Emerging Technologies for Authorization and Authentication: 5th International Workshop, ETAA 2022, Copenhagen, Denmark, September 30, 2022, Revised ... (Lecture Notes in Computer Science, 13782)

Preface
Organization
Contents
An Ontology-Based Approach for Setting Security Policies in Smart Homes
1 Introduction
2 Related Work
2.1 End-User Development in the IoT
2.2 Rule Modeling and Analysis
3 The Policy Translation Point System
3.1 Adopted Models and Formalisms
3.2 User Interface
3.3 Implementation
4 Conclusions
References
ClapAuth: A Gesture-Based User-Friendly Authentication Scheme to Access a Secure Infrastructure
1 Introduction
2 Related Work
2.1 Behavioral-Biometric-Based Smartwatch User Authentication
2.2 Biometric-Based Access Control
3 Approach
4 Experimental Validation
4.1 Dataset
4.2 Features
4.3 Feature Fusion
4.4 Classifier Selection
4.5 Feature Selection
4.6 Experimental Settings
4.7 Performance Evaluation
4.8 Experimental Results
5 Discussion
6 Conclusion and Future Work
References
User Authentication on Headset-Like Devices by Bioacoustic Signals
1 Introduction
2 Notations
3 Acronyms
4 Literature Review
5 Proposed Solution
6 Experiments
7 Conclusion
References
The Measurable Environment as Nonintrusive Authentication Factor on the Example of WiFi Beacon Frames
1 Introduction
2 The Measurable Environment (ME)
2.1 Illustration of the ME
2.2 Fingerprinting the ME
2.3 Classifying Fingerprints of MEs
3 Instantiation Using WiFi Beacon Frames
3.1 Dataset
3.2 Feasibility
3.3 Fingerprinting the ME
3.4 Similarity of Fingerprints and Templates
3.5 Determining the Similarity Threshold
3.6 Classifying Fingerprints
4 Performance
4.1 Classification
4.2 Validation
4.3 Results
5 Use Case: Nonintrusive Authentication
5.1 Augmenting Existing Schemes
5.2 Factor Strength
5.3 Adversary Model and Security Analysis
6 Comparison with Related Work
7 Discussion and Future Work
8 Conclusion
References
Protecting FIDO Extensions Against Man-in-the-Middle Attacks
1 Introduction
2 Background
2.1 FIDO Authentication
2.2 COSE
3 Related Work
4 Attacker Model
4.1 Vulnerable Web Intermediaries
4.2 Compromised Client Application
4.3 Malware on the Client Device
4.4 MitM Between Client Device and Authenticator
5 Protocol Design
5.1 Authenticated Encryption
5.2 Key Exchange
5.3 Data Format
5.4 Displaying User Information
6 Security Evaluation
6.1 Key Exchange
6.2 Encrypted Assertion Extensions
7 Implementation
8 Discussion
8.1 Security
8.2 Implementation
8.3 Usability
9 Conclusion and Outlook
References
Authentication, Authorization, and Selective Disclosure for IoT Data Sharing Using Verifiable Credentials and Zero-Knowledge Proofs
1 Introduction
2 Background and Related Work
2.1 Verifiable Credentials
2.2 BBS+ Digital Signatures
2.3 Related Work
3 Architecture
3.1 Data Encoding and Signing
3.2 Authentication and Authorization Request
3.3 Data Access Request
3.4 Data Access Response
4 Implementation and Evaluation
4.1 Security Properties
5 Conclusions
References
Privacy-Preserving Speaker Verification and Speech Recognition
1 Introduction
2 Related Work
3 Reference Scenario
4 Proposed Methodology
4.1 Privacy Mechanisms Enforcement
4.2 Speaker Verification Model
4.3 Speech Recognition Model
4.4 Text to Speech Model
5 Experiments
5.1 Speaker Verification Experiments
5.2 Speech Recognition Experiments
5.3 Results Discussion
6 Conclusion and Future Work
References
An E-Voting System Based on Tornado Cash*-4pt
1 Introduction
2 Background
2.1 Ethereum
2.2 The ERC20 Standard
2.3 Important Voting Properties
2.4 Tornado Cash
3 The E-Voting Model
3.1 Satisfied Properties
3.2 Cost Estimation
4 Related Work
5 Conclusion
References
Linking Contexts from Distinct Data Sources in Zero Trust Federation
1 Introduction
2 Related Research
3 The Method of Linking Context
3.1 Definition of Context Collector(CtxC)
3.2 Linking Context
4 An Example of CtxC and CAP Implementation
5 Concluding Remarks
References
Author Index