:

Identity Deception Detection on Social Media Platforms

Authors:

Estée van der Walt and J. H. P. Eloff

Abstract: The bulk of currently available research in identity deception focuses on understanding the psychological motive behind persons lying about their identity. However, apart from understanding the psychological aspects of such a mindset, it is also important to consider identity deception in the context of the technologically integrated society in which we live today. With the proliferation of social media, it has become the norm for many people to present a false identity for various purposes, whether for anonymity or for something more harmful like committing paedophilia. Social media platforms (SMPs) are known to deal with massive volumes of big data. Big data characteristics such as volume, velocity and variety make it not only easier for people to deceive others about their identity, but also harder to prevent or detect identity deception. This paper describes the challenges of identity deception detection on SMPs. It also presents attributes that can play a role in identity deception detection, as well as the results of an experiment to develop a so-called Identity Deception Indicator (IDI). It is believed that such an IDI can assist law enforcement with the early detection of potentially harmful behaviour on SMPs.
Download

Paper Nr: 106
Title:

Breaking a Hitag2 Protocol with Low Cost Technology

Authors:

V. Gayoso Martínez, L. Hernández Encinas, A. Martín Muñoz and J. Zhang

Abstract: Hitag2 is an encryption algorithm designed by NXP Semiconductors that is used in electronic vehicle immobilizers and anti-theft devices. Hitag2 uses 48-bit keys for authentication and confidentiality, and due to that feature it is considered an insecure cipher. In this contribution we present a comparison of low cost technologies able to break a known protocol based on this cipher in a reasonable amount of time. Building on top of these solutions, it is possible to create an environment able to obtain Hitag2 keys in almost negligible time. The procedure can be easily expanded in order to consider other protocols based on the same cipher.
Download