وبلاگ بلیان

[Lecture Notes in Computer Science] Information Security Theory and Practice Volume 12024 (13th IFIP WG 11.2 International Conference, WISTP 2019, Paris, France, December 11–12, 2019, Proceedings) ||

معرفی کتاب «[Lecture Notes in Computer Science] Information Security Theory and Practice Volume 12024 (13th IFIP WG 11.2 International Conference, WISTP 2019, Paris, France, December 11–12, 2019, Proceedings) ||» نوشتهٔ Maryline Laurent (editor), Thanassis Giannetsos (editor)، منتشرشده توسط نشر Springer International Publishing : Imprint : Springer در سال 1007. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

This volume constitutes the refereed proceedings of the 13th IFIP WG 11.2 International Conference on Information Security Theory and Practices, WISTP 2019, held in Paris, France, in December 2019. The 12 full papers and 2 short papers presented were carefully reviewed and selected from 42 submissions. The papers are organized in the following topical sections: authentication; cryptography; threats; cybersecurity; and Internet of Things. Preface 6 Organization 8 Contents 10 Invited Paper 12 How to Compartment Secrets 13 1 Introduction 13 1.1 Notations and Hypotheses 14 2 Collapse Probability 14 3 Optimal Solution When {0,1} 16 4 Optimal Solution for Monotone Secret Sharing 16 5 Finding Optimal Strategies 17 6 Heuristic Solutions 17 7 Numerical Example 18 8 Conclusion 18 A Detailed Computation For (3, 3) 19 B Detailed Computation With The Heuristic Algorithm 20 References 20 Authentication 22 A Lattice-Based Enhanced Privacy ID 23 1 Introduction 23 2 Preliminaries 25 2.1 Lattice-Based Direct Anonymous Attestation 26 2.2 Zero Knowledge Proof of the Ring-LWE Secrets 26 3 UC Based Security Model for EPID 27 4 The Proposed LEPID Scheme 29 4.1 High Level Description of the LEPID Scheme 29 4.2 Detailed Description of the LEPID Scheme 30 5 A Sketched Security Proof for LEPID 33 6 Experimental Results 36 7 Conclusion 37 References 38 A Generic View on the Unified Zero-Knowledge Protocol and Its Applications 40 1 Introduction 40 2 Preliminaries 41 2.1 Groups 41 2.2 Zero-Knowledge Protocols 42 2.3 Hash Functions 43 3 The Main Protocol 43 3.1 Description 43 3.2 Security Analysis 44 4 Special Cases of the UGZK Protocol 46 4.1 Proofs of Knowledge of a Multiple Discrete Logarithm 47 4.2 Proofs of Knowledge of a Multiple eth-root 47 4.3 Proofs of Knowledge of a Multiple Discrete Logarithm Representation 47 4.4 Proofs of Knowledge of a Multiple eth-root Representation 48 5 Hash Protocol Variant 48 5.1 Description 49 5.2 Security Analysis 49 6 A Distributed Unified Protocol 50 6.1 Description 50 6.2 Security Analysis 51 6.3 Complexity Analysis 52 6.4 Variations 52 7 Conclusions and Further Development 53 References 53 Cryptography 55 Verifiable and Private Oblivious Polynomial Evaluation 56 1 Introduction 56 1.1 Related Works 58 1.2 Contributions 59 1.3 Outline 59 2 Preliminaries 60 2.1 Paillier Cryptosystem 60 2.2 Zero-Knowledge Proof 60 3 Definition and Security Model 61 3.1 Security Models 62 3.2 Security Against Collusion Attacks 65 4 VIP-POPE Description 65 4.1 Formal Definition of VIP-POPE 65 5 Security and Performance Analysis 67 5.1 Security Proofs 67 5.2 Comparison with Other PPE Schemes 69 6 Conclusion 70 References 71 Monomial Evaluation of Polynomial Functions Protected by Threshold Implementations 73 1 Introduction 74 1.1 Problematic and State of the Art 74 1.2 Our Contributions 74 1.3 Overview of the Paper 75 2 Preliminaries 75 2.1 Basics on Sharing 75 2.2 Basic Notions 76 3 Our TI Generic Evaluation Technique 79 3.1 Our First-Order TI-secure Monomial Evaluation 80 3.2 Extension of Our Technique for Any Polynomial Function 81 4 Construction of the Dirac Function as a Lookup Table (LUT) 82 5 An Illustration on the AES Algorithm 83 5.1 AES Algorithm 83 5.2 Strategy 84 5.3 Application of Our Monomial Evaluation Technique on the AES SBox 84 5.4 Presentation of the Other TI-masked AES Operations 86 6 Performances of Our Proposition 87 6.1 Comparison of Our Proposal for AES SBox Regarding the Prior State of the Art 87 6.2 Performances of Our Proposal for the Complete AES 87 7 Conclusion 88 References 88 Strong Designated Verifier Signature Based on the Rank Metric 92 1 Introduction 92 2 Backgrounds and Definitions 94 2.1 Error Correcting Codes in Hamming Metric 94 2.2 Error Correcting Codes in the Rank Metric 95 2.3 Strong Designated Verifier Signature 96 2.4 Security Model of SDVS 97 3 The Proposed Strong Designated Verifier Signature 99 4 Security Analysis 101 5 Parameters and Results 106 6 Conclusion 107 References 108 A Lightweight Implementation of NTRU Prime for the Post-quantum Internet of Things 110 1 Introduction 110 2 A Brief Overview of NTRU Prime 113 3 Polynomial Multiplication 115 3.1 Karatsuba-Based Polynomial Multiplication 115 3.2 Product-Form Polynomial Multiplication 120 4 Results and Comparison 122 5 Conclusions 124 References 124 Threats 127 Fault Injection Characterization on Modern CPUs 128 1 Introduction 128 1.1 Related Works 129 1.2 Motivations 129 1.3 Contribution 130 2 Modern CPU Modeling 130 2.1 Modern CPUs Specificities 130 2.2 Modern CPU Model 131 3 Fault Effect Analysis on CPU 132 3.1 Determining the Faulted Element 132 4 Experimental Analysis 134 4.1 BCM2837 134 4.2 Intel Core I3 136 4.3 Determining the Faulted MAB 138 5 Conclusion and Future Works 140 References 141 Threat Analysis of Poisoning Attack Against Ethereum Blockchain 144 1 Introduction 144 2 Background 145 2.1 Ethereum 145 2.2 How to Use Smart Contract on Ethereum 147 3 Related Work 148 3.1 Data Stored Space Attack 148 3.2 Programs Attack 148 3.3 C&C Technique Using Blockchain Network 148 4 Blockchain Poisoning Attack 149 4.1 What Is Blockchain Poisoning Attack 149 4.2 Why Blockchain Poisoning Attack Is Critical/Impact of Blockchain Poisoning Attack 149 4.3 Application of Blockchain Poisoning 150 5 Evaluation of Flexible Space 150 5.1 Methodology 151 5.2 Files Embedded in Transactions 151 6 Feasibility Experiment of Poisoning Attack 152 6.1 Experimental Environment 153 6.2 Experiment 153 6.3 Ease of Poisoning Attack 154 7 Discussion 155 7.1 Behavior of a Suspicious Account 155 7.2 Risk of Flexible Space of Blockchain 156 7.3 Possibility of Wrapping Arbitrary Binary in a Contract 157 7.4 Countermeasure Against Blockchain Poisoning 157 8 Conclusions 158 References 158 A Template-Based Method for the Generation of Attack Trees 160 1 Introduction 160 2 Background 162 2.1 Automotive Communication Network 162 2.2 Attack Trees 163 3 Methodology 163 3.1 Attack Tree Templates 165 3.2 A Simple Example 166 4 Implementation 167 5 Conclusion 169 References 169 Cybersecurity 171 Analysis of QUIC Session Establishment and Its Implementations 172 1 Introduction 172 2 QUIC in a Nutshell 173 2.1 QUIC Main Goals and Features 174 3 QUIC Packet Protection 175 3.1 The Special Case of Initial Packets 176 3.2 Header Protection Keys 177 4 Implementation of the Initial Exchange 177 5 Test Description 178 6 Results 180 6.1 Version Negotiation 180 6.2 Client Initial Packet Length 181 6.3 Missing Parameters 182 6.4 Frame Mangling 182 7 Related Work 184 8 Conclusion and Perspectives 184 A Scapy Implementation 185 References 186 CompactFlow: A Hybrid Binary Format for Network Flow Data 188 1 Introduction 188 2 Related Work 190 2.1 Packet-Level Traffic Collection 190 2.2 Flow-Level Traffic Collectors 191 3 CompactFlow Format Design 193 3.1 CompactFlow File Header 193 3.2 Flow Binary Representation 195 4 Evaluation 198 5 Discussion 202 6 Conclusion 202 References 203 SSI-AWARE: Self-sovereign Identity Authenticated Backup with Auditing by Remote Entities 205 1 Introduction 205 2 The Problem of Backup and Restore in the SSI Model 207 3 AWARE 208 4 Security-Risk Analysis 213 5 Implementation 217 5.1 Experimentation 218 6 Discussion 219 7 Conclusion and Future Work 220 References 220 Internet of Things 223 Automated Security Analysis of IoT Software Updates 224 1 Introduction 224 2 Software Updates for IoT Devices 226 2.1 Security Issues in SUIT 227 3 The IoT Application Verification Framework 228 3.1 Formal Security Assessment Workflow 229 3.2 Application Extraction and Modeling 230 3.3 Policy Specification 231 3.4 Model Checking 232 3.5 IoTAV Implementation 232 4 Experimental Evaluation 233 4.1 Experimental Results 235 4.2 Limitations 236 5 Related Work 237 6 Conclusion 238 References 238 Towards a Context-Aware Security and Privacy as a Service in the Internet of Things 241 1 Introduction 241 2 Related Works 242 2.1 Proposed Solutions 243 2.2 Positioning 243 3 Context-Aware Security and Privacy as a Service Based Architecture 244 3.1 Overview 244 3.2 Knowledge Plane 245 3.3 Security and Privacy Plane 247 4 Conclusion and Future Work 249 Appendix A ITU-T Reference Architecture Integration 250 Appendix B CASPaaS Underlying Network Architecture 251 References 252 Author Index 254
دانلود کتاب [Lecture Notes in Computer Science] Information Security Theory and Practice Volume 12024 (13th IFIP WG 11.2 International Conference, WISTP 2019, Paris, France, December 11–12, 2019, Proceedings) ||