main-content

This book constitutes the proceedings of the Second International Workshop on Emerging Technologies for Authorization and Authentication, ETAA 2019, held in Luxembourg, in September 2019.
The 10 full papers presented in this volume were carefully reviewed and selected from numerous submissions. They focus on new techniques for biometric and behavioral based authentication, authentication and authorization in the IoT and in distributed systems in general, techniques for strengthen password based authentication and for dissuading malicious users from stolen password reuse, an approach for discovering authentication vulnerabilities in interconnected accounts, and strategies to optimize the access control decision process in the Big Data scenario.

### Logics to Reason Formally About Trust Computation and Manipulation

Abstract
Trust represents a fundamental, complementary ingredient for the success of security mechanisms in computer science, as it goes beyond the intrinsic, technical aspects of cybersecurity, by involving the subjective perception of users, the willingness to collaborate and expose own resources and capabilities, and the judgement about the expected behavior of other parties. Computational notions of trust are formalized to support automatically the process of building and maintaining trust infrastructures, and mathematical logics provide the formal means to reason about the efficacy of such a process. In this work we advocate the use of two logical approaches to the modeling and verification of the two main tasks at the base of any trust infrastructure: the initial computation of trust values and the dynamic manipulation of such values.
Alessandro Aldini, Mirko Tagliaferri

### An Authorization Framework for Cooperative Intelligent Transport Systems

Abstract
Cooperative Intelligent Transport Systems (C-ITS) aims to enhance the existing transportation infrastructure through the use of sensing capabilities and advanced communication technologies. While improving the safety, efficiency and comfort of driving, C-ITS introduces several security and privacy challenges. Among them, a main challenge is the protection of sensitive information and resources gathered and exchanged within C-ITS. Although several authorization frameworks have been proposed over the years, they are unsuitable to deal with the demands of C-ITS. In this paper, we present an authorization framework that addresses the challenges characterizing the C-ITS domain. Our framework leverages principles of both policy-based and token-based architectures to deal with the dynamicity of C-ITS while reducing the overhead introduced by the authorization process. We demonstrate our framework using typical use case scenarios from the C-ITS domain on location tracking.
Sowmya Ravidas, Priyanka Karkhanis, Yanja Dajsuren, Nicola Zannone

### A Framework for the Validation of Access Control Systems

Abstract
In modern pervasive applications, it is important to validate Access Control (AC) mechanisms that are usually defined by means of the XACML standard. Mutation analysis has been applied on Access Control Policies (ACPs) for measuring the adequacy of a test suite.
This paper provides an automatic framework for realizing mutations of the code of the Policy Decision Point (PDP) that is a critical component in AC systems. The proposed framework allows the test strategies assessment and the analysis of test data by leveraging mutation-based approaches. We show how to instantiate the proposed framework and provide also some examples of its application.
Said Daoudagh, Francesca Lonetti, Eda Marchetti

### The Structure and Agency Policy Language (SAPL) for Attribute Stream-Based Access Control (ASBAC)

Abstract
Current architectures and data flow models for access control are based on request response communication. In stateful or session-based applications monitoring access rights over time this results in polling of authorization services and for Attribute-Based Access Control (ABAC) in the polling of policy information points. This introduces latency or increased load due to polling. Attribute-Stream-based Access Control (ASBAC) is an authorization model based on a publish subscribe pattern mitigating these bottlenecks. ASBAC allows the quasi real time consideration of attribute data streams for access control decisions, such as internet-of-things (IoT) sensor data. This paper introduces the Structure and Agency Policy Language (SAPL) for implementing ASBAC. In addition, the paper describes how ASBAC with SAPL can be implemented by applying a reactive programming model and describes key algorithms for evaluating SAPL policies.
Dominic Heutelbeck

### NoCry: No More Secure Encryption Keys for Cryptographic Ransomware

Abstract
Since the appearance of ransomware in the cyber crime scene, researchers and anti-malware companies have been offering solutions to mitigate the threat. Anti-malware solutions differ on the specific strategy they implement, and all have pros and cons. However, three requirements concern them all: their implementation must be secure, be effective, and be efficient. Recently, Genç et al. proposed to stop a specific class of ransomware, the cryptographically strong one, by blocking unauthorized calls to cryptographically secure pseudo-random number generators, which are required to build strong encryption keys. Here, in adherence to the requirements, we discuss an implementation of that solution that is more secure (with components that are not vulnerable to known attacks), more effective (with less false negatives in the class of ransomware addressed) and more efficient (with minimal false positive rate and negligible overhead) than the original, bringing its security and technological readiness to a higher level.
Ziya Alper Genç, Gabriele Lenzini, Peter Y. A. Ryan

### Security Requirements for Store-on-Client and Verify-on-Server Secure Biometric Authentication

Abstract
The Fast IDentity Online Universal Authentication Framework (FIDO UAF) is an online two-step authentication framework designed to prevent biometric information breaches from servers. In FIDO UAF, biometric authentication is firstly executed inside a user’s device, and then online device authentication follows. While there is no chance of biometric information leakage from the servers, risks remain when users’ devices are compromised. In addition, it may be possible to impersonate the user by skipping the biometric authentication step.
To design more secure schemes, this paper defines Store-on-Client and Verify-on-Server Secure Biometric Authentication (SCVS-SBA). Store-on-client means that the biometric information is stored in the devices as required for FIDO UAF, while verify-on-server is different from FIDO UAF, which implies that the result of biometric authentication is determined by the server. We formalize security requirements for SCVS-SBA into three definitions. The definitions guarantee resistance to impersonation attacks and credential guessing attacks, which are standard security requirements for authentication schemes. We consider different types of attackers according to the knowledge on the internal information.
We propose a practical concrete scheme toward SCVS-SBA, where normalized cross-correlation is used as the similarity measure for the biometric features. Experimental results show that a single authentication process takes only tens of milliseconds, which means that it is fast enough for practical use.
Haruna Higo, Toshiyuki Isshiki, Masahiro Nara, Satoshi Obana, Toshihiko Okamura, Hiroto Tamiya

### Reflexive Memory Authenticator: A Proposal for Effortless Renewable Biometrics

Abstract
Today’s biometric authentication systems are still struggling with replay attacks and irrevocable stolen credentials. This paper introduces a biometric protocol that addresses such vulnerabilities. The approach prevents identity theft by being based on memory creation biometrics. It takes inspiration from two different authentication methods, eye biometrics and challenge systems, as well as a novel biometric feature: the pupil memory effect. The approach can be adjusted for arbitrary levels of security, and credentials can be revoked at any point with no loss to the user. The paper includes an analysis of its security and performance, and shows how it could be deployed and improved.
Nikola K. Blanchard, Siargey Kachanovich, Ted Selker, Florentin Waligorski

### Collaborative Authentication Using Threshold Cryptography

Abstract
We propose a collaborative authentication protocol where multiple user devices (e.g., a smartphone, a smartwatch and a wristband) collaborate to authenticate the user to a third party service provider. Our protocol uses a threshold signature scheme as the main building block. The use of threshold signatures minimises the security threats in that the user devices only store shares of the signing key (i.e., the private key) and the private key is never reconstructed. For user devices that do not have secure storage capability (e.g., some wearables), we propose to use fuzzy extractors to generate their secret shares using behaviometric information when needed, so that there is no need for them to store any secret material. We discuss how to reshare the private key without reconstructing it in case a new device is added and how to repair shares that are lost due to device loss or damage. Our implementation results demonstrate the feasibility of the protocol.
Aysajan Abidin, Abdelrahaman Aly, Mustafa A. Mustafa

### MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols

Abstract
In recent years, the usage of online services (e.g., banking) has considerably increased. To protect the sensitive resources managed by these services against attackers, Multi-Factor Authentication (MFA) has been widely adopted. To date, a variety of MFA protocols have been implemented, leveraging different designs and features and providing a non-homogeneous level of security and user experience. Public and private authorities have defined laws and guidelines to guide the design of more secure and usable MFA protocols, but their influence on existing MFA implementations remains unclear.
We present MuFASA, a tool for high-level specification and analysis of MFA protocols, which aims at supporting normal users and security experts (in the design phase of an MFA protocol), providing a high level report regarding possible risks associated to the specified MFA protocol, its resistance to a set of attacker models (defined by NIST), its ease-of-use and its compliance with a set of security requirements derived from European laws.
Federico Sinigaglia, Roberto Carbone, Gabriele Costa, Silvio Ranise

### A Risk-Driven Model to Minimize the Effects of Human Factors on Smart Devices

Abstract
Human errors exploitation could entail unfavorable consequences to smart device users. Typically, smart devices provide multiple configurable features, e.g., user authentication settings, network selection, application installation, communication interfaces, etc., which users can configure according to their need and convenience. However, untrustworthy features configuration could mount severe risks towards the protection and integrity of data and assets residing on smart devices or to perform security-sensitive activities on smart devices. Conventional security mechanisms mainly focus on preventing and monitoring malware, but they do not perform the runtime vulnerabilities assessment while users use their smart devices. In this paper, we propose a risk-driven model that determines features reliability at runtime by monitoring users’ features usage patterns. The resource access permissions (e.g., ACCESS_INTERNET and ACCESS_NETWORK_STATE) given to an application requiring higher security are revoked in case users configure less reliable features (e.g., open WIFI or HOTSPOT) on their smart devices. Thus, our model dynamically fulfills the security criteria of the security-sensitive applications and revokes resources access permission given to them, until features reliability is set to a secure level. Consequently, smart devices are secured against any runtime vulnerabilities that may surface due to human factors.
Sandeep Gupta, Attaullah Buriro, Bruno Crispo

### A Formal Security Analysis of the Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted Email

Abstract
To send encrypted emails, users typically need to create and exchange keys which later should be manually authenticated, for instance, by comparing long strings of characters. These tasks are cumbersome for the average user. To make more accessible the use of encrypted email, a secure email application named $$p\equiv p$$ automates the key management operations; $$p\equiv p$$ still requires the users to carry out the verification, however, the authentication process is simple: users have to compare familiar words instead of strings of random characters, then the application shows the users what level of trust they have achieved via colored visual indicators. Yet, users may not execute the authentication ceremony as intended, $$p\equiv p$$ ’s trust rating may be wrongly assigned, or both. To learn whether $$p\equiv p$$ ’s trust ratings (and the corresponding visual indicators) are assigned consistently, we present a formal security analysis of $$p\equiv p$$ ’s authentication ceremony. From the software implementation in C, we derive the specifications of an abstract protocol for public key distribution, encryption and trust establishment; then, we model the protocol in a variant of the applied pi calculus and later formally verify and validate specific privacy and authentication properties. We also discuss alternative research directions that could enrich the analysis.
Itzel Vazquez Sandoval, Gabriele Lenzini