main-content

## Über dieses Buch

This book constitutes the proceedings of the 22nd Nordic Conference on Secure IT Systems, held in Tartu, Estonia, in November 2017.
The 18 full papers presented were carefully reviewed and selected from 42 submissions. The papers address a broad range of topics in IT security and privacy. They are organized in the following topical sections: outsourcing computations; privacy preservation; security and privacy in machine learning; applications; access control; and emerging security areas.

## Inhaltsverzeichnis

### A Server-Assisted Hash-Based Signature Scheme

Abstract
We present a practical digital signature scheme built from a cryptographic hash function and a hash-then-publish digital time-stamping scheme. We also provide a simple proof of existential unforgeability against adaptive chosen-message attack (EUF-ACM) in the random oracle (RO) model.
Ahto Buldas, Risto Laanoja, Ahto Truu

### Outsourcing of Verifiable Attribute-Based Keyword Search

Abstract
In integrated broadcast-broadband services, viewers receive content via the airwaves as well as additional content via the Internet. The additional content can be personalized by using the viewing histories of each viewer. Viewing histories however contain private data that must be handled with care. A verifiable attribute-based keyword search (VABKS) scheme allows data users (service providers), whose attributes satisfy a policy that is specified by the data owner (viewer), to securely search and access stored data in a malicious cloud server, and verify the correctness of the operations by the cloud server. VABKS, however, requires data owners who have computationally weak terminals, such as television sets, to perform heavy computations due to the attribute-based encryption process. In this paper, we propose a new VABKS scheme where such heavy computations are outsourced to a cloud server and hence the data owner is kept as light as possible. Our scheme is provably secure against two malicious cloud servers in the random oracle model: one performing the attribute-based encryption process, and the other performing the keyword search process on the encrypted data. We implement our scheme and the previous VABKS scheme and show that our scheme significantly reduces the computation cost of the data owner.
Go Ohtake, Reihaneh Safavi-Naini, Liang Feng Zhang

### Is RCB a Leakage Resilient Authenticated Encryption Scheme?

Abstract
Leakage resilient cryptography wants to provide security against side channel attacks. In this paper, we present several issues of the $$\mathsf {RCB}$$ block cipher mode, proposed by Agrawal et al. in [2]. $$\mathsf {RCB}$$ is the first Leakage Resilient Authenticated Encryption (AE) scheme ever presented. In particular, we present a forgery attack that breaks the $$\textsf {INT-CTXT}$$ security which is a fundamental requirement in the design of AE schemes.
Farzaneh Abed, Francesco Berti, Stefan Lucks

### Practical and Secure Searchable Symmetric Encryption with a Small Index

Abstract
From a view point of information security, researches on an encrypted search system have been done intensively. Such search systems are called searchable symmetric encryption (SSE). The main part of SSE is an encrypted index which affects security and efficiency. Until now many SSE schemes have been proposed, but most of them uses a random oracle to achieve both adaptive security and an optimal index size. The index size of adaptively secure SSE schemes without a random oracle can be much larger. In this paper, we propose a new SSE scheme which satisfies adaptive security in the standard model and has an optimal index size. Furthermore the index of our scheme consists of Bloom filters and simple arrays, that is, arrays of integers. Since Bloom filters are also implemented by an array of integers, the structure of the index is simple. Thus, unlike other SSE schemes with an optimal index size, the size does not depend on a security parameter.
Ryuji Miyoshi, Hiroaki Yamamoto, Hiroshi Fujiwara, Takashi Miyazaki

### Anonymous Certification for an e-Assessment Framework

Abstract
We present an anonymous certification scheme that provides data minimization to allow the learners of an e-assessment platform to reveal only required information to certificate authority providers. Attribute-based signature schemes are considered as a promising cryptographic primitive for building privacy-preserving attribute credentials, also known as anonymous credentials. These mechanisms allow the derivation of certified attributes by the issuing authority relying on non-interactive protocols and enable end-users to authenticate with verifiers in a pseudonymous manner, e.g., by providing only the minimum amount of information to service providers.
Christophe Kiennert, Nesrine Kaaniche, Maryline Laurent, Pierre-Olivier Rocher, Joaquin Garcia-Alfaro

### PARTS – Privacy-Aware Routing with Transportation Subgraphs

Abstract
To ensure privacy for route planning applications and other location based services (LBS), the service provider must be prevented from tracking a user’s path during navigation on the application level. However, the navigation functionality must be preserved. We introduce the algorithm PARTS to split route requests into route parts which will be submitted to an LBS in an unlinkable way. Equipped with the usage of dummy requests and time shifting, our approach can achieve better privacy. We will show that our algorithm protects privacy in the presence of a realistic adversary model while maintaining the service quality.
Christian Roth, Lukas Hartmann, Doğan Kesdoğan

### Bayesian Network Models in Cyber Security: A Systematic Review

Abstract
Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also exemplified by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these models is missing. In this paper, we conduct a systematic review of the scientific literature and identify 17 standard BN models in cyber security. We analyse these models based on 8 different criteria and identify important patterns in the use of these models. A key outcome is that standard BNs are noticeably used for problems especially associated with malicious insiders. This study points out the core range of problems that were tackled using standard BN models in cyber security, and illuminates key research gaps.
Sabarathinam Chockalingam, Wolter Pieters, André Teixeira, Pieter van Gelder

### Improving and Measuring Learning Effectiveness at Cyber Defense Exercises

Abstract
Cyber security exercises are believed to be the most effective training for the training audiences from top professional teams to individual students. However, evidence of learning outcomes is often anecdotal and not validated. This paper focuses on measuring learning outcomes of technical cyber defense exercises (CDXs) with Red and Blue teaming elements. We studied learning at Locked Shields, which is the largest unclassified defensive live-fire CDX in the world. This paper proposes a novel and simple methodology, called the “5-timestamp methodology”, aiming at accommodating both effective feedback (including benchmarking) and learning measurement. The methodology focuses on collection of timestamps at specific points during a cyber incident and time interval analysis to assess team performance, and argues that changes in performance over time can be used to evidence learning. The timestamps can either be collected non-intrusively from raw network traces (such as pcaps, logs) or using traditional methods, such as interviews, observations and surveys. Our experience showed that traditional methods, such as self-reporting, fail at high-speed and complex exercises. The suggested method enhances feedback loop, allows identifying learning design flaws, and provides evidence of learning value for CDXs.
Kaie Maennel, Rain Ottis, Olaf Maennel

### Privacy-Preserving Frequent Itemset Mining for Sparse and Dense Data

Abstract
Frequent itemset mining is a data mining task that can in turn be used for other purposes such as associative rule mining. The data may be sensitive. There exist multiple privacy-preserving solutions for frequent itemset mining, which should consider the tradeoff between efficiency and privacy. Leaking some less sensitive information such as density of the datatable may improve the efficiency. In this paper, we consider secure multiparty computation setting, where the final output (the frequent itemsets) is public, and no other information should be inferred by the adversary that corrupts some of the computing parties. We devise privacy-preserving algorithms that have advantage when applied to very sparse and very dense matrices. We compare them to related work that has similar security requirements, estimating the efficiency of our new solution on a similar secure multiparty computation platform.
Peeter Laud, Alisa Pankova

### Free Rides in Denmark: Lessons from Improperly Generated Mobile Transport Tickets

Abstract
The term security ceremony describes a technical system extended with its human users. In this paper, we examine the inspection ceremony for the mobile transport ticket in Denmark. We find several security weaknesses that are ascribable to both human and computer components of the ceremony. The main vulnerabilities are due to the design choices of how the visual inspection ceremony is organised and the lack of information that is stored into the 2D barcode. These vulnerabilities allow a ticket holder to travel up to 8 zones with a 2-zone subscription and enable several people to travel with the same subscription. The attack is significant as it can be automated, and rather modest skills are necessary to break the inspection ceremony. We state four principles that aim at strengthening the security of inspection ceremonies and propose an alternative ceremony whose design is driven by the stated principles.
Rosario Giustolisi

### Using the Estonian Electronic Identity Card for Authentication to a Machine

Abstract
The electronic chip of the Estonian ID card is widely used in Estonia to identify the cardholder to a machine. For example, the electronic ID card can be used to collect rewards in customer loyalty programs, authenticate to public printers and self-checkout machines in libraries, and even unlock doors and gain access to restricted areas. This paper studies the security aspects of using the Estonian ID card for this purpose. The paper shows that the way the ID card is currently being used provides little to no assurance to the terminal about the identity of the cardholder. To demonstrate this, an ID card emulator is built, which emulates the electronic chip of the Estonian ID card as much as possible and is able to successfully impersonate the real ID card to the terminals deployed in practice. The exact mechanisms used by the terminals to authenticate the ID card are studied and possible security improvements for the Estonian ID card are discussed.
Danielle Morgan, Arnis Parsovs

### Data Aware Defense (DaD): Towards a Generic and Practical Ransomware Countermeasure

Abstract
We present the Malware - O - Matic analysis platform and the Data Aware Defense ransomware countermeasure based on real time data gathering with as little impact as possible on system performance. Our solution monitors (and blocks if necessary) file system activity of all userland threads with new indicators of compromise. We successfully detect 99.37% of our 798 active ransomware samples with at most 70 MB lost per sample’s thread in 90% of cases, or less than 7 MB in 70% of cases. By a careful analysis of the few false negatives we show that some ransomware authors are specifically trying to hide ongoing encryption. We used free (as in free beer) de facto industry standard benchmarks to evaluate the impact of our solution and enable fair comparisons. In all but the most demanding tests the impact is marginal.
Aurélien Palisse, Antoine Durand, Hélène Le Bouder, Colas Le Guernic, Jean-Louis Lanet

Abstract
We present a large-scale study of Windows freeware installers. In particular, we look for potentially unwanted programs (PUP) and other potentially unwanted modifications to the target system made by freeware installers. The analysis is based on almost 800 installers gathered from eight popular software download portals. We measure how many of them drop PUP, such as browser plugins, or make other modifications to the system. In addition to these results, we find that most installers that download executable files over the network are vulnerable to man-in-the-middle attacks, which in the worst cases may be used to execute arbitrary code with elevated privileges on the target system. Moreover, serious man-in-the-middle vulnerabilities are found in application managers provided by download portals.
Alberto Geniola, Markku Antikainen, Tuomas Aura

### GPASS: A Password Manager with Group-Based Access Control

Abstract
Password managers make it easy for users to choose stronger and more random passwords without the burden of memorizing them. While the majority of our passwords should be kept secret, sharing passwords and access codes is necessary in some cases. In this paper, we present GPASS—a password manager architecture that allows groups to share passwords via an untrusted server. GPASS provides its own cryptographic access control mechanism in which all the information is transparent to the clients so that they can detect any misbehavior of the server. We implemented a proof-of-concept prototype to demonstrate the feasibility and effectiveness of the architecture.
Thanh Bui, Tuomas Aura

### Towards Accelerated Usage Control Based on Access Correlations

Abstract
Low run-time overhead is crucial for the practicability of usage-control mechanisms. In this article, we propose an approach to accelerate usage control by exploiting access correlations. Our approach combines two main ingredients: firstly, a technique to compute decisions ahead of time and, secondly, a method to guide selection of usage events to pre-compute decisions for. For the first, we speculatively pre-compute decisions for usage events. For the second, we exploit access correlations to identify high acceleration potential. We implemented our approach and evaluated it in a case study of security policy enforcement in a distributed storage system. Our empirical results show that the speedup is substantial. More concretely, the speedup on average is up to 61.5%.
Richard Gay, Jinwei Hu, Heiko Mantel, Johannes Schickel

### Generating Functionally Equivalent Programs Having Non-isomorphic Control-Flow Graphs

Abstract
One of the big challenges in program obfuscation consists in modifying not only the program’s straight-line code (SLC) but also the program’s control flow graph (CFG). Indeed, if only SLC is modified, the program’s CFG can be extracted and analyzed. Usually, the CFG leaks a considerable amount of information on the program’s structure.
In this work we propose a method allowing to re-write a code P into a functionally equivalent code $$P'$$ such that $${\text {CFG}}(P)$$ and $${\text {CFG}}(P')$$ are radically different.
Rémi Géraud, Mirko Koscina, Paul Lenczner, David Naccache, David Saulpic

### Proof of a Shuffle for Lattice-Based Cryptography

Abstract
In this paper we present the first proof of a shuffle for lattice-based cryptography which can be used to build a universally verifiable mix-net capable of mixing votes encrypted with a post-quantum algorithm, thus achieving long-term privacy. Universal verifiability is achieved by means of the publication of a non-interactive zero knowledge proof of a shuffle generated by each mix-node which can be verified by any observer. This published data guarantees long-term privacy since its security is based on perfectly hiding commitments and also on the hardness of solving the Ring Learning With Errors (RLWE) problem, that is widely believed to be quantum resistant.
Nuria Costa, Ramiro Martínez, Paz Morillo

### An Analysis of Bitcoin Laundry Services

Abstract
This work briefly (An extended version can be found at https://​kar.​kent.​ac.​uk/​id/​eprint/​63502) examines some of the most relevant Bitcoin Laundry Services, commonly known as tumblers or mixers, and studies their main features to try to answer some fundamental questions including their security, popularity, transaction volume, and generated revenue. Our research aims to inform both legitimate users and Law Enforcement about the characteristics and limitations of these services.
Thibault de Balthasar, Julio Hernandez-Castro

### Backmatter

Weitere Informationen