Financial Cryptography and Data Security: 12th International Conference, FC 2008, Cozumel, Mexico, January 28-31, 2008. Revised Selected Papers (Lecture Notes in Computer Science, 5143)
معرفی کتاب «Financial Cryptography and Data Security: 12th International Conference, FC 2008, Cozumel, Mexico, January 28-31, 2008. Revised Selected Papers (Lecture Notes in Computer Science, 5143)» نوشتهٔ Gene Tsudik (editor)، منتشرشده توسط نشر Springer Berlin Heidelberg : Imprint: Springer در سال 2008. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
Annotation This book constitutes the thoroughly refereed post-conference proceedings of the 12th International Conference on Financial Cryptography and Data Security, FC 2008, held in Cozumel, Mexico, in January 2008. The 16 revised full papers and 9 revised short papers presented together with 5 poster papers, 2 panel reports, and 1 invited lecture were carefully reviewed and selected from 86 submissions. The papers are organized in topical sections on attacks and counter measures, protocols, theory, hardware, chips and tags, signatures and encryption, as well as anonymity and e-cash Title Page Foreword Preface Organization Table of Contents Quantifying Resistance to the Sybil Attack Introduction Goals and Model Entity Utility The General Sybil Objective Specific Sybil Objectives The Sybil Valuation ${\gamma}a$ for Specific Objectives Application: Recurring Fee Onion Routing (RFOR) Entry Fees Related Work Conclusions References Evaluating the Wisdom of Crowds in Assessing Phishing Websites Introduction Data Collection and Analysis Phishing Website Reporting and Evaluation Power-Law Distribution of User Participation Rates Duplicate Submissions in Phishtank Comparing Open and Closed Phishing Feeds Phishing Website Identification Phishing Website Verification Testing the Accuracy of Phishtank’s Crowd Decisions Miscategorization in PhishTank Does Experience Improve User Accuracy? Do Users with Bad Voting Records Vote Together? Disrupting the PhishTank Verification System Attacks and Countermeasures Lessons for Secure Crowd-Sourcing Related Work Conclusion References Don’t Clog the Queue! Circuit Clogging and Mitigation in P2P Anonymity Schemes Introduction Background Attacking Morphmix Wide-Area Experiments Node Discovery Attack Stochastic Fair Queue Mitigation Mechanism Basic Properties of SFQ Circuit CloggingMitigation Efficiency of SFQ Mitigation N-Probe Attack Discussion References An Efficient Deniable Key Exchange Protocol (Extended Abstract) Introduction Our Work Related Work Security Model Deniability in Public Random Oracle Model Our Protocol Security Analysis Secrecy Authentication Deniability Performance References Revisiting Pairing Based Group Key Exchange Introduction Bilinear Maps The First Key Exchange Scheme Proof of Security Efficiency Improvements Comparison Pairing-Based Version of BD II Comparison References Constant-Round Password-Based Authenticated Key Exchange Protocol for Dynamic Groups Introduction Security Models for Password-Based Key Exchange The Security Model Security Definitions Algorithmic Assumptions From Two to Group: An Improved Compiler Description Efficiency Security Conclusion References A Practical Universal Circuit Construction and Secure Evaluation of Private Functions Introduction Our Contributions Related Work Applications for Universal Circuits Definitions and Preliminaries Our Universal Circuit Construction Recursive Universal Block Construction Improved Selection Block Constructions Generalized Permutation Blocks Efficient Selection Blocks Optimization of the Universal Circuit Construction Comparison and Conclusion References Generalized Non-Interactive Oblivious Transfer Using Count-Limited Objects with Applications to Secure Mobile Agents Introduction Definitions and Preliminaries Virtual Monotonic Counters and Count-Limited Objects Non-Interactive Oblivious Transfer Generalized Non-Interactive Oblivious Transfer Problem Definition Desired Security Properties TPM-Based Solution Security Analysis Non-interactive Secure Mobile Agents Secure Function Evaluation Application of SFE to Mobile Agents The GTX Protocol Conclusion References PBS: Private Bartering Systems Introduction Framework Definition/Our Contributions Framework Example Our Contributions Non-private Bartering Systems Algorithms for (1, 1) Trades Algorithms for (1, n) Trades Algorithms for (n, n) Trades Private Bartering Systems Building Blocks Security Definitions Protocols Extensions Finding a (1, 1) Trade Finding a (1, n) Trade Finding an (n, n) Trade Related Work Summary References Breaking Legacy Banking Standards with Special-Purpose Hardware Introduction Previous Work Basics of Token Based Data Authentication Cryptanalysis of the ANSI X9.9-Based Challenge-Response Authentication Possible Attack Scenarios on Banking Systems Implementing an Attack on ANSI X9.9-Based Systems FPGA-Based Special-Purpose Hardware Cluster Hardware Cluster Architecture FPGA-Based Attack Architecture Implementation Results Conclusion References ePassport: Securing International Contacts with Contactless Chips Introduction ICAO Standard Embedded IC Specifications Data on the IC Biometrics Cryptographic Mechanisms Guessing the BAC Keys Theoretical Entropy Effective Entropy Our Practical Attacks Against Belgian Passport Recommendations Delaying IC Answers Random Passport Numbers Separate BAC Keys and Personal Data Radio-Blocking Shield Active Authentication Favorite Algorithms Conclusion References Good Variants of $HB^{+}$ Are Hard to Find Introduction The $HB^{+}$ Protocol and the GRS Attack The $HB^{+}$ Protocol An Active Attack on $HB^{+}$ TheVariant $HB^{++}$ TheVariant HB∗ TheVariantsHB-MP' and HB-MP Discussion and Implications Conclusions References Augmenting Internet-Based Card Not Present Transactions with Trusted Computing (Extended Abstract) Introduction Applying Trusted Computing to CNP Transactions Conclusions References Weighing Down “The Unbearable Lightness of PIN Cracking” Introduction SaltedPIN Attacks and Countermeasures Attacks on Salted-PIN Service-Point Specific Salted-PIN Conclusion References Phishwish: A Stateless Phishing Filter Using Minimal Rules Introduction Phishwish Description Untitled References Competition and Fraud in Online Advertising Markets Introduction Model Player Types Decision Variables Equilibria Conclusion References Identity Theft: Much Too Easy? A Study of Online Systems in Norway Introduction The Norwegian Birth Number Why Systems Leak The Software Improving the Situation Conclusions References A Proof of Concept Attack against Norwegian Internet Banking Systems Introduction BankID through Adversarial Eyes Reverse Engineering The Attack Possible BankID Improvements Related Work Conclusion Final Remark References Improvement of Efficiency in (Unconditional) Anonymous Transferable E-Cash Introduction Related Works Our Contribution and Organization of the Paper Definitions and Useful Tools Algorithms Global Variables and Oracles Security Properties Useful Tools Transferable Compact E-Cash Scheme Overview of Our Construction Description of the Scheme Security Proof Unconditionally Anonymous Transferable Scheme Overview of Our Construction Description of the Scheme Achieving the Unconditional Anonymity Conclusion References Proactive RSA with Non-interactive Signing Introduction Preliminaries Proactive RSA with Non-interactive Signing: Protocols Security Arguments References Fair Traceable Multi-Group Signatures Introduction A Model for Fair Traceable Multi-Group Signatures Preliminaries Building Blocks Design of a FTMGS Scheme Performance Analysis References Identity-Based Online/Offline Encryption Introduction Definitions Security Models Bilinear Pairing Complexity Assumption IBOOE from the Boneh-Boyen IBE Construction Security IBOOE from the Gentry IBE Construction Security Comparison Natural IBOOE Comparison Conclusion References Countermeasures against Government-Scale Monetary Forgery Introduction Physical Digital Cash Requirements Physical Digital Cash Techniques Security Analysis Conclusion References OpenPGP-Based Financial Instruments and Dispute Arbitration Introduction Electronic Evidence Digital Representations of Debt and Credit Reputation General Negotiable Financial Instrument General Reputation Record Arbitration References An EÆcient Anonymous Credential System Introduction Background Our Result Preliminaries Notation Bilinear Groups Anonymous Credential System Assumptions and Basic Signature Scheme Strong DiÆe-Hellman (SDH) Assumption The Decision Linear DiÆe-Hellman Assumption [9] Basic Signature Scheme Proposed Basic Anonymous Credential System Key Generation Credential Issuing Protocol Credential Proving Protocol Security Proposed Anonymous Credential System with Revocation Key Generation Credential Issuing Protocol Credential Proving Protocol Identity Revealing Protocol Security Comparison References Practical Anonymous Divisible E-Cash from Bounded Accumulators Introduction Related Results On the Practicality of the Truly Anonymous Divisible E-Cash in Our Approach Preliminaries Pairing Mathematical Assumptions Useful Tools Syntax Security Notions Construction High Level Description System Construction Security Analysis Efficiency Analysis Conclusion References Panel: Usable Cryptography: Manifest Destiny or Oxymoron? Introduction You Can’t Make Them Drink Usable Cryptography: What Is It Good for? “Usable Cryptography” as an Impossible State References Real Electronic Cash Versus Academic Electronic Cash Versus Paper Cash (Panel Report) Introduction Different Types of Electronic Payment Systems (by Jon Callas) Edge Conditions Incompatibility, Reliability and Security (by Yvo Desmedt) Academic vs. Real E-Cash in the Developing World and the Shadow Economy (by Daniel Nagy) Interoperability of e-Cash Systems in Japan (by Akira Otsuka) Reflections on Real Electronic Cash (by Jean-Jacques Quisquater) Implicit eCash: Embed e-Payment Indirectly in Your e-Processes (by Moti Yung) References Securing Web Banking Applications Introduction Logical Model Internet Banking Mutual Authentication Process Conclusions References Privacy Threats in Online Stock Quotes Privacy Issues Potential Solutions A Platform for OnBoard Credentials References ST&E Is the Most Cost Effective Measure for Comply with Payment Card Industry (PCI) Data Security Standard Making Quantitative Measurements of Privacy/Analysis Tradeoffs Inherent to Packet Trace Anonymization A Quantitative Approach to a Qualitative Tradeoff Experimental Design Conclusions and Future Work References Author Index
دانلود کتاب Financial Cryptography and Data Security: 12th International Conference, FC 2008, Cozumel, Mexico, January 28-31, 2008. Revised Selected Papers (Lecture Notes in Computer Science, 5143)