scroll identifier for mobile
main-content

## Über dieses Buch

This book constitutes the refereed proceedings of the 18th International Conference on Information and Communications Security, ICISC 2016, held in Singapore, Singapore, in November/December 2016.
The 20 revised full papers and 16 short papers presented were carefully selected from 60 submissions. The papers cover topics such as IoT security; cloud security; applied cryptography; attack behaviour analytics; authentication and authorization; engineering issues of cryptographic and security systems; privacy protection; risk evaluation and security; key management and language-based security; and network security.

## Inhaltsverzeichnis

### ECDSA on Things: IoT Integrity Protection in Practise

This paper documents some experiences and lessons learned during the development of an IoT security application for the EU-funded project RERUM. The application provides sensor data with end-to-end integrity protection through elliptic curve digital signatures (ECDSA). Here, our focus is on the cost in terms of hardware, runtime and power-consumption in a real-world trials scenario. We show that providing signed sensor data has little impact on the overall power consumption. We present the experiences that we made with different ECDSA implementations. Hardware accelerated signing can further reduce the costs in terms of runtime, however, the differences were not significant. The relevant aspect in terms of hardware is memory: experiences made with MSP430 and ARM Cortex M3 based hardware platforms revealed that the limiting factor is RAM capacity. Our experiences made during the trials show that problems typical for low-power and lossy networks can be addressed by the chosen network stack of CoAP, UDP, 6LoWPAN and 802.15.4; while still being lightweight enough to drive the application on the constrained devices investigated.

Johannes Bauer, Ralf C. Staudemeyer, Henrich C. Pöhls, Alexandros Fragkiadakis

### Identity in the Internet-of-Things (IoT): New Challenges and Opportunities

From digitization to datafication, Internet-of-Things (IoT) plays an important role as enabler in the value creation process from big data. As is expected, security has naturally become one main concern in the IoT deployment. Due to the unique features and requirements of IoT, including limited compute resources, power, bandwidth and massive number of deployed IoT objects, and its loosely coupled networked architecture, new strategies and techniques are needed to provide feasible and practical solutions to IoT security. While substantial research efforts have been focusing on the lightweight communication protocols and cryptography/compression engines, one fundamental science question being asked is on the notion of “Identity in the Internet-of-Things” (or IDoT). In this paper, we would like to first explore the concept of IDoT and analyze why it is so unique as compared to the concept of “Identity of Users” (IDoU) in traditional networks and systems. Then we will survey on attribute-based, multi-factor authentication as an important approach to put this IDoT concept into practice. We will conclude this paper with open research issues in this direction.

Kwok-Yan Lam, Chi-Hung Chi

### A Lightweight Method for Accelerating Discovery of Taint-Style Vulnerabilities in Embedded Systems

Nowadays, embedded systems have been widely deployed in numerous applications. Firmwares in embedded systems are typically custom-built to provide a set of very specialized functionalities. They are prone to taint-style vulnerability with a high probability, but traditional whole-program analysis has low efficiency in discovering the vulnerability. In this paper, we propose a two-stage mechanism to accelerate discovery of taint-style vulnerabilities in embedded firmware: first recognizing protocol parsers that are prone to taint-style vulnerabilities from firmware, and then constructing program dependence graph for security-sensitive sinks to analyze their input source. We conduct a real-world experiment to verify the mechanism. The result indicates that the mechanism can help find taint-style vulnerabilities in less time compared with whole-program analysis.

Yaowen Zheng, Kai Cheng, Zhi Li, Shiran Pan, Hongsong Zhu, Limin Sun

### A Self-adaptive Hopping Approach of Moving Target Defense to thwart Scanning Attacks

End-point hopping is one of important moving target defense (MTD) mechanisms to kill the attacker’s reconnaissance. This method involves periodically changing the network configuration in use by communicating end points. Since without the awareness of attack strategies, existing end-point hopping mechanisms is blind which leads the network defense to low security effectiveness and high overhead. In this paper we propose a novel MTD approach named self-adaptive end-point hopping, which is based on adversary strategy awareness and implemented by Software Defined Networking (SDN) technique. It can greatly counterpoise the defense benefit of end-point hopping and service quality of network system. Directed at the blindness problem of hopping mechanism in the course of defense, hopping trigger based on adversary strategy awareness is proposed for guiding the choice of hopping mode by discriminating the scanning attack strategy, which enhances targeted defense. Aimed at the low availability problem caused by limited network resource and high hopping overhead, satisfiability modulo theories and are used to formally describe the constraints of hopping, so as to ensure the low-overhead of hopping. Theoretical and experimental analysis shows the ability to thwart scanning attacks in a relatively reasonable hopping cost.

Duohe Ma, Cheng Lei, Liming Wang, Hongqi Zhang, Zhen Xu, Meng Li

### Research on Security Algorithm of Virtual Machine Live Migration for KVM Virtualization System

Live migration of virtual machine is the process of moving VMs from one physical server to another server keeping services running in VMs, and facilitates load balancing, energy saving, hardware dependent, remote migration and so on. This novel technology brings a huge convenience, and also presents new security challenges that the security concern is the major factor effecting this technology widely adopted in IT industry. Live migration exposes VM’s data as plaintext to the network as a result of vulnerabilities in the migration protocol. The traditional protection way is using the SSL protocol, but that consume too much time and not as safe as it used to be, few users adopt this way. So we design a security algorithm based original migration algorithm making up for the lack of security. In this paper, firstly, we analyze and verify security threats to live migration. Secondly, through the analysis on the live migration mechanism, the bottom driver, and the source code of KVM virtualization system, we design a security algorithm for live migration to meet the security needs of different users. Thirdly, the new security algorithm which we innovatively add three functions to the original algorithm to ensure migration data to remain confidential and unmodified during the transmission. The security algorithm make up the security vulnerabilities of original migration mechanism and take less time than the SSL. Finally, a series of experiments validate the algorithm that could solve the balance of the security and performance in live migration process.

Wei Fan, Zhujun Zhang, Tingting Wang, Bo Hu, Sihan Qing, Degang Sun

### Towards Efficient Re-encryption for Secure Client-Side Deduplication in Public Clouds

By only storing a unique copy of duplicated data possessed by different users, data deduplication can significantly reduce storage cost, and is thus used extensively in cloud storage. When combining with confidentiality, dedupliation will become problematic as encryption performed by different users may differentiate identical data. MLE (Message-Locked Encryption) is thus utilized to derive the same encryption key for the identical data. As keys may be leaked and users may be revoked, re-encrypting the outsourced data is of paramount importance to ensure continuous confidentiality. This problem is unfortunately not well addressed in deduplication-based encrypted cloud storage.In this paper, we design SEDER, a SEcure client-side Deduplication system for cloud storage enabling Efficient Re-encryption. A salient advantage of SEDER is that it allows data owners to efficiently re-encrypt the data to ensure continuous data confidentiality for cloud storage using client-side deduplication, by smartly leveraging all-or-nothing transform, proofs of ownership as well as delegated re-encryption. Experimental evaluation validates the efficiency of SEDER.

Lei Lei, Quanwei Cai, Bo Chen, Jingqiang Lin

### The Security of Individual Bit for XTR

We consider bit security of public key cryptosystem XTR, presented by Lenstra and Verheul in 2000. Using the list-decoding method, we prove finding one of its pre-image of XTR if single bit of its plaintext is predicted with a non-negligible advantage. That is, every single bit of plaintext of XTR is a hardcore predicate if XTR is one-way.

Kewei Lv, Si-wei Ren, Wenjie Qin

### On the Robustness of Learning Parity with Noise

The Learning Parity with Noise (LPN) problem is well understood in learning theory and cryptography and has been found quite useful in constructing various lightweight cryptographic primitives. There exists non-trivial evidence that the problem is robust on high-entropy secrets (and even given hard-to-invert leakages), and the justified results by Dodis, Kalai and Lovett (STOC 2009) were established under non-standard hard learning assumptions. The recent progress by Suttichaya and Bhattarakosol (Information Processing Letters, Volume 113, Issues 14–16) claimed that LPN remains provably secure (reducible from the LPN assumption itself) as long as the secret is sampled from any linear min-entropy source, and thereby resolves the long-standing open problem. In the paper, we point out that their proof is flawed and their understanding about LPN is erroneous. We further offer a remedy with some slight adaption to the setting of Suttichaya and Bhattarakosol.

Nan Yao, Yu Yu, Xiangxue Li, Dawu Gu

### The Linear Complexity and 2-Error Linear Complexity Distribution of -Periodic Binary Sequences with Fixed Hamming Weight

The linear complexity and k-error linear complexity of sequences are important measures of the strength of key-streams generated by stream ciphers. Based on the characters of the set of sequences with given linear complexity, people get the characterization of $$2^n$$2n-binary sequences with given k-error linear complexity for small k recently. In this paper, we put forward this study to get the distribution of linear complexity and k-error linear complexity of $$2^n$$2n-periodic binary sequences with fixed Hamming weight. First, we give the counting function of the number of $$2^n$$2n-periodic binary sequences with given linear complexity and fixed Hamming weight. Provide an asymptotic evaluation of this counting function when n gets large. Then we take a step further to study the distribution of $$2^n$$2n-periodic binary sequences with given 2-error linear complexity and fixed Hamming weight. Through an asymptotic analysis, we provide an estimate on the number of $$2^n$$2n-periodic binary sequences with given 2-error linear complexity and fixed Hamming weight.

Wenlun Pan, Zhenzhen Bao, Dongdai Lin, Feng Liu

### The Variant of Remote Set Problem on Lattices

In 2015, Haviv proposed the Remote Set Problem ($$RSP$$RSP) on lattices and gave a deterministic algorithm to find a set containing a point which is $$O(\sqrt{k/n})$$O(k/n) far from the lattice in $$\ell _{p}$$ℓp norm for $$2\le p\le \infty$$2≤p≤∞, where n is the lattice rank and k divides n. Inspired by it, we propose the variant of Remote Set Problem on Lattices (denoted by V-RSP) that only depends on parameter $$\gamma \le 1$$γ≤1. We obtain that the complexity classes that $$V-RSP$$V-RSP belong to with the change of parameter $$\gamma$$γ. Using some elementary tools, we can solve $$V-RSP$$V-RSP that can find a set containing a point which is O(k / n) far from the lattice in any $$\ell _{p}$$ℓp norm for $$1\le p\le \infty$$1≤p≤∞. Furthermore, we also study relationships between $$\ell _{2}$$ℓ2 distance from a point to a lattice $$\varvec{\mathcal {L}}$$L and covering radius ($$\rho ^{(p)}(\varvec{\mathcal {L}})$$ρ(p)(L)), where $$\rho ^{(p)}(\varvec{\mathcal {L}})$$ρ(p)(L) is defined with respect to the $$\ell _{p}$$ℓp norm for $$1\le p\le \infty$$1≤p≤∞, here, for $$p=\infty$$p=∞, our proof does not rely on Komlós Conjecture.

Wenwen Wang, Kewei Lv, Jianing Liu

### Compression-Based Integral Prior Classification for Improving Steganalysis

We propose the integral prior classification approach for binary steganalysis which imply that several detectors are trained, and each detector is intended for processing only images with certain compression rate. In particular, the training set is splitted into several parts according to the images compression rate, then a corresponding number of detectors are trained, but each detector uses only an ascribed to it subset. The testing images are distributed between the detectors also according to their compression rate. We utilize BOSSbase 1.01 as benchmark data along with HUGO, WOW and S-UNIWARD as benchmark embedding algorithms. Comparison with state-of-the-art results demonstrated that, depending on the case, the integral prior classification allows to decrease the detection error by 0.05–0.16.

Viktor Monarev, Ilja Duplischev, Andrey Pestunov

### Group Verification Based Multiple-Differential Collision Attack

Bogdanov and Kizhvatov proposed the concept of test of chain, but they didn’t give a practical scheme. Wang et al. proposed fault tolerant chain to enhance test of chain and gave a practical scheme. However, the attack efficiency of Correlation enhanced Collision Attack (CCA) is much lower than that of Correlation Power Analysis (CPA). A combination of CCA and CPA in fault tolerant chain proposed by Wang et al. may be unreasonable. Most importantly, when the threshold $$Thr_{\varDelta }$$ThrΔ introduced in Sect. 2.3 is large, the key recovery becomes very complex. Fault tolerant chain is unapplicable to this situation. In order to solve these problems, we propose a kind of new chain named group verification chain in this paper. We combine our group verification chain with MDCA and propose Group Verification based Multiple-Differential Collision Attack (GV-MDCA). Experiments on power trace set downloaded from the website DPA contestv4 show that our group verification chain significantly improves the efficiency of fault tolerant chain.

Changhai Ou, Zhu Wang, Degang Sun, Xinping Zhou, Juan Ai

### A Transparent Learning Approach for Attack Prediction Based on User Behavior Analysis

User behavior can be used to determine vulnerable user actions and predict potential attacks. To our knowledge, much work has focused on finding vulnerable operations and disregarded reasoning/explanations of its results. This paper proposes a transparent learning approach for user behavior analysis to address this issue. A user rating system is proposed to determine a security level of each user from several aspects, augmented with explanations of potential attacks based on his/her vulnerable user actions. This user rating model can be constructed by a semi-supervised learning classifier, and a rule mining algorithm can be applied to find hidden patterns and relations between user operations and potential attacks. With this approach, an organization can be aware of its weakness, and can better prepare for proactive attack defense or reactive responses.

Peizhi Shao, Jiuming Lu, Raymond K. Wong, Wenzhuo Yang

### Application of Stylometry to DarkWeb Forum User Identification

The fast growth of the cyberspace in recent years has served as a convenient channel for criminals to do their illegal businesses, especially in Dark Web - the hidden side of the Internet. The anonymous nature of Dark Web forums makes them ideal environments for criminal discussions. Ranging from government, security agencies to financial institutions, many parties are willing to trace the identities of the suspects through these online conversations. Dark Web participants usually have multiple accounts on various forums. On multiple occasions, being able to validate that multiple accounts on different Dark Web forums belong to the same person with high enough confidence allows us to combine various scattering pieces of information into a more concrete and advanced form of knowledge. Such knowledge will lead to actionable insights which are very useful for bringing the criminals to justice. In this paper, we examine the effectiveness of writing style analysis (stylometry) for linking multiple accounts in different Dark Web forums. Initial evaluations have shown that the proposed methodology is promisingly practicable, having a high potential to assist the investigators in exposing anonymous identities in cyber environments.

Thanh Nghia Ho, Wee Keong Ng

### SECapacity: A Secure Capacity Scheduler in YARN

In this paper, aiming to the requirement that isolation of user’s job and data security, we deeply analyze the mainstream computing framework Hadoop YARN, and start with the core module of YARN - resource scheduler. Using the existing label-based scheduling policy, we design and implement a SECapacity scheduler. Our main work including: First, according to the principle of least privilege, we propose a user-classification based scheduling policy, which divided users to several levels based on their attributes, then restrict which nodes could be used by this user according to the user level. Second, we design and implement a SECapacity scheduler to implement user-classification based scheduling. Third, we verify and analyze the effectiveness and efficiency of SECapacity scheduler, the results shows that SECapacity scheduler can ensure 100% isolation of users at different levels, and the performance overhead is about 6.95%.

Chuntao Dong, Qingni Shen, Lijing Cheng, Yahui Yang, Zhonghai Wu

### Integrity and Authenticity Protection with Selective Disclosure Control in the Cloud & IoT

$$\mathsf {RSS}$$ allow the redaction of parts from signed data. Updatable $$\mathsf {RSS}$$ additionally enable the signatory to add new elements, while signatures can be merged by third parties under certain conditions.We propose a framework for two new real-life application scenarios and implement it using an $$\mathsf {RSS}$$ with sufficient functionality on three different platforms, ranging from a potent cloud to a very resource-constrained Android device. Our evaluation shows impractical run time especially on the IoT device for the existing construction that was proven to be secure in the standard model. Thus, we provide an adjusted scheme with far better performance, which we prove to be secure in the random oracle model. Furthermore, we show how to increase performance using parallelization and several optimizations.

Christoph Frädrich, Henrich C. Pöhls, Wolfgang Popp, Noëlle Rakotondravony, Kai Samelin

### MultiPol: Towards a Multi-policy Authorization Framework for RESTful Interfaces in the Cloud

Recently a large number of existing cloud systems adopt representational state transfer (REST) as the interface of their services. The end users or even components inside the cloud invoke RESTful calls to perform various actions. The authorization mechanisms of the existing clouds fail to supply two key elements: unified access control and flexible support for different policies. Moreover, different clouds usually provide distinct access control concepts and policy languages. This might cause confusion for customers whose business is distributed in multiple clouds. In this paper, we propose a multi-policy authorization framework called MultiPol to support various access control policies for OpenStack. The end users can customize or even integrate different policies together to form a single decision via logical connectors. This paper presents the design and implementation of MultiPol, including a new service called Policy Service and an attachment module called Request Filter. Experiments on OpenStack show that MultiPol has improved the flexibility and security of policy management without affecting other services. Meantime, the average performance overhead is as low as 7.8%, which is acceptable for practical use. Since MultiPol is built on REST, it is also adaptive to other clouds which also provide RESTful interfaces.

Yang Luo, Tian Puyang, Wu Luo, Qingni Shen, Anbang Ruan, Zhonghai Wu

### Provably Secure Identity-Based Identification and Signature Schemes with Parallel-PVR

Identity-based identification and signature (IBI/IBS) schemes are two of the most fundamental cryptographic primitives with greatly simplified public key management. Meanwhile, code-based cryptography is one of few alternatives supposed to be secure in a post-quantum world, so several code-based IBI/IBS schemes have been proposed. However, with increasingly profound researches on coding theory, the security reduction and efficiency of such schemes have been invalidated and challenged. In this paper, we construct provably secure IBI/IBS schemes from code assumptions against impersonation under active and concurrent attacks through PVR signature and Or-proof technique. We also present the parallel-PVR technique to decrease parameter values while maintaining the standard security level. Compared to other code-based IBI/IBS schemes, our schemes achieve not only preferable public parameter size, private key size, communication cost and signature length due to better parameter choices, but also provably secure.

Bo Song, Yiming Zhao

### Assessment of Efficient Fingerprint Image Protection Principles Using Different Types of AFIS

Biometric system security requires cryptographic protection of sample data under certain circumstances. We assess the impact of low complexity selective encryption schemes applied to JPEG2000 compressed fingerprint data when protected data is subjected to different types of automated fingerprint recognition schemes (AFIS). Results indicate that the obtained security is highly dependent on the type of AFIS applied, but also on the progression order of the underlying JPEG2000 codestream. Still we are able to identify general trends independent of the applied AFIS and determined by the chosen progression order, thus enabling the design of generic protection principles.

Martin Draschl, Jutta Hämmerle-Uhl, Andreas Uhl

### Medical Record System Using Blockchain, Big Data and Tokenization

This paper will discuss the major aspects of medical records, blockchain and big data. In turn, it will discuss the advantage and disadvantage of using blockchain on medical records storage and retrieval. It will also discuss the alternatives of using blockchain and big data techniques. Different aspects of medical records will be investigated briefly: (1) integrity, (2) viewing control, (3) viewing approval, (4) western medicine and chinese medicine practice, (5) storage size and duration, (6) deletion and purge, (7) file format conversion, (8) data migration, (9) report interpretation, etc. Characteristics of blockchain and big data analytics will be explored briefly with description. A conclusion will summarize the approaches. References will be provided for further research and investigation.

Paul Tak Shing Liu

### Is it Good or Bad? Disclosure of Medical Ailments on Twitter

B. S. Vidyalakshmi, Raymond Wong

### Weaknesses in Security Considerations Related to Chaos-Based Image Encryption

Over the past years an enormous variety of different chaos-based image and video encryption algorithms have been proposed and published. While any algorithm published undergoes some more or less strict experimental security analysis, many of those schemes are being broken in subsequent publications. In this work it is shown that three issues wrt. chaos-based encryption security considerations severely question the soundness of these techniques. It is experimentally demonstrated that obviously weak (i.e. insecure) encryption schemes do not consistently fail commonly used tests to assess chaos-based encryption security and thus, passing these test is only a necessary condition for a secure scheme, but by no means a sufficient one. Security analysis of chaos-based encryption schemes needs to be entirely reconsidered.

Thomas Hütter, Mario Preishuber, Jutta Hämmerle-Uhl, Andreas Uhl

### Low-Cost Hardware Implementation of Elliptic Curve Cryptography for General Prime Fields

In resource-constrained applications, elliptic curve cryptography (ECC) is preferable for the property of shorter key size with comparable security. Binary extension fields are usually used for area-optimized implementations, since the complex carry-propagation logics are avoided over these fields. However, efficient ECC implementations over (general) prime fields are still challenging for low-area constraint. As a popular implementation platform for cryptographic algorithms, Field Programmable Gate Array (FPGA) attracts more and more attentions for these applications due to its nice properties of flexibility and short development cycle. In this paper, we propose a compact and efficient arithmetic logical unit (ALU) by highly integrating the functions of Montgomery modular multiplications, additions and subtractions over general prime fields. Then we design a low-cost hardware architecture for generic elliptic curve point multiplications for FPGA platforms. Experimental results indicate that the implementation only occupies 105 Slices, 2 DSP blocks and 2 BRAMs in Spartan-6 FPGA. To the best of our knowledge, our implementation is the smallest for general prime fields in FPGAs.

Yuan Ma, Qinglong Zhang, Zongbin Liu, Chenyang Tu, Jingqiang Lin

### Differential Fault Analysis on Midori

Midori is an energy-efficient lightweight block cipher published by Banik et al. in ASIACRYPT 2015, which consists of two variants with block sizes of 64-bit and 128-bit, respectively. In this paper, a new method is proposed to exploit cell-oriented fault propagation patterns in recognizing appropriate faulty ciphertexts and fault positions, which poses a serious threat to practical security of Midori. In light of this, we present a Differential Fault Attack against the Midori using cell-oriented fault model. Specifically, by inducing two random cell faults into the input of the antepenultimate round, our attack reduces the secret key search space from $$2^{128}$$2128 to $$2^{32}$$232 for Midori-128 and from $$2^{128}$$2128 to $$2^{80}$$280 for Midori-64, respectively. Our experiments confirmed that two faulty ciphertexts induced into the input of antepenultimate round could recover twelve in sixteen cells of subkey with over 80% probability.

Wei Cheng, Yongbin Zhou, Laurent Sauvage

### Private Boolean Query Processing on Encrypted Data

Outsourcing the data to the clouds offers an opportunity to drastically reduce costs of storing and processing data. On the other hand, it deprives the data owners of direct control over their data and that introduces new privacy risks. Data encryption has been introduced to tackle the data confidentiality issue. However, data encryption also brings a new challenge of query processing over encrypted data. Recently, solutions for supporting query over encrypted data have been developed. However, they are either failing to support complex queries or insecure regarding certain security requirements (i.e. access patterns, query privacy). In this paper, we propose a novel privacy-preserving query processing framework to support boolean queries over encrypted data. Our framework utilizes Bloom filter and additive homomorphic encryption to systematically derive the query evaluation results in a privacy-preserving manner. We theoretically and empirically analyze the performance of the proposed protocols and demonstrate their practical values.

Hoang Giang Do, Wee Keong Ng

### Privacy Leakage via Attribute Inference in Directed Social Networks

Social networking has become a frequent activity for most internet users. Profile attribute inference research has gained popularity due to its importance in social network privacy. While many social networks are in the form of directed networks, most attribute inference approaches are based on undirected networks. Aimed at a directed social network, we propose an algorithm utilising the concepts of tie-strength and co-profiling attribute with circles. We propose to infer both attributes and circles iteratively, by propagating the known attribute values of followers and followings within certain circles. With the ability to follow or be followed by any user, the possibility of many weak links being formed is high. We utilize tie-strength to address this and differentiate each user’s influence in the ego user attribute inference. Experiments show the superior performance of our proposed approach over the state of the art method.

Raymond K. Wong, B. S. Vidyalakshmi

### DynaEgo: Privacy-Preserving Collaborative Filtering Recommender System Based on Social-Aware Differential Privacy

Collaborative filtering plays an important role in online recommender systems, which provide personalized services to consumers by collecting and analyzing their rating histories. At the same time, such personalization may unfavorably incur privacy leakage, which has motivated the development of privacy-preserving collaborative filtering (PPCF) mechanisms. Most previous research efforts more or less impair the quality of recommendation. In this paper, we propose a social-aware algorithm called DynaEgo to improve the performance of PPCF. DynaEgo utilizes the principle of differential privacy as well as the social relationships to adaptively modify users’ rating histories to prevent exact user information from being leaked. Theoretical analysis is provided to validate our scheme. Experiments on a real data set also show that DynaEgo outperforms existent solutions in terms of both privacy protection and recommendation quality.

Shen Yan, Shiran Pan, Wen-Tao Zhu, Keke Chen

### A Comprehensive Study of Co-residence Threat in Multi-tenant Public PaaS Clouds

Public Platform-as-a-Service (PaaS) clouds are always multi-tenant. Applications from different tenants may reside on the same physical machine, which introduces the risk of sharing physical resources with a potentially malicious application. This gives the malicious application the chance to extract secret information of other tenants via side-channels. Though large numbers of researchers focus on the information extraction, there are few studies on the co-residence threat in public clouds, especially PaaS clouds. In this paper, we in detail studied the co-residence threat of public PaaS clouds. Firstly, we investigate the characteristics of different PaaS clouds and implement a memory bus based covert-channel detection method that works for various PaaS cloud platforms. Secondly, we study three popular PaaS clouds Amazon Elastic Beanstalk, IBM Bluemix and OpenShift, to identify the co-residence threat in their placement policies. We evaluate several placement variables (e.g., application type, number of the instances, time launched, data center region, etc.) to study their influence on achieving co-residence. The results show that all the three PaaS clouds are vulnerable to the co-residence threat and the application type plays an important role in achieving co-residence on container-based PaaS clouds. At last, we present an efficient launch strategy to achieve co-residence with the victim on public PaaS clouds.

Weijuan Zhang, Xiaoqi Jia, Chang Wang, Shengzhi Zhang, Qingjia Huang, Mingsheng Wang, Peng Liu

### The Threat of Virtualization: Hypervisor-Based Rootkits on the ARM Architecture

The virtualization capabilities of today’s systems offer rootkits excellent hideouts, where they are fairly immune to countermeasures. In this paper, we evaluate the vulnerability to hypervisor-based rootkits of ARM-based platforms, considering both ARMv7 and ARMv8. We implement a proof-of-concept rootkit to prove the validity of our findings. We then detail the anatomy of an attack wherein a hypervisor rootkit and a userspace process collaborate to undermine the isolation properties enforced by the Linux kernel. Based on our discoveries, we explore the possibilities of mitigating each attack vector. Finally, we discuss methods to detect such highly privileged rootkits so as to conceive more effective countermeasures.

Robert Buhren, Julian Vetter, Jan Nordholz

### Towards Trustworthy Smart Cyber-Physical Systems

This paper looks at issues facing the design and operation of trusted, smart cyber-physical systems (CPS). It does this within the context of current efforts related to developing trusted hardware and software, and identifies issues related to those efforts. The paper also looks at several emerging technologies related to wireless systems, artificial intelligence and security analytics; and assesses how they may be leveraged to advance the goals of current and future efforts to create, operate and maintain trusted smart CPS. The views expressed do not reflect the official policy or position of the National Intelligence University, the Department of Defense, the U.S. Intelligence Community, or the U.S. Government.

M. W. David, C. R. Yerkes, M. E. Simmons, W. Franceschini

### Vulnerability and Enhancement on Bluetooth Pairing and Link Key Generation Scheme for Security Modes 2 and 3

According to adopted Bluetooth standard specifications, we examine the security of the pairing and link key generation scheme for Security Modes 2 and 3. The contribution is threefold. (1) It is demonstrated that the pairing and link key generation scheme for Security Modes 2 and 3 suffers the known-key attack. That is, the attacker without any long-term secret key is able to impersonate the targeted Bluetooth device at any time, once he obtains a short-term secret key, i.e., the initialization key, in its previous successful run. (2) An improved scheme is therefore proposed to overcome the known-key attack. (3) A security model is also presented to check the improved scheme. The improved scheme provably prevents the known-key attack on the original pairing and link key generation scheme for Security Modes 2 and 3. In addition, the improved scheme is more efficient than the original pairing and link key generation scheme.

Da-Zhi Sun, Xiao-Hong Li

### Optimizing Secure Computation Programs with Private Conditionals

Secure computation platforms are often provided with a programming language that allows a developer to write privacy-preserving applications and hides away the underlying cryptographic details. The control flow of these programs is expensive to hide, hence branching on private values is often disallowed. The application programmers have to specify their programs in terms of allowed constructions, either using ad-hoc methods to avoid such branchings, or the general methodology of executing all branches and obliviously selecting the effects of one at the end. There may be compiler support for the latter.The execution of all branches introduces significant computational overhead. If the branches perform similar private operations, then it may make sense to compute repeating patterns only once, even though the necessary bookkeeping also has overheads. In this paper, we propose a program optimization doing exactly that, allowing the overhead of private conditionals to be reduced. The optimization is quite general, and can be applied to various privacy-preserving platforms.

Peeter Laud, Alisa Pankova

### Automated Security Proof of Cryptographic Support Commands in TPM 2.0

Trusted Platform Module (TPM) is a physical chip that enables trust in a computing platform and makes the platform achieve more security than software alone. In TPM 2.0, the cryptographic primitives are exposed for general purpose use. Since several logical attacks on the TPM commands have been reported by formal methods, we want to formally analyze the newly-added commands in TPM 2.0. However, we adopt a peculiar but interesting formal approach that can get a provable-security result for the cryptographic support commands.In this paper, we propose a security model for the cryptographic support commands in TPM 2.0. This model utilizes the notion of modern cryptography and is expressed in a formal approach using a probabilistic polynomial-time process calculus. The security policy can be automatically proved by a formal analysis tool CryptoVerif.

Weijin Wang, Yu Qin, Bo Yang, Yingjun Zhang, Dengguo Feng

### How to Meet Big Data When Private Set Intersection Realizes Constant Communication Complexity

This paper presents the first PSI protocol that achieves constant (O(1)) communication complexity with linear computation overhead and is fast even for the case of large input sets. The scheme is proven to be provably secure in the standard model against semi-honest parties. We combine somewhere statistically binding (SSB) hash function with indistinguishability obfuscation (iO) and Bloom filter to construct our PSI protocol.

Sumit Kumar Debnath, Ratna Dutta

### Novel MITM Attacks on Security Protocols in SDN: A Feasibility Study

Software-Defined Networking (SDN) is a new paradigm that offers services and applications great power to manage network. Based on the consideration that the entire network visibility is the foundation of SDN, many attacks emerge in poisoning the network visibility, which lead to severe damage. Meanwhile, many defense approaches are proposed to patch the controller. It is noticed that powerful adversaries can bypass existing approaches to poison topology information and attack security protocols. In this paper, we present a method that the adversary can attack security protocols under existing approaches (e.g. TopoGuard, SPHINX). We also investigate a number of security protocols that may be compromised by our MITM attacks and propose an approach to detect the existence of the adversary. Our evaluation shows that the defense solution can effectively detect the fake link in normal environment. We hope our research can attract more attention on SDN security.

Xin Wang, Neng Gao, Lingchen Zhang, Zongbin Liu, Lei Wang

### A Practical Scheme for Data Secure Transport in VoIP Conferencing

In the Multi-party VoIP conferencing system, it is important to provide properties of non-repudiation, unforgeable, and privacy. Previous work usually achieve these goals by using digital signature, TLS, IPsec, or other cryptographic tools. However, many approaches either compromise performance or lack of formal security proof, or both. In this work, we construct a practical Multi-party VoIP conferencing scheme based on the Boneh-Canetti-Halevi-Katz construction. Our work focus on the data secure transport stage, (i.e., we assume that the group session key is already distributed in the key distribution stage.). In comparison with previous work, our scheme gives a new paradigm for achieving properties of non-repudiation, unforgeable, and privacy simultaneously. The new paradigm avoids digital signature that have been shown time-consuming. On the other hand, our scheme is provable security. We prove the non-repudiation property in a formal way, and give proof sketches of unforgeable property and privacy property.

Dali Zhu, Renjun Zhang, Xiaozhuo Gu, Haitao Zhu

### Backmatter

Weitere Informationen