Skip to main content

About this book

This book constitutes the revised selected papers of the 5th International Conference on Information Systems Security and Privacy, ICISSP 2019, held in Prague, Czech Republic, in February 2019.

The 19 full papers presented were carefully reviewed and selected from a total of 100 submissions. The papers presented in this volume address various topical research, including new approaches for attack modelling andprevention, incident management and response, and user authentication andaccess control, as well as business and human-oriented aspects such as data pro-tection and privacy, and security awareness.

Table of Contents


SPROOF: A Decentralized Platform for Attribute-Based Authentication

Paper documents are still very common for all types of records of personal achievements, ID cards and many other types documents issued to an individual or a company. These paper documents, however, often come at the cost of expensive printing and issuing, loss of data or malicious counterfeits. The origin and integrity is often hard or even impossible to be verified. Digital signatures solve some of these issues, however, this still requires centralized trusted infrastructures and still does not allow for easy verification or recovery of lost documents. Furthermore, attribute-based authentication is not possible with traditional signature schemes. In this paper, we present a decentralized platform for signing and verifying digital documents that is based on the previously presented SPROOF platform and additionally supports attribute-based authentication. This platform allows for issuing, managing and verifying digital documents in a public blockchain. In the proposed approach, all data needed for verification of documents and issuers is stored decentralized, transparent, and integrity protected. The platform is permissionless and thus no access restrictions apply. Rather, following principles of the Web of Trust, issuers can confirm each other in a decentralized way. Additionally, scalability and privacy issues are taken into consideration.
Clemens Brunner, Fabian Knirsch, Dominik Engel

Next Generation Information Warfare: Rationales, Scenarios, Threats, and Open Issues

The technological advances made in the last twenty years radically changed our society, improving our lifestyle in almost every aspect of our daily life. This change directly affects human habits, transforming the way people share information and knowledge. The exponential technological advancement, together with the related information deluge, are also radically changing Information Warfare and its scenarios. Indeed, the consequently increase of the digital attack surface poses new challenges and threats for both personal and national security.
In this paper we discuss the motivations behind the need to redefine the Information Warfare according to its new dimensions. Then, we analyze the potential impact of the new threats on the most sensitive targets exposed by every nation: the Society, the Economy, and the Critical Infrastructures. Finally, for every considered scenario, we analyze existing state-of-the-art countermeasures, highlighting open issues and suggesting possible new defensive techniques.
Roberto Di Pietro, Maurantonio Caprolu, Simone Raponi

Information Technology Consulting Firms’ Readiness for Managing Information Security Incidents

Because of the increase in the number and scope of information security incidents, proper management has recently gained importance for public and private organizations. Further challenges in this area have resulted from new regulations, such as the General Data Protection Regulation (GDPR) and the Directive on Security of Network and Information Systems (NIS), as well as a tendency to outsource vital services to subcontractors. This study addresses the lack of empirical studies in the field and focuses on information security incident management at information technology (IT) consulting firms. Specifically, it examines challenges due to their exposed position and new regulations. The contribution of the paper is twofold. First, it provides valuable insight into the experiences and challenges of Swedish IT consulting firms. Second, it proposes criteria for classifying an information security incident that can equip decision-makers with a solid and assessable basis for incident management. The results emphasize further improvements in employee awareness, incident classification, and systemic governance, thereby integrating corporate policy making, information security incident management, and information system leadership.
Christine Große, Maja Nyman, Leif Sundberg

Evaluation of Side-Channel Key-Recovery Attacks on LoRaWAN End-Device

IoT devices have come into widespread use. The rapid growth of the IoT market is expected in the field of automobiles and transportation, medical and health care, and industry. Data protection and integrity are critical for IoT-based services in order to maintain the security and privacy of them. Low-power wide-area (LPWA) is a wireless communication technology designed for IoT applications and end-devices requiring low cost, long battery life, wide-area coverage, and high system capacity. LoRaWAN is an open standard for LPWA and achieves data protection and integrity by using encryption and message integrity code (MIC). Many studies have pointed out security issues, and attacks against LPWA protocols and have proposed solutions to improve security against such attacks. However, side-channel analysis techniques can directly recover secret information from a device. In this paper, we evaluate the applicability of a side-channel analysis to a real LoRaWAN end-device. Our experiments attempt to recover AES-128 keys to encrypt frame payload and calculate the message integrity code (MIC) for the encrypted payload based on a correlation power analysis, which is a type of side-channel analysis. The 260 electromagnetic(EM)-leakage traces entirely recover the 16-byte key for the frame payload encryption, and the 140 EM-leakage traces recover the 12 bytes of the 16-byte key for MIC generation. Furthermore, we show that our key recovery attack is applicable in real LoRaWAN protocols. Our attack can entirely recover the root key AppKey in LoRaWAN v1.0 and a root key NwkKey in LoRaWAN v1.1.
Kazuhide Fukushima, Damien Marion, Yuto Nakano, Adrien Facon, Shinsaku Kiyomoto, Sylvain Guilley

Black-Box Attacks via the Speech Interface Using Linguistically Crafted Input

This paper presents the results of experiments demonstrating novel black-box attacks via the speech interface. We demonstrate two types of attack that use linguistically crafted adversarial input to target vulnerabilities in the handling of speech input by a speech interface. The first attack demonstrates the use of nonsensical word sounds to gain covert access to voice-controlled systems. This attack exploits vulnerabilities at the speech recognition stage of handling of speech input. The second attack demonstrates the use of crafted utterances that are misinterpreted by a target system as a valid voice command. This attack exploits vulnerabilities at the natural language understanding stage of handling of speech input.
Mary K. Bispham, Alastair Janse van Rensburg, Ioannis Agrafiotis, Michael Goldsmith

Proposal and Performance Evaluation of an Order-Specified Aggregate Authority-Transfer Signature

We propose a new order-specified aggregate authority-transfer signature based on the gap Diffie-Hellman group and evaluate the performance of it. In companies, in order to prevent stagnation of the work flow or suspension of operations accompanied by an accident due to concentration of authority to one or a few people, distribution and delegation of authority to multiple persons is performed. Currently, since various operations in a company are performed via a computer network, a mechanism of authority transfer to allow delegation and distribution of authority quickly and properly on this network is needed. In this paper, we propose an authority-transfer signature scheme combining an order-specified aggregate signature and a group signature. In our method, a signature scheme uses a group signature scheme to guarantee authority. Moreover, it transfers the authority owned by the manager to another member of the group. The difference from the group manager of existing group signatures is that this manager not only manages the group but also delegates authority. Regarding this signature, we implement a simulation program and evaluate the performance. As a result, we show that our proposal is practical.
Takuya Ezure, Masaki Inamura

Context-Aware Software-Defined Networking for Automated Incident Response in Industrial Networks

Due to the increasing flexibility of processes in modern plants the need for the respective networks’ flexibility rises. Such dynamic networks are already performing well in, for example, data centres where they are based on the Software-defined Networking (SDN) paradigm. Because SDN has established itself in flexible, high performance environments, it is currently introduced into industrial networks as well. With the usage of SDN, a centralized view and controlling is added to these networks, which enables performing automated responses to network events. Such network events can be classified as incidents to which SDN can provide timely and, due to the holistic view on the network, appropriate, automated incident response, like immediate containment, monitoring or switching to redundancies. However, industrial networks generally have a high occurrence of availability-, safety- and time-critical communication which limit the scope for action of such an automated approach. Nevertheless, SDN-based incident response (SDN-IR) does not yet take into consideration these limitations, which prevent its application for industrial networks.
This article identifies possible response actions to industrial network incidents. Furthermore, it presents a concept for SDN-IR where a predefined rule set restricts the response actions based on asset and link classification. This way, SDN-IR is able to satisfy the before mentioned requirements of industrial networks. In addition, the article describes a prototype of this concept and its evaluation, elucidates the perspective of a device security status in the SDN-IR context and discusses security issues of the concept.
Florian Patzer, Philipp Lüdtke, Ankush Meshram, Jürgen Beyerer

Transparency Enhancing Tools and the GDPR: Do They Match?

The introduction of the General Data Protection Regulation (GDPR) came to further strengthen the need for transparency—one of its main principles—and with it, the users’ empowerment to make service providers more responsible and accountable for processing of personal data. The technological infrastructures are not yet prepared to fully support the principle, but changes are bound to be implemented in the very near future. In this work (1) we comprehensively elicit the requirements one needs to implement transparency as stated in GDPR, and (2) we verify which current Transparency Enhancing Tools (TETs) can fulfil them. We found that work still needs to be done to comply with the European Regulation. However, parts of some TETs can already solve some issues. Work efforts need to be put on the development of new solutions, but also on the improvement and testing of existing ones.
Dayana Spagnuelo, Ana Ferreira, Gabriele Lenzini

User Study of the Effectiveness of a Privacy Policy Summarization Tool

The complexity of privacy policies makes it difficult for users to understand its content. In order to solve this, tools exist that analyze and summarize those privacy policies, and present the results in a standardized visual format. The use of these tools can make it possible to analyze any privacy policy, that is, they have the advantage of scale, unlike processes that require manual classification. However, there is scarce research on their effectiveness and how users perceive them. In this paper, an experimental survey was conducted to evaluate whether one such tool, PrivacyGuide, could communicate risk and increase interest in the content of the privacy policy itself. The survey was conducted in Japan with Japanese participants, and considered two languages of the privacy policy, Japanese and English. The results show that interest in the privacy policy increased after viewing the privacy policy summary. On the other hand, risk communication was limited to the case of an English language privacy policy. In addition, survey participants also provided positive and negative feedback about the tool: there was interest in using the tool in a variety of scenarios, but there was also lack of trust in the results. The findings suggest that privacy policy summarization tools have potential to help users, but that there are barriers for adoption of the tool.
Vanessa Bracamonte, Seira Hidano, Welderufael B. Tesfay, Shinsaku Kiyomoto

A General Framework for Decentralized Combinatorial Testing of Access Control Engine: Examples of Application

Access control mechanisms aim to assure data protection in modern software systems. Testing of such mechanisms is a key activity to avoid security flaws and violations inside the systems or applications. In this paper, we introduce the general architecture of a new decentralized framework for testing of XACML-based access control engines. The proposed framework is composed of different web services and can be instantiated for different testing purposes: i) generation of test cases based on combinatorial testing strategies; ii) distributed test cases execution; iii) decentralized oracle derivation able to associate the expected authorization decision to a given XACML request. The effectiveness of the framework has been proven into two different experiments. The former addressed the evaluation of the distributed vs non distributed testing solution. The latter focused on the performance comparison of two distributed oracle approaches.
Said Daoudagh, Francesca Lonetti, Eda Marchetti

Protection of User-Defined Sensitive Attributes on Online Social Networks Against Attribute Inference Attack via Adversarial Data Mining

Online social network (OSN) users share various types of personal information with other users. By analysing such personal information, a malicious data miner (or an attacker) can infer the sensitive information about the user which has not been disclosed publicly. This is generally known as attribute inference attack. In this study, we propose a privacy preserving technique, namely 3LP+, that can protect users’ multiple sensitive information from being inferred. We experimentally show that the 3LP+ algorithm can provide better privacy than an existing technique while maintaining the utility of users’ data.
Khondker Jahid Reza, Md Zahidul Islam, Vladimir Estivill-Castro

User Behavioral Biometrics and Machine Learning Towards Improving User Authentication in Smartphones

Smartphone and smart devices, in general, have penetrated modern life, accompanying humans in the majority of their daily activities, realizing the era of IoT. This tight bond between mobile devices and humans has introduced numerous solutions and automation in people’s everyday living, however, it also comes with a cost, since we are more exposed to security risks and private data leakages. This work extends our previous study on improved user authentication mechanism for smartphones. More specifically, we present a biometric-based approach which utilizes machine learning and the development of a mobile application. The application’s evaluation results have shown very large success rates, implying its effectiveness in enhancing user’s privacy.
José Torres, Sergio de los Santos, Efthimios Alepis, Constantinos Patsakis

Threat Modeling and Attack Simulations of Connected Vehicles: Proof of Concept

A modern vehicle contains over a hundred Electronic Control Units (ECUs) that communicate over in-vehicle networks, and can also be connected to external networks making them vulnerable to cyber attacks. To improve the security of connected vehicles, threat modeling can be applied to proactively find potential security issues and help manufacturers to design more secure vehicles. It can also be combined with probabilistic attack simulations to provide quantitative security measurements, which has not been commonly used while shown efficient in other domains. This paper reviews research in the field, showing that not much work has been done in the combined area of connected vehicles and threat modeling with attack simulations. We have implemented and conducted attack simulations on two vehicle threat models using a tool called securiCAD. Our work serves as a proof of concept of the approach and indicates that the approach is useful. Especially if more research of vehicle-specific vulnerabilities, weaknesses, and countermeasures is done in order to provide more accurate analyses, and to include this in a more tailored vehicle metamodel.
Wenjun Xiong, Fredrik Krantz, Robert Lagerström

The Security of the Speech Interface: A Modelling Framework and Proposals for New Defence Mechanisms

This paper presents an attack and defence modelling framework for conceptualising the security of the speech interface. The modelling framework is based on the Observe-Orient-Decide-Act (OODA) loop model, which has been used to analyse adversarial interactions in a number of other areas. We map the different types of attacks that may be executed via the speech interface to the modelling framework, and present a critical analysis of the currently available defences for countering such attacks, with reference to the modelling framework. The paper then presents proposals for the development of new defence mechanisms that are grounded in the critical analysis of current defences. These proposals envisage a defence capability that would enable voice-controlled systems to detect potential attacks as part of their dialogue management functionality. In accordance with this high-level defence concept, the paper presents two specific proposals for defence mechanisms to be implemented as part of dialogue management functionality to counter attacks that exploit unintended functionality in speech recognition functionality and natural language understanding functionality. These defence mechanisms are based on the novel application of two existing technologies for security purposes. The specific proposals include the results of two feasibility tests that investigate the effectiveness of the proposed mechanisms in defending against the relevant type of attack.
Mary K. Bispham, Ioannis Agrafiotis, Michael Goldsmith

Hypervisor Memory Introspection and Hypervisor Based Malware Honeypot

Memory acquisition is a tool used in advanced forensics and malware analysis. Various methods of memory acquisition exist. Such solutions are ranging from tools based on dedicated hardware to software-only solutions. We proposed a hypervisor based memory acquisition tool. [22]. Our method supports ASLR and Modern operating systems which is an innovation compared to past methods [27, 36]. We extend the hypervisor assisted memory acquisition by adding mass storage device honeypots for the malware to cross and propose hiding the hypervisor using bluepill technology.
Nezer Jacob Zaidenberg, Michael Kiperberg, Raz Ben Yehuda, Roee Leon, Asaf Algawi, Amit Resh

Guidelines and Tool Support for Building a Cybersecurity Awareness Program for SMEs

Nowadays companies have become highly dependent on digital technology for running their business, regardless their size or domain. Smaller organisations require a specific attention because of their lower level of protection, capability of reaction and recovery while they are increasingly being targeted by cyberattacks. In order to improve their level of cybersecurity and resilience, a first step is to raise awareness. It is however not an easy task because it is highly dependent on human factors, spread across the whole organisation, including managers, business users and IT staff. This paper aims at supporting the development of a cybersecurity awareness program for small and medium enterprises. In order to build the program on strong foundations, the current state of awareness of such companies is presented and a SWOT analysis carried out. Different instruments for efficiently supporting the deployment of the program are then presented. A practical experience carried out in Belgium to implement some of the proposed instruments is also presented and some lessons learned are discussed.
Christophe Ponsard, Jeremy Grandclaudon

Analysing the Provenance of IoT Data

The Internet of Things (IoT) is leading to a smartification of our society: we are surrounded by many smart devices that automatically collect and exchange data of various kinds and provenance. Many of these data are critical because they are used to train learning algorithms, to control cyber-physical systems or to guide administrators to take decisions. Since the collected data are so important, many devices can be the targets of security attacks. Consequently, it is crucial to be able to trace data and to identify their paths inside a network of smart devices to detect possible threats. To help designers in this threat reasoning, we start from the modelling language IoT-LySa, and propose a Control Flow Analysis, a static analysis technique, for predicting the possible trajectories of data in an IoT system. Trajectories can be used as the basis for checking at design time whether sensitive data can pass through possibly dangerous nodes, and for selecting suitable security mechanisms that guarantee a reliable transport of data from sensors to servers using them. The computed paths are also interesting from an architectural point of view for deciding in which nodes data are collected, processed, communicated and stored.
Chiara Bodei, Letterio Galletta

Improving Interoperability in Multi-domain Enterprise Right Management Applications

In this paper we consider the problem of protecting files, possibly stored using remote storage services, on a device running different and independent third party applications. We present a general architecture that, by exploiting the inherent security of Trusted Execution Environments, and by requiring minimal secure storage onboard the device, is able to provide a general purpose, distributed storage system that allows the cooperation among different applications domains. Our system exposes APIs that can be invoked by other trusted applications, using the standard TEE IPC. Furthermore, we discuss a middleware that allows legacy applications to transparently access secured files.
Luigi Catuogno, Clemente Galdi

Fine-Grained Access Control for Querying Over Encrypted Document-Oriented Database

This paper presents two security models for document-based databases which fulfill three security requirements that are confidentiality, querying over encrypted data, and flexible access control. The first model which we refer to as dynamic is based on a combination of CryptDB [16] and PIRATTE [15] concepts. While CryptDB consists of a proxy between one user and a database for encrypting and decrypting data according to user queries, PIRATTE refers to a proxy wherein encrypted files are shared using a social network between the number of users and the data owner with the files being decrypted using the proxy key on the user side. The second model which we refer to as static is based on CryptDB concepts as well as CP-ABE [6]. CP-ABE is public key encryption which offers fine-grained access control regarding encrypted data and set of attributes that describe the user who is able to decrypt the data provided within the ciphertext. These two models enhance CryptDB security while also helping with data sharing with multi-users using CP-ABE or PIRATTE concept that helps in verifying authentication on the database or application level.
Maryam Almarwani, Boris Konev, Alexei Lisitsa


Additional information

Premium Partner

    Image Credits