Secure IT Systems 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings

This book constitutes the proceedings of the 21st Nordic Conference on Secure IT Systems, held in Oulu, Finland, in November 2016. The 16 full papers presented in this volume were carefully reviewed and selected from 43 submissions.The focus of the conference is on following topics: Security, System...

Full description

Saved in:
Bibliographic Details
Main Authors Brumley, Billy Bob, Röning, Juha
Format eBook
LanguageEnglish
Published Cham Springer Nature 2016
Springer International Publishing AG
Springer
Edition1
SeriesLNCS sublibrary. SL 4, Security and cryptology
Subjects
Algorithms
Biometry
Computer programming, programs, data
Computer security
Online AccessGet full text
ISBN9783319475608
3319475606
9783319475592
3319475592

Cover

Table of Contents:
  • Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics -- 1 Introduction -- 2 Previous Work -- 3 Methods -- 3.1 Threat Model -- 3.2 Measuring Keystrokes -- 3.3 Protecting Privacy -- 3.4 Providing Security -- 3.5 Our Implementation -- 4 Empirical Results -- 4.1 Authentication -- 4.2 Impersonation -- 5 Discussion -- 6 Conclusion -- References -- Author Index
  • Understanding How Components of Organisations Contribute to Attacks -- 1 Introduction -- 2 System and Attack Models -- 2.1 System Models -- 2.2 Attack Models -- 2.3 Running Example -- 3 Visualising Attacks -- 3.1 Evaluating Attack Models -- 3.2 Attack Tree Visualisations -- 3.3 Pareto-Efficient Solutions -- 4 Contribution of Components of Organisations to Attacks -- 4.1 Measuring Impact -- 4.2 Counting Occurrences -- 4.3 Weighted Sum -- 4.4 Visualising Paths -- 4.5 Visualising Pareto-Efficient Solutions -- 4.6 Visualising Different Components -- 5 Conclusion -- References -- A Stochastic Framework for Prediction of Malware Spreading in Heterogeneous Networks -- 1 Introduction -- 2 Related Work -- 3 A Model for Spreading in Heterogeneous Networks -- 3.1 Formal Description of the Network -- 3.2 Predictions for a Bounded Outbreak -- 3.3 Predictions for an Unlimited Outbreak -- 4 Modeling Malware Spreading in Networks -- 4.1 Propagation Using Phishing Emails -- 4.2 Propagation Over Shared Network Drives -- 4.3 Propagation by Exploiting System Vulnerabilities -- 5 Implementation -- 6 Conclusion -- References -- Network Security -- Creating and Detecting IPv6 Transition Mechanism-Based Information Exfiltration Covert Channels -- 1 Introduction -- 2 Background and Related Previous Work -- 3 Covert Channel Implementations -- 3.1 Protocol Tunneling -- 3.2 Proof-of-Concept Nc64 Tool -- 3.3 Proof-of-Concept Tun64 Tool -- 4 Testing Environment and Test Description -- 4.1 Attack Scenario -- 4.2 Testing Environment -- 5 Experiment Execution and Discussion of Results -- 6 Conclusions -- A Appendix -- References -- ML: DDoS Damage Control with MPLS -- 1 Introduction -- 2 Background -- 2.1 Characteristics of a Distributed Reflective DDoS Attack -- 2.2 Definitions -- 2.3 Assumptions -- 3 State of the Art -- 3.1 Traffic Filtering -- 3.2 Congestion Control
  • Intro -- Preface -- Organization -- Contents -- System Security -- Event-Triggered Watermarking Control to Handle Cyber-Physical Integrity Attacks -- 1 Introduction -- 2 Background -- 2.1 Cyber-Physical Attacks -- 2.2 Control Strategies -- 2.3 Watermark-Based Attack Detection -- 3 Watermark-Based Attack Detection Against a New Adversary Model -- 3.1 Numerical Validation -- 4 PIETC Watermark-Based Detection Strategy -- 4.1 Local Controller Design -- 4.2 Remote Controller Design -- 4.3 Periodic Communication Policy -- 4.4 Intermittent Communication Policy -- 4.5 New Parametric Cyber-Physical Adversary -- 4.6 Numerical Validation -- 5 Related Work -- 6 Conclusion -- References -- Detecting Process-Aware Attacks in Sequential Control Systems -- 1 Introduction -- 2 Related Work -- 3 Background -- 3.1 Industrial Control Systems -- 3.2 Runtime Verification -- 3.3 Process Specification Mining -- 4 Attack Detection Approach -- 4.1 General Overview -- 4.2 Mining Process Specifications -- 4.3 Specifications Filtering Rules -- 5 Evaluation -- 5.1 Process Description -- 5.2 Experimental Setup -- 5.3 Results -- 6 Conclusion -- References -- Towards an Automated and Dynamic Risk Management Response System -- 1 Introduction -- 2 Dynamic Return on Response Investment (RORI) -- 2.1 Description of the Dynamic RORI Model -- 2.2 Computation of the Dynamic RORI Parameters -- 3 Dynamic Risk Management Response System -- 3.1 Response Plan Generation Process -- 3.2 Response Selection and Visualization -- 4 System Testing and Experimentation -- 5 Case Study: Automated Response in a Critical Infrastructure System -- 5.1 Threat Scenario -- 5.2 Input Information -- 5.3 Dynamic RORI Evaluation -- 5.4 Response Plan Generation -- 5.5 Response Plan Selection and Visualization -- 6 Related Work -- 7 Conclusions and Future Work -- References
  • 4 Concepts and Architecture -- 4.1 Design Overview -- 4.2 Workflow -- 4.3 Threshold-Based Bloom Filter -- 5 Experimentations -- 5.1 Experimental Approach -- 5.2 Variables and Metrics -- 5.3 Results -- 5.4 Discussion on Experimentation -- 6 Conclusion -- References -- Software Security -- Empirical Analysis on the Use of Dynamic Code Updates in Android and Its Security Implications -- 1 Introduction -- 2 Motivating Examples -- 3 Analysis Tool: Design and Implementation -- 4 Application Analysis -- 4.1 API Selection -- 4.2 Dataset Description -- 5 Analysis Results and Discussion -- 6 Considerations on Analysis Tools for Android -- 7 Limitations -- 8 Related Work -- 9 Conclusion -- References -- Evaluation of Resource-Based App Repackaging Detection in Android -- 1 Introduction -- 2 Resource-Based Repackaging Detection -- 3 Dataset -- 4 Resource Similarity Evaluation -- 5 Fine-Tuning the Basic Approach -- 6 Resource Files Analysis and Improved Classification -- 7 Discussion -- 8 Conclusions -- References -- A Survey on Internal Interfaces Used by Exploits and Implications on Interface Diversification -- 1 Introduction -- 2 Interface Diversification -- 2.1 The General Idea -- 2.2 Internal and External Interfaces -- 3 Study Setup -- 3.1 The Setting of the Study -- 3.2 Variables -- 4 Results -- 4.1 The Types of Payloads -- 4.2 The Found Interfaces -- 4.3 Attack Types and Attack Vectors -- 4.4 Evaluation -- 5 Existing Interface Diversification Research -- 6 Conclusions -- References -- A Tale of the OpenSSL State Machine: A Large-Scale Black-Box Analysis -- 1 Introduction -- 2 TLS -- 3 State Machine Inference -- 4 Setup -- 5 Analysing the OpenSSL State Machines -- 5.1 Server-Side -- 5.2 Client-Side -- 6 Conclusion -- References -- Cryptography -- Speeding up R-LWE Post-quantum Key Exchange -- 1 Introduction -- 2 Preliminaries
  • 3 Considerations in Generating the Public Polynomial -- 4 Our Optimizations -- 4.1 Decreasing the Rejection Rate -- 4.2 Vectorized Rejection Sampling -- 4.3 Fast Generation of Pseudorandom Bytes -- 5 Results -- 6 Conclusion -- A Vectorized Rejection Sampling - Code Snippets -- References -- Efficient Sparse Merkle Trees -- 1 Introduction -- 2 Preliminaries -- 2.1 Merkle Trees -- 2.2 Setting and Cryptographic Assumptions -- 3 Sparse Merkle Trees -- 3.1 Non-Membership Proofs and High-Level Properties -- 3.2 Tractable Representations -- 3.3 Earlier Proposals -- 3.4 Our Approach -- 4 Efficient Representations -- 4.1 Caching Strategies -- 4.2 The Cache Routine -- 4.3 Recurrences -- 5 Security -- 5.1 The Merkle Prefix Tree in CONIKS -- 5.2 A Secure Encoding for Sparse Merkle Trees -- 5.3 Security Aspects of Caching Strategies -- 6 Performance -- 7 Related Work -- 8 Conclusion -- References -- Secure Multiparty Sorting Protocols with Covert Privacy -- 1 Introduction -- 2 Related Work -- 3 Preliminaries -- 3.1 Universal Composability and Secure Multiparty Computation -- 3.2 Privacy vs. Security -- 3.3 Protocols for Oblivious Sorting -- 3.4 Covert Security -- 4 Covertly Private SMC -- 5 Analysis of Oblivious Sorting Methods -- 5.1 Methods Based on Shuffling and Comparison -- 5.2 Counting Sort -- 6 Covertly Private Reordering -- 7 Conclusions -- References -- Authentication -- PASSPHONE: Outsourcing Phone-Based Web Authentication While Protecting User Privacy -- 1 Introduction -- 2 Related Work -- 3 The PASSPHONE: Authentication Scheme -- 3.1 Bootstrapping -- 3.2 Authentication -- 3.3 Key Management -- 4 Formal Security Analysis -- 4.1 Authentication-Attack Resistance -- 4.2 Anonymity -- 4.3 Unlinkability -- 5 Automatic Security Analysis -- 6 Prototype Implementation -- 7 Comparative Evaluation -- 8 Practical Application -- 9 Conclusion -- References