13th International Conference on Network and System Security
Sapporo, Japan
| 15-18 December 2019
David Cash
University of Chicago, USA
Order-revealing encryption (ORE), due to Boldyreva, Chenette, Lee, and O'Neill (CRYPTO'09) allows for efficient order-comparison of plaintexts without decryption, enabling encrypted database applications. While very efficient constructions of ORE are known, the security achieved is uncertain and likely inadequate for many applications. A line of work has given attacks against ORE that apply in broad settings, and also new constructions that might avoid attacks if employed carefully. This will talk survey these ORE constructions and provable and empirical evaluations of their security.
Biography: David is an associate professor in the Computer Science Department at the University of Chicago. He does research in applied and theoretical cryptography and computer security. Before joining the University of Chicago in 2018, he earned his PhD at Georgia Tech in 2009, and in the intervening years worked at the University of California San Diego, IBM, Ruhr University Bochum, and Rutgers University.
Yang Xiang
Swinburne University of Technology, Australia
Machine learning based solutions have been successfully employed for automatic detection of malware on Android. However, machine learning models lack robustness to adversarial examples, which are crafted by adding carefully chosen perturbations to the normal inputs. So far, the adversarial examples can only deceive detectors that rely on syntactic features (e.g., requested permissions, API calls, etc.), and the perturbations can only be implemented by simply modifying application’s manifest. While recent Android malware detectors rely more on semantic features from Dalvik bytecode rather than manifest, existing attacking/defending methods are no longer effective.
In this talk, we introduce a new attacking method that generates adversarial examples of Android malware and evades being detected by the current models. To this end, we propose a method of applying optimal perturbations onto Android APK that can successfully deceive the machine learning detectors. We develop an automated tool to generate the adversarial examples without human intervention. In contrast to existing works, the adversarial examples crafted by our method can also deceive recent machine learning based detectors that rely on semantic features such as control-flow-graph. The perturbations can also be implemented directly onto APK’s Dalvik bytecode rather than Android manifest to evade from recent detectors. We demonstrate our attack on two state-of-the-art Android malware detection schemes, MaMaDroid and Drebin.
Biography: Professor Yang Xiang received his PhD in Computer Science from Deakin University, Australia. He is currently a full professor and the Dean of Digital Research & Innovation Capability Platform, Swinburne University of Technology, Australia. His research interests include cyber security, which covers network and system security, data analytics, distributed systems, and networking. In the past 20 years, he has been working in the broad area of cyber security, which covers network and system security, AI, data analytics, and networking. He has published more than 300 research papers in many international journals and conferences. He is the Editor-in-Chief of the SpringerBriefs on Cyber Security Systems and Networks. He serves as the Associate Editor of IEEE Transactions on Dependable and Secure Computing and IEEE Internet of Things Journal, and the Editor of Journal of Network and Computer Applications. He served as the Associate Editor of IEEE Transactions on Computers and IEEE Transactions on Parallel and Distributed Systems. He is the Coordinator, Asia for IEEE Computer Society Technical Committee on Distributed Processing (TCDP). He is a Senior Member of the IEEE (M'07-SM'12).
Sherman Chow
Chinese University of Hong Kong, Hong Kong
Access control encryption, introduced by Damgård et al. (TCC 2016), is a cryptographic approach to minimize the trust on the sanitizer in controlling information flow. They proposed two ACE schemes for arbitrary policy. One produces ciphertexts of exponential (in the bit-length of a user identity) size, and another is from indistinguishability obfuscation. Sanitization is keyless. Their work poses two open problems: 1) to construct practically interesting ACE from noisy, post-quantum assumptions such as LWE (learning with error), 2) to design sublinear ACE scheme with practical efficiency (even for limited classes of interesting predicates). Subsequent works, including Tan et al. (AsiaPKC 2017), Fuchsbauer et al. (PKC 2017), and Kim and Wu (Asiacrypt 2017) address either of these problems in different ways. In particular, Kim and Wu left "the construction of an ACE scheme (for general policies) where the sanitizer key can be public" as an open problem. In this talk, we discuss these major works and present our general framework for building ACE, which leads to practical constructions (better) solving the open problems.
This talk stems from the joint works with my Ph.D. students Xiuhua Wang and Harry W. H. Wong.
Biography: Sherman S. M. Chow is an Associate Professor in Information Engineering at the Chinese University of Hong Kong. He was a research fellow in Combinatorics and Optimization at the University of Waterloo, a position he commenced after receiving his Ph.D. degree from the Courant Institute of Mathematical Sciences, New York University. During his study, he interned at NTT Research and Development (Tokyo), Microsoft Research (Redmond), and Fuji Xerox Palo Alto Laboratory. He publishes in both theory venues such as AsiaCrypt, EuroCrypt, and ITCS, and security venues such as CCS, NDSS, and Usenix Security. He served on the editorial board of IEEE Transactions on Information Forensics and Security for four years and the program committee of AsiaCrypt for six years. He is also an editor of four other journals, which focus on security, and a PC member of 190+ conferences, including CCS, Crypto, and TheWeb. Last year, he served on the award committee of the Caspar Bowden Privacy-Enhancing Technologies award. He got the Early Career Award from the Hong Kong Research Grants Council. Recently, he is awarded the status of the European Alliance for Innovation (EAI) Fellow (2019, inaugural), and named as one of the 100 Most Influential Scholars (Security and Privacy, 2018) by ArnetMiner (AMiner).
Kouichi Sakurai
Kyushu University,Japan
We first survey recent proposed e-voting protocols based on Blockchain,while comparing the implemented e-voting schemes before Blockchain. Next we analyze "Receipt-freeness" and "coercion-resistance" in recently proposed e-voting schemes with Blockchain. Finally we investigate the relationship and real gap between "receipt-freeness" and "coercion-resistance", which is one of the significant issues in Internet e-voting systems, and discuss how to design the ideal e-voting scheme with perfect security and strong privacy.
Note: This is a joint work with Mr. Misni and Dr. S. Dutta, and partially supported by JSPS Grant-in-Aid for Scientific Research KAKENHI (C) JP18K11297.
Biography: Prof. Kouichi Sakurai is a Full Professor in the Department of Informatics at Kyushu University. Dr. Sakurai directs the Laboratory for Information Technology and Multimedia Security and he is working also with CyberSecurity Center of Kyushu University. He is now working also with Department of Advanced security of Advanced Telecommunications Research Institute International and involved in a NEDO-SIP-project on supply chain security. Professor Sakurai has published about 400 academic papers around cryptography and cybersecurity. (See http://dblp.uni-trier.de/db/indices/a-tree/s/Sakurai:Kouichi.html)
The growth of advanced information and communication technologies has led to the tremendous development of IoT circumstances. Traditional approaches for protecting the data by cryptology usually fall short of fulfilling IoT security and privacy requirements. In this talk, we will introduce a trusted IoT framework enabling multiple security techniques, such as secure BLE communication, privacy-aware access control, end-device authentication, and Blockchain-based auditing. First of all, we will present several secure communication schemes for BLE-based smart objects in the IoT. In addition, a user-friendly privacy protocol for users to achieve consents with nearby BLE devices is introduced. Secondly, we will demonstrate the design of a Blockchain-connected gateway for BLE devices. Thirdly, we will give the overview of an ISO/IEC 15408-2 compliant security auditing system with Blockchain as an underlying architecture for data management.
Biography: Kuo-Hui Yeh (SM’16) is a Professor with the Department of Information Management, National Dong Hwa University, Hualien, Taiwan. He received M.S. and Ph.D. degrees in Information Management from the National Taiwan University of Science and Technology, Taipei, Taiwan, in 2005 and 2010, respectively. Dr. Yeh has authored over 100 articles in international journals and conference proceedings. His research interests include IoT security, Blockchain, mobile security, NFC/RFID security, authentication, digital signature, data privacy and network security. Dr. Yeh is currently an associate/academic editor of IEEE Access, Journal of Internet Technology (JIT), Journal of Information Security and Applications (JISA), Security and Communication Networks (SCN) and Data in Brief (DIB), and has served as a guest editor for Future Generation Computer Systems (FGCS), IEEE Access, Mathematical Biosciences and Engineering (MBE), International Journal of Information Security (IJIS), JIT, Sensors and Cryptography. In addition, Dr. Yeh has participated in the organization committee of DSC 2018, SPCPS 2017, NSS 2016, RFIDsec’14 Asia and RFIDsec’12 Asia, and he has served as a TPC member of 30 international conferences/workshops on information security. He is a Senior Member of the IEEE.
Xingliang Yuan
Monash University, Australia
Searchable encryption (SE) is a practical cryptographic tool to build encrypted databases. Recently there has been much attention in leakage-abuse attacks against SE. To mitigate these attacks, database padding is naturally considered, because it is conceptually simple. However, the security of padding and how to effectively deploy it in practice are not fully understood. In this talk, I will summarise our recent efforts to answer the above questions. First, I will introduce information theory based methods to analyse the security of padding. Second, I will present how to design an encrypted database with padding countermeasures.
Biography: Dr Xingliang Yuan is a Lecturer (aka Assistant Professor) at the Faculty of Information Technology, Monash University, Australia. He obtained his PhD degree in Computer Science from City University of Hong Kong in 2016. His research focuses on addressing privacy and security issues in cloud and networked systems. In the past few years, his work has appeared at prestigious venues in security, networking, and distributed systems, such as CCS, INFOCOM, ICDCS, TDSC, TON, TPDS, etc.