Chu et al. (ASIACCS 2012) proposed group signature with time-bound keys (GS-TBK) where each signing key is associated to an expiry time τ. In addition to prove the membership of the group, a signer needs to prove that the expiry time has not passed, i.e., t<τ where t is the current time. A signer whose expiry time has passed is automatically revoked, and this revocation is called natural revocation. Simultaneously, signers can be revoked before their expiry times have passed due to the compromise of the credential. This revocation is called premature revocation. A nice property of the Chu et al. proposal is that the size of revocation lists can be reduced compared to those of Verifier-Local Revocation (VLR) group signature schemes, by assuming that natural revocation accounts for most of signer revocations in practice, and prematurely revoked signers are only a small fraction. In this paper, we point out that the definition of traceability of Chu et al. did not capture unforgeability of expiry time of signing keys which guarantees that no adversary who has a signing key associated to an expiry time τ can compute a valid signature after τ has passed. We introduce a security model that captures unforgeability, and propose a GS-TBK scheme secure in the new model. Our scheme also provides the constant signing costs whereas those of the previous schemes depend on the bit-length of the time representation. Finally, we give implementation results, and show that our scheme is feasible in practical settings.
{"title":"Group Signatures with Time-bound Keys Revisited: A New Model and an Efficient Construction","authors":"K. Emura, Takuya Hayashi, Ai Ishida","doi":"10.1145/3052973.3052979","DOIUrl":"https://doi.org/10.1145/3052973.3052979","url":null,"abstract":"Chu et al. (ASIACCS 2012) proposed group signature with time-bound keys (GS-TBK) where each signing key is associated to an expiry time τ. In addition to prove the membership of the group, a signer needs to prove that the expiry time has not passed, i.e., t<τ where t is the current time. A signer whose expiry time has passed is automatically revoked, and this revocation is called natural revocation. Simultaneously, signers can be revoked before their expiry times have passed due to the compromise of the credential. This revocation is called premature revocation. A nice property of the Chu et al. proposal is that the size of revocation lists can be reduced compared to those of Verifier-Local Revocation (VLR) group signature schemes, by assuming that natural revocation accounts for most of signer revocations in practice, and prematurely revoked signers are only a small fraction. In this paper, we point out that the definition of traceability of Chu et al. did not capture unforgeability of expiry time of signing keys which guarantees that no adversary who has a signing key associated to an expiry time τ can compute a valid signature after τ has passed. We introduce a security model that captures unforgeability, and propose a GS-TBK scheme secure in the new model. Our scheme also provides the constant signing costs whereas those of the previous schemes depend on the bit-length of the time representation. Finally, we give implementation results, and show that our scheme is feasible in practical settings.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"7 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87060374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Code reuse detection is a key technique in reverse engineering. However, existing source code similarity comparison techniques are not applicable to binary code. Moreover, compilers have made this problem even more difficult due to the fact that different assembly code and control flow structures can be generated by the compilers even when implementing the same functionality. To address this problem, we present a fuzzy matching approach to compare two functions. We first obtain an initial mapping between basic blocks by leveraging the concept of longest common subsequence on the basic block level and execution path level. We then extend the achieved mapping using neighborhood exploration. To make our approach applicable to large data sets, we designed an effective filtering process using Minhashing. Based on the proposed approach, we implemented a tool named BinSequence and conducted extensive experiments with it. Our results show that given a large assembly code repository with millions of functions, BinSequence is efficient and can attain high quality similarity ranking of assembly functions with an accuracy of above 90%. We also present several practical use cases including patch analysis, malware analysis and bug search.
{"title":"BinSequence: Fast, Accurate and Scalable Binary Code Reuse Detection","authors":"He Huang, A. Youssef, M. Debbabi","doi":"10.1145/3052973.3052974","DOIUrl":"https://doi.org/10.1145/3052973.3052974","url":null,"abstract":"Code reuse detection is a key technique in reverse engineering. However, existing source code similarity comparison techniques are not applicable to binary code. Moreover, compilers have made this problem even more difficult due to the fact that different assembly code and control flow structures can be generated by the compilers even when implementing the same functionality. To address this problem, we present a fuzzy matching approach to compare two functions. We first obtain an initial mapping between basic blocks by leveraging the concept of longest common subsequence on the basic block level and execution path level. We then extend the achieved mapping using neighborhood exploration. To make our approach applicable to large data sets, we designed an effective filtering process using Minhashing. Based on the proposed approach, we implemented a tool named BinSequence and conducted extensive experiments with it. Our results show that given a large assembly code repository with millions of functions, BinSequence is efficient and can attain high quality similarity ranking of assembly functions with an accuracy of above 90%. We also present several practical use cases including patch analysis, malware analysis and bug search.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"50 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87593819","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We discuss the use of formal modeling to discover potential attacks on Cyber-Physical systems, in particular Industrial Control Systems. We propose a general approach to achieve that goal considering physical-layer interactions, time and state discretization of the physical process and logic, and the use of suitable attacker profiles. We then apply the approach to model a real-world water treatment testbed using ASLan++ and analyze the resulting transition system using CL-AtSe, identifying four attack classes. To show that the attacks identified by our formal assessment represent valid attacks, we compare them against practical attacks on the same system found independently by six teams from industry and academia. We find that 7 out of the 8 practical attacks were also identified by our formal assessment. We discuss limitations resulting from our chosen level of abstraction, and a number of modeling shortcuts to reduce the runtime of the analysis.
{"title":"Towards Formal Security Analysis of Industrial Control Systems","authors":"M. Rocchetto, Nils Ole Tippenhauer","doi":"10.1145/3052973.3053024","DOIUrl":"https://doi.org/10.1145/3052973.3053024","url":null,"abstract":"We discuss the use of formal modeling to discover potential attacks on Cyber-Physical systems, in particular Industrial Control Systems. We propose a general approach to achieve that goal considering physical-layer interactions, time and state discretization of the physical process and logic, and the use of suitable attacker profiles. We then apply the approach to model a real-world water treatment testbed using ASLan++ and analyze the resulting transition system using CL-AtSe, identifying four attack classes. To show that the attacks identified by our formal assessment represent valid attacks, we compare them against practical attacks on the same system found independently by six teams from industry and academia. We find that 7 out of the 8 practical attacks were also identified by our formal assessment. We discuss limitations resulting from our chosen level of abstraction, and a number of modeling shortcuts to reduce the runtime of the analysis.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"184 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83450328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we consider the problem of privacy-preserving release of function outputs that take private information as input. Disease susceptibilities are known to be associated with clinical features (e.g., age, sex) as well as genetic features represented by SNPs of individuals. Releasing outputs are not privacy-preserving if the private input can be uniquely identified by probabilistic inference using the outputs. To release useful outputs with preserving privacy, we present a mechanism that releases an interval as output, instead of an output value. We suppose adversaries perform probabilistic inference using released outputs to sharpen the posterior distribution of the target attributes. Then, our mechanism has two significant properties. First, when our mechanism provides the output, the increase of the adversary's posterior on any input attribute is upper-bounded by a prescribed level. Second, under this privacy constraint, the mechanism can provide the narrowest (optimal) interval that includes the true output. Building such a mechanism is often intractable. We formulate the design of the mechanism as a discrete constraint optimization problem so that it is solvable in a practical computation time. We also propose an algorithm to obtain the optimal mechanism based on dynamic programming. After applying our mechanism to release disease susceptibilities of obesity, we demonstrate that our mechanism performs better than existing methods in terms of privacy and utility.
{"title":"Privacy-preserving and Optimal Interval Release for Disease Susceptibility","authors":"Kosuke Kusano, I. Takeuchi, Jun Sakuma","doi":"10.1145/3052973.3053021","DOIUrl":"https://doi.org/10.1145/3052973.3053021","url":null,"abstract":"In this paper, we consider the problem of privacy-preserving release of function outputs that take private information as input. Disease susceptibilities are known to be associated with clinical features (e.g., age, sex) as well as genetic features represented by SNPs of individuals. Releasing outputs are not privacy-preserving if the private input can be uniquely identified by probabilistic inference using the outputs. To release useful outputs with preserving privacy, we present a mechanism that releases an interval as output, instead of an output value. We suppose adversaries perform probabilistic inference using released outputs to sharpen the posterior distribution of the target attributes. Then, our mechanism has two significant properties. First, when our mechanism provides the output, the increase of the adversary's posterior on any input attribute is upper-bounded by a prescribed level. Second, under this privacy constraint, the mechanism can provide the narrowest (optimal) interval that includes the true output. Building such a mechanism is often intractable. We formulate the design of the mechanism as a discrete constraint optimization problem so that it is solvable in a practical computation time. We also propose an algorithm to obtain the optimal mechanism based on dynamic programming. After applying our mechanism to release disease susceptibilities of obesity, we demonstrate that our mechanism performs better than existing methods in terms of privacy and utility.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"79 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82188936","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Samaneh Tajalizadehkhoob, C. Gañán, Arman Noroozian, M. V. Eeten
A variety of botnets are used in attacks on financial services. Banks and security firms invest a lot of effort in detecting and combating malware-assisted takeover of customer accounts. A critical resource of these botnets is their command-and-control (C&C) infrastructure. Attackers rent or compromise servers to operate their C&C infrastructure. Hosting providers routinely take down C&C servers, but the effectiveness of this mitigation strategy depends on understanding how attackers select the hosting providers to host their servers. Do they prefer, for example, providers who are slow or unwilling in taking down C&Cs? In this paper, we analyze 7 years of data on the C&C servers of botnets that have engaged in attacks on financial services. Our aim is to understand whether attackers prefer certain types of providers or whether their C&Cs are randomly distributed across the whole attack surface of the hosting industry. We extract a set of structural properties of providers to capture the attack surface. We model the distribution of C&Cs across providers and show that the mere size of the provider can explain around 71% of the variance in the number of C&Cs per provider, whereas the rule of law in the country only explains around 1%. We further observe that price, time in business, popularity and ratio of vulnerable websites of providers relate significantly with C&C counts. Finally, we find that the speed with which providers take down C&C domains has only a weak relation with C&C occurrence rates, adding only 1% explained variance. This suggests attackers have little to no preference for providers who allow long-lived C&C domains.
{"title":"The Role of Hosting Providers in Fighting Command and Control Infrastructure of Financial Malware","authors":"Samaneh Tajalizadehkhoob, C. Gañán, Arman Noroozian, M. V. Eeten","doi":"10.1145/3052973.3053023","DOIUrl":"https://doi.org/10.1145/3052973.3053023","url":null,"abstract":"A variety of botnets are used in attacks on financial services. Banks and security firms invest a lot of effort in detecting and combating malware-assisted takeover of customer accounts. A critical resource of these botnets is their command-and-control (C&C) infrastructure. Attackers rent or compromise servers to operate their C&C infrastructure. Hosting providers routinely take down C&C servers, but the effectiveness of this mitigation strategy depends on understanding how attackers select the hosting providers to host their servers. Do they prefer, for example, providers who are slow or unwilling in taking down C&Cs? In this paper, we analyze 7 years of data on the C&C servers of botnets that have engaged in attacks on financial services. Our aim is to understand whether attackers prefer certain types of providers or whether their C&Cs are randomly distributed across the whole attack surface of the hosting industry. We extract a set of structural properties of providers to capture the attack surface. We model the distribution of C&Cs across providers and show that the mere size of the provider can explain around 71% of the variance in the number of C&Cs per provider, whereas the rule of law in the country only explains around 1%. We further observe that price, time in business, popularity and ratio of vulnerable websites of providers relate significantly with C&C counts. Finally, we find that the speed with which providers take down C&C domains has only a weak relation with C&C occurrence rates, adding only 1% explained variance. This suggests attackers have little to no preference for providers who allow long-lived C&C domains.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"55 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84470166","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Embedded Systems Security 1","authors":"Daphne Yao","doi":"10.1145/3248549","DOIUrl":"https://doi.org/10.1145/3248549","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"21 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79112659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Seunghun Cha, Sungsu Kwag, Hyoungshick Kim, J. Huh
Android allows 20 consecutive fail attempts on unlocking a device. This makes it difficult for pure guessing attacks to crack user patterns on a stolen device before it permanently locks itself. We investigate the effectiveness of combining Markov model-based guessing attacks with smudge attacks on unlocking Android devices within 20 attempts. Detected smudges are used to pre-compute all the possible segments and patterns, significantly reducing the pattern space that needs to be brute-forced. Our Markov-model was trained using 70% of a real-world pattern dataset that consists of 312 patterns. We recruited 12 participants to draw the remaining 30% on Samsung Galaxy S4, and used smudges they left behind to analyze the performance of the combined attack. Our results show that this combined method can significantly improve the performance of pure guessing attacks, cracking 74.17% of patterns compared to just 13.33% when the Markov model-based guessing attack was performed alone---those results were collected from a naive usage scenario where the participants were merely asked to unlock a given device. Even under a more complex scenario that asked the participants to use the Facebook app for a few minutes---obscuring smudges were added as a result---our combined attack, at 31.94%, still outperformed the pure guessing attack at 13.33%. Obscuring smudges can significantly affect the performance of smudge-based attacks. Based on this finding, we recommend that a mitigation technique should be designed to help users add obscurity, e.g., by asking users to draw a second random pattern upon unlocking a device.
{"title":"Boosting the Guessing Attack Performance on Android Lock Patterns with Smudge Attacks","authors":"Seunghun Cha, Sungsu Kwag, Hyoungshick Kim, J. Huh","doi":"10.1145/3052973.3052989","DOIUrl":"https://doi.org/10.1145/3052973.3052989","url":null,"abstract":"Android allows 20 consecutive fail attempts on unlocking a device. This makes it difficult for pure guessing attacks to crack user patterns on a stolen device before it permanently locks itself. We investigate the effectiveness of combining Markov model-based guessing attacks with smudge attacks on unlocking Android devices within 20 attempts. Detected smudges are used to pre-compute all the possible segments and patterns, significantly reducing the pattern space that needs to be brute-forced. Our Markov-model was trained using 70% of a real-world pattern dataset that consists of 312 patterns. We recruited 12 participants to draw the remaining 30% on Samsung Galaxy S4, and used smudges they left behind to analyze the performance of the combined attack. Our results show that this combined method can significantly improve the performance of pure guessing attacks, cracking 74.17% of patterns compared to just 13.33% when the Markov model-based guessing attack was performed alone---those results were collected from a naive usage scenario where the participants were merely asked to unlock a given device. Even under a more complex scenario that asked the participants to use the Facebook app for a few minutes---obscuring smudges were added as a result---our combined attack, at 31.94%, still outperformed the pure guessing attack at 13.33%. Obscuring smudges can significantly affect the performance of smudge-based attacks. Based on this finding, we recommend that a mitigation technique should be designed to help users add obscurity, e.g., by asking users to draw a second random pattern upon unlocking a device.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"57 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90487274","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Password & Auth 1","authors":"Jianying Zhou","doi":"10.1145/3248553","DOIUrl":"https://doi.org/10.1145/3248553","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"5 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73134841","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
David M. Sommer, Aritra Dhar, Luka Malisa, Esfandiar Mohammadi, D. Ronzani, Srdjan Capkun
Many privacy-enhancing technologies, in particular anonymous communication networks (ACNs) as a key building block, suffer from a lack of a sufficient number of participants. Without high user participation, ACNs are vulnerable to traffic analysis attacks. The only ACN with a high number of participants (around 1.5 million users) is Tor. Yet, Tor is prone to traffic analysis attacks traffic pattern attacks. While other ACNs have been proposed that are even secure against global attackers, they are not scalable and suffer from a low number of participants, since even a perfect ACN can at most hide a user among all participating users. These ACNs are in a vicious circle: the lack of participants leads to low degree of anonymity, and a low degree of anonymity makes these ACNs unattractive for users. In this work, we break this vicious cycle by studying the question: Can an anonymous communication network be strengthened by "forced" participation? What privacy guarantees and performance can such an ACN provide? We develop CoverUp, a system that "forces" visitors of highly accessed websites (entry servers) to become involuntary participants of an ACN. CoverUp triggers users to participate in a centralized, constant-rate mix by leveraging basic functionality of their browsers to execute (JavaScript) code served by the entry servers. Candidates for entry servers could be universities or news sites. They would let a distinct CoverUp server provide (via an iframe) JavaScript code to the end-users' browsers, which in turn makes them participate in the ACN via a mix server. Visitors of these entry servers' websites become (involuntary) participants of an ACN, creating cover traffic for voluntary participants. For voluntary participants, we developed a browser extension that renders their CoverUp requests indistinguishable from the cover traffic of involuntary participants. We build two applications on top of CoverUp: an anonymous feed and a chat-both use an additional external CoverUp application. As the feed is uni-directional, we do not need to trust more than the client's machine. As the chat is bi-directional, we do need to trust the CoverUp and the mix server. We show that both achieve practical performance and strong privacy properties via experimental evaluations and an analysis. CoverUp renders voluntary and involuntary participants indistinguishable, thereby including all voluntary and involuntary participants into an anonymity set. Given this, CoverUp provides even more than mere anonymity: the voluntary participants can hide the very intention to use the ACN. As the concept of forced participation raises ethical and legal concerns, we discuss these concerns and describe how these can be addressed.
{"title":"CoverUp: Privacy Through \"Forced\" Participation in Anonymous Communication Networks","authors":"David M. Sommer, Aritra Dhar, Luka Malisa, Esfandiar Mohammadi, D. Ronzani, Srdjan Capkun","doi":"10.1145/3052973.3056126","DOIUrl":"https://doi.org/10.1145/3052973.3056126","url":null,"abstract":"Many privacy-enhancing technologies, in particular anonymous communication networks (ACNs) as a key building block, suffer from a lack of a sufficient number of participants. Without high user participation, ACNs are vulnerable to traffic analysis attacks. The only ACN with a high number of participants (around 1.5 million users) is Tor. Yet, Tor is prone to traffic analysis attacks traffic pattern attacks. While other ACNs have been proposed that are even secure against global attackers, they are not scalable and suffer from a low number of participants, since even a perfect ACN can at most hide a user among all participating users. These ACNs are in a vicious circle: the lack of participants leads to low degree of anonymity, and a low degree of anonymity makes these ACNs unattractive for users. In this work, we break this vicious cycle by studying the question: Can an anonymous communication network be strengthened by \"forced\" participation? What privacy guarantees and performance can such an ACN provide? We develop CoverUp, a system that \"forces\" visitors of highly accessed websites (entry servers) to become involuntary participants of an ACN. CoverUp triggers users to participate in a centralized, constant-rate mix by leveraging basic functionality of their browsers to execute (JavaScript) code served by the entry servers. Candidates for entry servers could be universities or news sites. They would let a distinct CoverUp server provide (via an iframe) JavaScript code to the end-users' browsers, which in turn makes them participate in the ACN via a mix server. Visitors of these entry servers' websites become (involuntary) participants of an ACN, creating cover traffic for voluntary participants. For voluntary participants, we developed a browser extension that renders their CoverUp requests indistinguishable from the cover traffic of involuntary participants. We build two applications on top of CoverUp: an anonymous feed and a chat-both use an additional external CoverUp application. As the feed is uni-directional, we do not need to trust more than the client's machine. As the chat is bi-directional, we do need to trust the CoverUp and the mix server. We show that both achieve practical performance and strong privacy properties via experimental evaluations and an analysis. CoverUp renders voluntary and involuntary participants indistinguishable, thereby including all voluntary and involuntary participants into an anonymity set. Given this, CoverUp provides even more than mere anonymity: the voluntary participants can hide the very intention to use the ACN. As the concept of forced participation raises ethical and legal concerns, we discuss these concerns and describe how these can be addressed.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"63 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73028916","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Since its inauguration in 2006 in Taipei, ASIACCS, the ACM Asia Conference on Computer and Communications Security, has become an integral part of scientific community in the field of security and privacy. It has been held in Singapore (2007), Tokyo (2008), Sydney (2009), Beijing (2010), Hong Kong (2011), Seoul (2012), Hangzhou (2013), Kyoto (2014), Singapore (2015), and Xi'an (2016). � �ASIACCS 2017 takes place in Abu Dhabi and is organized by the New York University Abu Dhabi, UAE. We received 359 submissions, a new record in the conference's decade-long history. This year's Program Committee comprising 108 security researchers from 26 countries, evaluated submissions through a rigorous review procedure. For the first time in the conference's history, a Shadow Program Committee (SPC), composed of 27 security researchers from 14 countries, was introduced. The task of the SPC members was to comment on the reviews made by the PC members, in addition to reviewing the corresponding papers. On the one hand, the SPC comments greatly helped to significantly enhance the quality the many reviews. On the other hand, to provide the anonymity for SPC members, they could not directly debate with the PC members, which was largely due to technological limitations: HotCRP (or any review software for that matter) is not designed to have some accounts only seeing some information. We had a discussion of doubleblind vs. single-blind requirements. One of our main goals when designing the system was to ensure that junior reviewers in the SPC could raise criticism of senior reviewers with impunity. Despite the management effort, we believe that implementing the SPC concept was successful. We also learned useful lessons on how to improve it. � �After the review process concluded, 67 full papers were accepted to be presented at the conference, representing an acceptance rate of about 18%. In addition, 4 short papers and 10 posters/demos were also included in the program. � �We have a strong technical program along with 5 specialized pre-conference workshops, three tutorials and an invited talk track that is introduced this year. � �The pre-conference workshops are 4th ACM ASIA Public-Key Cryptography Workshop (APKC 2017), ACM Workshop on Blockchain, Cryptocurrencies and Contracts (BCC'17), 3rd ACM Cyber-Physical System Security Workshop (CPSS 2017), 3rd International Workshop on IoT Privacy, Trust, and Security (IoTPTS 2017), 4th International Workshop on Security in Cloud Computing (SCC). � �We are fortunate to have distinguished keynote and invited speakers as well as tutorial lecturers who will present insights into current and future security and privacy research trends. There are three keynotes: Ross Anderson (University of Cambridge, UK), Christof Paar (Ruhr-University Bochum, Germany), and Gregory Neal Akers (Senior Vice President, Cisco Systems). Additionally, there are six invited talks by Mustaque Ahamad (Georgia Institute of Technology, US), Srdjan Capkun (E
{"title":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","authors":"R. Karri, O. Sinanoglu, A. Sadeghi, X. Yi","doi":"10.1145/3052973","DOIUrl":"https://doi.org/10.1145/3052973","url":null,"abstract":"Since its inauguration in 2006 in Taipei, ASIACCS, the ACM Asia Conference on Computer and Communications Security, has become an integral part of scientific community in the field of security and privacy. It has been held in Singapore (2007), Tokyo (2008), Sydney (2009), Beijing (2010), Hong Kong (2011), Seoul (2012), Hangzhou (2013), Kyoto (2014), Singapore (2015), and Xi'an (2016). \u0000 \u0000ASIACCS 2017 takes place in Abu Dhabi and is organized by the New York University Abu Dhabi, UAE. We received 359 submissions, a new record in the conference's decade-long history. This year's Program Committee comprising 108 security researchers from 26 countries, evaluated submissions through a rigorous review procedure. For the first time in the conference's history, a Shadow Program Committee (SPC), composed of 27 security researchers from 14 countries, was introduced. The task of the SPC members was to comment on the reviews made by the PC members, in addition to reviewing the corresponding papers. On the one hand, the SPC comments greatly helped to significantly enhance the quality the many reviews. On the other hand, to provide the anonymity for SPC members, they could not directly debate with the PC members, which was largely due to technological limitations: HotCRP (or any review software for that matter) is not designed to have some accounts only seeing some information. We had a discussion of doubleblind vs. single-blind requirements. One of our main goals when designing the system was to ensure that junior reviewers in the SPC could raise criticism of senior reviewers with impunity. Despite the management effort, we believe that implementing the SPC concept was successful. We also learned useful lessons on how to improve it. \u0000 \u0000After the review process concluded, 67 full papers were accepted to be presented at the conference, representing an acceptance rate of about 18%. In addition, 4 short papers and 10 posters/demos were also included in the program. \u0000 \u0000We have a strong technical program along with 5 specialized pre-conference workshops, three tutorials and an invited talk track that is introduced this year. \u0000 \u0000The pre-conference workshops are 4th ACM ASIA Public-Key Cryptography Workshop (APKC 2017), ACM Workshop on Blockchain, Cryptocurrencies and Contracts (BCC'17), 3rd ACM Cyber-Physical System Security Workshop (CPSS 2017), 3rd International Workshop on IoT Privacy, Trust, and Security (IoTPTS 2017), 4th International Workshop on Security in Cloud Computing (SCC). \u0000 \u0000We are fortunate to have distinguished keynote and invited speakers as well as tutorial lecturers who will present insights into current and future security and privacy research trends. There are three keynotes: Ross Anderson (University of Cambridge, UK), Christof Paar (Ruhr-University Bochum, Germany), and Gregory Neal Akers (Senior Vice President, Cisco Systems). Additionally, there are six invited talks by Mustaque Ahamad (Georgia Institute of Technology, US), Srdjan Capkun (E","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"51 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72578454","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: