Mobile users can open program in new tab for better viewing.

Open program in new tab

Day 1 21/10/2020
Room #1

Welcome message by General Co-Chairs: Kun Sun and Sara Foresti 09:00 - 09:10

Starts at 9:00 AM local time, Washington, USA ( GMT -04 )

Opening remarks by TPC Co-Chairs: Nitesh Saxena and Kevin Butler 09:00 - 09:10

Welcome message by Conference Manager 09:10 - 09:15

Welcome message by EAI Community Manager 09:10 - 09:15

Fighting Threats in the Physical World 09:15 - 10:30

09:15 - 09:30
Coronavirus Contact Tracing App Privacy: What Data Is Shared By The Singapore OpenTrace App?

We report on measurements of the actual data transmitted to backend servers by the Singapore OpenTrace app, with a view to evaluating impacts on user privacy. We find: 1) The OpenTrace app uses Google's Firebase service to store and manage user data and so there are two parties involved in handling data transmitted from the app, namely Google and the health authority. OpenTrace's use of Firebase Analytics telemetry means the data sent by OpenTrace potentially allows the (IP-based) location of user handsets to be tracked by Google over time. 2) OpenTrace also currently requires users to supply a phone number to use the app and uses the Firebase Authentication service to validate and store the entered phone number. The decision to ask for user phone numbers (or other identifiers) presumably reflects a desire for contact tracers to proactively call contacts of a person that has tested positive. Alternative designs make those contacts aware of the positive test, but leave it to the contact to initiate action. This may indicate a direct trade-off between privacy and the effectiveness of contact tracing. If storage of phone numbers is judged necessary we recommend changing OpenTrace to avoid use of Firebase Authentication for this. And finally, 3) the reversible encryption used in OpenTrace relies on a single long-term secret key stored in a Google Cloud service and so is vulnerable to disclosure of this secret key.
Authors: Douglas Leith (Trinity College Dublin), Stephen Farrell (Trinity College Dublin),
Hide Authors & Abstract

Show Authors & Abstract
09:30 - 09:50
A Study of the Privacy of COVID-19 Contact Tracing Apps

The COVID-19 pandemic has spread across the globe and resulted in substantial loss of lives and livelihoods. To effectively fight this pandemic, many digital contact tracing mobile apps have been developed. Unfortunately, many of these apps lack transparency and thus escalate concerns about their security and privacy. In this paper, we seek to perform a systematic and cross-platform study of the privacy issues in official contact tracing apps worldwide. To this end, we have collected 41 released apps in total, many of which run on both iOS and Android platforms, and analyzed both their documentation and binary code. Our results show that some apps expose identifiable information that can enable fingerprinting of apps and tracking of specific users that raise security and privacy concerns. Further, some apps have inconsistent data collection behaviors across different mobile platforms even though they are designed for the same purpose.
Authors: Haohuang Wen (The Ohio State University), Qingchuan Zhao (The Ohio State University), Zhiqiang Lin (The Ohio State University), Dong Xuan (The Ohio State University), Ness Shroff (The Ohio State University),
Hide Authors & Abstract

Show Authors & Abstract
09:50 - 10:10
LaaCan: A Lightweight Authentication Architecture for Vehicle Controller Area Network

Vehicle manufacturers are installing a large number of Electronic Control Units (ECU) inside vehicles. ECUs communicate among themselves via a Controller Area Network (CAN) to ensure better user experience and safety. CAN is considered as a de facto standard for efficient communication of an embedded control system network. However, it does not have sufficient built-in security features. The major challenges of securing CAN are that the hardware of the ECUs have limited computational power and the size of a CAN message is small. In this paper, a lightweight security solution, LaaCan is designed to secure CAN communication by adopting the Authenticated Encryption with Associated Data (AEAD) approach. The architecture ensures confidentiality, integrity, and authenticity of data transmission. The experimental results show that the delay of LaaCan can be reduced depending on hardware configurations. We consider it lightweight since it adds a low overhead regardless of performing encryption and authentication. We evaluate LaaCan using four metrics: communication overhead, network traffic load, cost of deployment, and compatibility with CAN specification. The evaluation results show that the proposed architecture keeps the network traffic unchanged, has low deployment cost, and is highly compatible with the specification of the protocol.
Authors: Mohammad Zulkernine (Queen's University), Syed Akib Anwar Hridoy (Queen's University),
Hide Authors & Abstract

Show Authors & Abstract
10:10 - 10:30
On the Accuracy of Measured Proximity of Bluetooth-based Contact Tracing Apps

A large number of Bluetooth-based mobile apps have been developed recently to help tracing close contacts of contagious COVID-19 individuals. These apps make decisions based on whether two users are in close proximity (e.g., within 6 feet) according to the distance measured from the received signal strength (RSSI) of Bluetooth. This paper provides a detailed study of the current practice of RSSI-based distance measurements among contact tracing apps by analyzing various factors that can affect the RSSI value and how each app has responded to them. Our analysis shows that configurations for the signal transmission power (TxPower) and broadcasting intervals that affect RSSI vary significantly across different apps and a large portion of apps do not consider these affecting factors at all, or with quite limited tuning.
Authors: Qingchuan Zhao (The Ohio State University), Haohuang Wen (The Ohio State University), Zhiqiang Lin (The Ohio State University), Dong Xuan (The Ohio State University), Ness Shroff (The Ohio State University),
Hide Authors & Abstract

Show Authors & Abstract

Coffee Break 10:30 - 10:45

Attacking and Defending Communication Infrastructure 10:45 - 12:45

10:45 - 11:10
The Maestro Attack: Orchestrating Malicious Flows with BGP

We present Maestro, a novel Distributed Denial of Service (DDoS) attack that leverages control plane traffic engineering techniques to concentrate botnet flows on transit links. Executed from a compromised or malicious Autonomous System (AS), Maestro advertises routes poisoned for selected ASes to collapse inbound traffic paths onto a single target link. A greedy heuristic fed by bot traceroute data iteratively builds the set of ASes to poison. Given a compromised router with advantageous positioning in the AS-level Internet topology, an adversary can expect to bring an additional 30% of the entire botnet against vulnerable links. Interestingly, the size of the adversary-controlled AS plays little role in this amplification effect; core links can be degraded by small, resource-limited ASes. To understand the scope of the attack, we evaluate widespread Internet link vulnerability via simulation across several metrics, including BGP betweenness and botnet flow density, and assess the topological requirements for successful attacks. We supplement simulation results with ethically conducted "attacks" on real Internet links. Finally, we present effective defenses for network operators seeking to mitigate this attack.
Authors: Tyler McDaniel (University of Tennessee), Jared Smith (University of Tennessee), Max Schuchard (University of Tennessee),
Hide Authors & Abstract

Show Authors & Abstract
11:10 - 11:35
Misreporting Attacks in Software-Defined Networking

Load balancers enable efficient use of network resources by distributing traffic fairly across them. In software-defined networking (SDN), load balancing is most often realized by a controller application that solicits traffic load reports from network switches and enforces load balancing decisions through flow rules. This separation between the control and data planes in SDNs creates an opportunity for an adversary at a compromised switch to misreport traffic loads to influence load balancing. In this paper, we evaluate the ability of such an adversary to control the volume of traffic flowing through a compromised switch by misreporting traffic loads. We use a queuing theoretic approach to model the attack and develop algorithms for misreporting that allow an adversary to tune attack parameters toward specific adversarial goals. We validate the algorithms with a virtual network testbed, finding that through misreporting the adversary can draw nearly all of the load in the subnetwork (+750%, or 85% of the load in the system), or an adversary-desired amount of load (a target load, e.g., +200%) to within 12% error of that target. This is yet another example of how depending on untrustworthy reporting in making control decisions can lead to fundamental security failures.
Authors: Quinn Burke (The Pennsylvania State University), Patrick McDaniel (The Pennsylvania State University), Thomas La Porta (The Pennsylvania State University), Mingli Yu (The Pennsylvania State University), Ting He (The Pennsylvania State University),
Hide Authors & Abstract

Show Authors & Abstract
11:35 - 12:00
A Practical Machine Learning-Based Framework to Detect DNS Covert Communication in Enterprises

DNS is a key protocol of the Internet infrastructure, which ensures network connectivity. However, DNS suffers from various threats. In particular, DNS covert communication is one serious threat in enterprise networks, by which attackers establish stealthy communications between internal hosts and remote servers. In this paper, we propose D2C2 (Detection of DNS Covert Communication), a practical and flexible machine learning-based framework to detect DNS covert communications. D2C2 is an end-to-end framework contains modular detection models including supervised and unsupervised ones, which detect multiple types of threats efficiently and flexibly. We have deployed D2C2 in a large commercial bank with 100 millions of DNS queries per day. During the deployment, D2C2 detected over 4k anomalous DNS communications per day, achieving high precision over 0.97 on average. It uncovers a significant number of unnoticed security issues including seven compromised hosts in the enterprise network.
Authors: Ruming Tang (Tsinghua University), Cheng Huang (BizSeer Technologies Co., Ltd.), Yanti Zhou (Bank of Communications), Haoxian Wu (BizSeer Technologies Co., Ltd.), Xianglin Lu (Tsinghua University), Yongqian Sun (Nankai University), Qi Li (Tsinghua University), Jinjin Li (Bank of Communications), Weiyao Huang (Bank of Communications), Siyuan Sun (Bank of Communications), Dan Pei (Tsinghua University),
Hide Authors & Abstract

Show Authors & Abstract
12:00 - 12:20
SmartWiFi: Universal and Secure Smart Contract-Enabled WiFi Hotspot

WiFi hotspots often suffer from mediocre security, unreliable performance, limited access, and cumbersome authentication procedure. Specifically, public WiFi hotspots can rarely guarantee satisfactory speed and uptime, and their configuration often requires a complicated setup with subscription to a payment aggregator. Moreover, paid hotspots can neither protect clients against low quality or non-service after prepayment, nor do they provide an adequate defense against misuse by the clients. In this paper, we propose SmartWiFi, a universal, secure, and decentralized WiFi hotspot that can be deployed in any public or private environment. SmartWiFi provides cross-domain authentication, fully automated accounting and payments, and security assurance for both hotspots and clients. SmartWiFi utilizes a novel off-chain transaction scheme called Hash Chain-based Network Connectivity Satisfaction Acknowledgement (Hansa), which enables fast and low-cost provider-client protocol by restricting otherwise unacceptable delays and fees associated with blockchain interaction. In addition, we present DupSet, a dynamic user-perceived speed estimation technique, which can reliably evaluate the quality of Internet connection from the users' perspective. We design and implement SmartWiFi desktop and mobile apps using an Ethereum smart contract. With extensive experimental evaluation, we demonstrate that SmartWiFi exhibits rapid execution with low communication overhead and reduced fees.
Authors: Nikolay Ivanov (Michigan State University), Jianzhi Lou (Michigan State University), Qiben Yan (Michigan State University),
Hide Authors & Abstract

Show Authors & Abstract
12:20 - 12:45
EW256357: A New Secure NIST P-256 Compatible Elliptic Curve for VoIP Applications' Security

Selection of a proper elliptic curve is the most important aspect of Elliptic Curve Cryptography (ECC). Security of ECC is based on the Elliptic Curve Discrete Logarithm Problem which is believed to be unsolvable. Some of the well-known elliptic curve standards are NIST FIPS 186-2, Brainpool, and ANSI X9.62. Among these, NIST-recommended curves are a popular choice for industrial applications, in particular, for Internet security as a part of TLS/SSL, and even in real-time media encryption which uses Voice over IP (VoIP) technology. Specifically, NIST P-256 curve is widely used in these applications. Some NIST curves have disadvantages related to security issues, and therefore it is important to search for secure alternatives. In our work, we propose a new secure short Weierstrass curve $EW_{256357}$ at the 128-bit security level and compare it with the NIST P-256 curve. Our proposed curve is compatible with NIST P-256 curve but features better security. Based on the performance analysis of related curves in our previous and present works in terms of delay and jitter, we say that our proposed curve is suitable for the real-time media encryption.
Authors: Nilanjan Sen (Western Illinois University), Ram Dantu (University of North Texas), Kirill Morozov (University of North Texas),
Hide Authors & Abstract

Show Authors & Abstract

Lunch Break 12:45 - 13:15

Signal and System Based Defenses 13:15 - 15:30

13:15 - 13:35
PEDR: A Novel Evil Twin Attack Detection Scheme Based on Phase Error Drift Range

In recent years, wireless local area networks (WLANs) have become one of the important ways to access the Internet. However, the openness of WLANs makes them vulnerable to the threat of the evil twin attack (ETA). Existing effective ETA detection solutions usually rely on physical fingerprints.Especially fingerprints made by information extracted from channel state information (CSI) are more reliable. However, demonstrated by our experiment, the fingerprint of the state-of-the-art ETA detection scheme, which is based on phase error extracted from CSI, is not stable enough, and it results in a large number of false negative results in some cases. In this paper, we present a novel ETA detection scheme, called PEDR, which uses range fingerprint extracted from CSI to identify the evil twin (ET). Inspired by the significant observation that the phase error will drift over time, the concept of drift range fingerprints is proposed and exploited to improve ETA detection accuracy in real-world attack scenarios. Range fingerprints are not affected by drift in phase error and can be uniquely identified. The proposed range fingerprint is implemented and extensive performance evaluation experiments are conducted in the large-scale experiment with 27 devices. The experimental results demonstrate that the detection rate of PEDR is close to 99% and the false negative data is only 1.11%. It is worth mentioning that PEDR is outstanding in the scenario with similar device fingerprints.
Authors: Jiahui Zhang (Ocean University of China), Qian Lu (Qingdao University), Ruobing Jiang (Ocean University of China), Haipeng Qu (Ocean University of China),
Hide Authors & Abstract

Show Authors & Abstract
13:35 - 13:50
Integrity: finding integer errors by targeted fuzzing

Integer arithmetic errors are a major source of software vulnerabilities. Since they rarely cause crashes, they are unlikely found by fuzzers without special techniques to trigger them. We design and implement Integrity, which finds integer errors using fuzzing. Our key contribution is that, by targeted instrumentation, we empower fuzzers with the ability to trigger integer errors. In our evaluation, Integrity found all the integer errors in the Juliet test suite with no false positive. On 9 popular open source programs, Integrity found a total of 174 true errors, including 8 crashes and 166 non-crashing errors. A major challenge during error review was how to determine if a non-crashing error was harmful. While solving this problem precisely is challenging because it depends on the semantics of the program, we propose two methods to find potentially harmful errors, based on the statistics of traces produced by the fuzzer and on comparing the output of independent implementations of the same algorithm. Our evaluation demonstrated that Integrity is effective in finding integer errors.
Authors: Yuyang Rong (UC Davis), Peng Chen (Bytedance AI Lab), Hao Chen (UC Davis),
Hide Authors & Abstract

Show Authors & Abstract
13:50 - 14:10
Selecting Privacy Enhancing Technologies for IoT-Based Services

The rising number of IoT devices enables the provisioning of novel services in various domains, such as the automotive domain. This data, however, is often personal or otherwise sensitive. Providers of IoT-based services are confronted with the problem of collecting the necessary amount and quality of data, while at the same time protecting persons' privacy using privacy enhancing technologies (PETs). Selecting appropriate PETs is neither trivial, nor is it uncritical since applying an unsuitable PET can result in a violation of privacy rights, e.g. according to the GDPR. In this paper, we propose a process to select data-dependent PETs---i.e. technologies which manipulate data, e.g. by distorting values---for IoT-based services. The process takes into account two perspectives on the selection of PETs which both narrow down the number of potentially applicable PETs: First, a data-driven perspective which is based on the data's properties, e.g. its longevity and sequentiality; and second, a service-driven perspective which takes into account service requirements, e.g. the precision required to provide a particular service. We then show how the process can be applied for automotive services proposing a taxonomy for automotive data and present an exemplary application. In this way, we aim at providing a reproducible method of selecting PETs that is more specific than existing approaches, and which can be applied both as a standalone process and complementary to existing ones.
Authors: Immanuel Kunz (Fraunhofer AISEC), Christian Banse (Fraunhofer AISEC), Philipp Stephanow (Fraunhofer AISEC),
Hide Authors & Abstract

Show Authors & Abstract
14:10 - 14:30
COOB: Hybrid secure device pairing scheme in a hostile environment

Due to the scalability limitations, the secure device pairing of Internet of Things objects cannot be efficiently conducted based on traditional cryptographic techniques using a pre-shared security knowledge. The use of Out-of-Band (OoB) channels has been proposed as a way to authenticate the key establishment process but they require a relatively long time and an extensive user involvement to transfer the authentication bits. However, the context-based schemes exploit the randomness of the ambient environment to extract a common secret without an extensive user intervention under the requirement of having a secure perimeter during the extraction phase, which is considered as a strong security assumption. In this paper, we introduce a novel hybrid scheme, called COOB, that efficiently combines a state-of-the-art fast context-based encoder with our Out-of-Band based scheme. This protocol exploits a nonce exponentiation to achieve the temporary secrecy goal needed for the authentication. Our method provides security against an attacker that can violate the secure perimeter requirement, which is not supported by the existing contextual schemes. This security improvement has been formally validated in the symbolic model using the TAMARIN prover. Based on our implementation of the Out-of-Band channel, COOB enhances the usability by reducing the pairing time up to 39 % for an 80-bit OoB exchange while keeping an optimal protocol cost.
Authors: Sameh Khalfaoui (EDF R&D / Télécom Paris), Jean Leneutre (LTCI, Télécom Paris, Institut Polytechnique de Paris), Arthur Villard (EDF R&D), Jingxuan Ma (EDF R&D), Pascal Urien (LTCI, Télécom Paris, Institut Polytechnique de Paris),
Hide Authors & Abstract

Show Authors & Abstract
14:30 - 14:55
ThreatZoom: Hierarchical Neural Network for CVEs to CWEs Classification

The Common Vulnerabilities and Exposures (CVE) represent standard means for sharing publicly known information security vulnerabilities. One or more CVEs are grouped into the Common Weakness Enumeration (CWE) classes for the purpose of understanding the software or configuration flaws and potential impacts enabled by these vulnerabilities and identifying means to detect or prevent exploitation. As the CVE-to-CWE classification is mostly performed manually by domain experts, thousands of critical and new CVEs remain unclassified, yet they are unpatchable. This significantly limits the utility of CVEs and slows down proactive threat mitigation. This paper presents the first automatic tool to classify CVEs to CWEs. ThreatZoom uses a novel learning algorithm that employs an adaptive hierarchical neural network which adjusts its weights based on text analytic scores and classification errors. It automatically estimates the CWE classes corresponding to a CVE instance using both statistical and semantic features extracted from the description of a CVE. This tool is rigorously tested by various datasets provided by MITRE and the National Vulnerability Database (NVD). The accuracy of classifying CVE instances to their correct CWE classes is 92% (fine-grain) and 94% (coarse-grain) for NVD dataset, and 75% (fine-grain) and 90% (coarse-grain) for MITRE dataset, despite the small corpus.
Authors: Ehsan Aghaei (UNC Charlotte), Waseem Shadid (UNC Charlotte), Ehab Al-Shaer (UNC Charlotte),
Hide Authors & Abstract

Show Authors & Abstract
14:55 - 15:15
A robust watermarking scheme with high security and low computational complexity

Implementing a watermarking algorithm with high security and low computational complexity is a challenge, especially at a limited distortion level. A novel watermarking scheme is proposed in this paper, which is based on Tent-Logistic-Cosine Map (TLCM) and Direct Current (DC) coefficient modification. Firstly, the watermark is encrypted by a matrix obtained from TLCM. Then, the cover image is divided into non-overlapping 4x4 sub-blocks and some blocks are selected randomly. Thereafter, the DC coefficients of selected blocks are calculated directly in the spatial domain without performing two-dimensional discrete cosine transform. Finally, using the proposed watermark embedding procedure, DC coefficients of selected blocks are updated according to the encrypted watermark bits. Results show that the proposed watermarking algorithm has high security and low computational complexity at a limited distortion.
Authors: Liangjia Li (Guangxi Normal University), Yuling Luo (Guangxi Normal University), Junxiu Liu (Guangxi Normal University), Senhui Qiu (Guangxi Normal University), Lanhang Li (Guangxi Normal University),
Hide Authors & Abstract

Show Authors & Abstract
15:15 - 15:35
Private Global Generator Aggregation from Different Types of Local Models

Generative Adversary Network (GAN) is a promising field with many practical applications. By using GANs, generated data can replace real sensitive data to be released for outside productive research. However, sometimes sensitive data is distributed among multiple parties, in which global generators are needed. Additionally, generated samples could remember or reflect sensitive features of real data. In this paper, we propose a scheme to aggregate a global generator from distributed local parties without access to local parties' sensitive datasets, and the global generator will not reveal sensitive information of local parties' training data. In our scheme, we separate GAN into two parts: discriminators played by local parties, a global generator played by the global party. Our scheme allows local parties to train different types of discriminators. To prevent generators from stealing sensitive information of real training datasets, we propose noised discriminator loss aggregation, add Gaussian noise to discriminators' loss, then use the average of noised loss to compute global generator's gradients and update its parameters. Our scheme is easy to implement by modifying plain GAN structures. We test our scheme on real-world MNIST and Fashion MNIST datasets, experimental results show that our scheme can achieve high-quality global generators without breaching local parties' training data privacy.
Authors: Chunling Han (SKLOIS, Institute of Information Engineering, CAS; School of Cyber Security, University of Chinese Academy of Sciences; Indiana University Bloomington),
Hide Authors & Abstract

Show Authors & Abstract
Day 2 22/10/2020
Room #1

Over the Wire: Learning and Protecting Data in Transit 09:00 - 11:00

Starts at 9:00 AM local time, Washington, USA ( GMT -04 )
09:00 - 09:20
SmartSwitch: Efficient Traffic Obfuscation against Stream Fingerprinting

In stream fingerprinting, an attacker can compromise user privacy by leveraging side-channel information (e.g., packet size) of encrypted traffic in streaming services. By taking advantages of machine learning, especially neural networks, an adversary can reveal which You-Tube video a victim watches with extremely high accuracy. While effective defense methods have been proposed, extremely high bandwidth overheads are needed. In other words, building an effective defense with low overheads remains unknown. In this paper, we propose a new defense mechanism, referred to as SmartSwitch, to address this open problem. Our defense intelligently switches the noise level on different packets such that the defense remains effective but minimizes overheads. Specifically, our method produces higher noises to obfuscate the sizes of more significant packets. To identify which packets are more significant, we formulate it as a feature selection problem and investigate several feature selection methods over high-dimensional data. Our experimental results derived from a large-scale dataset demonstrate that our proposed defense is highly effective against stream fingerprinting built upon Convolutional Neural Networks. Specifically, an adversary can infer which YouTube video a user watches with only 1% accuracy even if the adversary retrains neural networks with obfuscated traffic. Compared to the state-of-the-art defense, our mechanism can save nearly 40% of bandwidth overheads.
Authors: Haipeng Li (University of Cincinnati), Ben Niu (Chinese Academy of Sciences), Boyang Wang (University of Cincinnati),
Hide Authors & Abstract

Show Authors & Abstract
09:20 - 09:35
Using the Physical Layer to Detect Attacks on Building Automation Networks

This work investigates possible methods of adding security features to building automation networks in the form of intrusion or tamper detection by using the physical layer. This is a concept that is widely known in the field of wireless communications but is—as of now—less prevalent in wired environments. We propose three distinct and complementary methods which rely on electrical fingerprinting of devices and the communication medium, as well as active radio-frequency probing of the network. To assess their effectiveness, we conduct a series of experiments in a building automation system test environment.
Authors: Andreas Zdziarstek (University of Rostock), Willi Brekenfelder (University of Rostock), Felix Eibisch (University of Rostock),
Hide Authors & Abstract

Show Authors & Abstract
09:35 - 09:55
MAAN: A Multiple Attribute Association Network for Mobile Encrypted Traffic Classification

With the rapid development of mobile applications and the rising concern over user privacy, cryptographic protocols, especially Secure Socket Layer/Transport Layer Security (SSL/TLS), are widely used on the Internet. Many networking and security services call for application-level encrypted traffic classification before conducting related policies. Exiting methods exhibit unsatisfying accuracy using the partial handshake information or only the flow-level features. In this paper, we propose a novel encrypted traffic classification method named Multiple Attribute Associate Network (MAAN). MAAN is a unified model that automatically extracts features from handshake messages and flows. Moreover, the MAAN has acceptable time consumption and is suitable to apply in real-time scenarios. Our experiments demonstrate that the MAAN achieves 98.2% accuracy on a real-word dataset (including 59k+ SSL sessions and covering 16 applications) and outperforms the state-of-the-art methods.
Authors: Fengzhao Shi (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences; National Engineering Laboratory for Information Security Technology, Beijing, China), Chao Zheng (Institute of Information Engineering, Chinese Academy of Sciences), Yiming Cui (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences; National Engineering Laboratory for Information Security Technology, Beijing, China), Qingyun Liu (Institute of Information Engineering, Chinese Academy of Sciences),
Hide Authors & Abstract

Show Authors & Abstract
09:55 - 10:15
An Encryption System for Securing Physical Signals

Secure communication is a necessity. However, encryption is commonly only applied to the upper layers of the protocol stack. This exposes network information to eavesdroppers, including the channel's type, data rate, protocol, and routing information. This may be solved by encrypting the physical layer, thereby securing all subsequent layers. In order for this method to be practical, the encryption must be quick, preserve bandwidth, and must also deal with the issues of noise mitigation and synchronization. In this paper, we present the Vernam Physical Signal Cipher (VPSC): a novel cipher which can encrypt the harmonic composition of any analog waveform. The VPSC accomplishes this by applying a modified Vernam cipher to the signal's frequency magnitudes and phases. This approach is fast and preserves the signal's bandwidth. In the paper, we offer methods for noise mitigation and synchronization, and evaluate the VPSC over a noisy wireless channel with multi-path propagation interference.
Authors: Yisroel Mirsky (Georgia Institute of Technology), Benjamin Fedidat (Jerusalem College of Technology), Yoram Haddad (Jerusalem College of Technology),
Hide Authors & Abstract

Show Authors & Abstract
10:15 - 10:40
A Cooperative Jamming Game in Wireless Networks under Uncertainty

Considered is a multi-channel wireless network for secret communication that uses the signal-to-interference-plus-noise ratio (SINR) as the performance measure. An eavesdropper can intercept encoded messages through a degraded channel of each legitimate transmitter-receiver communication pair. A friendly interferer, on the other hand, may send cooperative jamming signals to enhance the secrecy performance of the whole network. Besides, the state information of the eavesdropping channel may not be known completely. The transmitters and the friendly interferer have to cooperatively decide on the optimal jamming power allocation strategy that balances the secrecy performance with the cost of employing intentional interference, while an eavesdropper tries to maximize her eavesdropping capacity. To solve this problem, we propose and analyze a non-zero sum game between the network defenders and an eavesdropper who can only attack a limited number of channels. We show that the Nash equilibrium strategies for the players are of threshold type. We present an algorithm to find the the equilibrium strategy pair. Numerical examples demonstrate the equilibrium and contrast it to a baseline strategy.
Authors: Zhifan Xu (Rutgers University), Melike Baykal-Gursoy (Rutgers, The State University of New Jersey),
Hide Authors & Abstract

Show Authors & Abstract
10:40 - 11:00
Identifying DApps and User Behaviors on Ethereum via Encrypted Traffic

With the surge in popularity of blockchain, more and more Decentralized Applications (DApps) are deployed on blockchain platforms. DApps bring convenience to people, but cause security and efficiency problems. In this paper, we focus on the security and efficiency problems of DApps on Ethereum. Our research is divided into three application scenarios. In DApps classification, we analyze characteristics of DApps and extract efficient features to recognize 11 representative DApps. In DApps user behaviors classification, we propose behavior-sensitive features and improved time features to recognize 88 DApps user behaviors, which would help to identify malicious behaviors in encrypted traffic. In general user behavior classification, different categories of features are proposed to recognize 15 general user behaviors which represent the performance of DApps. DApps developers can obtain valuable data to improve the quality of service through analyzing the classification results. Experimental results in the three application scenarios achieve excellent performance (99.5% accuracy for DApps classification, 95.65% accuracy for DApps user behaviors classification, 98.58% accuracy for general user behaviors classification) and outperform the state-of-the-art methods.
Authors: Yu Wang (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Science), Zhenzhen Li (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences), Gaopeng Gou (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences), Gang Xiong (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences), Chencheng Wang (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences), Zhen Li (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences),
Hide Authors & Abstract

Show Authors & Abstract

Coffee Break 11:00 - 11:15

Cyber-Physical System Security 11:15 - 13:05

11:15 - 11:40
Modeling Mission Impact of Cyber Attacks on Energy Delivery Systems

Today energy delivery systems (EDS) face challenges in dealing with cyberattacks that originate by exploiting the communication network assets. Traditional power systems are highly complex and heterogeneous. These systems focus on reliability, availability, and continuous performance and, thus, not designed to handle security issues. Network administrators often utilize attack graphs to analyze security in EDS. Although attack graphs are useful tools to generate attack paths and estimate possible consequences in a networked system, they lack incorporating the operational or functional dependencies. Localizing the dependencies among operational missions, tasks, and the hosting devices in a large-scale cyber-physical network is also challenging. Current research works handle the system dependency and the attack scenario modeling separately using dependency graphs and attack graphs, respectively. To address the gap of incorporating the mission operational dependencies with possible attack scenarios, in this work, we offer an approach to assess the cyberattack impact on the operational mission of the EDS by combining the logical attack graph and mission functional dependency graph. We provide the graphical modeling details and illustrate the approach using a case study of SCADA (supervisory control and data acquisition) operations within an EDS environment.
Authors: Md Ariful Haque (Old Dominion University), Sachin Shetty (Old Dominion University), Charles A. Kamhoua (Network Security Research, The U.S. Army Research Laboratory, MD, USA), Kimberly Gold (Naval Surface Warfare Center, Crane Division, Crane, IN, USA),
Hide Authors & Abstract

Show Authors & Abstract
11:40 - 12:05
Improving Robustness of a Popular Probabilistic Clustering Algorithm Against Insider Attacks

Many clustering algorithms for mesh, ad hoc and Wireless Sensor Networks have been proposed. Probabilistic approaches are a popular class of such algorithms. However, it is essential to analyze their robustness against security compromise. We study the robustness of EEHCA, a popular energy efficient clustering algorithm as an example of probabilistic class in terms of security compromise. In this paper, we investigate attacks on EEHCA through analysis and experimental simulations. We analytically characterize two different attack models. In the first attack model, the attacker aims to gain control over the network by stealing network traffic, or by disrupting the data aggregation process (integrity attack). In the second attack model, the inducement of the attacker is to abridge the network lifetime (denial of service attack). We assume the clustering algorithm is running periodically and propose a detection solution by exploiting Bernoulli CUSUM charts.
Authors: Sayed Saghaian N. E. (The Pennsylvania State University), Tom La Porta (The Pennsylvania State University), Simone Silvestri (University of Kentucky), Patrick McDaniel (The Pennsylvania State University),
Hide Authors & Abstract

Show Authors & Abstract
12:05 - 12:25
A Formal Verification of Configuration-based Mutation Techniques for Moving Target Defense

Static system configuration provides a significant advantage for the adversaries to discover the assets and vulnerabilities in the system and launch attacks. Configuration-based moving target defense (MTD) reverses the cyber warfare asymmetry for the defenders’ advantage by mutating certain configuration parameters proactively in order to disrupt attacks planning or increase the attack cost significantly. A key challenge in developing MTD techniques is guaranteeing design correctness and operational integrity. Due to the dynamic, asynchronous, and distributed nature of moving target defense, various mutation actions can be executed in an interleaved manner causing failures in the defense mechanism itself or negative interference in the cyber operations. In this paper, we present a methodology for formal verification of configuration based moving target defense. We model the system behaviors with system modeling language (SysML) and formalize the MTD technique using du-ration calculus (DC). The formal model satisfies the constraints and de-sign correctness properties. We use the random host mutation (RHM) as a case study of the MTD system that randomly mutates the IP addresses to make end-hosts untraceable by scanners. We validate the design correctness of RHM using model checking over various configuration-based mutation parameters.
Authors: Muhammad Abdul Basit Ur Rahim (basit.phd9@mcs.edu.pk), Ehab Al-Shaer (Carnegie Mellon University), Qi Duran (University of North Carolina),
Hide Authors & Abstract

Show Authors & Abstract
12:25 - 12:45
Automated Bystander Detection and Anonymization in Mobile Photography

As smartphones have become more popular in recent years, integrated cameras have seen a rise in use. This trend has negative implications for the privacy of the individual in public places. Those who are captured inadvertently in others' pictures often have no knowledge of being included in a photograph nor have any control over how the photos of them might be distributed. To address this growing issue, we propose a novel system for protecting the privacy of bystanders captured in public photos. A fully automated approach to accurately distinguish the intended subjects of photos from strangers is first explored. To accurately distinguish these subjects and bystanders, we develop a feature-based classification approach utilizing entire photos. Additionally, we consider the privacy-minded case of only utilizing local face images with no contextual information from the original image by developing a convolutional neural network-based classifier. Considering the face to be the most sensitive and identifiable portion of a bystander, both classifiers are utilized to form an estimation of facial feature locations which can then be obfuscated to protect bystander privacy. We implement and compare three methods of facial anonymization: black boxing, Gaussian blurring, and pose-tolerant face swapping. To validate and explore the viability of these anonymization methods, a comprehensive user survey is conducted to understand the difference in appeal and viability between them.
Authors: David Darling (University of Arkansas), Ang Li (Duke University), Qinghua Li (University of Arkansas),
Hide Authors & Abstract

Show Authors & Abstract
12:45 - 13:05
Ucam: A User-Centric, Blockchain-Based and End-to-End Secure Home IP Camera System

Home IP cameras are consistently among the most popular smart home devices and recent news stories about home IP cameras getting hacked frequently have posed serious security and privacy concerns for consumers. In this paper, we propose Ucam, a user-centric, blockchain-based and end-to-end secure home IP camera system. Ucam leverages advanced technologies such as blockchain, end-to-end encryption and trusted computing to address a number of vulnerabilities in the existing solutions. In the Ucam design, we replace traditional username/password based login approach with a one-click, blockchain-based passwordless counterpart and apply the resurrecting duckling security model to secure device binding. In particular, we utilize blockchain extensively to manage device ownership and provide integrity protection for the video clips stored locally or remotely. For coping with privacy, the end-to-end encryption, which is coupled with a user-centric, secure element enhanced key management scheme, is implemented in Ucam. Finally, Ucam employs re-encryption with Intel SGX as well as key refreshing to enable the sharing of encrypted video clips and live streaming videos, respectively. The security analysis and performance evaluation demonstrate that Ucam is able to meet the increasing security and privacy requirements for home IP camera systems with negligible performance overhead.
Authors: Xinxin Fan (IoTeX), Zhi Zhong (IoTeX), Qi Chai (IoTeX), Dong Guo (IoTeX),
Hide Authors & Abstract

Show Authors & Abstract

Lunch Break 13:05 - 13:35

Malware Analytics 13:35 - 15:15

13:35 - 13:55
On the Effectiveness of Behavior-based Ransomware Detection

Ransomware has been a growing threat to end-users in the past few years. In response, there is also a burgeoning market for anti-ransomware defense products, as well as research prototypes that explore more advanced, behavioral analyses. Intuitively, ransomware should be amenable to identification through behavioral analysis, since ransomware recursively walks a user's files and encrypts them, overwriting or deleting the plaintext. This paper contributes a study of the effectiveness of these behavior-based ransomware defenses, from both commercial products and academic proposals. We drive the study with a dead simple ransomware, augmented with a number of both straightforward and new evasion techniques. Surprisingly, our results indicate that most commercial products are strikingly ineffective. Our paper identifies a number of techniques to manipulate entropy to match the original file. The paper further shows that partial encryption, of as little as 3-5% of a file's data is sufficient to ransom most file formats. Finally, we show that a combination of these techniques can render an aggregate malice score that is well below that of a Linux kernel compile. In summary, these results indicate that it is highly likely that ransomware will be able to adapt its behavior to fit within the range of expected benign behaviors, avoiding detection even by future generations of behavioral ransomware detectors.
Authors: Jaehyun Han (The University of North Carolina at Chapel Hill), Zhiqiang Lin (The Ohio State University), Donald Porter (The University of North Carolina at Chapel Hill),
Hide Authors & Abstract

Show Authors & Abstract
13:55 - 14:15
Best-Effort Adversarial Approximation of Black-Box Malware Classifiers

An adversary who aims to steal a black-box model repeatedly queries it via a prediction API to learn its decision boundary. Adversarial approximation is non-trivial because of the enormous alternatives of model architectures, parameters, and features to explore. In this context, the adversary resorts to a best-effort strategy that yields the closest approximation. This paper explores best-effort adversarial approximation of a black-box malware classifier in the most challenging setting, where the adversary’s knowledge is limited to label only for a given input. Beginning with a limited input set, we leverage feature representation mapping and cross-domain transferability to locally approximate a black-box malware classifier. We do so with different feature types for the target and the substitute model while also using non-overlapping data for training the target, training the substitute, and the comparison of the two. Against a Convolutional Neural Network (CNN) trained on raw byte sequences of Windows Portable Executables(PEs), our approach achieves a 92% accurate substitute (trained on pixel representations of PEs), and nearly 90% prediction agreement between the target and the substitute model. Against a 97.8% accurate gradient boosted decision tree trained on static PE features, our 91% accurate substitute agrees with the black-box on 90% of predictions, suggesting the strength of our purely black-box approximation.
Authors: Abdullah Ali (University of Michigan, Dearborn), Birhanu Eshete (University of Michigan, Dearbon),
Hide Authors & Abstract

Show Authors & Abstract
14:15 - 14:35
Malware Classification using Attention-based Transductive Learning Network

Malware has now grown up to be one of the most important threats in the internet security. As the number of malware families has increased rapidly, a malware classification model needs to classify the samples from emerging malware families. In real-world environment, the number of malware samples varies greatly with each family and some malware families only have a few samples. Therefore, it is a challenge task to obtain a malware classification model with strong generalization ability by using only a few labeled malware samples in each family. In this paper, we propose an attention-based transductive learning approach to tackle this problem. To extract features from raw malware binaries, our approach first converts them into gray-scale images. After visualization, an embedding function is used to encode the images into feature maps. Then we build an attention-based Gaussian similarity graph to help transduct the label information from well-labeled instances to unknown instances. With end-to-end training, we validate our attention-based transductive learning network on a malware database of 11,236 samples with 30 different malware families. Comparing with state-of-the-art approaches, the experimental results show that our approach achieves a better performance.
Authors: Liting Deng (University of Chinese Academy of Sciences), Hui Wen (Institute of Information Engineering, CAS), Mingfeng Xin (University of Chinese Academy of Sciences), Yue Sun (University of Chinese Academy of Sciences), Limin Sun (IIE China), Hongsong Zhu (IIE China),
Hide Authors & Abstract

Show Authors & Abstract
14:35 - 14:55
TransNet: Unseen Malware Variants Detection Using Deep Transfer Learning

The ever-increasing amount and variety of malware on the Internet have presented significant challenges to the interconnected network community. The emergence of unseen malware variants has resulted in a different distribution of features and labels in the training and testing datasets. For widely used machine learning-based detection methods, the issue of dataset shift will render the trained model ineffective in the face of new data. However, it is a laborious and tedious undertaking whether relearning features to describe new data or collecting large amounts of labeled samples to retrain the classifiers. To address these problems, this paper proposes TransNet, a framework based on deep transfer learning for unseen malware variants detection. We first convert the raw traffic represented by sessions containing data from all layers of the OSI model into fixed-size RGB images through data preprocessing. Afterward, based on the ResNet-50 model pre-trained on the ImageNet, we replace Batch Normalization with Transferable Normalization as the normalization layer to construct our deep transfer learning model. We test the effectiveness of different methods with a set of experiments. TransNet achieves 95.89% accuracy and 96.09% F-measure on two public datasets from the real-world environment, which is higher than comparative methods. Meantime, our method ranks first on all ten subtasks, showing that it can detect unseen malware variants with stable and excellent performance.
Authors: Candong Rong (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China), Gaopeng Gou (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China), Mingxin Cui (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China), Gang Xiong (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China), Zhen Li (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China), Li Guo (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China),
Hide Authors & Abstract

Show Authors & Abstract
14:55 - 15:15
AOMDroid: Detecting Obfuscation Variants of Android Malware Using Transfer Learning

Android with its large market attracts malware developers. Malware developers employ obfuscation techniques to bypass malware detection mechanisms. Existing systems cannot e ectively detect obfuscated Android malware. In this paper, We propose a novel approach to identify obfuscated Android malware. Our proposed approach is based on the intuition that opcode sequences are more resilient to the obfuscation techniques. We first propose an effective approach based on TFIDF algorithm to identify distinctive opcode sequences. Then we represent the opcode sequences as images and reduce the problem of identifying an obfuscated malware to the problem of transforming two images to one another, i.e. unobfuscated malware representation to the obfuscated one. In order to achieve the above, we resort to the transfer learning. We implemented a prototype dubbed AOMDroid based on the proposed approach and extensively evaluated its performance of accuracy and detection time. AOMDroid outperforms four related works that we compared with, and has an accuracy rate of 92.26% in detecting Android obfuscated malware. In addition, AOMDroid supports the detection of 21 Android malware family types. Its malware family detecion accuracy rate is 87.39%. The average time spent by AOMDroid to detect a single 21 Android application is 0.963 seconds.
Authors: Yu Jiang (Huazhong University of Science and Technology), Ruixuan Li (Huazhong University of Science and Technology), Junwei Tang (Huazhong University of Science and Technology), Ali Davanian (University of California, Riverside), Heng Yin (University of California, Riverside),
Hide Authors & Abstract

Show Authors & Abstract

Coffee Break 15:15 - 15:30

Poster session 15:30 - 17:50

15:30 - 15:50
ML-Based Early Detection of IoT Botnets

In this paper, we present EDIMA, an IoT botnet detection solution to be deployed at the edge gateway installed in home networks which targets early detection of botnets. EDIMA includes a novel two-stage machine learning (ML)-based detector which first employs ML algorithms for aggregate traffic classification and subsequently Autocorrelation Function (ACF)-based tests to detect individual bots. Performance evaluation results show that EDIMA achieves high bot scanning detection accuracies with a very low false positive rate.
Authors: Ayush Kumar (National University of Singapore), Mrinalini Shridhar (National University of Singapore), Sahithya Swaminathan (National University of Singapore), Teng Joon Lim (University of Sydney),
Hide Authors & Abstract

Show Authors & Abstract
15:50 - 16:00
Identity Armour: Modern Protections for Modern Browser Security

Much of the challenge in mitigating web-based exfiltration attacks is in discerning which capabilities are acceptable operations for a user. Ultimately, the distinction between what information a user is willing to share with a first-party website (and with any third-party embedded content) is a personal decision with no one-size-fits-all solution: some users are willing to give up more privacy than others. To combat the threat of data exfiltration through client-side JavaScript, we create Identity Armour, a prototype policy enforcement mechanism that, un- like the above-mentioned protections, does not rely upon the first-part.
Authors: Drew Davidson (University of Kansas), Ross Copeland (University of Kansas),
Hide Authors & Abstract

Show Authors & Abstract
16:00 - 16:20
A Machine Learning based Smartphone App for GPS Spoofing Detection

With affordable open-source software-defined radio (SDR) devices, the security of civilian Global Position System (GPS) is at risk of spoofing attacks. Spoofed GPS signals from SDR devices have indicated that spoofed signals have higher values of signal-to-noise ratios (SNRs). Utilizing these values along with other parameters, we propose a machine learning (ML) based GPS spoofing detection system for classifying spoofed signals. To build our detection system, we launch spoofing attacks on a GPS receiver using a low-cost SDR device, LimeSDR, and apply ML algorithms on SNR values and the number of tracked and viewed satellites. A performance comparison between different ML algorithms shows that Random Forest (RF) and Support Vector Machine (SVM) achieve 99.5% accuracy, followed by K-Nearest Neighbors (KNN) (99.4%). To demonstrate easy integration of the algorithm with GPS enabled devices, we develop an Android-based smartphone app that successfully notifies the user about the spoofing signals.
Authors: Javier Campos (Purdue University Northwest), Kristin Johnson (Purdue University Northwest), Jonathan Neeley (Purdue University Northwest), Staci Roesch (Purdue University Northwest), Farha Jahan (The University of Toledo), Quamar Niyaz (Purdue University Northwest), Khair Al Shamaileh (Purdue University Northwest),
Hide Authors & Abstract

Show Authors & Abstract
16:20 - 16:30
Anomaly Detection on Web-User Behaviors through Deep Learning

The modern Internet has witnessed the proliferation of web applications that play a crucial role in the branding process among enterprises. Web applications provide a communication channel between potential customers and business products. However, web applications are also targeted by attackers due to sensitive information stored in these applications. Among web-related attacks, there exists a rising but more stealthy attack where attackers first access a web application on behalf of normal users based on stolen credentials. Then attackers follow a sequence of sophisticated steps to achieve the malicious purpose. Traditional security solutions fail to detect relevant abnormal behaviors once attackers login to the web application. To address this problem, we propose WebLearner, a novel system to detect abnormal web-user behaviors. As we demonstrate in the evaluation, WebLearner has an outstanding performance. In particular, it can effectively detect abnormal user behaviors with over 96% for both precision and recall rates using a reasonably small amount of normal training data.
Authors: Jiaping Gui (NEC Laboratories America, Inc.), Zhengzhang Chen (NEC Laboratories America, Inc.), Xiao Yu (NEC Laboratories America, Inc.), Cristian Lumezanu (NEC Laboratories America, Inc.), Haifeng Chen (NEC Laboratories America, Inc.),
Hide Authors & Abstract

Show Authors & Abstract
16:30 - 16:40
Differentially Private Social Graph Publishing for Community Detection

Social networks typically include a community structure, and the connections be-tween nodes within the same community are very close; however, the connec-tions between communities are sparse. In this study, we analyze the main chal-lenges behind the problem and then resolve it using differential privacy. First, we choose the Louvain algorithm as a benchmark community detection algorithm for the algorithmic perturbation scheme. We introduce an exponential mechanism that uses modularity as a score. Secondly, by transforming each community into a hi-erarchical random graph model, and its edge connection probability is noisy by differential privacy mechanism to ensure the security of relevant information in the protected community.
Authors: Xuebin Ma (Inner Mongolia Key Laboratory of Wireless Networking and Mobile Computing, Inner Mongolia University), Jingyu Yang (Inner Mongolia Key Laboratory of Wireless Networking and Mobile Computing, Inner Mongolia University), Shengyi Guan (Inner Mongolia Key Laboratory of Wireless Networking and Mobile Computing, Inner Mongolia University),
Hide Authors & Abstract

Show Authors & Abstract
16:40 - 16:55
Detecting Dictionary Based AGDs Based On Community Detection

Domain generation algorithms(DGA) are widely used by malware families to realize remote control. Researchers have tried to adopt deep learning methods to detect algorithmically generated domains (AGD) automatically based on only domain strings alone are proposed. Usually, such methods analyze the structure and semantic features of domain strings since simple AGDs show great difference in these two aspects. Among various types of AGDs, dictionary-based AGDs are unique for its semantic similarity to normal domains, which makes such detections based on only domain strings difficult. In this paper, we observe that the relationship between domains generated based on a same dictionary shows graphical features. We focus on the detection of dictionary-based AGDs and proposes Word-map which is based on community detection algorithm to detect dictionary-based AGDs. Word-map achieved an accuracy above 98.5% and recall rate above 99.0% on testing sets.
Authors: qianying shen (Shanghai Jiaotong University), futai zou (shanghai jiao tong unviersity),
Hide Authors & Abstract

Show Authors & Abstract
16:55 - 17:10
Performance Analysis of Elliptic Curves for VoIP Audio Encryption using a Softphone

The usage of online media streaming has become an essential part of our daily lives due to COVID-19 pandemic. The security issues have gained in importance as well with the proliferative use of real-time media. Usually, symmetric key encryption schemes are used for encrypting real-time media, which are transmitted as Real-time Transport Protocol (RTP) payload. RTP uses the Secure RTP (SRTP) to secure its payload. Several issues exist in the existing SRTP media protection scheme that can be solved by applying lightweight asymmetric key cryptography such as Elliptic Key Cryptography (ECC). We have proposed some suitable Elliptic Curves for real-time audio encryption, which do not compromise the quality of the audio calls.
Authors: Nilanjan Sen (Western Illinois University), Ram Dantu (University of North Texas), Mark Thompson (University of North Texas),
Hide Authors & Abstract

Show Authors & Abstract
17:10 - 17:20
Post-Quantum Cryptography in WireGuard VPN

WireGuard is a new and promising VPN software. It relies on ECDH for the key agreement and server authentication. This makes the tunnel vulnerable to future attacks with quantum computers. Three incremental improvements to WireGuard’s handshake protocol are proposed, giving differently enhanced levels of post-quantum security. Performance impacts of these are shown to be moderate.
Authors: Quentin Kniep (Humboldt-Universität zu Berlin), Wolf Müller (Humboldt-Universität zu Berlin), Jens-Peter Redlich (Humboldt-Universität zu Berlin),
Hide Authors & Abstract

Show Authors & Abstract
17:20 - 17:35
Evaluating the Cost of Personnel Activities in Cybersecurity Management: a Case Study

The methods of cybersecurity costs' evaluation are inclined towards the cost of incidents or technological acquirements. At the same time, there are other, less visible costs related to cybersecurity that require proper recognition. These costs are associated with the actions and the time spent by employees on activities connected to cybersecurity management. The costs form a considerable component of cybersecurity expenditures, but because they become evident only during scrupulous analyses, often they are disregarded. CAsPeA is a method that enables estimating the costs based on a model derived from the Activity-Based Costing (ABC) and the NIST SP 800-53 guidelines. This paper presents the application of CAsPeA in a steel structures manufacturing company.
Authors: Rafal Leszczyna (Gdansk University of Technology),
Hide Authors & Abstract

Show Authors & Abstract
17:35 - 17:50
TCNN: Two-way Convolutional Neural Network for Image Steganalysis

Recently, convolutional neural network (CNN) based methods have achieved significantly better performance compared to conventional methods based on hand-crafted features for image steganalysis. However, as far as we know, existing CNN based methods extract features either with constrained (even fixed), or random (i.e., randomly initialized) convolutional kernels, and this leads to limitations as follows. First, it is unlikely to obtain optimal results for exclusive use of constrained kernels due to the constraints. Second, it becomes difficult to get optimal when using merely random kernels because of the large parameter space to learn. In this paper, to overcome these limitations, we propose a two-way convolutional neural network (TCNN) for image steganalysis, by combining both constrained and random convolutional kernels, and designing respective sub-networks. Intuitively, by complementing one another, the combination of these two kinds of kernels can enrich features extracted, ease network convergence, and thus provide better results. Experimental results show that the proposed TCNN steganalyzer is superior to the state-of-the-art CNN-based and hand-crafted features-based methods, at different payloads.
Authors: Zhili Chen (Anhui University), Baohua Yang (Anhui University), Fuhu Wu (Anhui University), Shuai Ren (Anhui University), Hong Zhong (Anhui University),
Hide Authors & Abstract

Show Authors & Abstract
Day 3 23/10/2020
Room #1

Enterprise and Data Infrastructure Security 09:00 - 10:40

Starts at 9:00 AM local time, Washington, USA ( GMT -04 )
09:00 - 09:20
A Brokerage Approach for Secure Multi-Cloud Storage Resource Management

Nowadays, more cloud customers are utilizing multiple cloud service providers (CSPs) to store their data in the cloud as it provides better data availability and service reliance than storing in the single CSP. However, there are several challenges faced by cloud customers to securely manage their cloud storage resources for cloud end-users (a user or a service) in the multi-cloud scenario, such as diverse APIs and service implementations in multiple CSP as CSP is not required to comply with cloud computing standards and multi-cloud resource management skill gap. In this paper, we present a unified multi-cloud storage resource management framework for managing cloud storage resources and their configurations for Object Storage and Identity and Access Management services following the cloud brokerage approach. We propose a unified cloud storage resource model continuing our previous work to tackle the various data and cloud access control models of cloud storage resources in multiple CSPs. Based on the unified model, we introduce a unified multi-cloud storage resource management platform to manage cloud storage resources and grant/revoke access for the cloud end-user developed for two popular public CSPs: Amazon Web Services and Google Cloud. The unified platform collects and processes information about the cloud storage resources that allows cloud customers to discover, create, delete, modify, evaluate, and monitor cloud storage resources across various CSPs.
Authors: Muhammad Ihsan Haikal Sukmana (Hasso Plattner Institute, University of Potsdam, Germany), Kennedy Aondona Torkura (Hasso Plattner Institute, University of Potsdam, Germany), Sezi Dwi Sagarianti Prasetyo (University of Potsdam, Germany), Feng Cheng (Hasso Plattner Institute, University of Potsdam, Germany), Christoph Meinel (Hasso Plattner Institute, University of Potsdam, Germany),
Hide Authors & Abstract

Show Authors & Abstract
09:20 - 09:40
CacheLoc: Leveraging CDN Edge Servers for User Geolocation

In nowadays’ Internet, websites rely more and more on obtaining users’ geolocation to provide customized services. However, besides Internet giants such as Google, who retains a large amount of detailed user information, most websites still rely on IP addresses for user geolocation, which is proven inaccurate and misleading by existing studies. In this paper, we propose a novel approach, namely CacheLoc, for coarse-grained user geolocation leveraging widely-deployed content delivery networks (CDNs). This work is motivated by the fact that CDN providers deploy a number of edge servers that are geographically distributed across the world. Many of these edge servers are assigned with unique identifiers that are tied to their location, which can be easily retrieved by inspecting HTTP responses headers served by these edge servers. As a result, a website can infer coarse-grained user location by asking a user to send an HTTP request to an arbitrary domain that is known being served by a CDN, and inspecting the corresponding responses. To evaluate the usability and accuracy of the cache-based user geolocation, we conducted practical experiments based on a commercial VPN with over 160 endpoints distributed in 94 countries. Our experiments demonstrate that cache-based geolocation can achieve at least accurate country-level granularity in the regions where CDN edge servers are densely deployed. Our work sheds light on a novel light-weight and self-contained user geolocation solution.
Authors: Mingkui Wei (Sam Houston State University), Khaled Rabieh (Metropolitan State University), Faisal Kaleem (Metropolitan State University),
Hide Authors & Abstract

Show Authors & Abstract
09:40 - 10:00
Blockchain based Multi-keyword Similarity Search Scheme over Encrypted Data

Traditional searchable encryption schemes focus on preventing an honest-but-curious server. In practice, cloud servers may delete user data, perform partial queries and even falsify search results to save computing and storage resources. Although there is some previous work to verify the correctness of search results, these verification mechanisms are highly dependent on the specially appointed index structures. In this paper, we propose a blockchain based multi-keyword similarity search scheme over encrypted data (BMSSED), which is a general scheme that keeps users from worrying about potential misbehaviors of a malicious server. To solve the problem that the size of transactions is limited, we use an index partition method to divide the traditional binary tree index into a plurality of sub-indexes. The new structure of sub-indexes not only circumvents the gasLimit problem, but also reduces the dimension of file vectors and improves the search efficiency using smart contracts. In addition, we propose an access control mechanism for transaction data, which is implemented by a new smart contract. It can reduce the computation burden of data owners and prevent the leakage of confidential information. We then define the security model and conduct repeated experiments on real data sets to test the efficiency. Experimental results and theoretical analysis show the practicability and security of our scheme.
Authors: Mingyue Li (Nankai University), Chunfu Jia (Nankai University), Wei Shao (Nankai University),
Hide Authors & Abstract

Show Authors & Abstract
10:00 - 10:20
SGX-Cube: An SGX-Enhanced Single Sign-On System against Server-side Credential Leakage

User authentication systems enforce the access control of critical resources over Internet services. The pair of username and password is still the most commonly used user authentication credential for online login systems. Since the credential database has consistently been a main target for attackers, it is critical to protect the security and privacy of credential databases on the servers. In this paper, we propose SGX-Cube, an SGX-enhanced secure Single Sign-On (SSO) login system, to prevent credential leakage directly from the server memory and via brute-force attacks against a stolen credential database. When leveraging Intel SGX to develop a scalable secure SSO system, we solve two main SGX challenges, namely, small secure memory size and the limited number of running threads, by developing a record-based database encrypted scheme and placing only authentication-related functions in the enclave, respectively. We implement an SGX-Cube prototype on a real SGX platform. The experimental results show that SGX-Cube can effectively protect the confidentiality of user credentials on the server side with a small performance overhead.
Authors: Songsong Liu (George Mason University), Qiyang Song (Tsinghua University), Kun Sun (George Mason University), Qi Li (Tsinghua University),
Hide Authors & Abstract

Show Authors & Abstract
10:20 - 10:40
MisMesh: Security Issues and Challenges in Service Meshes

Service meshes have emerged as an attractive DevOps solution for collecting, managing, and coordinating microservice deployments. However, current service meshes leave fundamental security mechanisms missing or incomplete. The security burden means service meshes may actually cause additional workload and overhead for administrators over traditional monolithic systems. By assessing the effectiveness and practicality of service mesh tools, this work provides necessary insights into the available security of service meshes. We evaluate service meshes under skilled administrators (who deploy optimal configurations of available security mechanisms) and default configurations. We consider a comprehensive set of adversarial scenarios, uncover design flaws contradicting system goals, and present limitations and challenges encountered in employing service mesh tools for operational environments.
Authors: Dalton Hahn (University of Kansas), Drew Davidson (University of Kansas), Alexandru Bardas (University of Kansas),
Hide Authors & Abstract

Show Authors & Abstract

Coffee Break 10:40 - 10:55

Email and Web Security 10:55 - 12:15

10:55 - 11:15
Email Address Mutation for Proactive Deterrence Against Lateral Spear-phishing Attacks

Email spear-phishing attack is one of the most devastating cyber threat against individual and business victims. Using spear-phishing emails, adversaries can manage to impersonate authoritative identities in order to incite victims to perform actions that help adversaries to gain financial and/hacking goals. Many of this targeted phishing can be undetectable based on analyzing emails because, for example, they can be sent from compromised accounts (called lateral spear-phishing). In this paper, we developed a novel proactive defense technique using sender Email address Mutation (EM) to protect a group of related users against lateral spear-phishing. EM frequently changes the sender email address randomly that can only be verified by trusted peers, without imposing any overhead or restriction on email communication with external users. EM is transparent, secure, and effective because it allows users to use their email as usual, while they are protected from such stealthy spear-phishing. We present the EM protocol and develop a formal model to verify its correctness. The processing overhead due to mutation is a few milliseconds, which is negligible with the prospective of end-to-end email transmission delay. We also describe a real-world implementation of EM that works with any email service provider such as Gmail, Apple iCloud, Yahoo Mail, and seamlessly integrates with standard email clients such as Gmail web clients mail.google.com, Microsoft Outlook, and Thunderbird.
Authors: Md Mazharul Islam (University of North Carolina at Charlotte), Ehab Al-Shaer (Carnegie Mellon University), Muhammad Abdul Basit Ur Rahim (University of North Carolina at Charlotte),
Hide Authors & Abstract

Show Authors & Abstract
11:15 - 11:35
ByPass: Reconsidering the Usability of Password Managers

Since passwords are an unavoidable mechanism for authenticating to online services, experts often recommend using a password manager for better password security. However, adoption of password managers is low due to poor usability, the difficulty of migrating accounts to a manager, and users' sense that a manager will not add value. In this paper, we present ByPass, a novel password manager that is placed between the user and the website for secure and direct communication between the manager and websites. This direct communication allows ByPass to minimize the users' actions needed to complete various password management tasks, including account registration, logins, and password changes. ByPass is designed to minimize errors and improve usability. We conducted a usability evaluation of ByPass and found that this approach shows promising usability, and can help users to better manage their accounts in a secure manner.
Authors: Elizabeth Stobert (Carleton University), Tina Safaie (Concordia University), Heather Molyneaux (National Research Council of Canada), Mohammad Mannan (Concordia University), Amr Youssef (Concordia Univeristy),
Hide Authors & Abstract

Show Authors & Abstract
11:35 - 11:55
Assessing Adaptive Attacks Against Trained JavaScript Classifiers

In this work, we evaluate the security of heuristic- and machine learning-based classifiers for the detection of malicious JavaScript code. Due to the prevalence of web attacks directed though JavaScript injected into webpages, such defense mechanisms serve as a last-line of defense by classifying individual scripts as either benign or malicious. State-of-the-art classifiers work well at distinguishing currently-known malicious scripts from existing legitimate functionality, often by employing training sets of known benign or malicious samples. However, we observe that real-world attackers can be adaptive, and tailor their attacks to the benign content of the page and the defense mechanisms being used to defend the page. In this work, we consider a variety of techniques that an adaptive adversary may use to overcome JavaScript classifiers. We introduce a variety of new threat models that consider various types of adaptive adversaries, with varying knowledge of the classifier and dataset being used to detect malicious scripts. We show that while no heuristic defense mechanism is a silver bullet against an adaptive adversary, some techniques are far more effective than others. Thus, our work points to which techniques should be considered best practices in classifying malicious content, and a call to arms for more advanced classification.
Authors: Niels Hansen (University of Kansas), Lorenzo De Carli (Worcester Polytechnic Institute), Drew Davidson (University of Kansas),
Hide Authors & Abstract

Show Authors & Abstract
11:55 - 12:15
Connecting Web Event Forecasting with Anomaly Detection: A Case Study on Enterprise Web Applications Using Self-Supervised Neural Networks

Recently web applications have been widely used in enterprises to assist employees in providing effective and efficient business processes. Forecasting upcoming web events in enterprise web applications can be beneficial in many ways, such as efficient caching and recommendation. In this paper, we present a web event forecasting approach, DeepEvent, in enterprise web applications for better anomaly detection. DeepEvent includes three key features: web-specific neural networks to take into account the characteristics of sequential web events, self-supervised learning techniques to overcome the scarcity of labeled data, and sequence embedding techniques to integrate contextual events and capture dependencies among web events. We evaluate DeepEvent on web events collected from six real-world enterprise web applications. Our experimental results demonstrate that DeepEvent is effective in forecasting sequential web events and detecting web based anomalies. DeepEvent provides a context-based system for researchers and practitioners to better forecast web events with situational awareness.
Authors: Xiaoyong Yuan (Michigan Technological University), Lei Ding (American University), Malek Ben Salem (Accenture), Xiaolin (Andy) Li (Cognization Lab), Dapeng Oliver Wu (University of Florida),
Hide Authors & Abstract

Show Authors & Abstract

Lunch Break 12:15 - 12:45

Blockchains, Cryptocurrency, and Security Economics 12:45 - 14:55

12:45 - 13:10
pyDNetTopic: A Framework for Uncovering What Darknet Market Users Talking About?

Although Dark Net Market(DNM) has attracted more and more researchers’ interests, we found most works focus on the markets while ignore the forums related with them. Ignoring DNM forums is undoubtedly a huge waste of informative intelligence. Previous works usually utilize LDA for darknet data mining. However, traditional topic models cannot handle the posts in forums with various lengths, which incurs unaffordable complexity or performance degradation. In this paper, an improved Bi-term Topic Model named Filtered Bi-term Model, is proposed to extract potential topics in DNM forums for balancing both overhead and performance. Experimental results prove that the topical words extracted by FBTM are more coherent than LDA and DMM. Furthermore, we proposed a general framework named pyDNetTopic for content extracting and topic modeling uncovering DNM forums automatically. The full results we apply pyDNetTopic to Agora forum demonstrate the capability of FBTM to capture informative intelligence in DNM forums as well as the practicality of pyDNetTopic.
Authors: futai zou (shanghai jiao tong university), Haowei He (University of Electronic Science and Technology of China), Jingcheng Yang (Shanghai Jiao Tong University),
Hide Authors & Abstract

Show Authors & Abstract
13:10 - 13:30
The Bitcoin Hunter: Detecting Bitcoin Traffic Over Encrypted Channels

Bitcoin and similar blockchain-based currencies are significant to consumers and industry because of their applications in electronic commerce and other trust-based distributed systems. Therefore, it is of paramount importance to the consumers and industry to maintain reliable access to their Bitcoin assets. In this paper, we investigate the resilience of Bitcoin to blocking by the powerful network entities such as ISPs and governments. By characterizing Bitcoin's communication patterns, we design classifiers that can distinguish (and therefore block) Bitcoin traffic even if it is tunneled through an encrypted channel like Tor and even if Bitcoin traffic is being mixed with background traffic, e.g., due to browsing websites. We perform extensive experiments to demonstrate the reliability of our classifiers in identifying Bitcoin traffic even despite using obfuscation protocols like Tor Pluggable Ttransports. We conclude that standard obfuscation mechanisms are not enough to ensure blocking-resilient access to Bitcoin (and similar cryptocurrencies), therefore cryptocurrency operators should deploy tailored traffic obfuscation mechanisms.
Authors: Fatemeh Rezaei (University of Massachusetts Amherst), Shahrzad Naseri (University of Massachusetts Amherst), Ittay Eyal (Technion), Amir Houmansadr (University of Massachusetts Amherst),
Hide Authors & Abstract

Show Authors & Abstract
13:30 - 13:50
PoQ: A Consensus Protocol for Private Blockchains Using Intel SGX

In blockchain technology, consensus protocols serve as mechanisms to reach agreements among a distributed network of nodes. Using a centralized party or consortium, private blockchains achieve high transaction throughput and scalability, Hyperledger Sawtooth is a prominent example of private blockchains that uses Proof of Elapsed Time (PoET) (SGX-based) to achieve consensus. In this paper, we propose a novel protocol, called Proof of Queue (PoQ), for private (permissioned) blockchains, that combines the lottery strategy of PoET with a specialized round-robin algorithm where each node has an equal chance to become a leader (who propose valid data blocks to the chain) with equal access. PoQ is relatively scalable without any collision. Similar to PoET, our protocol uses Intel SGX, a Trusted Execution Environment, to generate a secure random waiting time to choose a leader, and fairly distribute the leadership role to everyone on the network. PoQ scales fairness linearly with SGX machines: the more the SGX in the network, the higher the number of chances to be selected as a leader per unit time. Our analysis and experiments show that PoQ provides significant performance improvements over PoET.
Authors: Golam Dastoger Bashar (Boise State University), Alejandro Avila (Boise State University), Gaby Dagher (Boise State University),
Hide Authors & Abstract

Show Authors & Abstract
13:50 - 14:15
Share Withholding in Blockchain Mining

Cryptocurrency achieves distributed consensus using proof of work or PoW. Prior research in blockchain security identified financially incentivized attacks based on withholding blocks which have the attacker compromise a victim pool and pose as a PoW contributor by submitting the shares (earning credit for mining) but withholding the blocks (no actual contributions to the pool). We advance such threats to generate greater reward advantage to the attackers while undermining the other miners and introduce the share withholding attack (SWH). SWH withholds shares to increase the attacker’s reward payout within the pool, in contrast to the prior threats withholding blocks focusing on the inter-pool dynamics. SWH rather builds on the block-withholding threats in order to exploit the information about the impending block submission timing, challenging the popularly established assumption that the block submission time is completely random and unknown to miners. We analyze SWH’s incentive compatibility and the vulnerability scope by identifying the critical systems and environmental parameters which determine the attack’s impact. Our results show that SWH yields unfair reward advantage at the expense of the protocol-complying victim miners and that a rational miner will selfishly launch SWH to maximize its reward profit. We inform the blockchain and cryptocurrency research of the SWH threat to facilitate further research and development to secure the blockchain consensus protocol.
Authors: Sang-Yoon Chang (University of Colorado Colorado Springs),
Hide Authors & Abstract

Show Authors & Abstract
14:15 - 14:35
Review Trade: Everything is Free in Incentivized Review Groups

Online reviews play a crucial role in the ecosystem of e-commerce business. To manipulate consumers’ opinions, some sellers of e-commerce platforms outsource opinion spamming with incentives (e.g., free products) in exchange for incentivized reviews. As incentives, by nature, are likely to drive more biased reviews or even fake reviews. Despite e-commerce platforms such as Amazon have taken initiatives to squash the incentivized review practice, sellers turn to various social networking platforms (e.g., Facebook) to outsource the incentivized reviews. The aggregation of sellers who request incentivized reviews and reviewers who seek incentives forms incentivized review groups. In this paper, we focus on the incentivized review groups in e-commerce platforms. We perform data collections from various social networking platforms, including Facebook, WeChat, and Douban. A measurement study of incentivized review groups is conducted with regards to group members, group activities, and products. To identify the incentivized review groups, we propose a new detection approach based on co-review graphs. Specifically, we employ the community detection method to find suspicious communities from co-review graphs. Also, we build a “gold standard” dataset from the data we collected, which contains the information of reviewers who belong to incentivized review groups. We utilize the “gold standard” dataset to evaluate the effectiveness of our detection approach.
Authors: Yubao Zhang (University of Delaware), Shuai Hao (Old Dominion University), Haining Wang (Virginia Tech),
Hide Authors & Abstract

Show Authors & Abstract
14:35 - 14:55
Perturbing Smart Contract Execution through the Underlying Runtime

Because the smart contract is the core element that enables blockchain systems to perform diverse and intelligent operations, the security of smart contracts significantly determines the reliability and availability of the blockchain applications. This work examines security from the perspective that, although a smart contract may be programmatically correct, the environment in which the smart contract is carried out is vulnerable. Adversaries do not need to necessarily concern themselves with how a smart contract is programmed or whether it is vulnerable; the integrity of the smart contract can be undermined by perturbing the output of smart contract execution. Such an approach does not rely on exploiting programming errors or vulnerabilities in smart contract verification and protection frameworks. Instead, it leverages the flaws in the underlying smart contract lifecycle and virtualization mechanisms. The Hyperledger Fabric platform is used to demonstrate the feasibility of the proposed attack.
Authors: Pinchen Cui (Auburn University), David Umphress (Auburn University),
Hide Authors & Abstract

Show Authors & Abstract

Best Paper Award and Closing Remarks by TPC Co-Chairs: Nitesh Saxena and Kevin Butler 14:55 - 15:05

Day 4 24/10/2020
Room #1

Introductory remark by Dr. Shahriar Badsha 10:00 - 10:05

Starts at 10:00 AM local time, Washington, USA ( GMT -04 )

Keynote speaker Dr. Paul Ratazzi 10:05 - 10:40

Title: Mission Assurance: An Enabler for Emergency and Contested Operations

Workshop Session 10:40 - 11:50

EmergencyComm 2020
10:40 - 11:00
PrivyTRAC – Privacy and Security Preserving Contact Tracing System

Smartphone location-based methods have been proposed and implemented as an effective alternative to traditional labor intensive contact tracing methods. However, there are serious privacy and security concerns that may impede wide-spread adoption in many societies. Furthermore, these methods rely solely on proximity to patients, based on Bluetooth or GPS signal, ignoring lingering effects of virus, including COVID-19, present in the environment. This results in inaccurate risk assessment and incomplete contact tracing. A new system concept called PrivyTRAC preserves user privacy, in-creases security and improves accuracy of smartphone contact tracing. PrivyTRAC enhances users’ and patients’ privacy by letting users conduct self-evaluation based on the risk maps download to their smartphones. No user information is transmitted to external locations or devices, and no personally identifiable patient information is embedded in the risk maps as they are processed anonymized and aggregated confirmed patient locations. The risk maps consider both spatial proximity and temporal effects to improve the accuracy of the infection risk estimation. Experiments conducted in the paper illustrate improvement of PrivyTRAC over proximity-based methods in terms of true and false positives. An approach to further improve infection risk estimation by incorporating both positive and negative local test results from contacts of confirmed cases is also described.
Authors: Ssu-Hsin Yu (Scientific Systems Company, Inc.),
Hide Authors & Abstract

Show Authors & Abstract
11:00 - 11:25
Formalizing Dynamic Behaviors of Smart Contract Workflow in Smart Healthcare Supply Chain

We present a formal model for smart contract workflow using Colored Petri-Net in the context of a blockchain-based healthcare supply chain in this paper. Ensuring traceability of products is a crucial issue in a smart healthcare supply chain. Blockchain and smart contracts are two enabling technologies that ensure the traceability of products and prevent data tampering in the smart healthcare supply chain. In a blockchain-based supply chain, a workflow of smart contracts needs to created and executed based on the input data. The selection of smart contracts in the workflow is data-driven and dynamic. Hence, it is necessary to verify the correctness of the dynamic execution of smart contracts. In this paper, we develop a Colored Petri-Net based formalism to verify the correctness of dynamic behaviors of the smart contract workflow. We conduct experiments to evaluate the performance of our proposed model.
Authors: Mohammad Saidur Rahman (RMIT University), Ibrahim Khalil (RMIT University, Melbourne Australia), Abdelaziz Bouras (Qatar University),
Hide Authors & Abstract

Show Authors & Abstract
11:25 - 11:50
Khopesh - Contact Tracing Without Sacrificing Privacy

Secure contact tracing has proven challenging to implement,because even if a user’s contact data is encrypted, it is still difficult to hide the user’s metadata, which could be used to determine a user’s identity, furthermore, many existing contact tracing software implementations may require a user to send sensitive information such as location data to be processed by a central authority. Current systems such as DP-3T [9] and COVIDSafe [10] do not provide anonymity or much privacy protection. It is also not guaranteed that the data collected will not be used for marketing, commercial gain, or law enforcement. Khopesh is a new secure contact tracing system that offers strong privacy guarantees, hiding both a user’s contacts and location data. This is made possible through the use of identity-based encryption, mix networks, and a novel technique called secure-contact contract signing, which enables groups of users to view each other’s reports.
Authors: Friedrich Doku (University of Pittsburgh), Ethan Doku (Irondale High School),
Hide Authors & Abstract

Show Authors & Abstract

Conclusion remark by Dr. Shahriar Badsha 11:50 - 11:55