Information Security: 23rd International Conference, ISC 2020, Bali, Indonesia, December 16–18, 2020, Proceedings 3030629732, 9783030629731

Table of contents :
Preface
Organization
Contents
Public-Key Cryptography
Anonymous IBE from Quadratic Residuosity with Fast Encryption
1 Introduction
2 Preliminaries
2.1 Identity-Based Encryption
2.2 Security Notions
2.3 Complexity Assumption
3 A Variant of Cocks' IBE Scheme with Fast Encryption
4 An Anonymous Variant of Cocks' IBE Scheme with Fast Encryption
5 Conclusion
A A Public-Key Encryption with Keyword Search Scheme from Quadratic Residuosity
References
Time-Specific Signatures
1 Introduction
2 Preliminaries
3 Time-Specific Signatures (TSS)
4 TSS Based on Forward-Secure Signatures
4.1 Construction
4.2 Unforgeability
4.3 Perfect Privacy
4.4 Efficiency Analysis
5 TSS Based on Wildcarded Identity-Based Ring Signatures
5.1 Wildcarded Identity-Based Ring Signatures (WIBRS)
5.2 A TSS Scheme from WIBRS Scheme with L=logT and n=2logT-2
5.3 A WIBRS Scheme as an Instantiation of ABS Scheme ch2SAH16
5.4 Analyzing Efficiency of the TSS Scheme
6 Conclusion
A Attribute-Based Signatures (ABS) for Circuits
References
Compatible Certificateless and Identity-Based Cryptosystems for Heterogeneous IoT
1 Introduction
2 Preliminaries
3 Security Model
4 Proposed Schemes
4.1 Proposed Identity-Based Cryptosystem
4.2 Proposed Certificateless Cryptosystem
4.3 Compatibility of Identity-Based and Certificateless Schemes
5 Security Analysis
6 Performance Analysis and Comparison
7 Related Work
References
Public-PEZ Cryptography
1 Introduction
1.1 Background
1.2 Contributions
1.3 Related Work
1.4 Outline
2 Public-PEZ AND Protocol
3 Formalizing Public-PEZ Protocols
3.1 Sequence of Candies
3.2 Action
3.3 Computational Model of Public-PEZ Protocols
4 Formal Description of Our AND Protocol and Another One
5 Implementations of Shuffles of Candies
6 Conclusion
References
Two-Server Verifiable Homomorphic Secret Sharing for High-Degree Polynomials
1 Introduction
1.1 Our Contributions
1.2 Our Techniques
1.3 Applications
1.4 Related Work
1.5 Organization
2 Preliminaries
2.1 Public-Key Encryption with Nearly Linear Decryption
3 Two-Server Verifiable Homomorphic Secret Sharing
4 A Construction of 2SVHSS
5 Performance Analysis
5.1 Evaluating 2SVHSS
5.2 Comparisons with LMS ch5LMS18
6 Concluding Remarks
References
Symmetric-Key Cryptography and Lattice
Searching for Balanced S-Boxes with High Nonlinearity, Low Differential Uniformity, and Improved DPA-Resistance
1 Introduction
1.1 Related Work
1.2 Our Contribution
2 Preliminaries
3 Search Strategy
3.1 Search Algorithm
3.2 Cost Function
4 Experimental Results
5 Conclusion
References
Integerwise Functional Bootstrapping on TFHE
1 Introduction
1.1 Our Contribution
2 Preliminaries
2.1 Background on TFHE
2.2 Overview of TFHE Bootstrapping
2.3 Integerwise LWE Encryption
3 Integerwise General Functional Bootstrapping
3.1 General Functional Bootstrapping
3.2 Security
4 Applications
4.1 Homomorphic Evaluation of Sign()
4.2 Homomorphic Equality Test
4.3 Homomorphic Multiplication with a Binary Number
4.4 Homomorphic Division by a Constant
4.5 Homomorphic Division
5 Results of Homomorphic Division
6 Conclusion
References
Attacks and Cryptanalysis
Rotational Cryptanalysis of Salsa Core Function
1 Introduction
2 Preliminaries
2.1 Description of Salsa
2.2 Rotational Cryptanalysis
3 Rotational Cryptanalysis of the Salsa Core Function
3.1 Experimental Observations
3.2 Proofs
3.3 Experimental Verifications
4 A Weakness of the Salsa Permutation
5 Conclusion
References
Analyzing the Chain of Trust Model Based on Entity Dependence
1 Introduction
2 Related Work
2.1 Model Based on Trustworthy Computing Context
2.2 Trusted and Trusted Measurement Model Based on Trusted Management Context
2.3 Specific Trusted Computing Platform Model
3 Status and Chain of Trust
3.1 The Dependence Relationship Between Entities
3.2 Trusted Set
3.3 Root of Trust and Trusted Measurement
3.4 Chain of Trust Model
4 Analysis of the Existing Chain of Trust of Trusted Computing Platform
4.1 SRTM-Based Trusted Computing Platform
4.2 DRTM-Based Trusted Computing Platform
5 New Mechanism and Prototype of Building Chain of Trust
6 Conclusion
References
Evaluation on the Security of Commercial Cloud Container Services
1 Introduction
2 Background
2.1 Container Mechanism
2.2 Linux Kernel Security Mechanisms
2.3 CPU Protection Mechanisms
3 Metric Checklist for Container Security Evaluation
3.1 Execution Environment Related Metrics
3.2 Privilege Escalation Related Metrics
3.3 Container Escaping Related Metrics
3.4 Memory Corruption Vulnerabilities
4 Evaluation and Analysis
4.1 Container Execution Environment Detection
4.2 Privilege Escalation Evaluation
4.3 Container Escaping Evaluation
5 Discussion and Future Work
6 Related Work
7 Conclusion
References
Walls Have Ears: Eavesdropping User Behaviors via Graphics-Interrupt-Based Side Channel
1 Introduction
2 Related Work
3 Our Idea
3.1 Graphics Interrupts
3.2 Threat Model and Our Idea
3.3 Challenges and Experiments
4 Attack Scenario I: Webpage Fingerprinting
5 Attack Scenario II: GUI Application Fingerprinting
6 Attack Scenario III: Beyond Visual Perception
7 Additional Experiments, Discussion, and Limitation
7.1 Tradeoff Between Accuracy and Timeliness
7.2 Robustness Against Noise
8 Conclusion
References
Malware Analysis
Why Current Statistical Approaches to Ransomware Detection Fail
1 Introduction
2 Related Work
3 Randomness for Anti-Ransomware
3.1 Shannon Entropy
3.2 Chi-Square
3.3 Other Statistical Tests
4 Methodology
4.1 Dataset Creation
4.2 Dataset Preparation
4.3 Threshold Creation
5 Results and Analysis
5.1 False Classification Analysis
5.2 General Observations
6 Recommendations and Future Work
7 Conclusion
References
A Framework for Estimating Privacy Risk Scores of Mobile Apps
1 Introduction
2 Data and Methodology
2.1 UT CID ITAP Dataset
2.2 Identity Assets Collection from Apps
2.3 Estimating Risk Scores for Identity Assets
2.4 Ranking for Mobile Apps
3 Experimental Results
3.1 Experimental Apps
3.2 Evaluation of App Privacy Risk Scores
4 Related Work
5 Conclusion
References
On the Struggle Bus: A Detailed Security Analysis of the m-tickets App
1 Introduction
2 The M-Tickets App
3 Adversary Model
4 Methodology
4.1 Vulnerability Analysis
4.2 Connectivity and Availability Analysis
5 Security Analysis
5.1 Generation of Tickets
5.2 Re-activation of Expired Tickets
5.3 Modification of Tickets
5.4 Hard-Coded Keys and Tokens
5.5 Root Checker Bypass and Enabling Screenshots
5.6 Password Reset Issues
5.7 Availability
6 Recommendations
6.1 Tickets
6.2 Hard-Coding and Availability
6.3 Password Reset
7 Conclusions
References
Network and System Security
ELD: Adaptive Detection of Malicious Nodes under Mix-Energy-Depleting-Attacks Using Edge Learning in IoT Networks
1 Introduction
2 Related Work
3 System Model
3.1 Attack Model
3.2 Traffic Log Model
4 Edge Learning Detection
4.1 Core Workflow
4.2 Intrusion Detection
4.3 Damaged Node Identification
4.4 Adaptability Optimization
4.5 Malicious Nodes Detection
5 Our Evaluation
5.1 Comparison Scheme
5.2 Experimental Setup
5.3 Impact of the Number of Nodes
5.4 Impact of the Number of Passing Packets
5.5 Impact of Attack Types
5.6 Impact of Attack Probability
6 Conclusion
References
Minimal Rare-Pattern-Based Outlier Detection Method for Data Streams by Considering Anti-monotonic Constraints
1 Introduction
2 Related Works of Association-Based Outlier Detection Methods
3 Preliminaries
4 Anti-monotonic Constrained Minimal Rare Pattern-Based Outlier Detection (AMCMRP-Outlier)
4.1 Constrained Minimal Rare Pattern Mining (CMRP-Mine)
4.2 Outlier Detection Method
5 Experiment Results
5.1 Detection Accuracy of the AMCMRP-Outlier Method
5.2 Time Cost of the AMCMRP-Outlier Method
6 Conclusions
References
Towards Transparent Control-Flow Integrity in Safety-Critical Systems
1 Introduction
2 Problem Statement
2.1 Code-Reuse Attacks
2.2 Threat Model
3 Background
3.1 CFI
3.2 ARM CoreSight
3.3 Partitioned Architecture Based on Separation Kernel
4 CFI Monitoring using ARM CoreSight
4.1 Static Pre-processing
4.2 Run-Time Monitoring
5 Timing Overhead Analysis
5.1 Modeling the Trace Collection Task
5.2 Worst-Case Slowdown Experienced by Any Application
5.3 Slowdown for ANIS IP Stack in a Nominal Operation
5.4 Overhead for CFG Path Reconstruction and CFI Checking
6 System Design Considerations for the Integration of the CFI Monitor in a Safety-Critical CPS
6.1 Freedom from Interference and Independence Considerations
6.2 Transparent CFI Monitoring and Its Applicability in a Multi-supplier Product Development
6.3 Scalability for Monitoring Multiple Applications
6.4 Strategies for Decoupling Trace Collection from the CFG Path Reconstruction and the CFI Checking
7 Related Work
8 Conclusion
References
Blokchain
BlockVoke – Fast, Blockchain-Based Certificate Revocation for PKIs and the Web of Trust
1 Introduction
2 Supplementary Literature and Related Work
2.1 Certificate Revocation Mechanisms
2.2 Blockchain Technology
2.3 Related Work
3 BlockVoke – Blockchain-Based Certificate Revocation
3.1 Certificate Signing Request
3.2 Certificate Creation
3.3 Revocation
3.4 CA Root Certificates
3.5 Web of Trust Keys
4 Analysis
4.1 Basic Security Properties
4.2 Timeliness of Revocations
4.3 Comparison with CertLedger
4.4 Fees
4.5 Privacy
4.6 Auditability
5 Evaluation and Discussion
5.1 Case-Study I – Let's Encrypt CAA Bug March 2020
5.2 Case-Study II – Revoking the Web of Trust
6 Conclusion and Future Work
References
Formalizing Bitcoin Crashes with Universally Composable Security
1 Introduction
2 Related Work
3 Preliminaries
3.1 Functionalities
3.2 Notation
4 Formalizing Bitcoin Crashes
4.1 Motivation
4.2 Methodology
4.3 Adversary Model
4.4 Security Goals
4.5 Analysis
5 Case Studies
6 Conclusion
References
Characterizing Erasable Accounts in Ethereum
1 Introduction
2 Background
2.1 Ethereum
2.2 Smart Contract
3 Erasable Accounts
3.1 Erasable Contract
3.2 Erasable EOA
4 GLASER
4.1 Erasable Contract Detection
4.2 Erasable EOA Detection
5 Evaluation
5.1 RQ1 Quantity
5.2 RQ2 Accuracy
5.3 RQ3 Waste
6 Graph Analysis
7 Related Work
8 Discussion and Conclusion
References
An Accountable Decryption System Based on Privacy-Preserving Smart Contracts
1 Introduction
2 Related Work
3 Preliminaries
3.1 Privacy-Preserving Smart Contract
3.2 Decision Linear Assumption
4 General Construction
4.1 System Overview
4.2 Security Definitions
5 Concrete Instantiation
6 Security Proof
7 Implementation
8 Evaluation
9 Conclusion
A Appendix: Linear Problem
B Appendix: Completeness
References
Security Applications
PvP: Profiling Versus Player! Exploiting Gaming Data for Player Recognition
1 Introduction
2 Related Work
3 Background
3.1 Online Gaming Panorama
3.2 Dota 2
4 Our Data Collection
4.1 Dota 2 Online Survey
4.2 Survey Results
4.3 Players Data
5 Model Selection for Player Recognition
5.1 Dataset Creation
5.2 Preliminary Model and Considerations
5.3 Model Selection
6 Results and Further Experiments
6.1 General Features Evaluation
6.2 Unknown Players Evaluation
7 Discussions
8 Conclusion and Future Works
References
Privacy-Preserving Computation of the Earth Mover's Distance
1 Introduction
2 Background
2.1 The Earth Mover's Distance
2.2 Private Computation of the Size of the Intersection of Two Sets
3 The EMD as a PSI-CA Problem
3.1 Message Expansion
4 Experimental Results
5 Conclusions
References
Author Index