Skip to main content

Über dieses Buch

This book constitutes the carefully refereed and revised selected papers of the 5th Canada-France ETS Symposium on Foundations and Practice of Security, FPS 2012, held in Montreal, QC, Canada, in October 2012. The book contains a revised version of 21 full papers, accompanied by 3 short papers. The papers were carefully reviewed and selected from 62 submissions. The papers are organized in topical section on cryptography and information theory, key management and cryptographic protocols, privacy and trust, policies and applications security, and network and adaptive security.



Cryptography and Information Theory

MaD2: An Ultra-Performance Stream Cipher for Pervasive Data Encryption

MaD2 is an ultra-performance stream cipher that runs into one clock cycle per byte on a typical personal computer. With an encryption/decryption rate significantly higher than the disk data transfer rate, it can be employed to secure data at rest with almost no user observable performance degradation. The cipher resists various known cryptanalytic attacks. Its keystream demonstrates good statistical properties and clears all the NIST statistical tests, the new Diehard battery of tests, and the TestU01 batteries of tests.

Jie Li, Jianliang Zheng

Proofs of Retrievability via Fountain Code

Proofs of Retrievability (PoR) allows a client (verifier) to store a file at an untrusted remote storage, and later be able to check the integrity of the file through an interactive challenge-response protocol. A challenge specifies a random subset of blocks and the response is a function of the challenged block. An unbounded-use PoR scheme allows an arbitrary number of challenge-response interactions. Efficient PoR schemes must minimize the communication complexity of the challenge-response protocol, the storage overhead and computation of response by the prover. The security of a PoR scheme is against an erasing adversary and by showing the existence of an extractor which can extract the file from the set of challenges and their corresponding correct responses.

In this paper, we modify the unbounded-use PoR scheme of Shacham and Waters (2008) such that the number of challenged data blocks in each round is determined by a probability distribution over a set of possible values. For the security parameter


, the average number of challenged blocks is




), and so is smaller that the original scheme of Shacham and Waters, and in the worst case, is




). The response to a challenge is obtained by XORing the challenged data blocks and so is very fast. We show that to ensure security the original verification method of Shacham and Waters must be slightly modified.

Sumanta Sarkar, Reihaneh Safavi-Naini

MARC: Modified ARC4

RC4, often referred to as Alleged RC4 (ARC4) in open literature, was and probably still is the most popular stream cipher. Although some weaknesses in its key scheduling algorithm have been reported and new faster and claimed secure stream ciphers have been proposed, ARC4 is likely to remain as a big player in cryptographic applications. In this paper, we propose a new variant of ARC4, called Modified ARC4 (MARC), which enhances the security of ARC4 by modifying its key scheduling algorithm and improves the performance by modifying its pseudo-random generation algorithm. MARC retains the simplicity of ARC4 and is faster than most software-efficient finalists of eStream.

Jianliang Zheng, Jie Li

Detection of HTTP-GET Attack with Clustering and Information Theoretic Measurements

One of the attacks observed against HTTP protocol is HTTP-GET attack using sequences of requests to limit accessibility of webservers. This attack has been researched in this report, and a novel, off-line clustering technique has been developed to tackle it. In general, the technique uses entropy-based clustering and application of information theoretical measurements to distinguish among legitimate and attacking sequences.

It has been presented that the introduced method allows for formation of recent patterns of behaviours observed at a webserver, that remain unknown for the attackers. Subsequently, statistical and information theoretical metrics are introduced to measure difference between a sequence of requests, and legitimate patterns of behaviour.The method recognises more than 80% of legitimate and attacking sequences, regardless of strategies chosen by attackers.


HTTP-GET Attack, Information Theory, Clustering, Intrusion Detection.

Pawel Chwalinski, Roman Belavkin, Xiaochun Cheng

Key Management and Cryptographic Protocols

A Generic Algebraic Model for the Analysis of Cryptographic-Key Assignment Schemes

One of the means to implement information flow policies is by using a cryptographic approach commonly referred to as key assignment schemes. In this approach, information is made publicly available to users but in an encrypted form. Then, keys are assigned to users such that each key reveals a specified part of the information. Usually the distribution of keys follows a predefined scheme that specifies the ability of users to reveal information.

In this paper, we present an algebraic approach based on idempotent commutative semirings to define, specify, and analyse key assignment schemes. Then, we illustrate its usage on two key assignment schemes selected from the literature. Also, we propose amendments to the studied schemes to extend their scopes. The proposed generic algebraic approach enables the verification of security properties at an abstract level in systems that use key assignment schemes. The verification takes into consideration the algebraic properties of schemes, and the considered relationships among the assigned keys. Then, it enables the verification of the secrecy properties of the system through algebraic calculations. All the calculations can be automated using a theorem prover such as Prover9.

Khair Eddin Sabri, Ridha Khedri

Message Transmission and Key Establishment: Conditions for Equality of Weak and Strong Capacities

Secure communication using noisy resources has been first studied in the contexts of secure message transmission (SMT) by Wyner as well as Csiszár-and-Körner, and secret key establishment (SKE) by Ahlswede-and-Csiszár as well as Maurer. The work defines secrecy (resp. secret-key (SK)) capacity as the highest achievable rate of secure transmission (resp. key establishment). Maurer and Wolf later focused on SKE and noticed that the secrecy requirement in the SK capacity definition was weak as it required only the “ratio” between the adversary’s information and the key length to be negligible. They suggested a stronger definition of the SK capacity by requiring absolute information leakage to be negligible. They provided an interesting proof for the equality of weak and strong SK capacities in the above scenarios (setups).

Followup work has since studied several setups for SKE by considering the weak SK capacity without discussing whether the results also hold for the strong definition. In this paper, we pose the question whether the equality of weak and strong SK capacities can be derived in general for all discrete memoryless communication setups. We also extend this study to message transmission and investigate the equality of weak and strong secrecy capacities. For SKE, we show that weak and strong SK capacities are equal for any setup that allows reliable transmission in any direction. For SMT, the secrecy capacities are equal when the setup allows the sender to use randomness. We furthermore provide trivial counterexamples that show these sufficient conditions are not always necessary for the equality of the capacities. Whether the conditions can be removed or relaxed by tight (necessary and sufficient) conditions remains an interesting question for future.

Hadi Ahmadi, Reihaneh Safavi-Naini

COMPASS: Authenticated Group Key Agreement from Signcryption

In this paper, we propose a new authenticated group key agreement protocol that uses identity-based signcryption to achieve the optimal communication complexity of a single broadcast message per member in a single round of communication, set by Becker and Wille. Our protocol is provably secure in the random oracle model, provided that the signcryption scheme is secure. By choosing a signcryption scheme that satisfies some additional criteria, our protocol provides key integrity in an efficient manner.

Nick Mailloux, Ali Miri, Monica Nevins

Privacy and Trust

Classifying Online Social Network Users through the Social Graph

In this paper, we address the problem of classifying online social network users using a naively anonymized version of a social graph. We use two main user attributes defined by the graph structure to build an initial classifier, node degree and clustering coefficient, and then exploit user relationships to build a second classifier. We describe how to combine these two classifiers to build an Online Social Network (OSN) user classifier and then we evaluate the performance of our architecture by trying to solve two different classification problems (a binary and a multiclass problem) using data extracted from Twitter. Results show that the proposed classifier is sound and that both classification problems are feasible to solve by an attacker who is able to obtain a naively anonymized version of the social graph.

Cristina Pérez-Solà, Jordi Herrera-Joancomartí

A Formal Derivation of Composite Trust

Trust appears in asymmetric interactions, where one party (the active party) can easily betray a stakeholder (the passive party). Over the Internet, the amount of information that a passive party can use to determine the integrity of an active party is often limited. The scenario where there is only one passive party and one active party is well studied, and has been solved under some assumptions. We generalize the setting to allow for more parties. In particular, the paper contains a formal derivation of conjunction (and disjunction) of trust opinions.

Tim Muller, Patrick Schweitzer

IPv6 Stateless Address Autoconfiguration: Balancing between Security, Privacy and Usability

Included in the IPv6 suite is a method for devices to automatically configure their own addresses in a secure manner. This technique is called Cryptographically Generated Addresses (CGAs). CGA provides the ownership proof necessary for an IPv6 address without relying on any trust authority. However, the CGA’s computation is very high, especially for a high security level defined by the security parameter (Sec). Therefore, the high cost of address generation may keep hosts that use a high Sec values from changing their addresses on a frequent basis. This results in hosts still being susceptible to privacy related attacks. This paper proposes modifications to the standard CGA to make it more applicable security approach while protecting user privacy. We make CGA more privacy-conscious by changing addresses over time which protects users from being tracked. We propose to reduce the CGA granularity of the security level from 16 to 8. We believe that an 8 granularity is more feasible for use in most applications and scenarios. These extensions to the standard CGA are implemented and evaluated.

Ahmad AlSa’deh, Hosnieh Rafiee, Christoph Meinel

Policies and Applications Security

Policy Administration in Tag-Based Authorization

Tag-Based Authorization (TBA) is a hybrid access control model that combines the ease of use of extensional access control models with the expressivity of logic-based formalisms. The main limitation of TBA is that it lacks support for policy administration. More precisely, it does not allow policy-writers to specify administrative policies that constrain the tags that users can assign, and to verify the compliance of assigned tags with these policies. In this paper we introduce TBA


(Tag-Based Authorization & Administration), an extension of TBA that enables policy administration in distributed systems. We show that TBA


is more expressive than TBA and than two reference administrative models proposed in the literature, namely HRU and ARBAC97.

Sandro Etalle, Timothy L. Hinrichs, Adam J. Lee, Daniel Trivellato, Nicola Zannone

Enabling Dynamic Security Policy in the Java Security Manager

The Java execution environment includes several security mechanisms. They are found in the language itself, in the class loader, in the class verifier and in the sandbox in which bytecode is executed. The sandbox isolates the executed bytecode from the host on which the Java Virtual Machine (JVM) is executed. The security policy enforced by the sandbox can be configured depending on who runs a program and the origin of the program and offers fine-grained mechanisms to control resource access. However the security policy language offers no higher-level paradigms, such as the abstraction of users into roles, to enable the management of Java security policies into large infrastructures. Moreover those policies are static and cannot change depending on the state of the environment into which they are deployed. We propose in this article an approach to use the OrBAC model to configure the sandbox security policy, allowing the use of an implementation-independent policy language which offers facilities to manage large sets of JVMs, enables the expression of dynamic security policies and offers an advanced administration model.

Fabien Autrel, Nora Cuppens-Boulahia, Frédéric Cuppens

A Novel Obfuscation: Class Hierarchy Flattening

This paper presents class hierarchy flattening, a novel obfuscation technique for programs written in object-oriented, managed programming languages. Class hierarchy flattening strives for maximally removing the inheritance relations from object-oriented programs, thus hiding the overall design of the program from reverse engineers and other attackers. We evaluate the potential of class hierarchy flattening by means of a fully automated prototype tool for Java bytecode. For real-life programs from the DaCapo benchmark suite, we demonstrate that the transformation effectively hinders both human and tool analyses, and that it does so at limited overheads.

Christophe Foket, Bjorn De Sutter, Bart Coppens, Koen De Bosschere

RESource: A Framework for Online Matching of Assembly with Open Source Code

Software reverse engineering is a fastidious task demanding a strong expertise in assembly coding. Various existing tools may help analyze the functionality of a binary file without executing it and an interesting step would naturally be the search for the original source files. Our tool called RESource considers the extraction of some features in the assembly code so that queries can be triggered to a source repository in a reliable way: either (1) the result is a set of references to the original project files provided they are hosted on the repository or (2) at least some functionalities of the binary file are unleashed. Such an approach is very promising given its proved performances in real assembly code applications.

Ashkan Rahimian, Philippe Charland, Stere Preda, Mourad Debbabi

Touchjacking Attacks on Web in Android, iOS, and Windows Phone

To make it easy for applications to interact with the Web, most mobile platforms, including Android, iOS, and Windows Phone, provide a mechanism that allows applications to embed a small but powerful browser component inside. This mechanism is called WebView in Android (it is called different names in other platforms). WebView implements a number of APIs that can be used by applications to interact with the web contents inside WebView. It has been pointed out by the previous work that malicious applications can use these APIs to attack the web contents inside WebView. Proposals are made by the previous work to fix the problems of those APIs. We have discovered that by fixing those APIs, WebView is still not secure. This is because the previous work only focuses on the APIs specifically designed for WebView; they have overlooked the APIs that WebView inherits from its super classes. These APIs are designed for the general-purposed user interface (UI) components, and they seem to pose no risk to those components; however, the combination of these APIs with the Web has led to new risks. We have identified several attacks based on these APIs. Our attacks are called Touchjacking attacks. They treat WebView as a blackbox, i.e., they do not use the APIs that are designed specifically for WebView; instead, they only use the inherited APIs. Through these APIs, malicious applications can attack the web contents inside WebView. The impact of the attacks is quite significant, as all the platforms that we have studied, including Android, iOS, and Windows Phone, are vulnerable to these attacks.

Tongbo Luo, Xing Jin, Ajai Ananthanarayanan, Wenliang Du

Network and Adaptive Security

Short-Term Linkable Group Signatures with Categorized Batch Verification

In ad hoc wireless networks like Vehicular ad hoc Network (VANETs) or Wireless Sensor Networks (WSN), data confidentiality is usually a minor requirement contrary to data authenticity and integrity. Messages broadcasted from a node to other nodes should be authentic but also keep user’s privacy in plenty scenarios working with personal data. Group signatures (GS) are used to provide privacy and authenticity to the users. Moreover, GS with batch verification can be efficient. Nevertheless, the current solutions have practical drawbacks like using an expensive tamper-proof hardware, the computation bottlenecks of the verification and revocation phases, complicated certificate distribution/revocation or omitting important properties like short-term linkability which is demanded in several applications, e.g. change lanes of vehicles in VANETs. To our best knowledge, our solution employs the short group signature with short-term linkability and categorized batch verification for the first time. Our solution provides more efficient signing and verification than compared schemes. Moreover, the solution allows secure and practical registration and revocation of users. The usage of proposed scheme protects the honest users who can now join and securely communicate without losing their privacy.

Lukas Malina, Jordi Castellà-Roca, Arnau Vives-Guasch, Jan Hajny

GHUMVEE: Efficient, Effective, and Flexible Replication

We present GHUMVEE, a multi-variant execution engine for software intrusion detection. GHUMVEE transparently executes and monitors diversified replicae of processes to thwart attacks relying on a predictable, single data layout. Unlike existing tools, GHUMVEE’s interventions in the process’ execution are not limited to system call invocations. Because of that design decision, GHUMVEE can handle complex, multi-threaded real-life programs that display non-deterministic behavior as a result of non-deterministic thread scheduling and as a result of pointer-value dependent behavior. This capability is demonstrated on GUI programs from the Gnome and KDE desktop environments.

Stijn Volckaert, Bjorn De Sutter, Tim De Baets, Koen De Bosschere

Extracting Attack Scenarios Using Intrusion Semantics

Building the attack scenario is the first step to understand an attack and extract useful attack intelligence. Existing attack scenario reconstruction approaches, however, suffer from several limitations that weaken the elicitation of the attack scenarios and decrease the quality of the generated attack scenarios. In this paper, we discuss the limitations of the existing attack scenario reconstruction approaches and propose a novel hybrid approach using semantic analysis and intrusion ontology. Our approach can reconstruct known and unknown attack scenarios and correlate alerts generated in multi-sensor IDS environment. Our experimental results show the potential of our approach and its advantages over previous approaches.

Sherif Saad, Issa Traore

On Securely Manipulating XML Data

Over the past years several works have proposed access control models for XML data where only read-access rights over non-recursive DTDs are considered. A small number of works have studied the access rights for updates. In this paper, we present a general and expressive model for specifying access control on XML data in the presence of the update operations of W3C XQuery Update Facility. Our approach for enforcing such update specification is based on the notion of

query rewriting

. A major issue is that, in practice, query rewriting for recursive DTDs is still an open problem. We show that this limitation can be avoided using only the expressive power of the standard XPath, and we propose a linear algorithm to rewrite each update operation defined over an arbitrary DTDs (recursive or not) into a safe one in order to be evaluated only over the XML data which can be updated by the user. To our knowledge, this work is the first effort for securely updating XML in the presence of arbitrary DTDs, a rich class of update operations, and a significant fragment of XPath.

Houari Mahfoud, Abdessamad Imine

Mitigating Collaborative Blackhole Attacks on DSR-Based Mobile Ad Hoc Networks

A Mobile ad hoc network (MANET) is a collection of mobile nodes that rely on co-operation amongst devices that route packets to each other. From a security design perspective, MANETs have no clear line of defense. This lack of security leads the network accessible to both legitimate network users and malicious attackers. A blackhole attack is a severe attack that can be employed against data routing in MANETs. A blackhole is a malicious node that can falsely reply for any route requests without having an active route to a specified destination and drop all the receiving data packets. The attack may even lead to more devastating damage if two or more blackhole nodes cooperate with each other to launch an attack. This type of attack is known as collaborative blackhole attack. In this paper, a novel scheme Detecting Collaborative Blackhole Attacks (so-called DCBA) for detecting collaborative blackhole attacks in MANETs is introduced. Simulation results are provided, demonstrating the superiority of DCBA compared to Dynamic Source Routing (DSR) and the Bait DSR scheme (so-called BDSR) [1] - a recently proposed scheme for detecting and avoiding collaborative blackhole attacks in MANETs - in terms of network throughput rate and minimum packet loss percentage, when collaborative blackhole nodes are present in the network.

Isaac Woungang, Sanjay Kumar Dhurandher, Rajender Dheeraj Peddi, Issa Traore

QoS Aware Adaptive Security Scheme for Video Streaming in MANETs

Real-time video streaming is delay sensitive. It has minimum bandwidth and QoS requirements. Achieving target QoS for video streaming is challenging in a decentralized and self-organized MANET. Cryptography algorithms offer confidentiality of shared data, but they have computation cost. Our work addresses the issue of delay overhead caused by the introduction of cryptography that directly affects video streaming performance. Our proposal is motivated by possibilities of adaptive security and multimedia service. We make an effort to identify why, when and how to deploy adaptation. We propose QaASs (QoS aware Adaptive Security scheme), an adaptive mechanism that counters the effect of delay overhead by adapting cryptography and multimedia properties, providing QoS while maintaining a required level of security. We evaluate our proposal through implementation and simulation.

Tahsin Arafat Reza, Michel Barbeau

A Case Study of Side-Channel Analysis Using Decoupling Capacitor Power Measurement with the OpenADC

When capturing power measurements for processing with side-channel analysis, there are many options with regards to both how the measurement is taken, and also how that measurement is digitized. This work concentrates on a new technique which measures the current through a decoupling capacitor, with a probe that can easily be built in any electronics lab. In addition an open-source digitizer board is presented, which is specifically designed to measure the signals required for side-channel analysis. The techniques presented in this work facilitate sharing of repeatable measurement techniques: the measurement environment presented can easily be duplicated at a very low cost.

Colin O’Flynn, Zhizhang Chen

Short Papers

Towards Modelling Adaptive Attacker’s Behaviour

We describe our model for the behaviour of an attacker. In the model, the attacker has uncertain knowledge about a computer system. Moreover, the attacker tries different attack paths if initially selected ones cannot be completed. The model allows finer-grained analysis of the security of computer systems. The model is based on Markov Decision Processes theory for predicting possible attacker’s decisions.

Leanid Krautsevich, Fabio Martinelli, Artsiom Yautsiukhin

Scalable Deniable Group Key Establishment

The popular Katz-Yung compiler from CRYPTO 2003 can be used to transform unauthenticated group key establishment protocols into authenticated ones. In this paper we present a modification of Katz and Yung’s construction which maintains the round complexity of their compiler, but for ‘typical’ unauthenticated group key establishments adds authentication in such a way that deniability is achieved as well. As an application, a deniable authenticated group key establishment with three rounds of communication can be constructed.

Kashi Neupane, Rainer Steinwandt, Adriana Suárez Corona

Information-Theoretic Foundations of Differential Privacy

We examine the information-theoretic foundations of the increasingly popular notion of

differential privacy

. We establish a connection between differential private mechanisms and the


framework. Additionally, we also show how differentially private distributions arise out of the application of the

Maximum Entropy Principle.

This helps us locate differential privacy within the wider framework of information-theory and helps formalize some intuitive aspects of our understanding of differential privacy.

Darakhshan J. Mir


Weitere Informationen

Premium Partner

Neuer Inhalt

BranchenIndex Online

Die B2B-Firmensuche für Industrie und Wirtschaft: Kostenfrei in Firmenprofilen nach Lieferanten, Herstellern, Dienstleistern und Händlern recherchieren.



Product Lifecycle Management im Konzernumfeld – Herausforderungen, Lösungsansätze und Handlungsempfehlungen

Für produzierende Unternehmen hat sich Product Lifecycle Management in den letzten Jahrzehnten in wachsendem Maße zu einem strategisch wichtigen Ansatz entwickelt. Forciert durch steigende Effektivitäts- und Effizienzanforderungen stellen viele Unternehmen ihre Product Lifecycle Management-Prozesse und -Informationssysteme auf den Prüfstand. Der vorliegende Beitrag beschreibt entlang eines etablierten Analyseframeworks Herausforderungen und Lösungsansätze im Product Lifecycle Management im Konzernumfeld.
Jetzt gratis downloaden!