Emerging Technologies for Authorization and Authentication: Second International Workshop, ETAA 2019, Luxembourg City, Luxembourg, September 27, 2019, Proceedings (Security and Cryptology)

✍ Scribed by Andrea Saracino (editor), Paolo Mori (editor)

Publisher: Springer
Year: 2020
Tongue: English
Leaves: 198
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

This book constitutes the proceedings of the Second International Workshop on Emerging Technologies for Authorization and Authentication, ETAA 2019, held in Luxembourg, in September 2019.
The 10 full papers presented in this volume were carefully reviewed and selected from numerous submissions. They focus on new techniques for biometric and behavioral based authentication, authentication and authorization in the IoT and in distributed systems in general, techniques for strengthen password based authentication and for dissuading malicious users from stolen password reuse, an approach for discovering authentication vulnerabilities in interconnected accounts, and strategies to optimize the access control decision process in the Big Data scenario.

✦ Table of Contents

Preface
ETAA Workshop Introduction
Organization
Contents
Logics to Reason Formally About Trust Computation and Manipulation
1 Introduction
2 Trust: Origins and Varieties
3 LCT: A Logic for Computing Trust
3.1 Syntax
3.2 Semantics
3.3 LCT and the Trust Taxonomy
4 LMT: A Logic for Trust Manipulation
5 Conclusion
References
An Authorization Framework for Cooperative Intelligent Transport Systems
1 Introduction
2 Background
3 Related Work
4 C-ITS Reference Architecture
5 Authorization Framework
6 Application to Location Tracking Services
6.1 Location Tracking Services
6.2 Authorization Framework for Location Tracking Services
7 Discussion
8 Conclusions and Future Work
References
A Framework for the Validation of Access Control Systems
1 Introduction
2 Background
2.1 XACML-Based Access Control System
2.2 Mutation Testing
3 XACML Mutation Framework
3.1 Workflow of the Testing Process
4 Examples of Framework Application
4.1 Instantiation of the XMF Framework
4.2 Examples of Analysis
5 Related Work
6 Conclusions
References
The Structure and Agency Policy Language (SAPL) for Attribute Stream-Based Access Control (ASBAC)
1 Introduction
2 Attribute Stream-Based Access Control (ASBAC)
3 Requirements
4 The Structure and Agency Policy Language (SAPL)
4.1 Subscriptions and Decisions
4.2 SAPL Documents
4.3 Policies
4.4 Policy Sets
4.5 Combining Algorithms
4.6 Expressions
5 Implementation of an Attribute Stream-Based Policy Evaluation
5.1 Reactive Programming
5.2 Reactive Policy Document Evaluation
6 Conclusions
A SAPL Grammar
References
NoCry: No More Secure Encryption Keys for Cryptographic Ransomware
1 Introduction
2 Recalling UShallNotPass: No Random, No Ransom
3 Security Assumptions
4 NoCry: Requirements, Design and Implementation
4.1 Robust Architecture
4.2 Low False Positive Rate and Minimal User Intervention
4.3 Optimized Decision Procedure
5 Methods, Experiments and Results
5.1 Performance
5.2 Evaluation of False Positives
5.3 Evaluation of False Negatives
6 State of the Art in Ransomware Defense
7 Critical Discussion and Conclusions
References
Security Requirements for Store-on-Client and Verify-on-Server Secure Biometric Authentication
1 Introduction
2 Definitions of Store-on-Client Verify-on-Server Secure Biometric Authentication (SCVS-SBA)
2.1 Components
2.2 Security
3 Proposed Scheme and Its Analysis
3.1 Preliminaries
3.2 Construction
3.3 Security Analysis
3.4 Implementation Results
4 Related Work
5 Conclusion
References
Reflexive Memory Authenticator: A Proposal for Effortless Renewable Biometrics
1 Introduction
2 Challenge-Based Authentication
2.1 Text Challenges
2.2 Graphical Challenges
3 Biometric Authentication Methods
3.1 Error Rates
3.2 Eye and Reflexive Biometrics
4 The Pupil Memory Reflex
5 Using Reflexive Pupil Dilation for Authentication
5.1 Basic Protocol
5.2 Implementation Constraints and Parameters
6 Error Tolerance and Security Considerations
6.1 Kinds of Errors
6.2 Showing More Unknown or Known Images
6.3 Handling the Probability of an Error
6.4 Adaptive Error Probability
6.5 Preventing Targeted Attacks
6.6 Constraint on a Generalised Use
7 Extensions and Discussion
7.1 Potential Extensions
7.2 Testing Reflexive Pupil Biometrics
References
Collaborative Authentication Using Threshold Cryptography
1 Introduction
2 System Model and Requirements
3 Building Blocks and Their Security Definitions
4 The Collaborative Authentication Protocol
4.1 Protocol Overview
4.2 Share Regeneration and Repair
4.3 Threshold Schnorr Signatures
5 Security Analysis
6 Performance Analysis
7 Related Work
8 Conclusions
References
MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols
1 Introduction
2 Background on MFA
3 Motivations and Overview of the Approach
4 Modeling an MFA Protocol
4.1 MFA Modeling Language
4.2 Compliance w.r.t. the NIST Classification
5 Protocol Analysis
5.1 Attacker Models and Applicability
5.2 Security Criteria and Complexity
6 Implementation
6.1 Questionnaire
6.2 Translator
6.3 Analysis
6.4 Aggregator
7 Discussion and Future Directions
8 Conclusion
A Example Input
References
A Risk-Driven Model to Minimize the Effects of Human Factors on Smart Devices
1 Introduction
2 Background
2.1 Terminologies
2.2 Risk Factors for Smart Devices
2.3 Security Strategies for Smart Devices
2.4 Human Reliability Assessment Methods
3 Problem Description
4 Our Solution
4.1 Model Description
4.2 Risk Assessment Process
4.3 Resource Revocation Process
5 Conclusions
A Summary of features, their incorrect usage patterns, and resources exposed
References
A Formal Security Analysis of the pp Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted Email
1 Introduction
1.1 Contributions
2 Context and Approach
2.1 Methodology
3 Background: Pretty Easy Privacy (pp)
3.1 pp Trustwords
3.2 Trust Rating and Visual Indicators
3.3 Technical Specifications of pp
4 The pp Protocol
4.1 Public Key Distribution and Encrypted Communication
4.2 Authentication and pp Privacy Rating Assignment
5 Security Properties
6 Formal Security Analysis
6.1 Threat Model and Trust Assumptions
6.2 Modeling the pp Protocol
6.3 Privacy and Authentication Properties of pp
6.4 Verification Results and Analysis
6.5 Limitations
7 Further Directions and Concluding Remarks
References
Author Index

📜 SIMILAR VOLUMES

Computer Security: ESORICS 2019 Internat

📁 Computer Security: ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Luxembourg City, Luxembourg, September 26–27, 2019 Revised Selected Papers (Security and Cryptology)

✍ Sokratis Katsikas (editor), Frédéric Cuppens (editor), Nora Cuppens (editor), Co 📂 Library 📅 2020 🏛 Springer 🌐 English

This book constitutes the refereed post-conference proceedings of the 5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the Third International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the First In

Security and Trust Management: 15th Inte

📁 Security and Trust Management: 15th International Workshop, STM 2019, Luxembourg City, Luxembourg, September 26–27, 2019, Proceedings

✍ Sjouke Mauw, Mauro Conti 📂 Library 📅 2019 🏛 Springer International Publishing 🌐 English

This book constitutes the proceedings of the 15th International Workshop on Security and Trust Management, STM 2019, held in Luxembourg City, Luxembourg, in September 2019, and co-located with the 24th European Symposium Research in Computer Security, ESORICS 2019. The 9 full papers and 1 shor

Computer Security: ESORICS 2019 Internat

📁 Computer Security: ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26–27, 2019, Revised Selected Papers (Security and Cryptology)

✍ Apostolos Fournaris; Manos Athanatos; Konstantinos Lampropoulos; Sotiris Ioannid 📂 Library 🌐 English

Emerging Technologies for Authorization

📁 Emerging Technologies for Authorization and Authentication: First International Workshop, ETAA 2018, Barcelona, Spain, September 7, 2018, Proceedings

✍ Andrea Saracino, Paolo Mori 📂 Library 📅 2018 🏛 Springer International Publishing 🌐 English

This book constitutes the proceedings of the First International Workshop on Emerging Technologies for Authorization and Authentication, ETAA 2018, held in Barcelona, Spain, in September 2018. The 10 papers presented in this volume were carefully reviewed and selected from 16 submission

Socio-Technical Aspects in Security and

📁 Socio-Technical Aspects in Security and Trust: 9th International Workshop, STAST 2019, Luxembourg City, Luxembourg, September 26, 2019, Revised Selected Papers (Security and Cryptology)

✍ Thomas Groß (editor), Theo Tryfonas (editor) 📂 Library 📅 2021 🏛 Springer 🌐 English

The open access volume LNCS 11739 constitutes the proceedings of the 9th International Workshop on Socio-Technical Aspects in Security, STAST 2019, held in Luxembourg, in September 2019. The total of 9 full papers together with 1 short paper was carefully reviewed and selected from 28 submissi

Data Privacy Management, Cryptocurrencie

📁 Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2019 International Workshops, DPM 2019 and CBT 2019, Luxembourg, September 26–27, 2019, Proceedings

✍ Cristina Pérez-Solà, Guillermo Navarro-Arribas, Alex Biryukov, Joaquin Garcia-Al 📂 Library 📅 2019 🏛 Springer International Publishing 🌐 English

This book constitutes the refereed conference proceedings of the 14th International Workshop on Data Privacy Management, DPM 2019, and the Third International Workshop on Cryptocurrencies and Blockchain Technology, CBT 2019, held in conjunction with the 24th European Symposium on Research in C