وبلاگ بلیان

Information Security Applications: 24th International Conference, WISA 2023, Jeju Island, South Korea, August 23–25, 2023, Revised Selected Papers (Lecture Notes in Computer Science)

معرفی کتاب «Information Security Applications: 24th International Conference, WISA 2023, Jeju Island, South Korea, August 23–25, 2023, Revised Selected Papers (Lecture Notes in Computer Science)» نوشتهٔ Howon Kim (editor), Jonghee Youn (editor)، منتشرشده توسط نشر Springer Nature Singapore Pte Ltd Fka Springer Science + Business Media Singapore Pte Ltd در سال 2024. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

This book constitutes the revised selected papers from the 24th International Conference on Information Security Applications, WISA 2023, held in Jeju Island, South Korea, during August 23–25, 2023. The 25 papers included in this book were carefully reviewed and selected from 76 submissions. They were organized in topical sections as follows: Cryptography; network and application security; privacy and management; attacks and defenses; post-quantum cryptography and quantum cryptanalysis. Preface Organization Invited Talk and Keynotes 5G-AKA and EAP-AKA from Cryptographic Perspectives (Invited Talk) Leaking AI: On Side-Channel Vulnerabilities (and more) on EdgeML Devices (Keynote) Post-Quantum Cryptography: Now and Onwards (Keynote) Contents Cryptography A New Higher Order Differential of LCB 1 Introduction 2 The Algorithm of LCB 3 Higher Order Differential Attack 3.1 Higher Order Differentialch1lai 3.2 Saturation Properties 3.3 Attack Equation 4 Higher Order Differential Characteristics of LCB 5 Attack on the Full-Round LCB 5.1 Distinguishing Attack 5.2 Key Recovery Attack 6 Modification of LCB 6.1 The Algorithm 6.2 Higher Order Differential Characteristics 6.3 Higher Order Differential Attack 7 Conclusion References Bloomier Filters on 3-Hypergraphs 1 Introduction 2 Preliminaries 2.1 Bloom Filters 2.2 Hypergraph 3 The Existing Bloomier Filters 3.1 Chazelle et al. ch2CKRT04 3.2 Charles and Chellapilla ch2CC08 4 Our Proposals 5 Further Discussion 6 Conclusion References Principal Component Analysis over the Boolean Circuit Within TFHE Scheme 1 Introduction 2 Background 2.1 Homomorphic Encryption (HE) 2.2 Principal Component Analysis (PCA) 3 Related Work 4 Our Model 5 PCA over the TFHE Scheme 5.1 Dominant Eigenvector 5.2 Eigen Shift Procedure 5.3 Details of PCA Algorithm 6 Experiment 7 Result 8 Discussion and Future Work 8.1 Discussion 8.2 Future Work 9 Conclusion References A Security Analysis on MQ-Sign 1 Introduction 2 MQ-Sign 2.1 UOV 2.2 MQ-Sign-RS 3 Our Proposed Attack 3.1 Preliminary 3.2 Representation Matrices of the Central Map of MQ-Sign-RS 3.3 The Idea of Our Attack 3.4 How to Recover t1' and t2' 3.5 How to Recover the Other Vectors t3',..., to' 4 Implementation Results and Complexity Analysis 4.1 Experiments 4.2 Complexity 5 Conclusion References Network and Application Security Research on Security Threats Using VPN in Zero Trust Environments 1 Introduction 2 Zero Trust 5 Pillars 2.1 Zero Trust Concept 2.2 Approaches to Applying Zero Trust to the US DoD 2.3 Analysis of Published Zero Trust Security Frameworks 3 Security Threats to ZTNA 3.1 Zero Trust Security Threat Scenarios 3.2 Security Vulnerabilities for Zero Trust-Based VPN Equipment 3.3 Security Vulnerability Countermeasure Techniques 4 Conclusion References A Blockchain-Based Mobile Crowdsensing and Its Incentive Mechanism 1 Introduction 2 Literature Review 3 System Model 4 Proposed Approach 4.1 Account Grouping Method 4.2 Grouping Truth Discovery Algorithm 4.3 Reward Distribution Mechanism 5 Experiments and Security Analysis 5.1 Security Analysis 5.2 Experiment Setup and Performance Metrics 5.3 Result Analysis 6 Conclusion References A New Frontier in Digital Security: Verification for NFT Image Using Deep Learning-Based ConvNeXt Model in Quantum Blockchain 1 Introduction 2 Related Work 3 Datasets 4 Methodology 4.1 NFT Concept 4.2 NFT Image Verification Using ConvNeXt 4.3 Quantum Blockchain 5 Proposed Approach 6 Experiment Results and Comparison 6.1 Experimental Setup 6.2 Comparison 7 Conclusion References AE-LSTM Based Anomaly Detection System for Communication Over DNP 3.0 1 Introduction 2 Related Works 3 Power System Network 3.1 Analysis of Power System Network Communication Method 3.2 Risk Analysis of DNP 3.0-Based Communication Systems 4 Proposed AI-Based Anomaly Detection System 4.1 DNP 3.0 Parser 4.2 Feature Preprocessor 4.3 AE-LSTM Classifier 5 Evaluation 5.1 Dataset Description 5.2 Experimental Setup 5.3 Performance Index 5.4 Experiment Result 6 Conclusions and Future Research References Privacy and Management Systematic Evaluation of Robustness Against Model Inversion Attacks on Split Learning 1 Introduction 2 Background 2.1 Split Learning 2.2 Model Inversion Attacks 2.3 Defenses Against Model Inversion Attacks 3 Implementations of Previous Defense Approaches on Training Phase 3.1 Laplacian Noise 3.2 NoPeekNN 3.3 Differential Privacy 4 Experimental Settings 4.1 Datasets 4.2 Target Classification Models 4.3 Inverse Models 4.4 Evaluation Matrix 5 Experimental Results 5.1 Classification Performance Evaluation 5.2 Data Privacy Evaluation 6 Conclusion References Vulnerability Assessment Framework Based on In-The-Wild Exploitability for Prioritizing Patch Application in Control System 1 Introduction 2 Scoring System of Vulnerability 2.1 Common Vulnerability Scoring System, CVSS 2.2 Exploit Prediction Scoring System, EPSS 3 Related Works 4 In-The-Wild Risk Assessment Method for Vulnerabilities 4.1 Evaluate Attacker Skill Level and Likelihood of Exploiting In-The-Wild Vulnerabilities 4.2 Quantifying Risk of In-The-Wild Vulnerabilities 4.3 Case Study 5 Conclusion References Patchman: Firmware Update Delivery Service Over the Blockchain for IoT Environment 1 Introduction 2 Problem Definition 2.1 Trust Model 2.2 Security Goals 3 Patchman Delivery Service 3.1 Components 3.2 Protocol 4 Security Analysis 5 Related Work 6 Conclusion References Security Risk Indicator for Open Source Software to Measure Software Development Status 1 Introduction 2 Background 2.1 Vulnerability Information 2.2 OSS Information 3 Assumed Situation 4 Approach 4.1 Requirement 4.2 Design 4.3 Implementation 5 Evaluation 5.1 Purpose and Environment 5.2 Assessment of Security Risk Indicators 5.3 Exploited Vulnerability Handling of Security Risk Indicators 5.4 Calculation Time of Security Risk Indicator 6 Discussion 6.1 Considerations 6.2 Limitations 7 Related Work 8 Conclusion References Attacks and Defenses Defending AirType Against Inference Attacks Using 3D In-Air Keyboard Layouts: Design and Evaluation 1 Introduction 2 Related Work 3 System and Threat Model 4 Design and Methodology 4.1 Design Justification 4.2 3D AR Keyboard Design 4.3 Technical Details 5 Evaluation 5.1 User Study 5.2 End-to-End Pipeline 6 Discussion and Limitations 7 Conclusion References Robust Training for Deepfake Detection Models Against Disruption-Induced Data Poisoning 1 Introduction 2 Background and Motivation 2.1 Deepfake Defense Methods 2.2 Threat Model 3 System Design 3.1 Overview 3.2 Diffusion Purification 3.3 Timestep for Purification 4 Evaluation 4.1 Experimental Settings 4.2 Purification Ability for Disruptive Images 4.3 Accuracy of Detection Models Under the Poisoned Dataset 5 Discussion 6 Related Work 7 Conclusion References Multi-class Malware Detection via Deep Graph Convolutional Networks Using TF-IDF-Based Attributed Call Graphs 1 Introduction 2 Related Work 3 Proposed Architecture 3.1 APK Characterization 3.2 Classification 4 Evaluation 4.1 Experimental Setup 4.2 Performance Measures 4.3 Results and Discussion 5 Conclusion References OCR Meets the Dark Web: Identifying the Content Type Regarding Illegal and Cybercrime 1 Introduction 2 Background and Related Works 2.1 Analysis on Dark Web Content 2.2 Optical Characteristics Recognition 2.3 Existing Works Related to Dark Web Crawling 3 Methodology 3.1 Overview 3.2 Collecting the Dark Web Page 3.3 Collecting the Text and Image from the Dark Web Page 3.4 Text Extraction 3.5 Keyword Collection 3.6 Evaluating Keyword Inclusion 4 Experiment 4.1 Dataset Description 4.2 Setup 4.3 Experiment and Results 5 Limitations 6 Conclusion and Future Works References Enriching Vulnerability Reports Through Automated and Augmented Description Summarization 1 Introduction 2 Related Work 3 Dataset: Baseline and Data Augmentation 4 Methodology and Building Blocks 4.1 Sentence Encoders 4.2 Pretrained Models 4.3 Pipeline 5 Evaluations 6 Conclusion References Hardware and Software Security Protecting Kernel Code Integrity with PMP on RISC-V 1 Introduction 2 Background and Motivation 2.1 Kernel Code Integrity 2.2 Limitation of Existing Solutions 2.3 RISC-V Physical Memory Protection 3 Threat Model 4 Design and Implementation 4.1 PMP Policies for Locking Kernel Code 4.2 Hooking Kernel Entries and Exits 5 Evaluation 5.1 Performance Overhead 5.2 Security Evaluation 5.3 Limitation in Performance Overhead Estimation 6 Related Work 7 Conclusion References Exploiting Memory Page Management in KSM for Remote Memory Deduplication Attack 1 Introduction 2 Background 2.1 Memory Deduplication Attack 2.2 Analyzing the KSM Behavior 3 Remote Memory Deduplication Attack with KSM's Memory Page Management Mechanism 3.1 Building Blocks of the Attack 3.2 Remote Attack Procedure 4 Conclusion References Mutation Methods for Structured Input to Enhance Path Coverage of Fuzzers 1 Introduction 2 Background 2.1 Coverage-Based Grey-Box Fuzzing 2.2 Mutation Method 3 The Proposed Mutation Methods 3.1 Uniform Mutation 3.2 Format-Agnostic Mutation 4 Evaluation 4.1 Experiment Setup 4.2 The Result of Uniform Mutation 4.3 The Result of Format-Agnostic Mutation 5 Related Work 6 Conclusion References Improved Differential-Linear Cryptanalysis of Reduced Rounds of ChaCha 1 Introduction 2 Preliminary 3 Differential-Linear Cryptanalysis 4 Improved Differential-Linear Analysis on ChaCha 4.1 Our Strategy 4.2 Linear Part 4.3 Differential Part 4.4 Computational Complexity 5 A Comparative Analysis of Our Research Findings and Existing Studies 6 Conclusion References SP-Fuzz: Fuzzing Soft PLC with Semi-automated Harness Synthesis 1 Introduction 2 Related Research 3 Preliminary 4 Fuzzing Soft PLC with Harness 4.1 Overview 4.2 Semi-automated Harness Generator 4.3 Fuzzing the Harness 5 Evaluation 5.1 Implementation 5.2 Experimental Setup 5.3 Comparative Study 5.4 Unit Test 5.5 Case Study 6 Limitations 7 Conclusion References Post-Quantum Cryptography and Quantum Cryptanalysis Quantum Circuit Designs of Point Doubling Operation for Binary Elliptic Curves 1 Introduction 2 Preliminaries 2.1 Shor's ECDLP 2.2 Binary Elliptic Curves in the Quantum Realm 3 Quantum Circuit Designs of Point Doubling Operation for Binary Elliptic Curves 3.1 Challenges on Quantum Point Doubling Construction 3.2 Proposed Quantum Circuits 4 Discussions and Limitations 5 Conclusions and Future Work References PQ-DPoL: An Efficient Post-Quantum Blockchain Consensus Algorithm 1 Introduction 2 Preliminaries 2.1 Blockchain Consensus Algorithm 2.2 Evaluation Metrics for Blockchain Performance 2.3 CRYSTALS-DILITHIUM 2.4 Trusted Execution Environment 3 PQ-DPoL 3.1 Post-Quantum Blockchain Using Dilithium 3.2 Construction of Trusted Execution Environment 3.3 Proof of Luck with Delegated Approach 4 Benchmark 4.1 Environment and Evaluation Metrics 5 Conclusion References Efficient Implementation of the Classic McEliece on ARMv8 Processors 1 Introduction 1.1 Contribution 2 Preliminaries 2.1 Classic McEliece 2.2 ARMv8 Processor 2.3 Related Works 3 Proposed Method 3.1 Multiplication on F2m 3.2 Multiplication on F213t 4 Evaluation 5 Conclusion References Evaluating KpqC Algorithm Submissions: Balanced and Clean Benchmarking Approach 1 Introduction 1.1 Contributions 2 Related Works 2.1 NIST Standardization of Post Quantum Cryptography 2.2 KpqC: Korea's Post Quantum Cryptography Standardization 2.3 PQClean 3 KPQClean: Clean Benchmark on KpqC 4 Conclusion References Author Index
دانلود کتاب Information Security Applications: 24th International Conference, WISA 2023, Jeju Island, South Korea, August 23–25, 2023, Revised Selected Papers (Lecture Notes in Computer Science)