Mobile users can open program in new tab for better viewing.

Open program in new tab

Day 1 06/08/2020
Room #1

Organizing Committee Welcome 09:00 - 09:00

Start at 9am, Danish time

Conference Manager's Message 09:00 - 09:00

Welcome Message from Conference Manager and EAI

Keynote 1: Prof. SM Yiu 09:00 - 09:00

Keynote 2: Prof. Shui Yu 09:00 - 09:00

Coffee Break 09:00 - 09:00

10 minutes

Network Security 10:40 - 12:00

10:40 - 11:00
A Characterisation of Smart Grid DoS Attacks

The traditional power grid is evolving to keep pace with the demands of the modern age. Smart grids introduce communication systems for improved control, efficiency, and recovery. However, these IT networks bring with them a plethora of cyber-security issues as typically seen in conventional networks, including threats such as Denial-of-Service (DoS). Unlike a conventional network, the smart grid also has particularities, such as the heightened need for timely transmissions and the possibility of cascading failures, that require special consideration, especially in the context of different cyber attacks. To this end, this paper examines the major sub-systems of the smart grid that may be vulnerable to DoS attacks, and proposes a classification and definitions for a set of possible DoS scenarios specific to the smart grid.
Authors: Dilara Acarali (City, University of London), Muttukrishnan Rajarajan (City University London), Doron Chema (L7Defense), Mark Ginzburg (L7Defense),
Hide Authors & Abstract

Show Authors & Abstract
11:00 - 11:20
Security and Privacy in 5G Applications: Challenges and Solutions

5G is a new generation mobile network that enables innovation and supports progressive change across all vertical industries and across our society. 5G usage scenarios face new security risks due to the technology used and the characteristics of the specific application scenario. The security risks have become a key factor affecting the development of 5G convergence services. First we summarize the technical characteristics and typical usage scenarios of 5G. Then, we analyze the security and privacy risks faced by 5G applica-tions, and give the system reference architecture and overall security and privacy solutions for 5G applications. Based on the three major applications scenarios of eMBB, uRLLC, and mMTC, we also provide specific sugges-tions for coping with security and privacy risks.
Authors: Qin Qiu (China Mobile Communications Group Co., Ltd., Beijing), Sijia Xu (China Mobile Communications Group Co., Ltd, Beijing), Shengquan YU (Beijing Normal University),
Hide Authors & Abstract

Show Authors & Abstract
11:20 - 11:40
Alarm Elements based Adaptive Network Security Situation Prediction Model

To improve network security situation prediction accuracy, an adaptive network security situation prediction model based on alarm elements was proposed. Firstly, we used the entropy correlation method to generate the network security situation time series according to Alarm Frequency (AF), Alarm Criticality (AC) and Alarm Severity (AS).Then, the initial situation predicted value is calculated through sliding adaptive cubic exponential smoothing. Finally, based on the error state, we built the time-varying weighted Markov chain to predict the error value and modify the initial predicted value. The experimental results show that the network security situation prediction results of our model match with the real results better and the prediction accuracy of our model is superior to the traditional Markov model and the improved convolutional neural network based model.
Authors: Hongyu YANG (Civil Aviation University of China, School of Computer Science and Technology), Le Zhang (School of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China), Xugao Zhang (School of Computer Science and Technology,Civil Aviation University of China), Guangquan Xu (Tianjin University), Jiyong Zhang (School of Computer and Communication Science, Swiss Federal Institute of Technology in Lausanne),
Hide Authors & Abstract

Show Authors & Abstract
11:40 - 12:00
Watermark based Tor Cross-domain Tracking System For Tor Network Traceback

Anonymous network is widely used to access the Internet, causing varieties of cyber security incidents because of its anonymity, which increasingly affects the security of cyberspace. How to detect anonymous network flow to po- sition the anonymous users, is becoming to a research hotspot. However, with rapid development of the encryption and network technology, it is a nontrivial task to detect and position the anonymous user in such a complex network envi- ronment. In this paper, we design a prototype system called Watermark based Tor Cross- domain Tracking System that is effectively detects and determine the sender and the receiver on the real Tor network to testify its function. Moreover, instead of conventional passive network flow analysis, this paper learns from active network flow analysis to design three digital watermark models to implement the embed- ding, extracting and matching of watermark information, and meanwhile it will not affect the network flow’s content and transmission. Experimental results on the real data sets show that when embedding the three watermark models on the sender, watermark based Tor cross-domain tracking system indeed yields the po- sitioning function.
Authors: jianwei ding (30th Research Institute of China Electronics Technology Group Corporation), zhouguo chen (30th Research Institute of China Electronics Technology Group Corporation),
Hide Authors & Abstract

Show Authors & Abstract

Lunch 12:05 - 12:05

30 minutes

System Security 13:00 - 14:00

13:00 - 13:20
Research on IoT Security Technology and Standardization in the 5G Era

With the development of 5G technology, Internet of Things (IoT) are highly developing and deeply integrated with social life and industry productions, which brings about many security issues. In 5G era, the progress of technol-ogy has brought unprecedented convenience to human society. At the same time, personal information security and privacy protection will also face great challenges. This paper describes the situation of 5G pushing the devel-opment of the IoT and the related security risks, introduces the current situ-ation of the standards and policies. After then, from the perspective of the sensor control equipment and IoT card, network and transmission exchange, business application and service, security management and operation, specif-ic risk considerations are carried out. We analyze the security requirements and key technologies of IoT in the 5G era, and propose effective measures to deal with risks, Finally the paper puts forward suggestions for promoting the IoT security technology and the standardization work.
Authors: Qin Qiu (China Mobile Communications Group Co., Ltd., Beijing), Xuetao Du (China Mobile Group Design Institute Co., Ltd., Beijing), Shengquan Yu (Beijing Normal University), Chenyu Wang (Beijing University of Posts and Telecommunications), Shenglan Liu (China Mobile Group Design Institute Co., Ltd., Beijing), Bei Zhao (China Mobile Group Design Institute Co., Ltd., Beijing), Ling Chang (China Mobile Group Design Institute Co., Ltd., Beijing),
Hide Authors & Abstract

Show Authors & Abstract
13:00 - 13:40
MIMEC Based Information System Security Situation Assessment Model

The accuracy of existing information system security situation assessment methods is affected by expert evaluation preferences. This paper proposes an Information System Security Situation Assessment Model (ISSSAM), which is based on the Modified Interval Matrix-Entropy Weight based Cloud (MIMEC). Based on the system security situation assessment index system, the interval number judgment matrix reflecting the relative importance of different indicators is modi-fied to improve the objectivity of the indicator layer weight vector. Then, the en-tropy weight based cloud is used to quantify the criterion layer and the target lay-er security situation index, and the security level of the system is graded. The feasibility and effectiveness of this model are verified by the security situation assessment of the Departure Control System (DCS). Through the comparison and analysis of the evaluation results based on entropy weight coefficient method and traditional AHP method, it is shown that the model we proposed has good stability and reliability.
Authors: Lixia Xie (Civil Aviation University of China, School of Computer Science and Technology), Liping Yan (Civil Aviation University of China, School of Computer Science and Technology), Xugao Zhang (Civil Aviation University of China, School of Computer Science and Technology), Hongyu Yang (Civil Aviation University of China, School of Computer Science and Technology), Guangquan Xu (College of Intelligence and Computing, Tianjin University), Jiyong Zhang (School of Computer and Communication Science, Swiss Federal Institute of Technology in Lausanne),
Hide Authors & Abstract

Show Authors & Abstract
13:40 - 14:00
IoTFC: A Secure and Privacy Preserving Architecture for Smart Buildings

In the pursuit of cities to be more efficient and responsive, various kind of Internet of Things (IoT) devices, such as actuators and sensors are used. This paper focuses on one specific IoT application - the smart building, and investigates the security and privacy issues in an integrated IoT-fog-cloud (IoTFC) smart building architecture. We consider the surveillance, maintenance, environment, and concierge use cases for smart building, in terms of their characteristics, compatible communication technology, and security and privacy requirements. IoTFC provides a comprehensive solution to the security and privacy challenges of authentication, access control, anomaly detection, data privacy and location privacy. To the best of our knowledge, IoTFC is a novel architecture, as it combines a complete set of light-weight security and privacy solutions suitable for smart buildings.
Authors: Amna Qureshi (Universitat Oberta de Catalunya), Muhammad Shahwaiz Afaqui (Universitat Oberta de Catalunya), Julián Salas (Universitat Oberta de Catalunya),
Hide Authors & Abstract

Show Authors & Abstract

Machine Learning I 14:10 - 15:10

14:10 - 14:30
Research on a Hybrid EMD-SVR Model for Time Series Prediction

Time series prediction methods were widely used in various fields. The prediction method for non-stationary and nonlinear time series was studied in this paper. This method decomposed non-stationary time series into stationary sub-sequence using Empirical Mode Decomposition method. And then an appropriate time-step was chosen and Support Vector Regression algorithm was applied to predict each stationary sub-sequence. The sum of predicted values was the forecasting results of the original sequence. The method was applied to building energy consumption dataset. The experimental results showed that the combined algorithm of Support Vector Regression and Empirical Mode Decomposition had higher accuracy and was suitable for predicting non-linear and non-stationary time series. Moreover, the forecasting results of time series with outliers illustrated EMD-SVR algorithm was more robust than SVR algorithm.
Authors: QiangQiang Yang (1. Shanghai University; 2. Shanghai University of Electric Power), Dandan Liu (Shanghai University of Electric Power), Yong Fang (Shanghai university), Dandan Yang (Tianjin Navigation Instruments Research Institute), Yi Zhou (MXSUN software company), Ziheng Sheng (The University of New South Wales),
Hide Authors & Abstract

Show Authors & Abstract
14:30 - 14:50
Distant Supervision for Relations Extraction via Deep Residual Learning and Multi-Instance Attention in Cybersecurity

Cybersecurity knowledge graph is powerful tool for data driven thread intel-ligence computing. Relation extraction is a very important task in the con-struction of cybersecurity knowledge graph from unstructured data. In order to reduce the influence of noisy data on the deep learning model, we pro-pose a distant supervised relation extraction model ResPCNN-ATT based on deep residual convolutional neural network and attention mechanism. This method takes the word vector and the position vector of the word as the in-put of the model, extracts the semantic features of the text through the piecewise convolutional neural network model PCNN, uses deep residuals to learn the effects of less noisy data, and better extracts the deep semantic fea-ture in the sentence. Compared with other models, the model proposed in this paper achieves higher accuracy than other models.
Authors: Guowei Shen (Guizhou University), Ya Qin (Guizhou University), Wanling Wang (Guizhou University), Miao Yu (Institute of Information Engineering, Chinese Academy of Sciences), Chun Guo (Guizhou University),
Hide Authors & Abstract

Show Authors & Abstract
14:50 - 15:10
User Identity Linkage across Social Networks based on Neural Tensor Network

User Identity Linkage (UIL) across social networks refers to the recognition of the accounts belonging to the same individual among multiple social network platforms. The most existing methods usually apply network embedding to map the network structure space to the low-dimensional vector space and then use lin-ear models or standard neural network layers to measure the correlations between users across social networks. However, they can hardly model the complicated interactions between users. In this paper, we propose a novel Neural Tensor Network-based model for UIL, called NUIL. Firstly, we use the Random Walks and Skip-gram model to learn the vector representations of users. Then, we apply the Neural Tensor Network, which has a stronger ability to express the interac-tions between entities, to mine relationships between users from a higher dimen-sion. A series of experiments conducted on a real-world dataset show that NUIL outperforms the state-of-the-art network structure-based methods in terms of pre-cision, recall, and F1-measure, specifically the F1-measure exceeds 0.66, with an increase of more than 20%.
Authors: Xiaoyu Guo (PLA Strategic Support Force Information Engineering University), Yan Liu (PLA Strategic Support Force Information Engineering University), Xianmin Meng (Investigation Technology Center PLCMC), Lian Liu (Investigation Technology Center PLCMC),
Hide Authors & Abstract

Show Authors & Abstract
15:10 - 15:30
An Efficient and Privacy-Preserving Physiological Case Classification Scheme for E-healthcare System

Although e-healthcare system facilitates people to seek medical treatment, the security of patient privacy and efficiency of online medical treatment also arise wide public concern. In this work, an efficient and privacy-preserving physiological case classification scheme for e-healthcare system (EPPC) is proposed. Specifically, a homomorphic cryptosystem combined with a support vector machine (SVM) algorithm is applied to efficiently classify the physiological cases without compromising patients’ privacy. In terms of the EPPC, it has the capability of diagnosing the patient’s symptom in a timely manner. In addition, a signature authentication technology applied in EPPC can efficiently prevent data from being forged or modified. Security analysis result shows that the proposed EPPC scheme has the following advantages: protect the privacy of patients; ensure that the classification parameters of SVM are secured. Compared with the existing works, the proposed EPPC scheme shows significant advantages in terms of computational costs and communication overheads. Therefore, the EPPC scheme is of practical significance in the e-healthcare system.
Authors: Gang Shen (Hubei University of Technology), Yumin Gui (Wuhan Puren Hospital), Mingwu Zhang (Hubei University of Technology), Yu Chen (Hubei University of Technology), Hanjun Gao (China Nuclear Power Operation Technology Corporation, LTD), Yixin Su (Wuhan University of Technology),
Hide Authors & Abstract

Show Authors & Abstract
15:30 - 15:50
A multi-class detection system for Android malicious Apps based on color image features

The visual recognition of Android malicious applications(Apps) is mainly focused on the binary classification using gray-scale images, while the multi-classification of malicious App families is rarely studied. If we can visualize the Android malicious Apps as color images, we will get more features than using grayscale images. In this paper, a method of color visualization for Android Apps is proposed and implemented. Based on this, combined with deep learning models, a multi-classifier for the Android malicious App families is implemented, which can classify 131 common malicious App families. Compared with the App classifier based on the gray-scale visualization method, it is verified that the classifier using the color visualization method can achieve better classification results. This paper uses three classes of Android App APK features: classes.dex file, class name collection and API call sequence as input for App visualization, and analyzes the classifier detection accuracy and detection time under each input characteristics. According to the experimental results, we found that using the API call sequence as the color visualization input feature can achieve the highest detection accuracy rate, which is 96.01% in the ten malicious family classification and 100% in the binary classification.
Authors: Hua Zhang (State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China), Jiawei Qin (State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China), Boan Zhang (State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China), Hanbing Yan (The National Computer Network Emergency Response Technical Team/Coordination Center of China), Jing Guo (The National Computer Network Emergency Response Technical Team/Coordination Center of China), Fei Gao (Beijing University of Posts and Telecommunications, China),
Hide Authors & Abstract

Show Authors & Abstract
Day 2 07/08/2020
Room #1

Tutorial 09:00 - 09:00

Start at 9am, Danish time

Authentication and Access Control 10:40 - 12:00

10:40 - 11:00
PUF-based Two-factor Group Authentication in Smart Home

IoT-based applications such as smart home, intelligent medical and VANETs, have been put into practical utilization. Smart home is one of the most concerned environments, which allows users to remotely access and control smart devices via a public network. To securely access devices and obtain collected data over the public network, mutual authentication schemes for smart home have obtained wide attention. However, most of the these schemes cannot withstand impersonation attack, physical device lost attack, privileged-insider attack and so on. Besides, high communication and computation costs weaken the system performance. To mitigate the aforementioned drawbacks, we proposed a two-factor anonymous group authentication scheme to implement secure access to multiple devices simultaneously using Chinese Remainder Theorem and secret sharing technology. Our scheme also utilizes fuzzy extractor to extract personal biometric information, which helps uniquely identity authorized users in smart home. Our scheme can meet various security features and withstand the above attacks in smart home. Performance analysis indicates that the proposed scheme can reduce communication/computation costs when the user access multiple devices simultaneously.
Authors: Sai Ji (Network Information Center, Nanjing University of Information Science & Technology, Nanjing, China), Rongxin Qi (Nanjing University of Information Science and Technology), Jian Shen (Nanjing University of Information Science and Technology),
Hide Authors & Abstract

Show Authors & Abstract
11:00 - 11:20
An Authentication Framework in ICN-enabled Industrial Cyber-Physical Systems

Industrial Cyber-Physical Systems (ICPS), as a new industrial revolution, is to provide advanced intellectual foundation for next generation industrial systems. While such systems present substantial security challenges for the host-centric communication with the growing trend of sensor data streams. Information Centric Networking (ICN) architecture suggests features exploitable in ICPS applications, reducing delivery latency and promoting quality of services that applies broadly across Industrial Internet. Emerging available solutions for secure communication, however, few of them have thoroughly addressed concerns related to securing access due to the dependence on an online provider server. In this work, we propose a concrete authentication framework for ICN ICPS based on proxy signature, which guarantees authentic sensor data access only to legitimate users and does not require interaction between users. This framework would help lower the level of the complexity of the entire system and reduce the cost of authentication by leveraging edge cache. We prove the security of the proposed authentication scheme and present performance analysis to show its efficiency.
Authors: Yanrong Lu (School of Computer Science and Technology, Civil Aviation University of China), Mengshi Zhang (Facebook Inc), xi zheng (Macquarie University),
Hide Authors & Abstract

Show Authors & Abstract
11:20 - 11:40
Access Control for Wireless Body Area Networks

Wireless body area networks (WBANs) is a network for providing healthcare that it is becoming more and more popular. However, the crucial issues in WBANs are security and privacy that should still be considered. In this paper, we present a secure user access control scheme for WBANs. In this scheme, we main consider user access control over the data storing server (DSS). Specifically, a user can decrypt the patients physiological data if his attributes meet the access structure of the data. We guarantee the patients physiological data confidentiality by adopting the secure two-party computation (2PC) protocol. In addition, our scheme can achieve the immediate user revocation by employing the proxy encryption mechanism. Security analysis indicates that proposed scheme can resist various security threats and achieve privacy preservation of patients sensitive information. Compared with related schemes, our scheme is more secure and efficient.
Authors: Gang Shen (Hubei University of Technology), Wenxiang Song (Hubei University of Technology), Yumin Gui (Wuhan Puren Hospital), Hanjun Gao (China Nuclear Power Operation Technology Corporation, LTD),
Hide Authors & Abstract

Show Authors & Abstract
11:40 - 12:00
FIDO - that dog won't hunt

FIDO is an authentication technology based on the mathematics of public key cryptography that emerged in the 1970s and the 1980s. It is promoted by a large industry backed consortium as the two-factor successor to the username/password mechanism, which is well understood as being no longer fit for purpose. But intrinsic to FIDO is the requirement for both client-side secure hardware and a vulnerable server-side credentials database. Here we propose a better solution which would ditch both of these requirements by separating the registration and authentication processes, and which provides true multi-factor authentication using more modern ideas that have emerged from cryptographic research.
Authors: Michael Scott (MIRACL Labs, Ireland),
Hide Authors & Abstract

Show Authors & Abstract

Coffee Break 12:05 - 12:05

10 minutes

Cloud Security 13:00 - 14:00

13:00 - 13:20
Security Analysis and Improvement of a Dynamic-Hash-Table based Auditing Scheme for Cloud Storage

Cloud storage has emerged as a promising solution to the scalability problem of massive data management for both individuals and organizations, but it still faces some serious limitations in reliability and security. Recently, Tian et al. proposed a novel public auditing scheme for cloud storage (DHT-PA) based on dynamic hash table (DHT), with which their scheme achieves higher efficiency in dynamic auditing than the state-of-the-art schemes. They claimed that their scheme is provably secure against forging data signatures under the CDH assumption. Unfortunately, by presenting a concrete attack, we demonstrate that their scheme is vulnerable to the signature forgery attack, i.e., the cloud service provider (CSP) can forge a valid signature of an arbitrary data block. Thus, a malicious cloud service provider can pass the audit without correct data storage. The cryptanalysis shows that DHT-PA is not secure for public data verification.
Authors: Qiang Ma (State Grid Shandong Electric Power Company), Ti Guan (State Grid Shandong Electric Power Company), Yujie Geng (State Grid Shandong Electric Power Company), Jing Wang (Wuhan University), Min Luo (Wuhan University),
Hide Authors & Abstract

Show Authors & Abstract
13:20 - 13:40
A Public Auditing Framework against Malicious Auditors for Cloud Storage based on Blockchain

In the cloud storage applications, the cloud service provider (CSP) may delete or damage the user’s data. In order to avoid the responsibility, CSP will not actively inform the users after the data damage, which brings the loss to the user. Therefore, increasing research focuses on the public auditing technology in recent years. However, most of the current auditing schemes rely on the trusted third public auditor (TPA). Although the TPA brings the advantages of fairness and efficiency, it cannot get rid of the possibility of malicious auditors, because there is no fully trusted third party in the real world. As an emerging technology, blockchain technology can effectively solve the trust problem among multiple individuals, which is suitable to solve the security bottleneck in the TPA based public auditing scheme. This paper proposes a public auditing scheme with the blockchain technology to resist the malicious auditors. In addition, a comprehensive performance evaluation demonstrates that our scheme is feasible and efficient.
Authors: Song Li (College of Information Engineering, Nanjing University of Finance and Economics, Nanjing, China), Jian Liu (College of Information Engineering, Nanjing University of Finance and Economics, Nanjing, China), Guannan Yang (College of Information Engineering, Nanjing University of Finance and Economics, Nanjing, China),
Hide Authors & Abstract

Show Authors & Abstract
13:40 - 14:00
A Secure and Verifiable Outsourcing Scheme for Machine Learning Data

In smart applications, such as smart medical devices, in order to prevent privacy leaks, more data needs to be processed and trained locally or near the local end. However, the storage and computing capabilities of smart devices are limited, so some computing tasks need to be outsourced; concurrently, the prevention of malicious nodes from accessing user data during outsourcing computing is required. Therefore, this paper proposes EVPP (efficient, verifiable, and privacy-preserving), a machine learning method based on a collaboration of edge computing devices. In this solution, the computationally intensive part of the model training process is outsourced. Meanwhile, a random encryption perturbation is performed on the outsourced training matrix, and verification factors are introduced to ensure the verifiability of the results. In addition, when a malicious service node is found, verifiable evidence can be generated to build a trust mechanism. Through the analysis of theoretical and experimental data, it can be shown that the scheme proposed in this paper can effectively use the computing power of the equipment.
Authors: Cheng Li (Xidian University), Li Yang (Xidian University), Jianfeng Ma (Xidian University),
Hide Authors & Abstract

Show Authors & Abstract
14:00 - 14:20
Support Vector Machine Intrusion Detection Scheme Based on Cloud-Fog Collaboration

Fog computing is a new computing paradigm in the era of the Internet of Things. Aiming at the problem that fog nodes are closer to user equipment, with heterogeneous nodes, limited storage capacity resources, and greater vulnerability to intrusion, a lightweight support vector machine intrusion detection model based on Cloud-Fog Collaboration(CFC-SVM) is proposed. Due to the high dimensionality of network data, first, Principal Component Analysis (PCA) is used to reduce the dimensionality of the data, eliminate the correlation between attributes and reduce the training time. Then, in the cloud server, a support vector machine (SVM) optimized by the particle swarm algorithm is used to complete the training of the dataset, obtain the optimal SVM intrusion-detection classifier, send it to the fog node, and carry out attack detection at the fog node. Experiments with the classic KDD CUP 99 dataset show that the model in this paper is better than other similar algorithms in regard to detection time, detection rate and accuracy, which can effectively solve the problem of intrusion detection in the fog environment.
Authors: ruizhong du (School of Cyber Security and Computer, Hebei University), yun li (School of Cyber Security and Computer, Hebei University), xiaoyan liang (School of Cyber Security and Computer, Hebei University), junfeng tian (School of Cyber Security and Computer, Hebei University),
Hide Authors & Abstract

Show Authors & Abstract

Lunch 14:05 - 14:05

30 minutes

Cryptography 14:10 - 15:10

14:10 - 14:30
Generative image steganography based on digital Cardan Grille

In this paper, a generative image steganography algorithm based on digital Cardan Grille is proposed. Combining the ideas of traditional Cardan Grille and the semantic image inpainting technique, the stego image are driven by secret messages directly.The algorithm first embeds the information based on digital Cardan Grille, and then uses generative adversarial network (GANs) to complete the damaged image. The adversarial game not only reconstruct the corrupted image , but also generate a stego image which contains the logic rationality of image content. The experimental results verify the feasibility of the proposed method.
Authors: Yaojie Wang, Xiaoyuan Yang (Engineering University of PAP), Wenchao Liu (Engineering University of PAP),
Hide Authors & Abstract

Show Authors & Abstract
14:30 - 14:50
Pixel Grouping Based Image Hashing for DIBR 3D Image

Most of the traditional 2D image hashing schemes do not take into account the change of viewpoint to construct the hash vector, resulting in the classification accuracy rate is unsatisfactory when applied in identification for Depth-image-based rendering (DBIR) 3D image. In this paper, pixel grouping according to histogram shape and Nonnegative matrix factorization (NMF) is applied to design DIBR 3D image hashing with better robustness resist to geometric distortions and higher classification accuracy rate for virtual images identification. Experiments show that the proposed hashing is robust to common signal and geometric distortion attacks, such as additive noise, blurring, JPEG compression, scaling and rotation. When compared with the state-of-art schemes for traditional 2D image hashing, the proposed hashing provides better performances under above distortion attacks when considering the virtual images identification.
Authors: Chen Cui (Heilongjiang University), XuJun Wu (Heilongjiang University), Jun Yang (Jiaxing University), Juyan Li (Heilongjiang University),
Hide Authors & Abstract

Show Authors & Abstract
14:50 - 15:10
Improved Conditional Differential Analysis on NLFSR Based Block Cipher KATAN32 with MILP

This study describes constructing a Mixed Integer Linear Programming (MILP) model for conditional differential cryptanalysis on nonlinear feedback shift register (NLFSR)-based block cipher, and proposes an approach for detect the bit with a strongly-biased difference. The model is successfully applied on the block cipher KATAN32 in the single-key scenario, and the attacks are practical key-recovery attacks covering more rounds than previous results. In particular, we present two distinguishers for 79 and 81 out of 254 rounds of KATAN32. Based on the 81-round distinguisher we recover 11 equivalent key bits of 98-round KATAN32 with the time complexity being less than 2^{31} encryptions of 98-round KATAN32 and recover 13 equivalent key bits of 99-round KATAN32 with the time complexity being less than 2^{33} encryptions of 99-round KATAN32. Thus far, our results are the best known practical key-recovery attack for the round-reduced variants of KATAN32 as far as the number of rounds and the time complexity. All the results are verified experimentally in practical time.
Authors: Zhaohui Xing (School of Information Science and Engineering, Shandong Normal University, Jinan 250014, China), Wenying Zhang (School of Information Science and Engineering, Shandong Normal University, Jinan 250014, China), Guoyong Han (School of Management Engineering, Shandong Jianzhu University, Jinan 250101, China),
Hide Authors & Abstract

Show Authors & Abstract

Applied Cryptography 15:20 - 16:20

15:20 - 15:40
A Verifiable Combinatorial Auction Scheme with Bidder's Privacy Protection

Combinatorial auctions are employed in many fields such as spectrum auction and energy auction. However, data concerning bidders’ bid and bundle might reveal sensitive information, such as personal preference and competitive relation. In order to solve the problem, this paper proposes a privacy-preserving combinatorial auction scheme to protect bidders' and auctioneer's privacy and ensure the result correctness. In our scheme, bidders’ bundle and the distribution statue of goods are described as m-dimensional binary vectors. We employ a one-way and monotonically increasing function to protect each bidder's bid, so that auctioneer is able to pick out the largest bid without disclosing the bid. Moreover, we convert the question of judging whether a bidder is a winner to the question of judging whether the vector product is 0. Since m-dimensional vectors are encrypted by Elgamal algorithm, the vector product will not reveal bidder's bundle information. In our scheme, the trusted third party is responsible for key distribution and the bidders’ information is hidden. Besides, we put forward a privacy-preserving verifiable payment determination model to compute the payment the winner should pay. Additionally, we employ a blind signature scheme to enable bidders to verify the authenticity of the payment computed by the auctioneer.
Authors: Mingwu Zhang (Hubei University of Technology), Bingruolan Zhou (Hubei University of Technology),
Hide Authors & Abstract

Show Authors & Abstract
15:40 - 16:00
A Multi-user Shared Searchable Encryption Scheme Supporting SQL Query

Due to the tremendous benefits of cloud computing, organizations are highly motivated to store electronic records on clouds. However, outsourcing data to cloud servers separates it from physical control, resulting in data privacy disclosure. Although encryption enhances data confidentiality, it also complicates the execution of encrypted database operations. In this paper, we propose a multi-user shared searchable encryption scheme that supports multi-user selective authorization and secure access to encrypted databases. First, we apply the Diffie-Hellman protocol to a trapdoor generate algorithm to facilitate fine-grained search control without incremental conversions. Second, we utilize a private key to generate an encrypted index by bilinear mapping, which makes it impossible for an adversary to obtain trapdoor keywords by traversing the keyword space and to carry out keyword guessing attacks. Third, we use double-layered encryption to encrypt a symmetric decryption key. Only the proxies whose attributes are matched with access control list can obtain the key of decrypted data. Through theoretical security analysis and experimental verifications, we show that our scheme can provide secure and efficacious ciphertext retrieval without the support of a secure channel.
Authors: Mingyue Li (Nankai University), Chunfu Jia (Nankai Univeristy), Ruizhong Du (Hebei University),
Hide Authors & Abstract

Show Authors & Abstract
16:00 - 16:20
Forward Secure Searchable Encryption with Conjunctive-Keyword Supporting Multi-User

Searchable symmetric encryption enables users to efficiently search ciphertext in the cloud and ensures the security of encrypted data. Recent works show that forward security is an important property in dynamic SSE. Many forward secure symmetric searchable encryption schemes suporting single-keyword search have been proposed. Only a few SSE schemes can satisfy the forward security and support conjunctive keyword search at the same time, which are realized by adopting inefficient or complicated tools. Very recently, Hu proposed a conjunctive-keyword search FSSE scheme using inner-product encryption which, however, is conceptually complex and not efficient. According to Hu's idea, we use a conceptually simple and efficient tool to design an efficient and secure conjunctive-keyword SSE scheme supporting multi-user with forward privacy. Our scheme can hide the number of keywords in the query. To improve practicality, we design our scheme to support multi-user function. We also give a method to expand the keyword space without losing efficiency.Our scheme achieves sub-linear efficiency, and can easily be used in any single-keyword FSSE to obtain a conjunctive-keyword FSSE supporting multi-user. Compared with the best current conjunctive-keyword FSSE scheme, our scheme has better update and query efficiency.
Authors: Zhongyi Liu (Nanjing University of Science and Technology), Chungen Xu (Nanjing University of Science and Technology), Zhigang Yao (Nanjing University of Science and Technology),
Hide Authors & Abstract

Show Authors & Abstract