Skip to main content

Über dieses Buch

This book constitutes the proceedings of the 19th Nordic Conference on Secure IT Systems, held in Tromsø, Norway, in October 2014. The 15 full papers presented in this volume were carefully reviewed and selected from 42 submissions. They are organized in topical sections named: information management and data privacy; cloud, big data and virtualization security; network security and logging; attacks and defenses; and security in healthcare and biometrics. The volume also contains one full-paper invited talk.



Keynote Paper


Accountability in Cloud Service Provision Ecosystems

In data protection regulation since the 1980s, accountability has been used in the sense that the ‘data controller’ is responsible for complying with particular data protection legislation and, in most cases, is required to establish systems and processes which aim at ensuring such compliance. This paper assesses this notion in the context of cloud computing, and describes how better and more systematic accountability might be provided.
Siani Pearson

Information Management and Data Privacy


Information Classification Issues

This paper presents an extensive systematic literature review with the aim of identifying and classifying issues in the information classification process. The classification selected uses human and organizational factors for grouping the identified issues. The results reveal that policy-related issues are most commonly described, but not necessarily the most crucial ones. Furthermore, gaps in the research field are identified in order to outline paths for further research.
Erik Bergström, Rose-Mharie Åhlfeldt

DEICS: Data Erasure in Concurrent Software

A well known tenet for ensuring unauthorized leaks of sensitive data such as passwords and cryptographic keys is to erase (“zeroize”) them after their intended use in any program. Prior work on minimizing sensitive data lifetimes has focused exclusively on sequential programs. In this work, we address the problem of data lifetime minimization for concurrent programs. We develop a new algorithm that precisely anticipates when to introduce these erasures, and develop an implementation of this algorithm in a tool called DEICS. Through an experimental evaluation, we show that DEICS is able to reduce lifetimes of shared sensitive data in several concurrent applications (over 100k lines of code combined) with minimal performance overheads.
Kalpana Gondi, A. Prasad Sistla, V. N. Venkatakrishnan

A Practical Analysis of Oblivious Sorting Algorithms for Secure Multi-party Computation

Cryptographic secure computing methods like secure multi-party computation, circuit garbling and homomorphic encryption are becoming practical enough to be usable in applications. Such applications need special data-independent sorting algorithms to preserve privacy. In this paper, we describe the design and implementation of four different oblivious sorting algorithms. We improve two earlier designs based on sorting networks and quicksort with the capability of sorting matrices. We also propose two new designs—a naive comparison-based sort with a low round count and an oblivious radix sort algorithm that does not require any private comparisons. For all these algorithms, we present thorough complexity and performance analysis including detailed breakdown of running-time, network and memory usage.
Dan Bogdanov, Sven Laur, Riivo Talviste

Cloud, Big Data and Virtualization Security


Security of OS-Level Virtualization Technologies

The need for flexible, low-overhead virtualization is evident on The need for flexible, low-overhead virtualization is evident on many fronts ranging from high-density cloud servers to mobile devices. During the past decade OS-level virtualization has emerged as a new, efficient approach for virtualization, with implementations in multiple different Unix-based systems. Despite its popularity, there has been no systematic study of OS-level virtualization from the point of view of security. In this paper, we conduct a comparative study of several OSlevel virtualization systems, discuss their security and identify some gaps in current solutions.
Elena Reshetova, Janne Karhunen, Thomas Nyman, N. Asokan

Processing Private Queries over an Obfuscated Database Using Hidden Vector Encryption

Outsourcing data in the cloud has become nowadays very common. Since – generally speaking – cloud data storage and management providers cannot be fully trusted, mechanisms providing the confidentiality of the stored data are necessary. A possible solution is to encrypt all the data, but – of course – this poses serious problems about the effective usefulness of the stored data. In this work, we propose to apply a well-known attribute-based cryptographic scheme to cope with the problem of querying encrypted data. We have implemented the proposed scheme with a real-world, off-the-shelf RDBMS and we provide several experimental results showing the feasibility of our approach.
Alberto Trombetta, Giuseppe Persiano, Stefano Braghin

π-Cipher: Authenticated Encryption for Big Data

In today’s world of big data and rapidly increasing telecommunications, using secure cryptographic primitives that are parallelizable and incremental is becoming ever more important design goal. π-Cipher is parallel, incremental, nonce based authenticated encryption cipher with associated data. It is designed with the special purpose of providing confidentiality and integrity for big data in transit or at rest. It has, as an option, a secret part of the nonce which provides noncemisuse resistance. The design involves operations of several solid cryptographic concepts such as the Encrypt-then-MAC principle, the XOR MAC scheme and the two-pass sponge construction. It contains parameters that can provide the functionality of tweakable block ciphers for authenticated encryption of data at rest. The security of the cipher relies on the core permutation function based on ARX (Addition, Rotation and XOR) operations. π-Cipher offers several security levels ranging from 96 to 256 bits.
Danilo Gligoroski, Hristina Mihajloska, Simona Samardjiska, Håkon Jacobsen, Rune Erlend Jensen, Mohamed El-Hadedy

What Would It Take for You to Tell Your Secrets to a Cloud?

Studying Decision Factors When Disclosing Information to Cloud Services
We investigate the end users’ behaviours and attitudes with regards to the control they place in the personal information that they disclose to cloud storage services. Three controlled experiments were carried out to study the influence in users’ decisions to retain or surrender control over their personal information depending on different factors. The results of these experiments reveal, among other things, the users’ willingness to surrender control over personal information that is perceived as non-sensitive in exchange for valuable rewards, and that users would value the possibility of knowing and controlling the parties who are granted access to their data in the cloud. Based on the results from the experiments we provide implications for the design of end-user tools that can promote transparency and accountability in cloud computing environments.
Julio Angulo, Erik Wästlund, Johan Högberg

Network Security and Logging


Efficient Record-Level Keyless Signatures for Audit Logs

We propose a log signing scheme that enables (a) verification of the integrity of the whole log, and (b) presentation of any record, along with a compact proof that the record has not been altered since the log was signed, without leaking any information about the contents of other records in the log. We give a formal security proof of the scheme, discuss practical considerations, and provide an implementation case study.
Ahto Buldas, Ahto Truu, Risto Laanoja, Rainer Gerhards

Static Semantics of Secret Channel Abstractions

The secret π-calculus extends the π-calculus by adding an hide operator that permits to declare channels as secret. The main aim is confidentiality, which is gained by restricting the access of the object of the communication. Communication channels protected by hide are more secure since they have static scope and do not allow the context’s interaction, and can be implemented as dedicated channels. In this paper, we present static semantics of secret channel abstractions by introducing a type system that considers two type modalities for channels (scope): static and dynamic. We show that secret π-calculus channels protected by hide can be represented in the π-calculus by prescribing a static type modality. We illustrate the feasibility of our approach by introducing a security API for message-passing communication which works for a standard (π-calculus) middleware while featuring secret channels. Interestingly, we just require the programmer to declare which channels are meant to be secret, leaving the burden of managing the security type abstractions to the API compiler.
Marco Giunti

Browser Randomisation against Fingerprinting: A Quantitative Information Flow Approach

Web tracking companies use device fingerprinting to distinguish the users of the websites by checking the numerous properties of their machines and web browsers. One way to protect the users’ privacy is to make them switch between different machine and browser configurations. We propose a formalisation of this privacy enforcement mechanism. We use information-theoretic channels to model the knowledge of the tracker and the fingerprinting program, and show how to synthesise a randomisation mechanism that defines the distribution of configurations for each user. This mechanism provides a strong guarantee of privacy (the probability of identifying the user is bounded by a given threshold) while maximising usability (the user switches to other configurations rarely). To find an optimal solution, we express the enforcement problem of randomisation by a linear program. We investigate and compare several approaches to randomisation and find that more efficient privacy enforcement would often provide lower usability. Finally, we relax the requirement of knowing the fingerprinting program in advance, by proposing a randomisation mechanism that guarantees privacy for an arbitrary program.
Frédéric Besson, Nataliia Bielova, Thomas Jensen

Attacks and Defenses


Attacker Profiling in Quantitative Security Assessment Based on Attack Trees

Providing meaningful estimations for the quantitative annotations on the steps of complex multi-step attacks is hard, as they are jointly influenced by the infrastructure and attacker properties. The paper introduces attacker profiling as the concept of separation of the infrastructure properties from the properties of malicious agents undertaking strategic decisions in the considered environment. We show that attacker profiling may be integrated into existing quantitative security assessment tools without any significant performance penalty. As an example of such integration we introduce the new analysis tool named ApproxTree+ which is an extension of the existing ApproxTree tool, enhancing it by incorporating attacker profiling capabilities into it.
Aleksandr Lenin, Jan Willemson, Dyan Permata Sari

Denial-of-Service Mitigation for Internet Services

Denial-of-service attacks present a serious threat to the availability of online services. Distributed attackers, i.e. botnets, are capable of exhausting the server capacity with legitimate-looking requests. Such attacks are difficult to defend against using traditional filtering mechanisms. We propose a machine learning and filtering system that forms a profile of normal client behavior based on normal traffic features and, during an attack, optimizes capacity allocation for legitimate clients based on the profile. The proposed defense mechanism is evaluated using simulations based on real-life server usage patterns. The simulations indicate that the mechanism is capable of mitigating an overwhelming server capacity exhaustion DDoS attack. During attacks where a botnet floods a server with legitimate-looking requests, over 80 percent of the legitimate clients are still served, even on servers that are heavily loaded to begin with. An implementation of the mechanism is tested using synthetic HTTP attack traffic, also with encouraging results.
Aapo Kalliola, Tuomas Aura, Sanja Šćepanović

Spook in Your Network: Attacking an SDN with a Compromised OpenFlow Switch

Software defined networking (SDN) and OpenFlow as one of its key technologies have received a lot of attention from the networking community. While SDN enables complex network applications and easier network management, the paradigm change comes along with new security threats. In this paper, we analyze attacks against a software-defined network in a scenario where the attacker has been able to compromise one or more OpenFlow-capable switches. We find out that such attacker can in suitable environments perform a wide range of attacks, including man-in-the-middle attacks against control-plane traffic, by using only the standard OpenFlow functionality of the switch. Furthermore, we show that in certain scenarios it is nearly impossible to detect that some switch has been compromised. We conclude that while the existing security mechanisms, such as TLS, give protection against many of the presented attacks, the threats should not be overlooked when moving to SDN and OpenFlow.
Markku Antikainen, Tuomas Aura, Mikko Särelä

Security in Healthcare and Biometrics


Patients’ Privacy Protection against Insurance Companies in eHealth Systems

To preserve fraud detection, in most current eHealth systems, the health information of patients is fully disclosed to the insurance companies which cover the expenses of the patients’ health care. However, such disclosure might infringe on the privacy of the patients. In this paper, we propose a novel pseudonym scheme and corresponding signature scheme for the billing process, in order to protect the privacy of patients against insurance companies while enabling the latter to check the truthfulness of the bills.
Liangyu Xu, Armin B. Cremers

Segmentation and Normalization of Human Ears Using Cascaded Pose Regression

Being an emerging biometric characteristic, automated ear recognition is making its way into forensic image analysis for law enforcement in the last decades. One of the most important challenges for this application is to deal with loosely constrained acquisition scenarios and large databases of reference samples. The research community has come up with a variety of feature extraction methods that are capable of handling occlusions and blur. However, these methods require the images to be geometrically normalized, which is mostly done manually at the moment.
In this work, we propose a segmentation and normalization method for ear images that is using cascaded pose regression (CPR). We show that CPR returns accurate rotation and scale estimates, even for full profile images, where the ear has not been segmented yet. We show that the segmentation accuracy of CPR outperforms state of the art detection methods and that CPR improves the recognition rate of an ear recognition system that uses state of the art appearance features.
Anika Pflug, Christoph Busch


Weitere Informationen

Premium Partner