发布求助
文献互助 智能选刊 最新文献

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography最新文献

筛选
英文 中文
JShelter: Give Me My Browser Back 把我的浏览器还给我
SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2022-04-04 DOI: 10.48550/arXiv.2204.01392
Libor Polcák, Marek Salon, Giorgio Maone, Radek Hranický, Michael McMahon
{"title":"JShelter: Give Me My Browser Back","authors":"Libor Polcák, Marek Salon, Giorgio Maone, Radek Hranický, Michael McMahon","doi":"10.48550/arXiv.2204.01392","DOIUrl":"https://doi.org/10.48550/arXiv.2204.01392","url":null,"abstract":"The web is used daily by billions. Even so, users are not protected from many threats by default. This position paper builds on previous web privacy and security research and introduces JShelter, a webextension that fights to return the browser to users. Moreover, we introduce a library helping with common webextension development tasks and fixing loopholes misused by previous research. JShelter focuses on fingerprinting prevention, limitations of rich web APIs, prevention of attacks connected to timing, and learning information about the device, the browser, the user, and surrounding physical environment and location. We discovered a loophole in the sensor timestamps that lets any page observe the device boot time if sensor APIs are enabled in Chromium-based browsers. JShelter provides a fingerprinting report and other feedback that can be used by future security research and data protection authorities. Thousands of users around the world use the webextension every day.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"118 1","pages":"287-294"},"PeriodicalIF":0.0,"publicationDate":"2022-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77927154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Statically Identifying XSS using Deep Learning 使用深度学习静态识别XSS
SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2022-04-01 DOI: 10.5220/0010537000990110
Héloïse Maurel, Santiago Vidal, Tamara Rezk
{"title":"Statically Identifying XSS using Deep Learning","authors":"Héloïse Maurel, Santiago Vidal, Tamara Rezk","doi":"10.5220/0010537000990110","DOIUrl":"https://doi.org/10.5220/0010537000990110","url":null,"abstract":"","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"102 1","pages":"99-110"},"PeriodicalIF":0.0,"publicationDate":"2022-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80528364","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Blind Side Channel on the Elephant LFSR 大象LFSR的盲区通道
SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2022-01-01 DOI: 10.5220/0011135300003283
Awaleh Houssein Meraneh, Christophe Clavier, Hélène Le Bouder, Julien Maillard, Gaël Thomas
{"title":"Blind Side Channel on the Elephant LFSR","authors":"Awaleh Houssein Meraneh, Christophe Clavier, Hélène Le Bouder, Julien Maillard, Gaël Thomas","doi":"10.5220/0011135300003283","DOIUrl":"https://doi.org/10.5220/0011135300003283","url":null,"abstract":": Elephant is a finalist to the NIST lightweight cryptography competition. In this paper, the first theoretical blind side channel attack against the authenticated encryption algorithm Elephant is presented. More precisely, we are targetting the LFSR-based counter used internally. LFSRs are classic functions used in symmetric cryptography. In the case of Elephant, retrieving the initial state of the LFSR is equivalent to retrieving the encryption key. The paper ends by the study of different ways to tweak the design of Elephant to mitigate our attack.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"15 1","pages":"25-34"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74547484","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Towards an Automated Business Process Model Risk Assessment: A Process Mining Approach 迈向自动化业务流程模型风险评估:流程挖掘方法
SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2022-01-01 DOI: 10.5220/0011135600003283
P. Dedousis, Melina Raptaki, G. Stergiopoulos, D. Gritzalis
{"title":"Towards an Automated Business Process Model Risk Assessment: A Process Mining Approach","authors":"P. Dedousis, Melina Raptaki, G. Stergiopoulos, D. Gritzalis","doi":"10.5220/0011135600003283","DOIUrl":"https://doi.org/10.5220/0011135600003283","url":null,"abstract":"","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"39 1","pages":"35-46"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75602183","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
JCAlgTest: Robust Identification Metadata for Certified Smartcards JCAlgTest:认证智能卡的健壮识别元数据
SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2022-01-01 DOI: 10.5220/0011294000003283
P. Švenda, Rudolf Kvasnovský, Imrich Nagy, Antonín Dufka
{"title":"JCAlgTest: Robust Identification Metadata for Certified Smartcards","authors":"P. Švenda, Rudolf Kvasnovský, Imrich Nagy, Antonín Dufka","doi":"10.5220/0011294000003283","DOIUrl":"https://doi.org/10.5220/0011294000003283","url":null,"abstract":": The certification of cryptographic smartcards under the Common Criteria or NIST FIPS140-2 is a well-established process, during which an evaluation facility validates the manufacturer’s claims and issues a product certificate. The tested card is usually identified by its name, type, ATR, and Card Production Life Cycle (CPLC) data. While sufficient to pair the purchased card to its original certificate when bought from a trust-worthy seller, such static metadata stored on the card can easily be manipulated. We extend the currently used card identification with a more descriptive set of metadata extracted from supported functionality, performance profiling, and properties of generated cryptographic keys. All of this information can be obtained directly by the evaluation facility, appended to the certificate, and later verified by the end-user with no need for any special knowledge or equipment, resulting in a better assurance about the purchased product. We developed a suite of open tools for the extraction of such characteristics and collected results for a set of more than 100 different smartcards. The database, openly available, demonstrates the significant variability in the measured properties and allows us to estimate the trends in support of different cryptographic algorithms as provided by the JavaCard platform.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"541 1","pages":"597-604"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77494601","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards a Threat Model and Security Analysis for Data Cooperatives 面向数据合作社的威胁模型与安全分析
SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2022-01-01 DOI: 10.5220/0011328700003283
Abiola Salau, R. Dantu, Kirill Morozov, Kritagya Upadhyay, Syed Badruddoja
{"title":"Towards a Threat Model and Security Analysis for Data Cooperatives","authors":"Abiola Salau, R. Dantu, Kirill Morozov, Kritagya Upadhyay, Syed Badruddoja","doi":"10.5220/0011328700003283","DOIUrl":"https://doi.org/10.5220/0011328700003283","url":null,"abstract":": Data cooperative (called “data coop” for short) is an emerging approach in the area of secure data management. It promises its users a better protection and control of their data, as compared to the traditional way of their handling by the data collectors (such as governments, big data companies, and others). However, for the success of data coops, existing challenges with respect to data management systems need to be adequately addressed. Especially, they concern terms of security and privacy, as well as the power imbalance between providers/owners and collectors of data. Designing a security and privacy model for a data coop requires a systematic threat modeling approach that identifies the security landscape, attack vectors, threats, and vulnerabilities, as well as the respective mitigation strategies. In this paper, we analyze the security of data cooperatives, identify potential security risks and threats, and suggest adequate countermeasures. We also discuss existing challenges that hinder the widespread adoption of data coops.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"66 1","pages":"707-713"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83839907","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Comparison-based MPC in Star Topology 星型拓扑中基于比较的MPC
SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2022-01-01 DOI: 10.5220/0011144100003283
G. Chandran, Carmit Hazay, Robin Hundt, Thomas Schneider
{"title":"Comparison-based MPC in Star Topology","authors":"G. Chandran, Carmit Hazay, Robin Hundt, Thomas Schneider","doi":"10.5220/0011144100003283","DOIUrl":"https://doi.org/10.5220/0011144100003283","url":null,"abstract":": With the large amount of data generated nowadays, analysis of this data has become eminent. Since a vast amount of this data is private, it is also important that the analysis is done in a secure manner. Comparison-based functions are commonly used in data analysis. These functions use the comparison operation as the basis. Secure computation of such functions have been discussed for median by Aggarwal et al. (EUROCRYPT’04) and for convex hull by Shelat and Venkitasubramaniam (ASIACRYPT’15). In this paper, we present a generic protocol for the secure computation of comparison-based functions. In order to scale to a large number of participants, we propose this protocol in a star topology with an aim to reduce the communication complexity. We also present a protocol for one specific comparison-based function, the k th ranked element. The construction of one of our protocols leaks some intermediate values but does not reveal information about an individual party’s inputs. We demonstrate that our protocol offers better performance than the protocol for k th ranked element by Tueno et. al. (FC’20) by providing an implementation.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"52 1","pages":"69-82"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84672679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
The Weakest Link: On Breaking the Association between Usernames and Passwords in Authentication Systems 最薄弱环节:破解认证系统中用户名和密码的关联
SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2022-01-01 DOI: 10.5220/0011276900003283
Eva Anastasiadi, E. Athanasopoulos, E. Markatos
{"title":"The Weakest Link: On Breaking the Association between Usernames and Passwords in Authentication Systems","authors":"Eva Anastasiadi, E. Athanasopoulos, E. Markatos","doi":"10.5220/0011276900003283","DOIUrl":"https://doi.org/10.5220/0011276900003283","url":null,"abstract":": Over the last decade, we have seen a significant number of data breaches affecting hundreds of millions of users. Leaked password files / Databases that contain passwords in plaintext allow attackers to get immediate access to the credentials of all the accounts stored in those files. Nowadays most systems keep passwords in a hashed salted form, but using brute force techniques attackers are still able to crack a large percentage of those passwords. In this work, we present a novel approach to protect users’ credentials from such leaks. We propose a new architecture for the password file that makes use of multiple servers. The approach is able to defend even against attackers that manage to compromise all servers - as long as they do not do it at the same time. Our prototype implementation and preliminary evaluation in the authentication system of WordPress suggests that this approach is not only easy to incorporate into existing systems, but it also has minimal overhead.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"43 1","pages":"560-567"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84703557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A New Leakage Resilient Symmetric Searchable Encryption Scheme for Phrase Search 一种新的抗泄漏对称可搜索短语搜索加密方案
SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2022-01-01 DOI: 10.5220/0011273600003283
Samiran Bag, I. G. Ray, F. Hao
{"title":"A New Leakage Resilient Symmetric Searchable Encryption Scheme for Phrase Search","authors":"Samiran Bag, I. G. Ray, F. Hao","doi":"10.5220/0011273600003283","DOIUrl":"https://doi.org/10.5220/0011273600003283","url":null,"abstract":": Symmetric searchable encryption (SSE) schemes are preferred over asymmetric ones for their lower computa-tional cost. Owing to the big data size of most of the cloud applications, SSE with keyword search often yields a large number of search results matching the search criterion, but only a small portion of them is of actual interest. This results in unnecessary increase of network traffic. A customized search against a phrase instead of keywords can yield more specific and relevant search results and can reduce the network traffic. This motivates the idea of phrase search in SSE. Most of the existing symmetric key searchable encryption schemes either do not support phrase search or have unwanted leakage associated with them. In this paper, we propose a symmetric key searchable encryption scheme for phrase search that minimizes the leakage of information from search pattern and access pattern . We propose a probabilistic trapdoor generation algorithm for phrase search and thereby prevent the leakage due to search pattern . In earlier SSE based schemes, an honest-but-curious server could always learn about the position of the sentences and keywords in the encrypted text after the search operation is performed. This is referred to as the leakage from access pattern . This may turn out to be a significant security concern owing to the prior knowledge of positions of certain sentences and keywords in certain documents. In this paper, we provide the access pattern secure encryption scheme such that, an honest-but-curious cloud server could not learn anything about the position of the phrase in the sentence even after the search. We implement a prototype of our scheme and validate it against commercial data and provide security and performance analysis to demonstrate its practicality.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"50 1","pages":"366-373"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89252319","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
On the Efficiency and Security of Quantum-resistant Key Establishment Mechanisms on FPGA Platforms FPGA平台上抗量子密钥建立机制的效率和安全性研究
SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2022-01-01 DOI: 10.5220/0011294200003283
L. Malina, Sara Ricci, P. Dobias, P. Jedlicka, J. Hajny, K. Choo
{"title":"On the Efficiency and Security of Quantum-resistant Key Establishment Mechanisms on FPGA Platforms","authors":"L. Malina, Sara Ricci, P. Dobias, P. Jedlicka, J. Hajny, K. Choo","doi":"10.5220/0011294200003283","DOIUrl":"https://doi.org/10.5220/0011294200003283","url":null,"abstract":"","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"79 1","pages":"605-613"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86844571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信