Skip to main content

Über dieses Buch

This book constitutes the thoroughly refereed post-conference proceedings of the 10th International Conference on Security for Information Technology and Communications, SecITC 2017, held in Bucharest, Romania, in June 2017.
The 6 revised full papers presented together with 7 invited talks were carefully reviewed and selected from 22 submissions. The papers present advances in the theory, design, implementation, analysis, verification, or evaluation of secure systems and algorithms.



Faster Zero-Knowledge Protocols and Applications

(Invited Talk Abstract)
Zero-knowledge (ZK) protocols are one of the cornerstones of modern cryptography. In a nutshell, a ZK protocol allows a prover P (with a secret input x) to persuade a verifier V that \(f(x)=1\) for some public function f, without disclosing to V any other information about x. In this talk I will present two recent ZK protocols, known as ZKGC [JKO13, FNO15] and ZKBoo [GMO16]. These are the first ZK protocols that allow to prove interesting, non-algebraic statements (such as “I know x such that SHA-256(x) = y” for a public y), in the order of tens of milliseconds on a standard computer. As ZK protocols are ubiquitous in cryptography, this line of research has already enabled many interesting applications. In particular, I will show how ZKBoo allows to construct post-quantum signature schemes using symmetric-key primitives [CDG+17] only.
Claudio Orlandi

Stochastic Side-Channel Leakage Analysis via Orthonormal Decomposition

Side-channel attacks of maximal efficiency require an accurate knowledge of the leakage function. Template attacks have been introduced by Chari et al. at CHES 2002 to estimate the leakage function using available training data. Schindler et al. noticed at CHES 2005 that the complexity of profiling could be alleviated if the evaluator has some prior knowledge on the leakage function. The initial idea of Schindler is that an engineer can model the leakage from the structure of the circuit. However, for some thin CMOS technologies or some advanced countermeasures, the engineer intuition might not be sufficient. Therefore, inferring the leakage function based on profiling is still important. In the state-of-the-art, though, the profiling stage is conducted based on a linear regression in a non-orthonormal basis. This does not allow for an easy interpretation because the components are not independent.
In this paper, we present a method to characterize the leakage based on a Walsh-Hadamard orthonormal basis with staggered degrees, which allows for direct interpretations in terms of bits interactions. A straightforward application is the characterization of a class of devices in order to understand their leakage structure. Such information is precious for designers and also for evaluators, who can devise attack bases relevantly.
Sylvain Guilley, Annelie Heuser, Tang Ming, Olivier Rioul

Key-Policy Attribute-Based Encryption from Bilinear Maps

The aim of this paper is to provide an overview on the newest results regarding the design of key-policy attribute-based encryption (KP-ABE) schemes from secret sharing and bilinear maps.
Ferucio Laurenţiu Ţiplea, Constantin Cătălin Drăgan, Anca-Maria Nica

Security of Pseudo-Random Number Generators with Input

(Invited Talk)
A pseudo-random number generator is a deterministic algorithm that produces numbers whose distribution is indistinguishable from uniform. A formal security model for pseudo-random number generator with input was proposed in 2005 by Barak and Halevi. This model involves an internal state that is refreshed with a (potentially biased) external random source, and a cryptographic function that outputs random numbers from the internal state. We briefly discuss the Barak-Halevi model and its extension proposed in 2013 by Dodis, Pointcheval, Ruhault, Wichs and Vergnaud to include a new security property capturing how a pseudo-random number generator should accumulate the entropy of the input data into the internal state. This property states that a pseudo-random number generator with input should be able to eventually recover from compromise even if the entropy is injected into the system at a very slow pace, and expresses the real-life expected behavior of existing designs. We also outline some variants of this model that were proposed recently.
Damien Vergnaud

Securing the Foundations of Democracy

Recent events have highlighted numerous threats to democracy, in particular the 2016 US presidential election is mired in controversy. Allegations of Russian interference with the campaigns, in particular hacking and selective leaking of emails from the Democratic campaign management, possible hacking of electronic voting and tabulating. Alongside this we have challenges to democratic debate due to “fake news”, information bubbles, the chilling effect of mass surveillance etc. All of this suggests that we need to have a major rethink of how democracy should function effectively in the digital age.
In a short article we cannot hope to address all of these threats, but rather we focus on just one aspect, arguably the keystone of democracy: making secure the conduct of elections. In particular we outline approaches to making elections verifiable and accountable, while guaranteeing ballot privacy and coercion resistance.
Peter Y. A. Ryan

Exploring Naccache-Stern Knapsack Encryption

The Naccache-Stern public-key cryptosystem (NS) relies on the conjectured hardness of the modular multiplicative knapsack problem: Given \(p,\{v_i\},\prod v_i^{m_i} \bmod p\), find the \(\{m_i\}\).
Given this scheme’s algebraic structure it is interesting to systematically explore its variants and generalizations. In particular it might be useful to enhance NS with features such as semantic security, re-randomizability or an extension to higher-residues.
This paper addresses these questions and proposes several such variants.
Éric Brier, Rémi Géraud, David Naccache

Proximity Assurances Based on Natural and Artificial Ambient Environments

Relay attacks are passive man-in-the-middle attacks that aim to extend the physical distance of devices involved in a transaction beyond their operating environment. In the field of smart cards, distance bounding protocols have been proposed in order to counter relay attacks. For smartphones, meanwhile, the natural ambient environment surrounding the devices has been proposed as a potential Proximity and Relay-Attack Detection (PRAD) mechanism. These proposals, however, are not compliant with industry-imposed constraints that stipulate maximum transaction completion times, e.g. 500 ms for EMV contactless transactions. We evaluated the effectiveness of 17 ambient sensors that are widely-available in modern smartphones as a PRAD method for time-restricted contactless transactions. In our work, both similarity- and machine learning-based analyses demonstrated limited effectiveness of natural ambient sensing as a PRAD mechanism under the operating requirements for proximity and transaction duration specified by EMV and ITSO. To address this, we propose the generation of an Artificial Ambient Environment (AAE) as a robust alternative for an effective PRAD. The use of infrared light as a potential PRAD mechanism is evaluated, and our results indicate a high success rate while remaining compliant with industry requirements.
Iakovos Gurulian, Konstantinos Markantonakis, Carlton Shepherd, Eibe Frank, Raja Naeem Akram

Challenges of Federating National Data Access Infrastructures

X-Road is a secure and scalable database access middleware originally developed in Estonia in early 2000s. In 2014, a decision was taken to also deploy X-Road infrastructure within Finland, hence facilitation cross-national federation. Even though being very close both geographically and culturally, the legislation, technology and best practices used by the two nations differ. This paper discusses the nature and implications of these differences in the context of federated installation of the infrastructure.
Margus Freudenthal, Jan Willemson

Strongly Deniable Identification Schemes Immune to Prover’s and Verifier’s Ephemeral Leakage

In this paper, we consider Identification Schemes (\(\mathsf {IS}\)) in the context of attacks against their deniability via Fiat-Shamir transformations. We address the following issue: How to design and implement a deniable \(\mathsf {IS}\), that is secure against ephemeral leakage on both a Prover’s and a Verifier’s side, and withstands attacks based on Fiat-Shamir transformation. We propose a new security model to address the leakage on the Verifier’s side, extending the previous propositions [1]. During the Query Stage, we allow the malicious Verifier to set random values used on the Prover’s side. Additionally, we allow malicious Prover to access ephemeral values of the Verifier during the Impersonation Stage. We introduce two generic constructions based on three-step \(\mathsf {IS}\). Finally, we provide an example scheme based on the extended construction from [1], which is provably deniable and secure in our new strong model.
Łukasz Krzywiecki, Marcin Słowik

Evolution of the McEliece Public Key Encryption Scheme

The evolution of the McEliece encryption scheme is a long and thrilling research process. The code families supposed to securely reduce the key size of the original scheme were often cryptanalyzed and thus the future of the code-based cryptography was many times doubted. Yet from this long evolution emerged a great comprehension and understanding of the main difficulties and advantages that coding theory can offer to the field of public key cryptography. Nowadays code-based cryptography has become one of the most promising solutions to post-quantum cryptography. We analyze in this article the evolution of the main encryption variants coming from this field. We stress out the main security issues and point out some new ideas coming from the Rank based cryptography. A summary of the remaining secure variants is given in Fig. 2.
Dominic Bucerzan, Vlad Dragoi, Hervé Talé Kalachi

New Algorithm for Modeling S-box in MILP Based Differential and Division Trail Search

This paper studies an automated differential-trail search against block ciphers in which the problem of finding the optimal trail is converted to one of finding the optimal solution in a mixed-integer-linear programming (MILP). The most difficult part is representing differential properties of an S-box, known as differential distribution table (DDT), with a system of inequalities. Previous work builds the system by using a general-purpose mathematical tool, SAGE Math. However, the generated system for general-purpose contains a lot of redundant inequalities for the purpose of differential-trail search, thus inefficient. Hence, an auxiliary algorithm was introduced to minimize the number of inequalities by hoping that it minimizes the runtime to solve the MILP. This paper proposes a new algorithm to improve this auxiliary algorithm. The main advantage is that while the previous algorithm does not ensure the minimum number of inequalities, the proposed algorithm does ensure it. Moreover it enables the users to choose the number of inequalities in the system. In addition, this paper experimentally shows that the above folklore “minimizing the number of inequalities minimizes the runtime” is not always correct. The proposed algorithm can also be used in the MILP-based division-trail search, which evaluates the bit-based division property for integral attacks.
Yu Sasaki, Yosuke Todo

Secretly Embedding Trapdoors into Contract Signing Protocols

Contract signing protocols have been proposed and analyzed for more than three decades now. One of the main problems that appeared while studying such schemes is the impossibility of achieving both fairness and guaranteed output delivery. As workarounds, cryptographers have put forth three main categories of contract signing schemes: gradual release, optimistic and concurrent or legally fair schemes. Concurrent signature schemes or legally fair protocols do not rely on trusted arbitrators and, thus, may seem more attractive for users. Boosting user trust in such manner, an attacker may cleverly come up with specific applications. Thus, our work focuses on embedding trapdoors into contract signing protocols. In particular, we describe and analyze various SETUP (Secretly Embedded Trapdoor with Universal Protection) mechanisms which can be injected in concurrent signature schemes and legally fair protocols without keystones.
Diana Maimuţ, George Teşeleanu

On a Key Exchange Protocol

In this paper we investigate an instance of the generalized Diffie-Hellman key exchange protocol suggested by the equidistribution theorem. We prove its correctness and discuss the security. Experimental evidences for the theoretical results are also provided.
Mugurel Barcau, Vicenţiu Paşol, Cezar Pleşca, Mihai Togan


Weitere Informationen

Premium Partner

BranchenIndex Online

Die B2B-Firmensuche für Industrie und Wirtschaft: Kostenfrei in Firmenprofilen nach Lieferanten, Herstellern, Dienstleistern und Händlern recherchieren.



Best Practices für die Mitarbeiter-Partizipation in der Produktentwicklung

Unternehmen haben das Innovationspotenzial der eigenen Mitarbeiter auch außerhalb der F&E-Abteilung erkannt. Viele Initiativen zur Partizipation scheitern in der Praxis jedoch häufig. Lesen Sie hier  - basierend auf einer qualitativ-explorativen Expertenstudie - mehr über die wesentlichen Problemfelder der mitarbeiterzentrierten Produktentwicklung und profitieren Sie von konkreten Handlungsempfehlungen aus der Praxis.
Jetzt gratis downloaden!