𝔖 Scriptorium
✦   LIBER   ✦
📁

Computer Security: ESORICS 2020 International Workshops, DETIPS, DeSECSys, MPS, and SPOSE, Guildford, UK, September 17–18, 2020, Revised Selected Papers

✍ Scribed by Ioana Boureanu (editor), Constantin Cătălin Drăgan (editor), Mark Manulis (editor), Thanassis Giannetsos (editor), Christoforos Dadoyan (editor), Panagiotis Gouvas (editor), Roger A. Hallman (editor), Shujun Li (editor), Victor Chang (editor)

Publisher
Springer
Year
2020
Tongue
English
Leaves
349
Series
Lecture Notes in Computer Science; 12580
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

This book constitutes the refereed post-conference proceedings of the Interdisciplinary Workshop on Trust, Identity, Privacy, and Security in the Digital Economy, DETIPS 2020; the First International Workshop on Dependability and Safety of Emerging Cloud and Fog Systems, DeSECSys 2020; Third International Workshop on Multimedia Privacy and Security, MPS 2020; and the Second Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2020; held in Guildford, UK, in September 2020, in conjunction with the 25th European Symposium on Research in Computer Security, ESORICS 2020.

A total of 42 papers was submitted. For the DETIPS Workshop 8 regular papers were selected for presentation. Topics of interest address various aspect of the core areas in relation to digital economy.

For the DeSECSys Workshop 4 regular papers are included. The workshop had the objective of fostering collaboration and discussion among cyber-security researchers and practitioners to discuss the various facets and trade-o s of cyber security. In particular, applications, opportunities and possible shortcomings of novel security technologies and their integration in emerging application domains.

For the MPS Workshop 4 regular papers are presented which cover topics related to the security and privacy of multimedia systems of Internet-based video conferencing systems (e.g., Zoom, Microsoft Teams, Google Meet), online chatrooms (e.g., Slack), as well as other services to support telework capabilities.

For the SPOSE Workshop 3 full papers were accepted for publication. They reflect the discussion, exchange, and development of ideas and questions regarding the design and engineering of technical security and privacy mechanisms with particular reference to organizational contexts.

✦ Table of Contents

DETIPS 2020 Preface
DETIPS 2020 Organization
DeSECSyS 2020 Preface
DeSECSyS 2020 Organization
MPS 2020 Preface
MPS 2020 Organization
SPOSE 2020 Preface
SPOSE 2020 Organization
Sealed-Bid Auctions Without Auctioneers (DeSECSyS 2020 Workshop Keynote)
Cyber Security Responsibilization of Citizens A Paradigm Mismatch? (SPOSE 2020 Workshop Keynote)
Contents
DETIPS 2020
IMC: A Classification of Identity Management Approaches
1 Introduction
2 Related Work
3 Identity Management Models
3.1 Analysis of Identity Management Models
3.2 The Identity Management Cube (IMC)
3.3 IMC Applied to Current Approaches
4 Morphology of Identity Management
4.1 Design of the Morphology
4.2 Identity Management Morphology
4.3 Morphology Mapped to Life Cycle
4.4 Morphology Applied to Current Approaches
5 Discussion
6 Conclusion and Future Work
References
Keeping it Human: A Focus Group Study of Public Attitudes Towards AI in Banking
1 Introduction
2 Methods
2.1 Sample
3 Findings
3.1 Virtual Money Coaches
3.2 Chatbots
3.3 Algorithmic Decision-Making
3.4 Broader Themes
4 Discussion
5 Conclusions
References
Creative Toolkits for TIPS
1 Introduction
2 Survey of Papers
2.1 Method
2.2 Review Papers
2.3 Toolkits
2.4 Case Study Papers
2.5 Applied Research Toolkits
2.6 Conceptual/Methodological Research Toolkit
2.7 Conceptual Future Application Toolkit
3 Discussion
4 Summary and Conclusion
References
Post-quantum Certificates for Electronic Travel Documents
1 Introduction
2 Security for Electronic Travel Documents
2.1 Electronic Travel Documents
2.2 Public Key Infrastructures
2.3 PKI for Electronic Travel Documents
2.4 Access to the Contactless Chip
2.5 Authentication of the Data
2.6 Authentication of the Contactless Chip
3 Building a Post-quantum PKI for Electronic Travel Documents
3.1 Design
3.2 Algorithm Selection
3.3 Implementation
3.4 Overview of Experiments Performed
4 Challenges
5 Results
6 Conclusions and Future Work
References
Development of Trust Infrastructures for Virtual Asset Service Providers
1 Introduction
2 The Travel Rule and VASP Customer Information
3 Information Sharing Infrastructure for VASPs
4 A Trusted Identity Infrastructure for VASPs
4.1 Extended Validation Certificates for VASP Business Identity
4.2 VASP Transactions-Signing and Claims-Signing Certificates
4.3 Consortium-Based VASP Certificate Hierarchy
5 Customer Identity and Key Management Infrastructure
5.1 Customer Identities and Digital Identifiers
5.2 Identifier Resolvers
5.3 Federation of VASP Identifier Resolver Services
5.4 Customer Managed Access to Claims
6 Attestations Infrastructures for Regulated Wallets
6.1 Attestation Evidence Relevant to VASPs & Asset Insurers
6.2 On-Boarding and Off-Boarding Customers
7 Conclusions
References
Risk Assessment of Sharing Cyber Threat Intelligence
1 Introduction
2 Related Work
3 Methodology
3.1 Risk Assessment Approach/Background
3.2 Associated Risk Model (ARM)
3.3 Dataset Analysis
3.4 Threat Analysis
3.5 Total Associated Risk (TAR)
4 Evaluation
4.1 Expert Selection
4.2 Case Studies
5 Threats to Validity
6 Conclusion and Future Work
References
kUBI: A Framework for Privacy and Transparency in Sensor-Based Business Models for Consumers: A Pay-How-You-Drive Example
1 Introduction
2 Related Work
3 Mobile Application Environment
3.1 Android Sensor Stack
3.2 Attacks on Sensor Data
4 Usage-Based Insurance
4.1 Stakeholders and Their Respective Interests
4.2 Workflow
5 kUBI
5.1 Potential Strategies
5.2 Privacy Enhanced Model
5.3 Components
5.4 Basic Design Decisions
5.5 Modified Android Implementation
6 Evaluation
6.1 Identification Attack
6.2 Anonymization
6.3 Privacy
7 Conclusion
References
Verifiable Contracting
1 Introduction
2 Use Case: Contract Offering
2.1 Proposed Use Case Scenario
3 Background: eIDAS and SAML SSO
3.1 EIDAS-based eID
3.2 SAML SSO
3.3 EIDAS-compliant Certificates and PSD2
4 Scenario and Implementation
4.1 SAML
4.2 Verifiable Credentials
5 Related Work
6 Lessons Learned and Conclusion
A Listings
References
DeSECSyS 2020
ICITPM: Integrity Validation of Software in Iterative Continuous Integration Through the Use of Trusted Platform Module (TPM)
1 Introduction
2 Background
3 Related Work
4 Security Role in Automation
4.1 Security Risks in Assembly and Testing Servers
5 A Proof-of-Concept: Vulnerable Server Launching Jenkins
6 Code Integrity in the CI/DP Pipeline
7 Our Proposal: Trusted Integrity Platform
7.1 Utilization of TPM Public Keys in TIP Server
8 Performance Evaluation
9 Conclusions and Future Work
References
Making Picnic Feasible for Embedded Devices
1 Introduction
2 Preliminaries
2.1 Picnic
2.2 Picnic Structure
3 Our Optimizations
3.1 Generation of Seeds and Salt
3.2 Computation of Challenge
3.3 Stream Encrypted Temporary Results
4 Results
5 Implementation
References
Sandboxing the Cyberspace for Cybersecurity Education and Learning
1 Introduction
2 Related Work
3 Virtualization Technologies and Sandboxing
3.1 Evaluation of Popular Virtualization and Containerization Techniques
3.2 Sandboxing for Monitoring the Participants’ Actions
4 Towards a New Model for Cyber Range Deployment
5 Conclusions and Future Work
References
CloudVaults: Integrating Trust Extensions into System Integrity Verification for Cloud-Based Environments
1 Introduction
2 Towards Trust-Aware Service Graph Chains (SGCs)
2.1 Solidifying the s: Inter-trustability of Service Function Slices
3 System and (Adv)ersarial Model
4 High-Level Security Properties of CIV
5 An Architectural Blueprint Towards Unified CIV
5.1 High-Level Overview
5.2 CloudVaults Building Blocks
6 Security Analysis
7 Experimental Performance Evaluation
8 Conclusions
A Appendices
B Timings and Benchmarks
C CloudVaults Formal Trust Models
References
MPS 2020
Twizzle - A Multi-purpose Benchmarking Framework for Semantic Comparisons of Multimedia Object Pairs
1 Introduction
2 Twizzle Benchmarking
2.1 Challenge Creation
2.2 Wrapping an Algorithm
2.3 Test Runs
2.4 Analyse Results
2.5 Twizzle Features
3 Use Cases
3.1 Multimedia Forensics
3.2 Face Recognition
4 Conclusion
References
You've Got Nothing on Me! Privacy Friendly Face Recognition Reloaded
1 Introduction
2 Related Work
3 Towards Privacy Friendly Face Recognition
3.1 Preprocessing
3.2 Local Binary Pattern Histograms
3.3 Quantization
3.4 Usage of Error Correction Codes
3.5 Fuzzy Commitment
4 Experimental Analysis
4.1 Experiment Setup
4.2 Face Recognition with Local Binary Patterns
4.3 The Impact of Quantization on Recognition Performance
4.4 Quantization Variants
4.5 Usage of Error Correction
4.6 The Fuzzy Commitment Approach
5 Conclusion
References
OR-Benchmark: An Open and Reconfigurable Digital Watermarking Benchmarking Framework
1 Introduction
2 Related Work
2.1 StirMark
2.2 Other Benchmarking Systems
3 Proposed OR-Benchmark Framework
3.1 Modeling of Watermarking Systems
3.2 Performance Evaluation Criteria
3.3 Our Benchmarking Framework
3.4 Open Interfaces
4 Case Studies
4.1 Case 1: Copyright Protection
4.2 Case 2: Content Integrity Verification
4.3 Case 3: Tamper Localization and Self-restoration
5 Conclusion and Future Work
References
SPOSE 2020
Nothing Standard About It: An Analysis of Minimum Security Standards in Organizations
1 Introduction
2 Related Work
3 Methodology
4 Results
5 Discussion and Concluding Remarks
References
The Bigger Picture: Approaches to Inter-organizational Data Protection Impact Assessment
1 Introduction
2 Background and Motivation
3 Requirements
4 Approaches to Collaborative DPIA
4.1 Centralized Approach
4.2 Federated Approach
4.3 Requirement Coverage
5 Conclusion
References
Systematic Scenario Creation for Serious Security-Awareness Games
1 Introduction
2 Background and Related Work
2.1 Personas
2.2 HATCH
3 Methodology
3.1 Interview Guide
3.2 Interview Implementation and Participants
3.3 Data Analysis
3.4 Development of the Scenario
3.5 Evaluation
4 Results
4.1 Scenario
4.2 Personas
5 Evaluation
6 Discussion
6.1 Scenario
6.2 Methodology
6.3 Threats to Validity and Limitations
6.4 Future Work
7 Conclusion
References
Analysing Simulated Phishing Campaigns for Staff
1 Introduction
2 Different Forms and Types of Phishing Messages
3 Objectives of Simulated Phishing Campaigns
4 Simulated Phishing Campaign Designs
5 Problems with, and Obstacles to, Simulated Phishing Campaigns
5.1 Security Aspects
5.2 Legal Aspects
5.3 Human Aspects
6 What Do the Numbers Collected During the Simulated Phishing Campaign Tell Us?
7 Conclusion
Author Index

📜 SIMILAR VOLUMES

Computer Security: ESORICS 2020 Internat
📁 Computer Security: ESORICS 2020 International Workshops, CyberICPS, SECPRE, and ADIoT, Guildford, UK, September 14–18, 2020, Revised Selected Papers
✍ Sokratis Katsikas, Frédéric Cuppens, Nora Cuppens, Costas Lambrinoudakis, Christ 📂 Library 📅 2021 🏛 Springer 🌐 English

This book constitutes the refereed post-conference proceedings of the 6th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2020, the Second International Workshop on Security and Privacy Requirements Engineering, SECPRE 2020, and the Third Intern

Data Privacy Management, Cryptocurrencie
📁 Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2020 International Workshops, DPM 2020 and CBT 2020, Guildford, UK, September 17–18, 2020, Selected Papers
✍ Joaquin Garcia-Alfaro (editor), Guillermo Navarro-Arribas (editor), Jordi Herrer 📂 Library 📅 2020 🏛 Springer 🌐 English

<span>This book constitutes the revised selected post conference proceedings of the 15th International Workshop on Data Privacy Management, DPM 2020, and the 4</span><span><sup>th</sup></span><span> International Workshop on Cryptocurrencies and Blockchain Technology, CBT 2020, held in conjunction w

Security and Trust Management: 16th Inte
📁 Security and Trust Management: 16th International Workshop, STM 2020, Guildford, UK, September 17–18, 2020, Proceedings
✍ Kostantinos Markantonakis, Marinella Petrocchi 📂 Library 📅 2020 🏛 Springer International Publishing;Springer 🌐 English

<p>This book constitutes the proceedings of the 16th International Workshop on Security and Trust Management, STM 2020, co-located with the 25th European Symposium on Research in Computer Security, ESORICS 2020. The conference was planned to take place in Guildford, UK, but had to be moved to an onl

Computer Security: ESORICS 2019 Internat
📁 Computer Security: ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Luxembourg City, Luxembourg, September 26–27, 2019 Revised Selected Papers (Security and Cryptology)
✍ Sokratis Katsikas (editor), Frédéric Cuppens (editor), Nora Cuppens (editor), Co 📂 Library 📅 2020 🏛 Springer 🌐 English

<p><span>This book constitutes the refereed post-conference proceedings of the 5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the Third International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the First In

Computer Security. ESORICS 2022 Internat
📁 Computer Security. ESORICS 2022 International Workshops: CyberICPS 2022, SECPRE 2022, SPOSE 2022, CPS4CIP 2022, CDT&SECOMANE 2022, EIS 2022, and SecAssure 2022 Copenhagen, Denmark, September 26–30, 2022 Revised Selected Papers
✍ Sokratis Katsikas, Frédéric Cuppens, Christos Kalloniatis, John Mylopoulos, Fran 📂 Library 📅 2023 🏛 Springer 🌐 English

<p><span>This book constitutes the refereed proceedings of seven International Workshops which were held in conjunction with the 27th European Symposium on Research in Computer Security, ESORICS 2022, held in hybrid mode, in Copenhagen, Denmark, during October 4-6, 2021. </span></p><span> The 39 pap