21st Australasian Conference on Information Security and Privacy
| 4-6 July 2016
Our reliance on information networks to access and control both physical and information networks in critical infrastructures such as airports has increased. In such an environment an integrated approach to security across all aspects of facilities operation and management is required. In this talk a novel mechanism for physical and logical access control for smart buildings is presented which uses building information models.
Short Bio: Professor Ed Dawson has been an academic at Queensland University of Technology (QUT) since 1974. He has extensive research experience in information security publishing over 250 referred research papers and supervising 35 PhD students to completion in this area. From 1993-2007 Professor Dawson was research director of the information security research group at QUT. In 2008 he was awarded title of Emeritus Professor at QUT in recognition of his contributions. From 2005-2010 Professor Dawson was leader of the Australian wide information security node of the ARC funded network Research Network for a Secure Australia (RNSA). From 2000-2010 Professor Dawson was extensively involved with the organisation of the International Association of Cryptologic Research (IACR) serving on the board of directors from 2000-2004 and 2008-2010 (Vice President). In recognition of his research and service Professor Dawson was awarded a Fellowship by IACR in 2016.
Anonymous credential allows a user to be authenticated without revealing his identity. In an anonymous credential system, a user obtains a credential from an organisation, and then he can prove to the organisation (or any other party) that he has been given an appropriate credential. He can do this without revealing anything else about his identity. Furthermore, it can be guaranteed that if he uses his credential in the second time, no one will be able to tell that the two interactions involved the same user. Not only is it impossible to identify the user, there will be no way anyone can trace the user's transactions. The analogues of anonymous credential in paper world are: money, bus and train tickets, and game-arcade tokens. These do not have any personally identifying information and consequently can be transferred between users without the issuers or relying parties being aware of this. The original anonymous credential system proposed by David Chaum in 1985 was referred to as a pseudonym system. This stems from the fact that the credentials of such a system are obtained from and shown to organisations using different pseudonyms that cannot be linked. In this talk, we will present a survey of research literatures in anonymous credentials, in terms of solutions, security and efficiency.
Short Bio: Dr. Xun Yi is a professor with the School of Computer Science and Information Technology, RMIT University, Australia. His research interests include database security, computer and network security, mobile and wireless communication security, private information retrieval, privacy-preserving data mining, secure electronic commerce and applied cryptography. He has published more than 150 research papers in international journals, such as IEEE Trans. Knowledge and Data Engineering, IEEE Trans. Wireless Communication, IEEE Trans. Dependable and Secure Computing, IEEE Trans. Circuit and Systems, IEEE Trans. Vehicular Technologies, IEEE Communication Letters, IEE Electronic Letters, and conference proceedings. He has led several ARC projects. Currently, he serves as an Associate Editor for IEEE Transactions on Dependable and Secure Computing.
The outsourcing computations in distributed environments suffer from the trust problems between the outsourcer and the workers. The rational lazy-and-partially-dishonest workers in the outsourcing computation model seems sufficient, but it still does not represent the real life situation. The notion of outsourcing computation is closely related to crowdsourcing. Crowdsourcing is an emerging and exciting technology to acquire services by soliciting contributions from a large group of community, rather than traditional employees or suppliers. With crowdsourcing, the power of people (and hence, the "crowd") will be unleashed to help solving our problem. The situation becomes complex in a commercial setting. Participants will receive payment upon their contribution, and hence, there is incentive for dishonest participants to claim credit for work they did not perform. Additionally, the job owner may not honour its obligation to pay upon the completion of participants' contribution. In this talk, we will go through the challenges that are related to the fairness for all entities, and some research questions.
Short Bio: Willy Susilo received the Ph.D. degree in computer science from the University of Wollongong, Australia. He is a Professor and the Head of School of Computing and Information Technology at the University of Wollongong in Australia. He is also the Director of Centre for Computer and Information Security Research, University of Wollongong. He has been awarded the prestigious ARC Future Fellow by the Australian Research Council. His main research interests include cloud security, cryptography and information security. He has served as a program committee member in major international conferences.
Side-channel attacks are an increasingly important concern for the security of cryptographic embedded devices, such as the SIM cards used in mobile phones. Previous works have exhibited such attacks against implementations of the 2G GSM algorithms (COMP-128, A5). In this paper, we show that they remain an important issue for USIM cards implementing the AES-based MILENAGE algorithm used in 3G/4G communications. In particular, we analyze instances of cards from a variety of operators and manufacturers, and describe successful Differential Power Analysis attacks that recover encryption keys and other secrets (needed to clone the USIM cards) within a few minutes. Further, we discuss the impact of the operator-defined secret parameters in MILENAGE on the difficulty to perform Differential Power Analysis, and show that they do not improve implementation security. Our results back up the observation that physical security issues raise long-term challenges that should be solved early in the development of cryptographic implementations, with adequate countermeasures.
Short Bio: Yu Yu is currently a research professor at Shanghai Jiao Tong University. He received his B.Sc degree from Fudan University at China in 2003, and then his Ph.D from Nanyang Technological University at Singapore in 2006. After finishing his postdoctoral training at the UCL crypto group, he returned to China in 2010 and worked at the East China Normal University and later the Institute for Interdisciplinary Information Sciences (IIIS) at Tsinghua University, before joining Shanghai Jiao Tong University in 2014. His research interests include side-channel attacks and countermeasures (aka. leakage-resilient cryptography), provable security (complexity-based cryptography) and post-quantum cryptography. He has published more than 30 papers at major venues such as CRYPTO, EUROCRYPT, ASIACRYPT, CCS, TCC, CT-RSA, CHES, ACISP, ESORICS, ASIACCS with two papers invited to Journal of Cryptology. In addition, he has been serving on the board of the International Association for Cryptologic Research (IACR) as a member (observer) and a webmaster for www.iacr.org since 2014. He received the Outstanding Young Scholar Award from the Chinese Association for Cryptologic Research in 2015.