Security and Trust Management: 17th International Workshop, STM 2021, Darmstadt, Germany, October 8, 2021, Proceedings (Security and Cryptology)

Preface
Organization
Contents
Applied Cryptography
An Aggregate Signature with Pre-communication in the Plain Public Key Model
1 Introduction
1.1 Contribution
1.2 Comparison
2 Preliminaries
2.1 DDH Assumption
3 Aggregate Signature with Pre-communication
3.1 Syntax
3.2 Security Model
4 DDH-based Aggregate Signature with Pre-communication
4.1 Protocol Description
4.2 Security Proof
References
The Adversary Capabilities in Practical Byzantine Fault Tolerance
1 Introduction
2 System Model and Byzantine Agreement
3 Casper the Friendly Finality Gadget (FFG)
4 CBC Casper the Friendly Binary Consensus (FBC)
4.1 Casper FBC Protocol Description
4.2 Efforts to Achieve Liveness for CBC Casper FBC
4.3 Impossibility of Achieving Liveness in CBC Casper
4.4 Revising CBC Casper FBC
4.5 Secure BFT Protocol in the Revised CBC Casper
5 Polkadot's BFT Protocol GRANDPA
5.1 GRANDPA Protocol
5.2 GRANDPA Cannot Achieve Liveness in Partial Synchronous Networks
6 Multi-value BFT Protocols for Asynchronous Networks
A Bracha's Strongly Reliable Broadcast Primitive
References
Privacy
Where to Meet a Driver Privately: Recommending Pick-Up Locations for Ride-Hailing Services
1 Introduction
1.1 Motivations
1.2 Technical Challenges and Proposed Solution
1.3 Paper Organization
2 Related Work
2.1 General LPPMs
2.2 LPPM for Meeting Location Determination
3 Problem Formulation
3.1 System Model
3.2 Threat Model
3.3 Design Objectives
4 Proposed Scheme
4.1 Overview
4.2 Modeling Rider Mobility
4.3 Calculating Mobility Similarity
4.4 Comprehending Location Semantics
4.5 Calculating Semantic Similarity
4.6 Recommending a Set of Pick-Up Locations
5 Privacy and Security Analysis
5.1 Location Indistinguishability
5.2 Semantic Indistinguishability
6 Performance Evaluation
6.1 Experimental Settings
6.2 Dataset
6.3 Computational Costs
6.4 Utility
6.5 Android Implementation
7 Discussions
7.1 k-Anonymity
7.2 Protection of Destination
8 Conclusions and Future Work
References
Efficient Permutation Protocol for MPC in the Head
1 Introduction
2 Related Work
3 Preliminaries
3.1 Secure Multiparty Computation
3.2 Honest-Verifier Zero-Knowledge Proofs
3.3 Commitments
3.4 The IKOS and ZKBoo Constructions
3.5 Motivation: Simulating Computations
4 Our Construction
4.1 The Protocol
4.2 Security
4.3 Complexity
5 Comparison Against Alternatives
5.1 Using a Routing Network
5.2 Verifying a Polynomial Equality
6 Discussion
References
Efficient Scalable Multi-party Private Set Intersection Using Oblivious PRF
1 Introduction
1.1 Our Contribution
2 Preliminaries
2.1 Notation
2.2 Secret Sharing Scheme
2.3 Bloom Filter
2.4 Oblivious Transfer
2.5 Security Model
2.6 Hamming Correlation Robustness
2.7 PSI from OPRF
3 Our Multi-party PSI Protocol
3.1 An Overview
3.2 Protocol Correctness
3.3 Protocol Security
4 Complexity Analysis
4.1 Asymptotic Complexity
4.2 Comparison
5 Conclusion
References
Formal Methods for Security and Trust
Secure Implementation of a Quantum-Future GAKE Protocol
1 Introduction
2 Background
2.1 Quantum-Future GAKE Protocol
2.2 RV-TEE
2.3 Related Work
3 Case Study
4 Implementation of the GAKE Protocol
4.1 Role of SEcube™
4.2 Protocol Instantiation
4.3 Protocol Adjustment
5 RV Component Implementation
5.1 Properties
5.2 RV Experimentation Setup
5.3 Instrumentation Overhead Results
5.4 Runtime Verification Empirical Results
5.5 Discussion
6 Conclusion
References
Deciding a Fragment of (alpha, beta)-Privacy
1 Introduction
2 Preliminaries
2.1 Herbrand Logic
2.2 Frames
2.3 (alpha, beta)-Privacy
3 The Fragment
3.1 Destructor Theories
3.2 Unification and All that
3.3 The ana Function
3.4 Frames with Shorthands
4 Decision Procedure
4.1 Composition
4.2 Analysis
4.3 Intruder Findings
5 Conclusions
A Proofs
References
Systems Security
TLS Beyond the Broker: Enforcing Fine-Grained Security and Trust in Publish/Subscribe Environments for IoT
1 Introduction
2 Problem: No Differentiation of Incoming or Outgoing Security Goals
2.1 MQTT Protocol and Its Entities
2.2 Trust Assumptions Among Subscribers, Publishers and Brokers
2.3 Hybrid or Mixed Mode Brokers and TLS on Small Devices
2.4 Problem: No Enforcement of Incoming or Outgoing Clients' Security Goals Beyond the Broker
3 Related Work
4 Broker to Enforce Security Levels Beyond the Broker
4.1 Client-to-Client Security Mediated by the Broker
4.2 Enforcement of the Same Level of Client-to-Client Security Between Clients by an Enhanced Broker
4.3 Possibility to Extend to the Security Goals
5 Broker-Mediated Enforcement in Relation to Other General Security Concepts
5.1 Compatibility to Existing MQTT Clients Without Changing
5.2 Comparison to Other Approaches
5.3 Overheads in Prototypical Implementation
6 Conclusion and Future Work
References
Root-of-Trust Abstractions for Symbolic Analysis: Application to Attestation Protocols
1 Introduction
2 Background
3 A Methodology for Modelling Protocols with RoTs
4 Remote Attestation Using a PCA
5 Application of the Modelling Methodology
6 Verification
7 Conclusion
A Create a TPM Key with PCR Policy
B SAPiC Syntax
References
Towards Decentralized and Provably Secure Cross-Domain Solutions
1 Introduction
2 Background
2.1 Arithmetic Circuit Satisfiability in Field F
2.2 Preprocessing zk-SNARK
2.3 Proof Carrying Data (PCD)
3 Decentralized CDS Designs
3.1 DCDS from Recursive Proof Composition
3.2 DCDS from Proof Aggregation
4 Implementation
5 Baseline and Optimizations
5.1 PCD Baseline
5.2 Switching to Groth16
5.3 Reducing Booleanity Constraints
5.4 Algebraic Hash Functions
5.5 Reducing Pipeline Latency
6 Performance Evaluation
7 Related and Future Work
8 Conclusion
A From zk-SNARK to PCD
References
Author Index