Preface
Organization
ContentsΒ β Part II
ContentsΒ β Part I
Cyber Security
A Comparative Analysis of Rust-Based SGX Frameworks: Implications for Building SGX Applications
1 Introduction
2 Background
2.1 Intel SGX and LibOS-Based SGX Framework
2.2 Rust Programming Language
3 Characteristics Analysis of Frameworks
3.1 Fortanix EDP
3.2 Occlum
3.3 Rust SGX SDK (Teaclave SGX SDK)
4 Qualitative Aspects Affecting Application Performance
4.1 Memory Boundary Check
4.2 Enclave Transition (ECALL/OCALL)
4.3 Runtime Overhead (Miscellaneous)
4.4 Memory Safety Guranteed by Each Framework
5 Performance Evaluation
5.1 Performance Overhead
5.2 Enclave Size
6 Quantifying Engineering Effort
7 Related Work
8 Conclusion
References
BTFuzzer: A Profile-Based Fuzzing Framework for Bluetooth Protocols
1 Introduction
2 Background
2.1 Bluetooth Components
2.2 Generic Fuzzing Environment for Bluetooth Protocols
3 Proposed System
3.1 Overview
3.2 Fuzzing Interface
3.3 Fuzzing Server
3.4 Fuzzing Client
3.5 Packet Generator
3.6 Crash Collector
3.7 Coverage Analyzer
4 Evaluation
4.1 Hiding the List of Malicious Bluetooth Devices
4.2 Buffer Overflow Vulnerabilities
4.3 Coverage
4.4 Summary of Evaluation Results
5 Related Work
6 Conclusions
References
mdTLS: How to Make Middlebox-Aware TLS More Efficient?
1 Introduction
2 Related Works
2.1 TEE Based Approaches
2.2 TLS-Extension Based Approaches
3 mdTLS: Middlebox-Delegated TLS Protocol with Proxy Signature Scheme
3.1 Adversary Model
3.2 Security Goal
3.3 Overview of MdTLS Protocol
4 Performance Analysis for mdTLS
4.1 Preliminaries for Performance Analysis
4.2 Analyzing the Performance Between MaTLS and MdTLS
5 Security Analysis for mdTLS
5.1 Experimental Setup
5.2 Formal Specification
5.3 Formal Verification
6 Discussion
7 Conclusion
References
PHI: Pseudo-HAL Identification for Scalable Firmware Fuzzing
1 Introduction
2 Motivation
2.1 Background
2.2 Problem Definition
2.3 Our Approach
3 System Design
3.1 System Overview
3.2 DB Configuration
3.3 Feature Extraction
3.4 Feature Comparison
4 Implementation
5 Evaluation
5.1 Experimental Setup
5.2 Scalability of PHI (RQ1)
5.3 Effectiveness of PHI (RQ2)
5.4 Effectiveness of PHI-Fuzz in Bug Finding (RQ3)
6 Discussion and Limitation
7 Related Work
7.1 Firmware Emulation
7.2 Hardware-Level Emulation
7.3 Function-Level Emulation
7.4 Register-Level Emulation
8 Conclusion
References
Lightweight Anomaly Detection Mechanism Based on Machine Learning Using Low-Cost Surveillance Cameras
1 Introduction
2 Related Works
3 Proposed Mechanism
3.1 Adjusting Resolution
3.2 Lightweight Fire Detection Model
4 Evaluation
4.1 Experimental Environment
4.2 Adjustment of Fire Image Resolution
4.3 Evaluation of a Lightweight Fire Detection Model
5 Conclusion
References
Applied Cryptography
Enhancing Prediction Entropy Estimation of RNG for On-the-Fly Test
1 Introduction
2 Preliminaries
2.1 Min-Entropy
2.2 NIST SP800-90B Standard
3 Related Work
3.1 Statistical Entropy Evaluation
3.2 On-the-fly Test Technologies
4 New Framework of the 90B's Prediction Estimator for On-the-fly Test
4.1 Design Goal and Principle
4.2 Framework of Our Estimator
4.3 Change Detection Module
4.4 Optimization of Global Predictability for Small Sample Datasets and Extreme Probability
4.5 Setting of Key Parameters
5 Experiment Results and Analysis
5.1 Experiment Setup
5.2 Simulated Datasets for Experiments
5.3 Experimental Results
5.4 Performance Evaluation
6 Conclusion
References
Leakage-Resilient Attribute-Based Encryption with Attribute-Hiding
1 Introduction
1.1 Contributions
1.2 Technical Overview
1.3 Related Work
2 Preliminaries
2.1 The Definition of ABE
2.2 Security Models
2.3 Assumption
3 Leakage-Resilient ABE with Attribute-Hiding in the BLM
3.1 Leakage-Resilient Predicate Encoding
3.2 Generic Construction
3.3 Security
4 Leakage-Resilient ABE in the CLM
4.1 Leakage-Resilient Predicate Encoding
4.2 Generic Construction
4.3 Security
5 Instantiations
5.1 Instantiation for the First Framework
5.2 Instantiations for the Second Framework
References
Constant-Deposit Multiparty Lotteries on Bitcoin for Arbitrary Number of Players and Winners
1 Introduction
1.1 Backgrounds
1.2 Our Contribution
1.3 Basic Notations
2 A Brief Introduction to Bitcoin
3 Tournaments with Uniform Winning Probability
3.1 Tournaments with a Single Champion
3.2 Tournaments with Multiple Champions
4 Definition of Secure Lottery Protocol
5 (1,n)-Lottery Protocol with Constant Deposits
5.1 Building Block: Biased Coin-Tossing Protocol
5.2 Our Construction of (1-n)-Lottery
5.3 Transaction Insertion Attack
5.4 Security Proof
6 (k,n)-Lottery Protocol with Constant Deposits
6.1 Building Block: Modified Biased Coin-Tossing Protocol
6.2 Our Construction of (k,k+1)-Lottery Protocol
6.3 Construction of (k-n)-Lottery from (k,k+1)-Lottery
A Proofs of Lemmas
B Transaction Templates for Constructing (k, n)-Lottery
References
Single-Shuffle Card-Based Protocols with Six Cards per Gate
1 Introduction
1.1 Background and Motivation
1.2 Prior Works
1.3 Our Contribution
1.4 Organization
2 Preliminaries
2.1 Syntax of Boolean Circuits
2.2 Card-Based Protocols
2.3 Card-Based Garbled Circuits
3 Our Single-Shuffle Protocols
3.1 Idea of Our Protocol
3.2 Preliminaries for Our Protocol
3.3 Initialization Phase
3.4 Garbling Phase
3.5 Evaluation Phase
3.6 Description of Our Protocol in the Non-committed Format
3.7 Our Protocol in the Committed Format
4 Conclusion
References
Efficient Result-Hiding Searchable Encryption with Forward and Backward Privacy
1 Introduction
1.1 Our Contribution
2 Preliminaries
3 Dynamic SSE
3.1 Notation for Dynamic SSE
3.2 Model
3.3 Security
4 Laura: Low-Leakage Aura
4.1 Construction Idea
4.2 Our Construction
4.3 Security Analysis
5 Extensions
5.1 A Variant of Laura: v-Laura
5.2 A Strongly Secure Variant of Laura: s-Laura
6 Experiments
A Formal Description of s-Laura
References
Finsler Encryption
1 Introduction
2 Preliminaries
2.1 Public-Key Encryption
2.2 IND-CPA Security of PKE
3 Finsler Encryption
3.1 Finsler Space
3.2 KeyGen, Enc and Dec of Finsler Encryption
4 Security Analysis
4.1 Strength of SK
4.2 Strength of PK
4.3 Length of SK
4.4 IND-CPA Security
4.5 Remarks
5 Conclusion
References
Feasibility Analysis and Performance Optimization of the Conflict Test Algorithms for Searching Eviction Sets
1 Introduction
2 Background
3 Feasibility Analysis
3.1 Threat Model
3.2 Necessary Working Conditions
3.3 Feasibility on Different Cache Architectures
4 Performance Optimization
4.1 Performance Analysis of the Baseline Algorithm
4.2 Cacheback: Reducing the Number of Random Accesses
4.3 Extended Probing: Increasing the Probability of Probing
4.4 Surrogate Targets: Reducing Victim Accesses
5 Performance Evaluation
5.1 Feasibility Verification
5.2 Speed Optimization Results
6 Conclusion
References
Korean Post Quantum Cryptography
Theoretical and Empirical Analysis of FALCON and SOLMAE Using Their Python Implementation
1 Introduction
2 Notations and Definition
3 How FALCON Works
3.1 Key Generation of FALCON
3.2 Signing of FALCON
3.3 Verification of FALCON
4 How SOLMAE works
4.1 Key Generation of SOLMAE
4.2 Signing of SOLMAE
4.3 Verification of SOLMAE
5 Asymptotic Complexity of FALCON and SOLMAE
5.1 Asymptotic Complexity of FALCON
5.2 Asymptotic Complexity of SOLMAE
6 Gaussian Sampler
6.1 N-Sampler
6.2 UnifCrown Sampler
7 Sample Execution and Performance of FALCONβ512 and SOLMAEβ512
7.1 Sample Execution of FALCONβ512
7.2 Sample Execution of SOLMAEβ512
7.3 Performance Comparison of FALCONβ512 and SOLMAEβ512
8 Concluding Remarks
References
Security Evaluation on KpqC Round 1 Lattice-Based Algorithms Using Lattice Estimator
1 Introduction
2 Preliminaries
2.1 The LWE and LWR Problem
2.2 The Round 1 LWE/LWR-Based Candidates
3 Security Analysis Methods
3.1 Time Complexity Estimation of the BKZ Algorithm
3.2 Dual Attack
3.3 Primal Attack
3.4 Hybrid Attack
4 KpqC Round 1 LWE/LWR-Based Algorithms Security Analysis
4.1 Parameters
4.2 Analysis Using the Lattice Estimator
4.3 Comparisons with the Claimed Security
5 Conclusion
References
On the security of REDOG
1 Introduction
2 Preliminaries and background notions
3 System specification
4 Incorrectness of decryption
5 Message recovery attack on REDOG's implementation
6 Recomputing attacks costs
6.1 Lowering the attack costs beyond the formulas stated
7 Solving decryption failures
8 Solving decryption failures and boosting security
9 Conclusions and further considerations
References
Author Index