# SECRYPT 2009 Abstracts

## Area 1 - Security in Information Systems and Software Engineering

Full Papers
Paper Nr: 72
Title:

### SECURITY PATTERNS, TOWARDS A FURTHER LEVEL

Authors:

#### Beatriz Gallego - Nicasio Crespo, Antonio Muñoz, Daniel Serrano and Antonio Maña

Abstract: Traditionally, security patterns have successfully been used to describe security and dependability (S&D) solutions, making them available to system engineers not being security experts. Recently, in the SERENITY research project (Ser, 2006), the notion of S&D pattern was extended to exact specifications of re-usable S&D mechanisms for Ambient Intelligence (AmI) systems. SERENITY is focused in AmI systems, but its results can be applied to other computer paradigms: grids, distributed computing, etc. SERENITY S&D patterns include information about both the S&D properties that the solution satisfies and the requirements on the context conditions. Along this paper, we describe how abstract S&D solutions can be implemented by means of functional S&D services. In order to do that, our approach is based on the use of SERENITY S&D patterns, and their implementations, called ExecutableComponents. Finally, we propose several examples and we prove their potential application to AmI scenarios.

Short Papers
Paper Nr: 38
Title:

### Iterated Transformations and Quantitative Metrics for Software Protection

Authors:

#### Mariusz Jakubowski, Ramarathnam Venkatesan and Nick Saw

Abstract: This paper describes a new framework for design, implementation and evaluation of software-protection schemes. Our approach is based on the paradigm of {\em iterated protection}, which repeats and combines simple transformations to build up complexity and security. Based on ideas from the field of complex systems, iterated protection is intended as an element of a comprehensive obfuscation and tamper-resistance system, but not as a full-fledged, standalone solution. Our techniques can (and should) be combined with previously proposed approaches, strengthening overall protection. A long-term goal of this work is to create protection methods amenable to analysis or estimation of security in practice. As a step towards this, we present security evaluation via {\em metrics} computed over transformed code. Indicating the difficulty of real-life reverse engineering and tampering, such metrics offer one approach to move away from ad hoc, poorly analyzable approaches to protection.

Paper Nr: 42
Title:

### Phishpin: An Integrated, Identity-Based Anti-Phishing Approach

Authors:

#### Hicham Tout

Abstract: Phishing is a social engineering technique used to fraudulently acquire sensitive information from users by masquerading as a legitimate entity. One of the primary goals of phishing is to illegally carry fraudulent financial transactions on behalf of users. The two primary vulnerabilities exploited by phishers are: Inability of non-technical/unsophisticated users to always identify spoofed emails or Web sites; and the relative ease with which phishers masquerade as legitimate Web sites. This paper presents Phishpin, an approach that leverages the concepts of mutual authentication to require online entities to prove their identities. To this end, Phishpin builds on One-Time-Password, DNS, partial credentials sharing, & client filtering to prevent phishers from masquerading as legitimate online entities.

Paper Nr: 46
Title:

### On the need to divide the signature creation environment

Authors:

#### Jorge L. Hernandez-Ardieta, Ana I. González-Tablas, Benjamin Ramos and Arturo Ribagorda Garnacho

Abstract: Electronic signatures have been legally recognized as the key element for boosting e-commerce under secure conditions. Several legislations throughout the world establish electronic signatures as legally equivalent to hand-written signatures, assigning them the property of evidence in legal proceedings. In addition, international standards define electronic signatures as non-repudiation evidence respecting the signed information. Bearing this in mind, it is obvious that the reliability of electronic signatures is paramount. However, the results show that several attacks on signature creation environments are feasible and easy to perform. As a result, the reliability of evidence is drastically undermined. We claim that the division of the environment becomes the most effective solution to counteract current threats. The formal proofs that support this statement are given along with an overview of the legal background and a summary of main potential threats on signature creation environments.

Paper Nr: 58
Title:

### An alternative approach for formula modelling in security metrics

Authors:

#### Rodrigo Miani, Felipe Pires and Leonardo Mendes

Abstract: This paper proposes an alternative approach to modelling the formula attribute within the context of security metrics. This approach seeks to correct past errors by treating a security metric like a set, and inserting a component that addresses the set intersection between the security elements. The work consists in to define the model, explain the differences to the previous model and validate it, with examples from the metrics found in literature and also with the results of a case study applied in Metropolitan Broadband Access Network in Pedreira, a city located in the state of São Paulo, Brazil.

Paper Nr: 83
Title:

### A SECURITY DESIGN PATTERN TAXONOMY BASED ON ATTACK PATTERNS

Authors:

#### Andreas Wiesauer and Johannes Sametinger

Abstract: Security design patterns are proven solutions to security problems in a given context with constructive measures of how to design certain parts of a software system. The literature contains numerous definitions, examples, and taxonomies of such patterns. There are also a few quality criteria for them. We suggest a new taxonomy based on attack patterns in order to enhance applicability of security design patterns especially for non-experts in software security. We further suggest a combined consideration of attack patterns, security design patterns and test cases for the validation and evaluation of security design patterns.

Paper Nr: 100
Title:

### ISEE: An Information Security Engineering Environment

Authors:

#### Jingde Cheng, Yuichi Goto and Daisuke Horie

Abstract: Security Engineering has some features that are intrinsically different from Software (Reliability) Engineering. Traditional software engineering environments are not adequate and effective for designing, developing, managing, and maintaining secure software systems. This position paper presents ISEE, an information security engineering environment we are developing, that integrates various tools and provides comprehensive facilities to support design, development, management, and maintenance of security facilities of information/software systems continuously and consistently, and guides and helps all users to perform their tasks regularly according to ISO/IEC security standards. The paper presents the basic ideas on development of ISEE, basic requirements for ISEE, and a design of ISEE. ISEE is the first real information security engineering environment.

Paper Nr: 28
Title:

### MANAGING SECURITY OF GRID ARCHITECTURE WITH A GRID SECURITY OPERATION CENTER

Authors:

#### Syed R. Hassan

Abstract: Due to the nature of grid computing networks, security pitfalls are plethora and adversaries are sneaking to launch attacks. Keeping this scope in mind, we will discuss our proposed solution for securing grid computing networks that we have called gSOC (Grid Security Operation Center). The main advantage of gSOC is that it can give a global view of security of the entire grid infrastructure. The main difficulty is to deal with the specificities of grid infrastructure, that are: multi-sites networks, multi-administrative domains, dynamic collaboration between nodes and sites, high number of nodes to manage, no clear view of the foreign networks and exchange of security information among different domains.

## Area 2 - Access Control and Intrusion Detection

Full Papers
Paper Nr: 16
Title:

### One-Touch Financial Transaction Authentication

Authors:

#### Daniel V. Bailey, Dan Bailey, John Brainard, Sebastian Rohde and Christof Paar

Abstract: We present a design for a Wi-Fi user-authentication token that tunnels data through the SSID field, packet timing, and packet length. Previous attempts to build an online-banking transaction-signing token have been only moderately successful, due in large part to usability problems. Average consumers, especially in the United States, are simply unwilling to transcribe strings of digits from PC to token and back again. In a departure from previous work, our token communicates using point-to-point side-channels in Wi-Fi that allow two devices to directly exchange messages -- even if one is also connected to an access point. The result is a token that can authenticate transactions using only one touch by the user. The increased usability means more transactions can be authenticated, reducing fraud and driving more banking business online.

Paper Nr: 75
Title:

### Service and Timeframe Dependent Unlinkable One-Time Pseudonyms

Authors:

#### Kristof Verslype and Bart De Decker

Abstract: A solution is presented to allow a service provider to limit the number of times per timeframe that a user can access each single service, while maintaining complete unlinkability of different visits by that user. Since the solution is built upon existing building blocks such as anonymous credentials, it is extremely flexible.

Short Papers
Paper Nr: 36
Title:

### AN ANOMALY-BASED WEB APPLICATION FIREWALL

Authors:

#### Carmen Torrano-Gimenez, Carmen Torrano-Gimenez, Gonzalo Alvarez and Alejandro Perez-Villegas

Abstract: A simple and effective web application firewall is presented. This system can detect both known and unknown web attacks following a positive security model. For attack detection, the system relies on an XML file, which thoroughly describes normal web application behavior. Any irregular behavior is flagged as intrusive. An initial training phase is required to statistically characterize how normal traffic for a given target application looks like. The system has been tested with a real web application as target and an artificial request generator as input. Experiments show that after the training phase, when the XML file is correctly configured, good results are obtained, with a very high detection rate and a very low false alarm rate.

Paper Nr: 60
Title:

### VISUAL PROGRAMMING LANGUAGE FOR SECURITY REQUIREMENTS IN BUSINESS PROCESSES AS MODEL-DRIVEN SOFTWARE DEVELOPMENT

Authors:

Abstract: Our approach is based on a security modeling framework and a Meta Modeling Environment for design and generating of access control and security policies for business processes. The framework introduces a methodology that focuses on both, the modeling as well as the implementation aspect of security-requirements and consists of a suite of tools that facilitates the correct realization and the cost-efficient management of decentralized, security-critical workflows. Currently, the framework is being analyzed for general suitability to domains in business processes, taking basic security requirements like confidentiality, integrity and non-repudiation. We use Model-Driven Development (MDD) approach to creating our solutions based on graphical modeling environment as EMF (Eclipse Modeling Framework), GEF (Graphical Editor Framework) and GEMS (Generic Eclipse Modeling System). This graphical modeling environment makes possible rapidly creating modeling tool from a visual language description or metamodel without any coding in third-generation languages. The framework is prototypically validated through a case study for the systematic realization of e-government related workflows. Realizations of security issues follow the steps from provide methodologies that translate the abstract security requirements into run-time artifacts for the target architecture through model transformation. On this approach for this Case study is develop a Policy Specifications modeling tool based on the metamodel describing syntax of the DSML. The important goal is the automatically generate the security artifacts (enforceable security policies in XACML format) to improve the productivity of the development process and the platform independent design. Our case study defines the Business processes, which provide secure Information between three Domains: Municipality, Environment Ministry and Registry of the Combustion plant - environmental pollution producer.

Paper Nr: 77
Title:

### FINGER VEIN VERIFICATION TECHNOLOGY FOR MOBILE APPARATUS

Authors:

#### Hideo Sato

Abstract: In this paper we present a new finger vein authentication technology for consumer mobile products. The finger vein patterns are unique for each individual and do not change over a long time. Since finger veins exist inside of the body, it is extremely hard to be forged. Very short response time while keeping high-level security authentication is achieved by the new compact-fast-matching scheme and small-size template. The data size is nearly as small as the one of the minutiae-based fingerprint authentication systems. The compact sensor size is realized by the method of reflecting scattering light. These technologies enable the use of finger vein authentication to the mobile devices and smart cards.

Paper Nr: 85
Title:

### EFFICIENT ALGORITHMS AND ABSTRACT DATA TYPES FOR LOCAL INCONSISTENCY ISOLATION IN FIREWALL ACLS

Authors:

#### Sergio Pozo Hidalgo and R. M. Gasca

Abstract: Writing and managing firewall ACLs are hard, tedious, time-consuming and error-prone tasks for a wide range of reasons. During these tasks, inconsistent rules can be introduced. An inconsistent firewall ACL implies in general a design fault, and indicates that the firewall is accepting traffic that should be denied or vice versa. This can result in severe problems such as unwanted accesses to services, denial of service, overflows, etc. However, the administrator is who ultimately decides if an inconsistent rule is a fault or not. Although many algorithms to detect and manage inconsistencies in firewall ACLs have been proposed, they have different drawbacks regarding different aspects of the consistency diagnosis problem, which can prevent their use in a wide range of real-life situations. In this paper, we review these algorithms along with their drawbacks, and propose a new divide and conquer based algorithm, which uses specialized abstract data types. The proposed algorithm returns consistency results over the original ACL. Its computational complexity is better than the current best algorithm for inconsistency isolation, as experimental results will also show.

Paper Nr: 13
Title:

### Universal Authentication Framework

Authors:

#### Petra Lambertova, Jan Hajny, Jan Hajný, Tomas Pelka and Petra Lambertova

Abstract: The paper deals with the area of user Authentication, Authorization and Accounting (AAA) in computer networks. The current state analysis together with main trends identification is presented in the first part. These data are used as an argument for a statement about insufficient flexibility and security of nowadays solutions. As a reaction we provide a Universal Authentication Framework which should solve these identified issues. Our ambition is a good support of a wide range of devices -- from mobile nodes like sensors, PDAs and mobiles to work stations and servers. We chose a modular platform for this goal to obtain sufficient flexibility which allows the usage of today protocols together with possible future protocols. There is a basic structure description and operation phase description in our paper. We also provide information about new protocol inclusion. This paper also works as a starting document for further work and system implementation.

Paper Nr: 107
Title:

### Adding Expert Knowledge to TAN-based Intrusion Detection Systems

Authors:

#### Salem Benferhat and Salem Benferhat

Abstract: Bayesian networks are important knowledge representation tools for handling uncertain pieces of information. The success of these models is strongly related to their capacity to represent and handle (in)dependence relations. A simple form of Bayesian networks, called naive Bayes has been successively applied in many classification tasks. In particular, naive Bayes have been used for intrusion detection. Unfortunately, naive Bayes are based on a strong independence assumption that limits its application scope. This paper considers the well-known Tree Augmented Naïve Bayes (TAN) classifiers in the context of intrusion detection. In particular, we study how additional expert information such that “it is expected that 80% of traffic will be normal” can be integrated in classification tasks. Experimental results show that our approach improves existing results.

## Area 3 - Network Security and Protocols

Full Papers
Paper Nr: 12
Title:

### PREVENTING WORMHOLE ATTACK In Wireless Ad Hoc Networks using Cost-Based Schemes

Authors:

#### Marianne Azer, Sherif El-kassas and Magdy El-Soudani

Abstract: Ad hoc networks can be rapidly deployed and reconfigured. Hence, they are very appealing as they can be tailored to lots of applications. Due to their features, they are vulnerable to many attacks. A particularly severe security attack, called the wormhole attack, has been introduced in the context of ad-hoc networks. During the attack a malicious node captures packets from one location in the network, and tunnels them to another malicious node at a distant point, which replays them locally. In this paper we explain the wormhole attack modes and propose two schemes for the wormhole attack prevention in ad hoc networks. The schemes rely on the idea that usually the wormhole nodes participate in the routing in a repeated way as they attract most of the traffic. Therefore, each node will be assigned a cost depending in its participation in routing. The cost function is chosen to be exponential in powers of two such that to rapidly increase the cost of already used nodes. Besides preventing the wormhole attack, these schemes provide a load balance among nodes to avoid exhausting a node that is always cooperative in routing.

Paper Nr: 15
Title:

Authors:

Paper Nr: 51
Title:

### Network Stack Optimization for Improved IPsec Performance on Linux

Authors:

#### Artemios Voyiatzis, Dimitrios Serpanos and Michael Iatrou

Abstract: Virtual Private Network (VPN) connectivity is a necessity in the public Internet, for accessing in a secure fashion private resources from anywhere. Internet Protocol Security (IPsec) is a standardized VPN technology for serving multiple connectivity scenarios. Implementation of cryptography is widely considered as a performance bottleneck and a target for optimization. We present a set of system configuration optimizations for the Linux 2.6 kernel network stack implementation, supported by extensive measurements. These optimizations achieve significant throughput gains. Our work demonstrates that comparable performance between plain IP and IPsec connections is possible without altering the implementation of the cryptographic algorithms.

Paper Nr: 109
Title:

### Attack Graph Generation with Infused Fuzzy Clustering

Authors:

#### Mohammad S. Obaidat

Abstract: Modern networks have been growing rapidly in size and complexity, making manual vulnerability assessment and mitigation impractical. Automation of these tasks is desired [1, 2]. Existing network security tools can be classified into the following two approaches: proactive (such as vulnerability scanning and use of firewalls) and reactive (intrusion detection system). The modus operandi of proactive approaches have an edge over the reactive ones as they have threat information prior to the attack. One approach, viz., generation and analysis of attack graphs, in this class has gained popularity. In this paper, we present an algorithm to automatically generate attack graphs based on the prevalent network conditions. The nodes in the graph that are generated by executing our proposed algorithm have been grouped based on logical graph paradigm which helps in visualizing the dependencies among various initial and generated network configurations towards obtaining the attacker’s goal. In addition, fuzzy logic based clustering has been applied on the generated data corresponding to each such group. This form of clustering is beneficial, because in the real world the boundaries between clusters are indistinct. This form of clustering leads to better visualization of the attack graph. Our goal is to design and develop an efficient approach for automatic attack graph generation and visualization. The approach uses attack graph generation algorithm, and requires network initial conditions as input. Fuzzy logic based clustering, Fuzzy CMeans (FCM) [3], is applied at the output of attack graph generation algorithm to improve visualization. Our approach helps network administrator to visualize attack graph in an efficient way. This reduces the burden of network administrator to a larger extent.

Short Papers
Paper Nr: 24
Title:

### RFID Authentication Protocols based on Elliptic Curves: A Top-Down Evaluation Survey

Authors:

#### Michael Hutter

Abstract: Authentication of RFID tags is a challenging task due to the resource-constrained environment they are operating in. In this article, we present a top-down evaluation survey for RFID-tag authentication based on elliptic curves. First, we describe a general model to characterize different state-of-the-art public-key techniques that provide entity and message authentication. Second, we present practical results of evaluations of elliptic-curve based identification and signature schemes. We analyzed and compared the ECSchnorr, ECOkamoto, and ECGPS protocol with respect to their computational complexity, storage requirement, and communication overhead. Furthermore, we examine different certificate-management solutions in RFID applications and give size estimations from simulated scenarios. Our studies have led us to the result that elliptic-curve based identification schemes and signature schemes have nearly the same complexity. ECOkamoto provides more enhanced security features while ECGPS has been designed for efficient "on-the-fly" authentication using offline pre-computations. ECSchnorr might be preferred if primitive computation is performed online during tag authentication.

Paper Nr: 45
Title:

### Fast Re-estabilishment of IKEv2 security associations for recovery of IPsec Gateways in Mobile network

Authors:

#### Peng Yang, Yuanchen Ma and Satoshi Yoshizawa

Abstract: IKEv2/IPsec has been widely deployed, such as in VPN and MIPv6, to support mutual authentication, access control and traffic protection in internet. In the deployment, IKEv2/IPsec gateways may maintain huge number of IKEv2/IPsec security associations. If the gateway encounters failure or over-load, it will take a long time to re-establish security associations in another IKEv2/IPsec gateway. The major reason is that the regular procedure of IKE SA establishment incurs long delay in signalling exchanges and time-consuming computation especially in the Diffie-Hellman exchange. In this paper, a new IKE SA re-establishment solution is proposed to reduce the overhead of computation and signalling by directly transferring IKE SA from old gateway to new gateway via independent IKE SA storage (stub bank), wherein the most expensive Diffie-Hellman exchange and some of the messages can be avoided. The applicability of this solution in mobile network is further analyzed as well. Without some time-consuming IKEv2 exchanges, a huge amount of IKE/IPsec SAs can be re-established in a short time.

Paper Nr: 48
Title:

### MONITORING NODE SELECTION ALGORITHM FOR INTRUSION DETECTION IN CONGESTED SENSOR NETWORK

Authors:

#### Jaeun Choi, Myungjong Lee, Gisung Kim and Sehun Kim

Abstract: Since wireless resources are limited, an efficient way of utilizing wireless resources is needed in selecting IDSs. We propose a monitoring node selection scheme for intrusion detection in congested wireless sensor network. Network congestion is an important issue in mobile network. The network congestion does not guarantee a proper detection rate and congested networks should cause an unreliable network. We consider congested intrusion detection tasks by queuing theory. We confirm that proposed algorithm guarantee QoS of monitoring tasks and reliable sensor networks

Paper Nr: 69
Title:

### Throttling DDoS attacks

Authors:

#### Saraiah Gujjunoori, Taqi A. Syed, Madhu B. Janjanam, Avinash Darapureddi, Radhesh Mohandas and Alwyn Pais

Abstract: Distributed Denial of Service poses a significant threat to the Internet today. In these attacks, an attacker runs a malicious process in compromised systems under his control and generates enormous number of requests, which in turn can easily exhaust the computing resources of a victim web server within a short period of time. Many mechanisms have been proposed till date to combat this attack. In this paper we propose a new solution to reduce the impact of a distributed denial of service attack on a web server by throttling the client’s CPU. The concept of source throttling is used to make the client pay a resource stamp fee, which is negligible when the client is making a limited number of requests but becomes a limiting restriction when he is making a large number of requests. The proposed solution makes use of the integer factorization problem to generate the CPU stamps. We have packaged our solution as an API so that existing web applications can easily deploy our solution in a layer that is transparent to the underlying application.

Paper Nr: 104
Title:

### Assessment of Mobile Security Platforms

Authors:

#### Germán Retamosa and Jorge E. López de Vergara

Abstract: Mobility is one of the most important features in users’ communications. The increasing progress carried out by mobile communications has changed the concept of mobile phone. Nowadays, each new device offers newer technologies and services adapted to user requirements. However, each added improvement has a set of threats, which have to be taken into account for ensuring the confidentiality, integrity and availability of user and system data. In this paper, we analyze some important mobile security platforms, such as Symbian OS, Windows Mobile and iPhone OS. Then, we compare these platforms giving some advantages and drawbacks of each one and providing some conclusions about this study.

Paper Nr: 19
Title:

### SIMULATION OF AN IDENTITY-BASED CRYPTOGRAPHY SCHEME FOR AD HOC NETWORKS

Authors:

#### Mihai L. Pura, Victor V. Patriciu and Bica Ion

Abstract: Ad hoc networks are a promising technology especially from the point of view of its aim: assuring connectivity. But communication cannot be separated from security without loosing a lot of its benefits. That is why research has to focus on security aspects of the ad hoc network too. The paper presents an implementation of a security scheme for ad hoc networks based on identity-based cryptography. This implementation was made in ns2, using MIRACL library to implement identity-based encryption. The solution focuses only on assuring confidentiality, but can be further developed to assure also authentication, integrity and non-repudiation. For the start, an ns2 implementation was developed to provide a simulation environment where different possible scenarios can be tested and the scheme can be improved according to the results, before the real implementation.

Paper Nr: 52
Title:

### BEHAVIOR-BASED CLUSTERING FOR DISCRIMINATION BETWEEN FLASH CROWDS AND DDOS ATTACKS

Authors:

#### Young J. Heo

Abstract: We propose discrimination methods that classify cluster of traffic behaviour of flash crowds and DDoS attacks such as traffic pattern and characteristics and check cluster randomness. The behavior-based clustering consolidates packet into clusters based on similarity of observed behavior, e.g., source IPs are clustered together based on their pattern of destination port usage. The main objectives are to find way to proactively resolve problems such as DDoS attacks by detection and resolving attacks in their early development stages.

Paper Nr: 63
Title:

### Evaluation of quality and security of a VoIP network based on Asterisk and OpenVPN

Authors:

#### Dherik Barison, Dherik Barison, Rodrigo Miani and Leonardo Mendes

Abstract: The proposed work is to verify the performance and security of different cryptographic algorithms in a encrypted VPN (Virtual Private Network), created to provide confidentiality in the network VoIP traffic. The performance tests of the algorithms will occur in various network scenarios, simulating some problems like latency, packet loss, out of order packets, among others. The test architecture consists of: use of the SIPp software for communication between clients, an Asterisk server to intermediate the calls and the OpenVPN software, which will be responsible to create the virtual private network and provide the cryptography necessary for this work.

Paper Nr: 81
Title:

### A TRAFFIC COHERENCE ANALYSIS MODEL FOR DDOS ATTACK DETECTION

Authors:

#### Hamza Rahmani, Farouk Kamoun and Nabil Sahli

Abstract: Distributed Denial of Service (DDoS) attack is a critical threat to the Internet by severely degrading its performance. DDoS attack can be considered a system anomaly or misuse from which abnormal behaviour is imposed on network traffic. Network traffic characterization with behaviour modelling could be a good indication of attack detection witch can be performed via abnormal behaviour identification. In this paper, we will focus on the design and evaluation of the statistically automated attack detection. Our key idea is that contrary to DDoS traffic, flash crowd is characterized by a large increase not only in the number of packets but also in the number of IP connexions. The joint probability between the packet arrival process and the number of IP connexions process presents a good estimation of the degree of coherence between these two processes. Statistical distances between an observation and a reference time windows are computed for joint probability values. We show and illustrate that anomalously large values observed on these distances betray major changes in the statistics of Internet time series and correspond to the occurrences of illegitimate anomalies.

Paper Nr: 96
Title:

### Resisting Impersonation Attacks in Chaining-Based Public-Key Management on MANETs: the Virtual Public-Key Management

Authors:

#### Luiz P. Albini, Eduardo da Silva and Renan E. Silva

Abstract: Chaining-based key management schemes seem to be the ones that best fit MANETs. The main chaining-based scheme is the Self-Organized Public Key Management System (PGP-Like). However, it is fully vulnerable to impersonation attacks. In order to reduce such vulnerability, this article introduces a new public-key management system for MANETs, the Virtual Key Management System (VKM). VKM uses a virtual structure to indicate the trust between nodes and the certificate chains formation. VKM can behave in a restrict way, being able to tolerate impersonation attacks to a certain level, or it can behave similarly to the PGP-Like, just by changing a simple parameter. Thus, VKM can suit any user needs switching between these two models dynamically, without any network reinitialization or reconfiguration.

Paper Nr: 105
Title:

### Resynchronization Attack on Stream Ciphers Filtered by Maiorana-McFarland Functions

Authors:

#### Guanhan Chew, Aileen Zhang and Khoongming Khoo

Abstract: In this paper, we present an extension to the resynchronization attack on stream ciphers of Daemen et al. The most general attack in Daemen et al on a nonlinearly filtered register with linear resync has attack complexity $\frac{n}{\phi}\times 2^\phi$, where $n$ is the key length and $\phi$ the input size of the filter function. It was further shown specifically that the attack complexity can be reduced in the case when the filter function is a multiplexer. The attack of Daemen et al is most efficient when the input size is small. We shall show that a large input size may not necessarily guard against this attack, even when a function with good cryptographic properties is used. It may decrease the attack complexity, in the example illustrated in this paper. Boolean functions from the Maiorana-McFarland class make good choices for these filter functions due to good cryptographic properties such as balance, high nonlinearity and high order of resiliency. However, these functions can become linear when certain input bits are fixed. We shall demonstrate this weakness and use it to achieve lower attack complexities for the general resynchronization attack of Daemen et al.

## Area 4 - Cryptographic Techniques and Key Management

Full Papers
Paper Nr: 9
Title:

### IMPLEMENTING TRUE RANDOM NUMBER GENERATORS IN FPGAS BY CHIP FILLING

Authors:

#### Octavian Cret, Radu Tudoran, Alin Suciu and Tamas Gyorfi

Abstract: This paper presents a new method for implementing TRNGs in FPGA devices. The design is based on filling the chip close to its maximal capacity and exploiting the interconnection network as intensely as possible. This way, there are strong chances for the design to exhibit a nondeterministic behavior. Our design is a computationally intensive core that generates 64-bit numbers, accumulated into a normal, fixed-point accumulator. From the 64-bit words only those bits are extracted that exhibit the maximal entropy. They are then post-processed using the classical XOR-based bias elimination method. The resulting TRNG provides high quality random numbers; other advantages of this new method are its stability and the fact that the design encapsulates all its components in one chip. An explanation of the observed phenomenon is proposed, based on electromagnetic interferences inside the chip and cross talk. A method for developing new designs based on this approach is also proposed.

Paper Nr: 25
Title:

### QUANTUM SECURE DIRECT COMMUNICATION USING ENTANGLEMENT AND SUPER DENSE CODING

Authors:

#### Ayman Bahaa, Yasser Dakroury and Ola Hegazy

Abstract: This paper introduces a new quantum protocol for secure direct communication. This protocol is based on Entanglement and Super-Dense coding. In this paper we present some basic definitions of entanglement in quantum mechanics, present how to use the maximally entangled states known as Bell States, and super dense coding technique to achieve secure direct message communication. Finally, we will apply some error models that could affect the transmission of the quantum data on the quantum channels, and how to treat these errors and acquire a safe transmission of the data

Paper Nr: 54
Title:

### An Efficient Group Key agreement Protocol for Heterogeneous Environment

Authors:

#### Mounita Saha and Dipanwita Roychowdhury

Abstract: Secure group communication in heterogeneous environment is gaining popularity due to the advent of wireless and ubiquitous computing. Although a number of protocols for group key agreement have been proposed, most of them are not applicable in heterogeneous environment where a number of computationally limited nodes coexist with one or more computationally efficient nodes. Among the few existing protocols, where some fail to satisfy the key agreement properties, some are unable to handle the agreement for dynamic group. In this work, we propose a constant round group key agreement protocol for heterogeneous environment using polynomial interpolation. The protocol ensures both communication and computation efficiency by shifting the major computation load on powerful users, achieves true contributory key agreement property and dynamic handling of user join and leave. The security of the protocol has been analyzed under formal model. Finally we have extended the protocol to hierarchy, offering more scalability without affecting the security and efficiency. The comparison result shows considerable improvement in protocol efficiency compared to the existing ones.

Paper Nr: 55
Title:

### Certified Pseudonyms Colligated with Master Secret Key

Authors:

#### Huaxiong Wang, Vijayakrishnan Pasupathinathan, Josef Pieprzyk and Huaxiong Wang

Abstract: A pseudonym provides anonymity by protecting the identity of a legitimate user. A user with a pseudonym can interact with an unknown entity and be confident that his/her identity is secret even if the other entity is dishonest. In this work, we present a system that allows users to create pseudonyms from a trusted master public-secret key pair. The proposed system is based on the intractability of factoring and finding square roots of a quadratic residue modulo a composite number, where the composite number is a product of two large primes. Our proposal is different from previously published pseudonym systems, as in addition to standard notion of protecting privacy of an user, our system offers colligation between seemingly independent pseudonyms. This new property when combined with a trusted platform that stores a master secret key is extremely beneficial to an user as it offers a convenient way to generate a large number of pseudonyms using relatively small storage.

Paper Nr: 65
Title:

### The Chameleon Cipher-192 (CC-192): A Polymorphic Cipher

Authors:

#### Magdy Saeb

Abstract: Abstract: The Chameleon Cipher-192 is a polymorphic cipher that utilizes a variable word size and variablesize users key. In the preprocessing stage, the user key is extended into a larger table or bit-level Sbox using a specially developed hash-function. The generated table is used in a special configuration to substantially increase the substitution addressing space. Accordingly, we call this table the S-orb. We show that the proposed cipher provides concepts of key-dependent number of rotations, keydependent number of rounds and key-dependent addresses of substitution tables. Moreover, the parameters used to generate the different S-orb words are likewise key-dependent. We establish that the self-modifying proposed cipher, based on the aforementioned key-dependencies, provides an algorithm polymorphism and adequate security with a simple parallelizable structure. The ideas incorporated in the development of this cipher may pave the way for key-driven encryption rather than merely using the key for sub-key generation. The cipher is adaptable to both hardware and software implementations. Potential applications include voice and image encryption.

Short Papers
Paper Nr: 18
Title:

### A New Analysis of RC4: A Data Mining Approach (J48)

Authors:

#### Mohsen H. Sichani, Mohsen H. Sichani and Ali Movaghar

Abstract: This paper combines the cryptanalysis of RC4 and Data mining algorithm. It analyzes RC4 by Data mining algorithm (J48) for the first time and discloses more vulnerabilities of RC4. The motivation for this paper is combining Artificial Intelligence and Machine learning with cryptography to decrypt cyphertext in the shortest possible time. This analysis shows that lots of numbers in RC4 during different permutations and substitutions do not change their positions and are fixed in their places. This means KSA and PRGA are bad shuffle algorithms. In this method, the information theory and Decision trees are used which are very powerful for solving hard problems and extracting information from data. The results of this Data mining approach could be used to improve the existing methods of breaking WEP (or other encryption algorithms) in less time with fewer packets.

Paper Nr: 34
Title:

### Cryptanalysis of Ring Signature and Ring Signcryption Schemes

Authors:

#### Pandu R. C., S.ree V. S., S.harmila S. S., S. S. Vivek, Pandu R. C. and S.harmila S. S.

Abstract: Ring signature and ring signcryption are cryptographic primitives, that allow an user to sign and signcrypt a message respectively without revealing their identity, i.e. the verifier or the unsigncrypter is convinced that the message is valid and authentic but is handicapped of knowing the identity of the actual signer or signcrypter. In this paper we consider three schemes, the first one is a ring signature scheme and the second one is a ring signcryption scheme, we demonstrate attacks on them to show that, both schemes lack anonymity and the latter doesn't provide confidentiality. We also consider a secret authenticatable anonymous signcryption scheme with identity privacy as the third scheme in our paper, which is a ring signcryption scheme that allows the actual signcrypter to reveal his identity (if required in a dispute at a later point of time). We show that this scheme is void of indistinguishability because the ciphertext is distinguishable during the challenge phase of the confidentiality game.

Paper Nr: 35
Title:

### Practical Traceable Anonymous Identification

Authors:

#### Daniel Slamanig, Peter Schartner and Christian Stingl

Abstract: Internet privacy is of increasing interest, since online services are getting more and more ubiquitous and cover many aspects of one's daily life. Hence users leave information tracks and disclose information during usage of services which can be compiled by third parties to infer users behavior, preferences etc. and thus may violate user's privacy. In this paper we propose a practical method for traceable anonymous identification which can be used for online services in order to protect user's privacy. It enables users to authenticate themselves to a service provider, whereas the service provider is not able to identify authenticating users. However, the service provider can be sure that only authorized users are able to authenticate. Since absolute anonymity may open the door for dishonest behavior, our protocol incorporates traceability, which enables a service provider to identify authenticating users in cooperation with an offline trusted third party. The proposed method is fully compatible with real world scenarios, i.e. public key infrastructures based on X.509 certificates, and can be easily deployed using state of the art smart cards. Furthermore, the proposed method is very efficient and we give a performance analysis as well as a security analysis of the introduced protocols.

Paper Nr: 41
Title:

### Information-Theoretically Secure Strong Verifiable Secret Sharing

Authors:

#### Changlu Lin, Lein Harn and Dingfeng Ye

Abstract: In a (t,n) secret sharing scheme, a mutually trusted dealer divides a secret into n shares in such a way that any t or more than t shares can reconstruct the secret, but fewer than t shares knows nothing about the secret. When there is no mutually trusted dealer, a (n,t,n) secret sharing scheme can be used to set up a (t,n) secret sharing because each shareholder also acts as a dealer to decide a master secret jointly and divide each selected secret for others. A verifiable secret sharing (VSS) allows each shareholder to verify that all shares are t-consistent (i.e. every subset of t of the n shares defines the same secret). In this paper, we show that (t,n)-VSS and (n,t,n)-VSS proposed by Pedersen can only ensure that all shares are t-consistent; but shares may not satisfy the security requirements of secret sharing scheme. Then, we introduce a new notion of strong VSS. A strong VSS scheme can ensure that (a) all shares are t-consistent, and (b) all shares satisfy the security requirements of secret sharing scheme. We propose two simple ways to convert Pedersen's VSS schemes into strong VSS schemes, which are information-theoretically secure. We also prove that our proposed VSS schemes satisfy the strong verifiable property.

Paper Nr: 68
Title:

### SAFE REVERSE AUCTIONS PROTOCOL Adding treatment against Collusive Shill Bidding and Sniping Attacks

Authors:

#### Ribeiro Leonardo, Ruy de Queiroz and Leonardo Ribeiro

Abstract: Many secure auction protocols were created. BJK (Byoungcheon Lee, Kwangjo Kim e Joongsoo Ma 2001) defined an efficient protocol for English auctions that can be used also for Reverse auctions. Chung (Yu Fang Chung 2008) created an improvement of BJK, however there are still some security faults that can be explored by attackers in these two protocols. In this article, we define a protocol based on BJK that is an improvement of it with the addition of security’s treatment to attacks of Collusive Shill Bidding e Sniping.

Paper Nr: 71
Title:

### a second preimage attack on Merkle-Damgård scheme with a permutation for hash functions

Authors:

#### Chen Shiwei and Jin chenhui

Abstract: Using one kind of multicollsions of the Merkle-Damgård(MD) construction for hash functions proposed by Kelsey and Schneier, this paper presents a second preimage attack on MDP construction which is a simple variant of MDscheme with a permutation for hash functions. Then we prove that the computational complexity of our second preimage attack is k×2^{n/2+1 }+2^{n−k} less than 2^n where n is the size of the hash value and 2^{k }+k+1 is the length of the target message.

Paper Nr: 90
Title:

### On the Security of Adding Confirmers into Designated Confirmer Signatures

Authors:

#### Wataru Senga and Hiroshi Doi

Abstract: In designated confirmer signature (DCS) scheme, a signature can be verified only by interacting with a semi-trusted third party, called the confirmer. In previous DCS schemes, a confirmer is designated at the time of the signature generation. So once the designated confirmer becomes unavailable, no one can verify the validity of the signature. In this paper, we introduce an extended DCS scheme which the confirmers can be added after the signature is generated. We gives the new model and the security definitions, and propose the concrete scheme that is provably secure without random oracles.

Paper Nr: 1
Title:

### A Chaos Based Encryption Method Using Dynamical Systems With Strange Attractors

Authors:

#### Arash Sheikholeslam

Abstract: In this paper, one approach for using dynamical systems with strange attractors as cipher system is introduced. The necessity of Synchronization for this type of system is discussed in depth and an applicable chaotic encryption-decryption system, some of which is specialized for image cryptography, is developed. The developed system is based on a discrete modification of the Lorenz dynamical system. Synchronization features and spatial and spectral properties of the system are obtained experimentally.

Paper Nr: 56
Title:

### Interactive Secret Share Management

Authors:

#### Constantin C. Dragan

Abstract: In this paper, we have proposed a method for the management of a compartmented secret sharing scheme that allows the increase of the global threshold without modifying the existent shares of the participants. We have considered the Trusted Authority the central point of the scheme as a management unit: it creates the shares, in a RSA manner, and distributes them, rebuilds the secret S, and allows the registration of new participants without modifying the existing shares. ents.

Paper Nr: 91
Title:

### Efficient Traitor Tracing for Content Protection

Authors:

#### Hongxia Jin

Abstract: In this paper we study the traitor tracing problem in the context of content protection. Traitor tracing is a forensic technology that attempts to detect the users who have involved in the pirate attacks when pirate evidences are recovered. There are different types of pirate attacks and each requires a different traitor tracing mechanism. We studied different types of attacks, surveyed various traitor tracing schemes and analyzed spectrum of traceabilities of different schemes using two representative schemes. We shall present some observations on the designs and their impact on the efficiency of the schemes. We shall also present various future directions that can lead to simpler and more efficient traitor tracing schemes for various pirate attacks.

Paper Nr: 92
Title:

### AD-HOC ON DEMAND AUTHENTICATION CHAIN PROTOCOL An Authentication Protocol for Ad-hoc Networks

Authors:

Abstract: A mobile ad hoc network is an autonomous system that is made up of collaborative mobile nodes. Nodes in mobile ad hoc networks have limited capabilities and dynamic topology. Authentication of network nodes and the establishment of secret keys among nodes are both target security objectives in ad hoc networks. The constrained devices and other special properties of ad hoc networks make achieving those security properties a challenging task. This paper proposes an authentication protocol, Ad-hoc On Demand Authentication Chain Protocol (AOAC), which allow individual node to authenticate each other and to establish a shared key for secure peer-to-peer communication, the authentication does not rely on any centralize trusted authority or fixed server and is not based on public key cryptography. To provide both node authentication and pair-wise authenticated key establishment we proposed a transitive authentication technique by which active attacks, specially the main in the middle attack, can be prevented. The security of our protocol is analyzed using GNY logic. We also provided simulation and performance analysis of the proposed authentication protocol.

Paper Nr: 103
Title:

### NMIX: AN IDEAL CANDIDATE FOR KEY MIXING

Authors:

#### Jaydeb Bhaumik, Jaydeb Bhaumik and Dipanwita Roychowdhury

Abstract: Boolean functions play an important role in cryptography. In this paper, a Boolean function ‘Nmix’ has been proposed which is balanced, reversible and highly nonlinear in nature. It has been proved that the bias of each of the bits decrease exponentially with the bit position. Thus the Boolean function provides high resistance against linear cryptanalysis compared to addition modulo 2^n, the popularly known non-linear function used in cryptographic primitives. The cryptographic properties of Nmix are compared with similar cryptographic functions and the result justify to select it as as an ideal choice for key mixing.

Paper Nr: 106
Title:

### A New Image Encryption Algorithm Using Cellular Automata

Authors:

#### Mayank Varshney, Dipanwita Roychowdhury and Mayank Varshney

Abstract: A significant part of multimedia data to be transmitted over the network consists of image data. In this paper,a cellular automata based image encryption algorithm which functions as a stream cipher has been presented. This encryption algorithm is specifically intended towards encrypting the image data. Proposed image encryption algorithm uses a hybrid cellular automata to produce a random key-stream while AES-key expansion module infuses the reasonable security in the image encryption system.

## Area 5 - Information Assurance

Short Papers
Paper Nr: 27
Title:

### Tool Support for Achieving Qualitative Security Assessments of Critical Infrastructures

Authors:

#### HanhQuyen Nguyen, Michael Klaas, Friedrich Köster, Markus Braendle, Sebastian Obermeier and Walter Brenner

Abstract: Devices that are designed for the use in critical infrastructures demand a high level of security. Therefore, a consideration of cyber threats and security mechanisms should be done in an early state, at best at the product’s design phase. In this paper, we present a security assessment method in addition to a support tool that allows the involved participants to conduct security assessments in a reproducible and standardized way. Special for our method is the focus on the collaboration of different domain experts at various abstraction levels, which is typical for critical infrastructure device assessments.

Paper Nr: 30
Title:

### COLLABORATIVE SECURITY ASSESSMENTS IN EMBEDDED SYSTEMS DEVELOPMENT

Authors:

#### Friedrich Köster, Michael Klaas, HanhQuyen Nguyen, Markus Braendle, Sebastian Obermeier and Walter Brenner

Abstract: The standardization of network protocols and software components in embedded systems development has introduced security threats that have been common before in e-commerce and office systems into the domain of critical infrastructures. The ESSAF framework presented in this paper lays the ground for collaborative, structured security assessments during the design and development phase of these systems. Its three phases system modeling, security modeling and mitigation planning guide software developers in the independent assessment of their product’s security, minimizing the burden on security experts in the collection of security relevant data.

Paper Nr: 47
Title:

### AN APPROACH FOR DESIGNING OF ENTERPRISE IT LANDSCAPES TO PERFORM QUANTITAVE INFORMATION SECURITY RISK ASSESSMENT

Authors:

#### Anton Romanov and Eiji Okamoto

Abstract: Nowadays most of enterprises must consider information security aspects as of the highest concern. It is caused not only by growing hacker’s activity but also because of increasing legal requirements and compliance issues. One of required procedures to manage information security is regular performing of information security risk assessment. This article describes an approach for designing and managing of an enterprise IT landscapes which makes possible to perform quantitative information security risk assessment using already established methodologies which were previously inapplicable by some reasons. Moreover, application of the proposed framework allows transformation of any IT landscape to such state. Other relevant key features of the proposed approach are unification and reduction of maintenance cost.

Paper Nr: 82
Title:

### IDENTIFYING SECURITY ELEMENTS FOR COOPERATIVE INFORMATION SYSTEMS

Authors:

#### Nathalie Dagorn

Abstract: This paper tackles security issues for cooperative information systems (CIS) by first identifying the major security requirements for this particular type of information systems, and then discussing the security techniques usually implemented to address these requirements as well as their limitations.

Paper Nr: 87
Title:

### An improved multiparty protocol for comparison of secret-shared values

Authors:

#### Tord I. Reistad and Tord Ingolf Reistad

Abstract: Given any linear secret sharing scheme with a multiplication protocol, we show that a set of players holding shares of two values a, b in Zp for some prime p (written [a] and [b]), it is possible to compute a sharing [result] such that [result] = ([a] < [b]). The protocol maintains the same security against active/adaptive adversaries as the underlying secret sharing scheme.

Paper Nr: 98
Title:

### The Dark Side of Security by Obscurity and Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime

Authors:

#### Nicolas Courtois

Abstract: MiFare Classic is the most popular contactless smart card with about 200 millions copies in circulation worldwide. At Esorics 2008 Dutch researchers showed that the underlying cipher Crypto-1 can be cracked in as little as 0.1 seconds if the attacker can access or eavesdrop the RF communications with the (genuine) reader. We discovered that a MiFare classic card can be cloned in a much more practical card-only scenario, where the attacker only needs to be in the proximity of the card for a number of minutes, therefore making usurpation of identity through pass cloning feasible at any moment and under any circumstances. For example, anybody sitting next to the victim on a train or on a plane is now be able to clone his/her pass. Other researchers have also (independently from us) discovered this vulnerability, however our attack requires less queries to the card and does not require any precomputation. In addition, we discovered that certain versions or clones of MiFare Classic are even weaker, and can be cloned in 1 second. The main security vulnerability that we need to address with regard to MiFare Classic is not about cryptography, RFID protocols and software vulnerabilities. It is a systemic one: we need to understand how much our economy is vulnerable to sophisticated forms of electronic subversion where potentially one smart card developer can intentionally (or not), but quite easily in fact, compromise the security of governments, businesses and financial institutions worldwide.