Information Security Practice and Experience: 17th International Conference, ISPEC 2022, Taipei, Taiwan, November 23–25, 2022, Proceedings (Lecture Notes in Computer Science, 13620)
معرفی کتاب «Information Security Practice and Experience: 17th International Conference, ISPEC 2022, Taipei, Taiwan, November 23–25, 2022, Proceedings (Lecture Notes in Computer Science, 13620)» نوشتهٔ Chunhua Su (editor), Dimitris Gritzalis (editor), Vincenzo Piuri (editor)، منتشرشده توسط نشر Springer International Publishing AG در سال 2022. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
This book constitutes the refereed proceedings of the 17th International Conference on Information Security Practice and Experience, ISPEC 2022, held in Taipei, Taiwan, in November 2022. The 33 full papers together with 2 invited papers included in this volume were carefully reviewed and selected from 87 submissions. The main goal of the conference is to promote research on new information security technologies, including their applications and their integration with IT systems in various vertical sectors. Preface Organization Contents Blockchain Towards Blockchain-Enabled Intrusion Detection for Vehicular Navigation Map System 1 Introduction 2 Background and Related Work 2.1 High Definition Map 2.2 Related Work 3 Our Proposed System 3.1 System Design 3.2 Threat Model 3.3 Blockchain-Enabled Intrusion Detection 4 Evaluation 4.1 Environmental Setup 4.2 System Implementation 4.3 Scalability Evaluation 5 Concluding Remarks References Blockchain-Based Self-Sovereign Identity System with Attribute-Based Issuance 1 Introduction 1.1 Background and Related Work 1.2 Motivation and Contribution 2 Blockchain-Based Self-sovereign Identity System with Attribute-Based Issuance 2.1 Problem Statement 2.2 System Description 3 Preliminaries 3.1 DDH-Based Oblivious Transfer 3.2 Confidential Smart Contract 4 Proposed System 5 Security Analysis 6 Comparisons 7 Conclusion References Blockchain-Based Confidential Payment System with Controllable Regulation 1 Introduction 1.1 Contribution 1.2 Related Works 1.3 Organization 2 Preliminaries 2.1 Threshold Cryptosystem Without A Trusted Party 2.2 Additive Homomorphic Encryption 2.3 Zero-Knowledge Proofs 3 Confidential Blockchain Payment System with Regulation 3.1 System Description 3.2 System Model 3.3 Security Model 4 The Proposed System 5 Performance Evaluation 6 Conclusion and Future Works References Designing Enhanced Robust 6G Connection Strategy with Blockchain 1 Introduction 2 Background and Related Work 2.1 6G Technology 2.2 6G with Blockchain 3 Our Proposed System 3.1 Smart-Contract Design 3.2 Client Application Design 3.3 Web Platform Design 3.4 Android App 4 System Implementation 4.1 Blockchain 4.2 Smart Contract 4.3 Web Platform 4.4 Client Application 4.5 Android App 5 Evaluation and Discussion 6 Concluding Remarks References Blockchain-Based Multi-keyword Search on Encrypted COVID-19 Contact Tracing Data 1 Introduction 1.1 Related Work 1.2 Our Contribution 2 Framework of the Developed System 2.1 High-Level Overview of the Proposed System 2.2 Workflow of the System 3 Construction of the Proposed Scheme 3.1 System Setup 3.2 File Encryption 3.3 Index Generation 3.4 Searching and Access Control 3.5 File Decryption 4 Security Analysis and Performance Evaluation 4.1 Security Analysis 4.2 Performance Evaluation 4.3 Comparison with Existing Schemes 5 Conclusion References UCC: Universal and Committee-based Cross-chain Framework 1 Introduction 1.1 Our Contribution 2 Preliminary 2.1 Permissionless Consensus 2.2 Permissioned Consensus 2.3 Committee Construction 3 Security Model and Definition 3.1 Security Model 3.2 Security Definition of the Cross-Chain Framework 4 Construction Overview 5 Detailed Protocol 5.1 Chain Message Passing Module 5.2 Committee Consensus Module 5.3 Inter-chain Message Passing Module 5.4 Committee Member Selection Module 5.5 Pipeline Committee Rotation Method 5.6 Complete UCC Process 6 Security Analysis 7 An Efficient Instantiation of Our Scheme 7.1 Detailed Instantiation of Each Module 7.2 Simulation and Evaluation 8 Discussion 9 Conclusion References Security for Critical Infrastructure A Low-Cost and Cloud Native Solution for Security Orchestration, Automation, and Response 1 Introduction 2 Related Works 3 Background and Problem Statement 4 Architecture 4.1 Design 4.2 Technology 5 Results 5.1 Use Cases 5.2 Performance Assessment 6 Conclusion References Protecting Cyber-Physical System Testbeds from Red-Teaming/Blue-Teaming Experiments Gone Awry 1 Introduction 2 Threat Model Relevant for the CPS Testbed 2.1 Outsider Threats 2.2 Insider Threats 3 Overview of Our CPS Testbed Structure 4 Cybersecurity Centric Experiment Support in Testbed 5 Experiment Communication Model 6 Overview of Experiment Execution on Testbed 7 Inter-Experiment Secure Communications 8 Testbed Tuple Space Design for Isolated Experiments 8.1 Tuple Space Manager-TSM 8.2 Tuple Space Operation 8.3 Tuple Space Transaction 9 Authorization Module (AM) 9.1 Experiment Resources and Operations 9.2 Resources and Privileges Allocation 9.3 Relationship Between Control Node, Experiments, and Subjects 9.4 Object Classification 9.5 Control Node Identification 9.6 Security Policy 10 Related Works 11 Conclusion and Future Directions References IoT Security Robust Anomaly Detection via Radio Fingerprinting in LoRa-Enabled IIoT 1 Introduction 2 Related Work 3 System Overview 3.1 System Model 3.2 Threat Model 3.3 Assumption 4 Hawk Design 4.1 IIoT Device's Radio Fingerprinting Features 4.2 Model Training Approach 4.3 Enrollment and Authentication 4.4 Anomaly Detection 5 Experimental Evaluation 5.1 Experimental Setup and Dataset 5.2 Evaluation Metrics 5.3 Federated Learning Setup 5.4 Performance Evaluation 6 Conclusion References A New Scalable Mutual Authentication in Fog-Edge Drone Swarm Environment 1 Introduction 2 Characteristics of Drone Swarm Environment 2.1 Drone Swarm Environments 2.2 Security Issues in Fog-Edge Drone Swarm Environments 2.3 Design Requirements 3 Proposed Design 3.1 Protocol Overview 3.2 Preparation Phase 3.3 Authentication Phase 3.4 Additional Processes 3.5 Authentication in Scalable Scenarios 4 Evaluation 4.1 Security Analysis 4.2 Performance Evaluation 4.3 Comparison 5 Related Work 6 Conclusion and Future Work A Response Generation in PP.3 A.1 Response Generation in Generic Edge Drone A.2 Response Generation in Edge Drone with PUF References Sparse Attack on Skeleton-Based Human Action Recognition for Internet of Video Things Systems 1 Introduction 2 Related Works 2.1 Skeleton Based Action Recognition 2.2 Adversarial Attack 3 Method 3.1 Adversarial Attack Problem Formulation 3.2 Perceptual Distance Metric 3.3 Sparsity Loss 4 Experiments 4.1 Dataset and Evaluation Metrics 4.2 Untargeted Attack 4.3 Targeted Attack 4.4 Transferability 5 Conclusion References LMGROUP: A Lightweight Multicast Group Key Management for IoT Networks 1 Introduction 2 Related Work 3 Scenario and Scheme 3.1 Assumptions 3.2 Network Scenario 3.3 Group Member Selection 3.4 Designed Scheme 4 Implementation 4.1 Testbed and Environmental Setup 5 Performance Evaluation 5.1 Communication and Computation Cost 5.2 Storage Overhead 6 Formal Security Verification 6.1 Man in The Middle Attack Protection 6.2 Replay and Impersonation Attacks Protection 6.3 Denial of Service Attack Protection 7 Conclusion References Software Security Using API Calls for Sequence-Pattern Feature Mining-Based Malware Detection 1 Introduction 2 Related Work 3 Problem Description 3.1 Emulators 4 The Proposed Approach 4.1 Features Derived From API Calls vs Static Features 4.2 API Calls vs Sequences of API Calls 4.3 The Architecture of Our Solution 5 Feature Mining 5.1 Feature Definition and Feature Metrics 5.2 Optimal API Pattern-Sequences Features 5.3 Behavior Features 5.4 Selection Phase 6 Models and Validation Methodology 7 Databases 8 Experimental Results 9 Conclusions and Future Work References Evaluating the Possibility of Evasion Attacks to Machine Learning-Based Models for Malicious PowerShell Detection 1 Introduction 2 Related Work 2.1 Deobfuscation Malicious PowerShell Scripts 2.2 Detection of Malicious PowerShell 2.3 Evading Machine Learning Models 3 Related Technique 3.1 NLP Technique 3.2 Machine Learning Technique 4 Evaluation Method 4.1 Outline 4.2 Preprocessing 4.3 Training Process 4.4 Detection Evasion Process 5 Experiment 5.1 Dataset 5.2 Experiment Contents 5.3 Result 6 Discussion 6.1 Possibility of Evasion Attack 6.2 NLP Techniques and Machine Learning Models 6.3 Research Ethics 6.4 Limitations 7 Conclusion References Detect Compiler Inserted Run-time Security Checks in Binary Software 1 Introduction 2 Background and Related Works 3 Evaluation Framework 4 Insight 5 Technique to Detect Security Checks in Binaries 5.1 Generate Interesting Code Snippets 5.2 Normalize Interesting Code Snippets 5.3 Validate Interesting Code Snippets 5.4 Recognize Common Instruction Patterns 6 Experimental Results and Observations 6.1 Results with the Simple String Comparison Algorithm 6.2 Results with the LCS Pattern Matching Algorithm 6.3 Observations 7 Future Work 8 Conclusion References Detection of MSOffice-Embedded Malware: Feature Mining and Short- vs. Long-Term Performance 1 Introduction 1.1 Context 1.2 Goal and Structure of the Paper 2 Study Methodology 2.1 Feature Mining 2.2 Classifiers: Selection and Design 2.3 Limitations and Constraints 3 Data Collection 4 Feature Perishability 5 Experiments and Results 5.1 Time-Insensitive Accuracy 5.2 Proactivity 5.3 Classifier Endurance 6 Related Work 6.1 Generic Techniques for Code Obfuscation 6.2 VBA Code Obfuscation Specific Aspects 6.3 Machine Learning Techniques for Detecting Malicious VBA Code 7 Conclusions and Future Work References PriApp-Install: Learning User Privacy Preferences on Mobile Apps' Installation 1 Introduction 2 Overall Architecture 3 Learning Approaches 3.1 Naive and Category-Based Prediction Models 3.2 Simple and Advanced Ensemble-Based Prediction Models 4 Dataset 5 Experiments 5.1 Experiments Setting 5.2 Participants 5.3 Evaluation 6 Related Work 7 Conclusion References Network and Web Security BADPASS: Bots Taking ADvantage of Proxy as a Service 1 Introduction 2 State of the Art 2.1 Scraping Bots Exploiting resip Services 2.2 Proxy Detection Based on rtt 3 Setup and Methodology 3.1 Infrastructure 3.2 resip Providers 3.3 Clients and Servers 3.4 Network Measurements 3.5 The Detection Method 3.6 Timeline and Data Storage 4 Results 5 Discussion 6 Conclusion and Future Works A Bright Data End of Subscription References A CNN-Based Semi-supervised Learning Approach for the Detection of SS7 Attacks 1 Introduction 1.1 Our Contribution 1.2 Organisation 2 SS7 Protocol and Its Security Vulnerabilities 2.1 SS7 Overview 2.2 Security Vulnerabilities in SS7 Networks 3 Autoencoder-Based SS7 Attack Detection 3.1 Autoencoder Neural Networks 3.2 Autoencoder-Based Solution for SS7 Attack Detection ch19hoang2021 4 CNN-Based Semi-supervised Learning for Attack Detection 4.1 Recap of Convolutional Neural Networks 4.2 Recap of CNN-Based Semi-supervised Learning 4.3 Our CNN-Based Semi-supervised Learning Solution 5 Experiments 5.1 Results on the Real World Dataset 5.2 Results on the Simulated Dataset 6 Conclusion and the Future Work References Federated Intrusion Detection on Non-IID Data for IIoT Networks Using Generative Adversarial Networks and Reinforcement Learning 1 Introduction 2 Related Work 3 Methodology 3.1 Federated Learning 3.2 Training Detection Model on Collaborative Machines 3.3 FL with GAN for Non-IID Data 3.4 FL with RL for Non-IID Data 3.5 RL and GAN-Integrated FL for Non-IID Data 4 Experimental Evaluation 4.1 Data Preprocessing 4.2 Experimental Settings 4.3 Evaluation Result 5 Conclusion References Preventing Adversarial Attacks Against Deep Learning-Based Intrusion Detection System 1 Introduction 2 Related Works 3 Preliminaries 4 Our Proposal 4.1 Overview 4.2 Adversarial Detection Method 5 Evaluation 5.1 Evaluation Dataset and Metrics 5.2 Experimental Results and Discussion 6 Conclusion References Detection of Adversarial Examples Based on the Neurons Distribution 1 Introduction 2 Related Works 2.1 Adversarial Examples 2.2 Poisson Distribution 3 Proposed Method 4 Experimental Results 5 Conclusion References Authentication and Biometric Security Techniques for Continuous Touch-Based Authentication 1 Introduction 2 Background 2.1 Related Work 2.2 Datasets 3 Techniques for Continuous Touch-Based Authentication 3.1 Methods 3.2 Findings 4 Performance Evaluation 4.1 Comparison 4.2 Results 5 Discussion 5.1 Limitations 6 Conclusion A Abbreviations B All Features References Performance Evaluation of Post-Quantum TLS 1.3 on Resource-Constrained Embedded Systems 1 Introduction 2 Popular PQC Libraries and Related Research Work 3 Background 3.1 TLS Protocol 3.2 WolfSSL 4 Proposed Design Approach and Overall PQ TLS 1.3 Architecture Implementation 4.1 WolfSSL Post-Quantum Adaptation 5 Measurements and Evaluation 5.1 Experiment and Measurement Setup 5.2 Post-quantum Cryptographic Algorithms Measurements 5.3 Post-quantum TLS 1.3 Measurements 6 Conclusion A Other Post-Quantum Algorithms B Main Components of WolfSSL Library References Secure Human Identification Protocol with Human-Computable Passwords 1 Introduction 2 Related Works 3 Introducing Noise to the iChip Protocol 4 Interface Design and Protocol Implementation 4.1 Generating One-Time Passwords 4.2 Advanced Example 4.3 TurboChip Overlay for the iChip Protocol 5 Protection Against Active Attacks 5.1 Preliminary Stage in iChip Protocol with TurboChip Overlay 5.2 Hash-Based Signature 6 Brief Analysis of Usability 7 Brief Analysis of Security 8 Comparison of the Best HGP Protocols 9 Conclusions A Increasing the iChip Entropy A.1 Individual Background Composition A.2 The iChip as Multi-Layout Interface with 3D Key References Practical Backdoor Attack Against Speaker Recognition System 1 Introduction 2 Background 2.1 Neural Network 2.2 Speaker Recognition System 2.3 Speaker Recognition Tasks 3 Attack Approach 3.1 Threat Model and Attack Goal 3.2 Attack Strategy 4 Evaluation 4.1 Experimental Setting 4.2 Experimental Results 5 Related Work 6 Conclusion References Anonymous Authentication Protocols in Vehicular Ad Hoc Network-An Survey 1 Introduction 1.1 Motivation 1.2 Our Contributions 1.3 Organization 2 Preliminaries 2.1 VANET Features 2.2 System Model 2.3 Standard Types of VANET 3 Security in VANET 3.1 Attackers Classification 3.2 Security Requirement 4 Authentication Protocol 4.1 Asymmetric Cryptography Based Classification 4.2 Symmetric Cryptography Based Classification 4.3 Identity-Based Cryptography Classification 4.4 Group Signature-Based Classification 4.5 RSUs-Based Classification 5 Performance Evaluation 6 Conclusion References Cryptography Optimal Generic Attack Against Basic Boneh-Boyen Signatures 1 Introduction 1.1 Our Contributions 2 Preliminaries 2.1 Security Definitions 2.2 Bilinear Pairings 2.3 SDH Problems 3 Boneh-Boyen Signature Scheme 3.1 The Basic Signature Scheme 3.2 The Full Signature Scheme 4 Chosen Message Attack on the Basic Scheme 4.1 Security of the Basic Signature Scheme 5 Cheon's Algorithm 6 Runtime Analysis 6.1 Experimental Analysis 6.2 Theoretical Analysis 7 Conclusion References .26em plus .1em minus .1emDifferential Cryptanalysis of Salsa20 Based on Comprehensive Analysis of PNBs 1 Introduction 1.1 Background 1.2 Our Contributions 1.3 Organization of the Paper 2 Specification of Salsa20 and Preliminaries 3 Differential Cryptanalysis 3.1 Differential Cryptanalysis of Salsa20 Stream Cipher 3.2 Related Work 4 Comprehensive Analysis of Probabilistic Neutral Bits 4.1 Searching the OD with Best Neutral Measure 4.2 Experimental Results 4.3 Discussion 5 Differential Cryptanalysis Based on Analysis of PNBs 5.1 Single-Bit Differential Bias 5.2 Complexity Estimation of Proposed Attack on Salsa20/8 5.3 Discussion 6 Conclusion References Physical Zero-Knowledge Proof Protocol for Topswops 1 Introduction 1.1 Open Problems in Topswops 1.2 Zero-knowledge Proof Protocol for Topswops 1.3 Contribution 1.4 Related Work 2 Preliminaries 2.1 Notations 2.2 Commitment Based on Physical Cards 2.3 Pile-scramble Shuffle 2.4 Sort Sub-protocol 3 Proposed Protocol 3.1 Idea 3.2 Copy Protocol 3.3 Our Protocol 4 Security and Performance 4.1 Security 4.2 Performance 5 Conclusion References Attribute Based Tracing for Securing Group Signatures Against Centralized Authorities 1 Introduction 2 Preliminaries 2.1 Notations 2.2 Digital Signatures 2.3 Attribute-Based Encryption 2.4 (Non-interactive) Zero-Knowledge Proof System 3 Attribute-Based Tracing for Group Signatures 3.1 Syntax of the Scheme 3.2 Correctness and Security Definitions 4 Construction 5 Correctness and Security 6 Conclusion A Appendix: The Oracles B Appendix: Security Proof B.1 Anonymity B.2 Traceability B.3 Non-Frameability References Sherlock Holmes Zero-Knowledge Protocols 1 Introduction 2 Preliminaries 2.1 Hardness Assumptions 2.2 Zero-Knowledge Protocols 3 Multi-Decisional Protocol 3.1 Description 3.2 Security Analysis 3.3 Examples 4 Vectorized Multi-Decisional Protocol 4.1 Description 4.2 Security Analysis 5 Computational Protocol 5.1 Description 5.2 Security Analysis 5.3 Examples 6 Performance of the Sherlock Holmes Protocols 7 Conclusions References Continued Fractions Applied to a Family of RSA-like Cryptosystems 1 Introduction 1.1 Our Contribution 2 Preliminaries 2.1 Continued Fraction 3 Useful Quotient Groups 4 The Scheme 5 Useful Lemmas 6 Application of Continued Fractions 7 Experiment Results 7.1 Case n=2 7.2 Case n=4 8 Conclusions References M-EDESE: Multi-Domain, Easily Deployable, and Efficiently Searchable Encryption 1 Introduction 2 Preliminaries 2.1 Bilinear Maps 2.2 BLS Short Signature 3 System Construction 3.1 System Architecture 3.2 Algorithm 4 Security Analysis 4.1 Query Privacy 4.2 Query Unforegeability 4.3 Revocability 5 Evaluation 5.1 Complexities 5.2 Experiments 6 Conclusion References A Traceable and Revocable Attribute-based Encryption Scheme Based on Policy Hiding in Smart Healthcare Scenarios 1 Introduction 2 Preliminary 2.1 Bilinear Groups 2.2 Access Structures 2.3 Linear Secret Sharing Schemes 3 Formal Definition 3.1 System Model 3.2 Overall Access Architecture 3.3 Security Model 4 Design Details of Our Scheme 4.1 System Initialization 4.2 Key Generation 4.3 Data Encryption 4.4 Data Decryption 4.5 Traitor Tracing 4.6 Attribute Revocation 5 Security Analysis 6 Performance Analysis 7 Conclusion References Author Index
دانلود کتاب Information Security Practice and Experience: 17th International Conference, ISPEC 2022, Taipei, Taiwan, November 23–25, 2022, Proceedings (Lecture Notes in Computer Science, 13620)