Emerging Information Security and Applications: Second International Symposium, EISA 2021, Copenhagen, Denmark, November 12-13, 2021, Revised Selected ... in Computer and Information Science) 3030939553, 9783030939557

Table of contents :
Preface
Organization
Contents
Practical and Provable Secure Vehicular Component Protection Scheme
1 Introduction
1.1 Related Work
2 System Model
3 Hash Based Component Inspection
3.1 HBCI Model
3.2 HBCI Construction
3.3 Component Replacement
3.4 Emergency Start
4 Detection from the Remote Server
4.1 Detection from the Remote Server Model
4.2 Instantiation
5 Comparison
6 Conclusion
A Security Definition of HBCI
A.1 Security Definition of SHBCI
A.2 Security Definition of PHBCI
A.3 Security Definition of MHBCI
References
NEEX: An Automated and Efficient Tool for Detecting Browser Extension Fingerprint
1 Introduction
2 Background
2.1 Threat Model
3 NEEX
3.1 DOM-Based Extension Fingerprinting
3.2 JavaScript-Based Extension Fingerprinting
4 Experiment
4.1 Data Collection
4.2 Fingerprintability of Extensions
4.3 Performance of Extension Detection
5 Discussion and Future Work
6 Conclusion
References
APHC: Auditable and Privacy Preserving Health QR Code Based on Blockchain
1 Introduction
2 Related Work
3 Preliminaries
3.1 BlockChain
3.2 Ciphertext Policy-Attribute Based Encryption (CP-ABE)
3.3 Bilinear Mapping
4 APHC Design
4.1 System Model
4.2 Design Goals
4.3 The Workflow of APHC
5 Algorithms
5.1 System Initialization Algorithm
5.2 System Function Algorithms
6 Security Analysis
6.1 HC Information Privacy Preservation
6.2 HC Information Tamper-Proof
6.3 HC Information Auditability and Traceability
7 Performance Evaluation
7.1 Implementation
7.2 Computation Cost Measurement
7.3 Capacity Cost Analysis
8 Conclusion
References
AMLChain: Supporting Anti-money Laundering, Privacy-Preserving, Auditable Distributed Ledger
1 Introduction
1.1 Currently Existing Problems
1.2 Contribution
1.3 Organization
2 Related Work
3 Preliminaries
3.1 ElGamal Encryption
3.2 Hidden Public Key Signature
3.3 Zero-Knowledge Proof
4 AMLChain Overview
4.1 Entities
4.2 Workflow
4.3 Algorithm Definition
4.4 Threat Model
5 Detail Description
6 Security Discussion
7 Compare with Related Work
8 Conclusion
References
Granularity and Usability in Authorization Policies
1 Introduction
2 A Read-Write-Execute Syntax for AWS Policies
3 The Design of a Human Participants Study
4 Results
4.1 Nature of Errors
5 Related Work
6 Conclusion and Future Work
References
A Two-Fold Study to Investigate Users' Perception of IoT Information Sensitivity Levels and Their Willingness to Share the Information
1 Introduction
2 Related Work
3 Methods
3.1 IoT Privacy Policies Analysis
3.2 Participant Recruitment and Demographics
3.3 Survey Design
4 Results
4.1 Sensitivity Level vs. Information Types
4.2 Privacy Concerns vs. Information Types
4.3 Information Sensitivity vs. User's Gender
4.4 Information Sensitivity vs. Users' Attitude Towards Sharing the Information with Third-Parties
4.5 Information Types vs. Third-Party Categories
5 Discussion
6 Threats to Validity
7 Conclusion and Future Work
References
SoK: A Systematic Literature Review of Bluetooth Security Threats and Mitigation Measures
1 Introduction
2 Related Works
3 Method
3.1 Database Search
3.2 Abstract and Full-Text Screening
3.3 Thematic Analysis
4 Analysis and Results: Threats
4.1 Bluetooth-Specific Attacks
4.2 Malware Threats
4.3 BLE-Specific Attack
5 Analysis and Results: Mitigation Strategies
6 Discussion and Implications
6.1 User Focused Studies
6.2 Digital Literacy
6.3 Risk Mitigation Measures
7 Limitations and Future Research
8 Conclusion
References
JSLIM: Reducing the Known Vulnerabilities of JavaScript Application by Debloating
1 Introduction
2 Background
3 JSLIM
3.1 Collect Vulnerabilities and Analyze Datas
3.2 Debloating JavaScript Application
3.3 Application Verification
4 Evaluation
4.1 Target Applications
4.2 Vulnerability Identification
4.3 Vulnerability Remove
5 Conclusion
References
Digital Twin Monitoring for Cyber-Physical Access Control
1 Introduction
2 Motivating Scenario
3 Digital Twin
4 Proximity-Based Access Control for Cyber-Physical Systems
5 Indoor Positioning Systems for Detection and Tracking
6 Digital Twin Monitoring
6.1 Detect and Track Physical Entities
6.2 Association of People with Cyber Identities
6.3 Association of Physical Objects with Owners
6.4 Computation of Relative Distance
7 Prototype Implementation
8 Conclusion
References
Improving Host-Based Intrusion Detection Using Thread Information
1 Introduction
1.1 Our Contribution
1.2 Paper Outline
2 Host-Based Intrusion Detection
2.1 Categories of Intrusion Detection Systems
2.2 Related Work
3 Datasets
3.1 NGID-DS
3.2 LID-DS
4 Feature Engineering
5 Algorithms
6 Evaluation Approach
7 Findings
7.1 Results per Algorithm over All Scenarios
7.2 Scenario Wise Best Results
7.3 Overall Best Practical Configurations
8 Conclusion
References
Database Intrusion Detection Systems (DIDs): Insider Threat Detection via Behaviour-Based Anomaly Detection Systems - A Brief Survey of Concepts and Approaches
1 Introduction
2 Threats to Contemporary Organizations
2.1 Defining Insiders
2.2 The Impact of an Insider Attack
3 Anomaly Detection in Systems
4 A Taxonomy for DBMS Anomaly Detection
4.1 Prevalent Architecture of Anomaly-Based Database Intrusion Detection Systems
4.2 Feature Classification
4.3 SQL Query Abstraction
4.4 Syntax-Centric Features-Based Techniques
4.5 Data (Result)-Centric Features-Based Techniques
4.6 Context-Centric Features-Based Techniques
4.7 Hybrid Techniques
5 Conclusions
References
Author Index