main-content

## Über dieses Buch

This book constitutes the thoroughly refereed post-conference proceedings of the 12th International Conference on Security for Information Technology and Communications, SecITC 2019, held in Bucharest, Romania, in November 2019.

The 14 revised full papers presented together with 4 invited talks were carefully reviewed and selected from 34 submissions. The papers present a wide range from cryptographic algorithms, to digital forensic and cyber security.

## Inhaltsverzeichnis

### Authenticated Key Distribution: When the Coupon Collector is Your Enemy

Abstract
We introduce new authenticated key exchange protocols which on one hand do not resort to standard public key setups with corresponding assumptions of computationally hard problems, but on the other hand are more efficient than distributing symmetric keys among the participants. To this end, we rely on a trusted central authority distributing key material which size is independent of the total number of users, and which allows the users to obtain shared secret keys. We analyze the security of our construction taking into account various attack models. Importantly, only symmetric primitives are needed in the protocol making it an alternative to quantum-safe key exchange protocols which rely on hardness assumptions.
Marc Beunardeau, Fatima-Ezzahra El Orche, Diana Maimuţ, David Naccache, Peter B. Rønne, Peter Y. A. Ryan

### The Ups and Downs of Technology in Society

Abstract
New technologies in culture have generated a revolution in the way people observe, understand and relate to the world. However, Georjes J. Bruel, Head of Content at TD - TransformacaoDigital.com believes that “cultural transformations and technological progress are disassociated issues.

### Efficient Microcontroller Implementation of BIKE

Abstract
In the digital world, public-key cryptography is ubiquitous. Current public-key crypto schemes like RSA or Diffie-Hellmann are in widespread use and they represent an indispensable asset of our technological toolbox. However, the discovery of Shor’s algorithm and the rapid progression in the field of quantum computers became a painful reminder of our alerting dependency on such technologies. At the same time, this realization started a demand for new cryptographic algorithms withstanding the power of quantum computers. The National Institute of Standards and Technology (NIST) aimed to satisfy this urge by initiating a standardization process in 2017 with a call for proposals of post-quantum key exchange mechanisms and signature algorithms. One of the submissions that made it to the second round is the key encapsulation mechanism BIKE.
This work investigates various techniques to achieve an efficient and secure implementation of BIKE on embedded devices. We show that it is possible for BIKE to run on a Cortex-M4 microcontroller using reduced data representation and adequate decoding algorithms. Our implementation achieves a performance of 6 million cycles for key generation, 7 million cycles for encapsulation, and 89 million cycles for decapsulation for BIKE-1.
Mario Bischof, Tobias Oder, Tim Güneysu

### Secure Deterministic Automata Evaluation: Completeness and Efficient 2-party Protocols

Abstract
Secure computation (i.e., performing computation while keeping privacy of the inputs) is a fundamental research area in cryptography and a fundamental capability in the theory of computing. Deterministic automata evaluation is a fundamental computation problem, with numerous application areas, including regular expressions, string matching, constant-space computations.
In this paper, we investigate the complexity of achieving secure 2-party deterministic automata evaluation protocols. We show black-box reductions between this problem and the problem of constructing secure 2-party information retrieval protocols, and viceversa. Using previous results, this implies various interesting consequences: completeness of secure deterministic automata evaluation in the class of problems having 2-party and multi-party secure function evaluation protocols (previously, only 2 less natural problems were showed to be complete, or non-constructive characterizations of complete problems were given), and, under standard cryptographic assumptions, a communication-efficient secure protocol for automata evaluation (no such problem was given in the literature) and a time-efficient secure protocol faster than applying Yao’s benchmark general solution.
Giovanni Di Crescenzo, Brian Coan, Jonathan Kirsch

### Detecting Malicious Websites by Query Templates

Abstract
With the development of the Internet, web content is exponentially increasing. Along with this, web-based attacks such as drive-by download attacks and phishing have grown year on year. To prevent such attacks, URL blacklists are widely used. However, URL blacklists are not enough because they lack the ability to detect newly generated malicious URLs. In this paper, we propose an automatic query template generation method to detect malicious websites. Our method focus on URL query strings that contained similarities on malicious website groups. Additionally, we evaluate our proposed method with large-scale dataset and verify effectiveness. Consequently, our proposed method can grasp the characteristics of malicious campaigns; it can detect 11,292 malicious unique domains not detected by Google Safe Browsing. Moreover, our method achieved high precision in the seven months of experiments.
Satomi Kaneko, Akira Yamada, Yukiko Sawaya, Tran Phuong Thao, Ayumu Kubota, Kazumasa Omote

### A Deep Learning Attack Countermeasure with Intentional Noise for a PUF-Based Authentication Scheme

Abstract
We propose a scheme to prevent the machine learning (ML) attacks against physically unclonable functions (PUFs). A silicon PUF is a security primitive in a semiconductor chip that generates a unique identifier by exploiting device variations. However, some PUF implementations are vulnerable to ML attacks, in which an attacker tries to obtain the mathematical clone of the target PUF to predict its responses. Our scheme adds intentional noise to the responses to disturb ML by an attacker so that the clone fails to be authenticated, while the original PUF can still be correctly authenticated using an error correction code (ECC). The effectiveness of this scheme is not very obvious because the attacker can also use the ECC. We apply the countermeasure to n-XOR arbiter PUFs to investigate the feasibility of the proposed scheme. We explain the relationship between the prediction accuracy of the clone and the number of intentional noise bits. Our scheme can successfully distinguish a clone from the legitimate PUF in the case of 5-XOR PUF.
Risa Yashiro, Yohei Hori, Toshihiro Katashita, Kazuo Sakiyama

### Implementing Cryptography Pairings over Ordinary Pairing-Friendly Curves of Type

Abstract
In this paper, we describe an efficient implementation in Sage of the Tate pairing over ordinary hyperelliptic curves of type $$y^2 = x^5 +a \, x$$. First, we describe a method of construction of these curves according to Kawazoe and Takahashi [8]. Then, we describe an efficient formula for computing pairings on such curves over prime fields, and develop algorithms to compute Tate pairing. We provide a faster optimisation of the final exponentiation in particular for the embedding degree $$k = 28$$.
Mohammed Zitouni, Farid Mokrane

### Towards Practical Deployment of Post-quantum Cryptography on Constrained Platforms and Hardware-Accelerated Platforms

Abstract
Most of the cryptographic constructions deployed in practical systems today, in particular digital signatures and key-establishment schemes, are vulnerable to attacks using quantum computers. Post-quantum cryptography (PQC) deals with the design and implementation of cryptographic algorithms that are resistant to these attacks. In this paper, we evaluate the NIST’s PQC competition candidates with respect to their suitability for the implementation on special hardware platforms. In particular, we focus on the implementability on constrained platforms (e.g., smart cards, small single-board computers) on one side and on the performance on very fast hardware-accelerated platforms (i.e., field-programmable gate arrays - FPGAs) on the other side. Besides the analysis of the candidates’ design features affecting the performance on these devices and security aspects, we present also the practical results from the existing implementation on contemporary hardware.
Lukas Malina, Sara Ricci, Petr Dzurenda, David Smekal, Jan Hajny, Tomas Gerlich

### White-Box Traitor-Tracing from Tardos Probabilistic Codes

Abstract
In this paper, we address the problem of tracing traitors in the white-box model. A traitor tracing system generally comes with a broadcast encryption scheme where each user is equipped with a secret that allows him to decrypt broadcast data. When a broadcast encryption scheme is provided with a tracing procedure, the user’s key is used to uniquely identify him. A white-box model refers to a context where an attacker shares the host with a software implementation of a cryptographic algorithm and controls the execution environment. Thus, a traditional broadcast encryption scheme will fail in this context since an adversary may steal the user’s decryption key and illegally decrypts broadcast contents. In this work, we describe a traitor tracing system where each user is provided with a distinct key generation function instead of a secret key. The key generator is made user-specific and enables to generate a content key which is used to decrypt the encrypted content. We use techniques of White-Box Cryptography to build the key generation function and use a collusion-secure code to derive the user-specific key generators. Finally, we prove that the system is collusion-resilient.
Sandra Rasoamiaramanana, Gilles Macario-Rat, Marine Minier

### Generic Construction of Anonymous Deniable Predicate Authentication Scheme with Revocability

Abstract
We propose a syntax and security definitions of an anonymous deniable predicate authentication scheme with revocability (rADPA). This new cryptographic primitive is to attain revocation function as well as strong privacy guarantee concerning authentication. Anonymity is for privacy in the authentication protocol, while deniability is for anti-forensics after completion of the protocol. Then, we give a generic construction of our rADPA scheme. Our approach is to build-in the revocable attribute-based encryption scheme proposed by K. Yamada et al. (ESORICS2017) into the anonymous deniable predicate authentication scheme proposed by S. Yamada et al. (PKC2012). Finally, we discuss how our rADPA scheme can be instantiated by employing concrete building blocks in our generic construction.

### Physical Cryptography

Abstract
We recall a series of physical cryptography solutions and provide the reader with relevant security analyses. We mostly turn our attention to describing attack scenarios against schemes solving Yao’s millionaires’ problem, protocols for comparing information without revealing it and public key cryptosystems based on physical properties of systems.
Mariana Costiuc, Diana Maimuţ, George Teşeleanu

### Logic Locking of Boolean Circuits: Provable Hardware-Based Obfuscation from a Tamper-Proof Memory

Abstract
Today’s integrated circuits are subject to a variety of attacks. Logic Locking is an area of hardware security that attempts to prevent reverse-engineering of integrated circuits based on a tamper-resistant memory. Despite significant attention from the research literature, no rigorous cryptographic modeling of logic locking and associated provable secure solutions have been proposed.
Based on the observation that logic locking can be seen as a special case of hardware-based cryptographic program obfuscation, we propose rigorous definitions, borrowing approaches from modern cryptography (and, specifically, cryptographic program obfuscation), for both tamper-proof memories and logic locking of boolean circuits. We then prove two positive results: (1) the existence of a circuit computationally indistinguishable from a random oracle, assuming the existence of a pseudo-random function and of a tamper-proof memory, and (2) logic locking of general polynomial-size boolean circuits, assuming the existence of a pseudo-random generator and a tamper-proof memory.
Our paper shows the possibility of provably boosting the capability of constructing a physical memory with a suitable tamper-resistant property into hardware-based obfuscation of any boolean circuit, as well as a practical hardware-based realization of a random oracle.
Giovanni Di Crescenzo, Abhrajit Sengupta, Ozgur Sinanoglu, Muhammad Yasin

### Speeding up OMD Instantiations in Hardware

Abstract
Particular instantiations of the Offset Merkle Damgård authenticated encryption scheme (OMD) represent highly secure alternatives for AES-GCM. It is already a fact that OMD can be efficiently implemented in software. Given this, in our paper we focus on speeding-up OMD in hardware, more precisely on FPGA platforms. Thus, we propose a new OMD instantiation based on the compression function of BLAKE2b. Moreover, to the best of our knowledge, we present the first FPGA implementation results for the SHA-512 instantiation of OMD as well as the first architecture of an online authenticated encryption system based on OMD.
Diana Maimuţ, Ştefan Alexandru Mega

### Reputation-Based Security Framework for Internet of Things

Abstract
Mobile crowdsensing has emerged as a new paradigm in the IoT world, exploiting users’ mobility in conjunction with advanced capabilities and proliferation of mobile devices. Smartphones, tablets and smartwatches are now typically equipped with sensing and wireless capabilities, enabling them to produce and upload data for different IoT applications. The mobile crowdsensing approach has the advantage of being cost-effective, while also providing real-time data. However, a number of challenges should be addressed in order for mobile crowdsensing to reach its full potential. Security, privacy and reliability of the data provided by mobile devices are the most important ones. In this paper, we propose a security framework with a multi-layer architecture that addresses the trust evaluation of sensing devices based on reputation scores calculated using a naive Bayes algorithm.
Ion Bica, Bogdan-Cosmin Chifor, Ștefan-Ciprian Arseni, Ioana Matei

### Learned Lessons from Implementing an Android Client for the Cloud Signature Consortium API

Abstract
Advanced electronic signatures are the main security mechanism used for assuring authentication, integrity and non-repudiation of electronic documents. Digitization on a large scale requires secure and flexible electronic signature systems. In E.U., the use of remote qualified electronic signatures has considerably increased after the adoption of the Regulation (EU) No 910/2014 (“eIDAS”). Thanks to the new legislative measures, owning a physical device to create a qualified electronic signature in no longer mandatory, so the user experience has been considerably improved. However, the full potential of remote qualified electronic signatures has not been reached yet. Our work supports the adoption of the remote digital signature in various fields by implementing an Android application that can apply qualified electronic signatures. To assure interoperability, the client-server communication follows a standard protocol: the Cloud Signature Consortium API. The main advantage of our approach is that the Android application is able to sign using certificates issued by different Trust Service Providers. This paper will analyze the current situation and will present the main challenges encountered when designing and developing a digital signature application that uses remote qualified digital certificates as well as the learned lessons that could be of tremendous help for others activating in this field.
Iulian Aciobanitei, Paul-Danut Urian, Mihai-Lica Pura

### Integrating Adversary Models and Intrusion Detection Systems for In-vehicle Networks in CANoe

Abstract
In-vehicle buses and the Controller Area Network (CAN) in particular have been shown to be vulnerable to adversarial actions. We embed adversary models and intrusion detection systems (IDS) inside a CANoe based application. Based on real-world CAN traces collected from several vehicles we build attack traces that are subject to intrusion detection algorithms. We also take benefit from existing machine-learning support in MATLAB that is ported via C++ code in CANoe in order to integrate intrusion detection functionality. A unified framework for attacks and intrusion detection has the benefit of providing a testbed for various intrusion detection algorithms. CANoe integration makes the use of these functionalities ready for realistic testing as CANoe is an industry-standard tool in the automotive domain.
Camil Jichici, Bogdan Groza, Pal-Stefan Murvay

### Backmatter

Weitere Informationen