The SECRYPT 2014 is integrated in the ICETE (International Conference on e-Business and Telecommunications) joint conference, which puts together six complementary conferences, namely DCNET, ICE-B, OPTICS, SECRYPT, SIGMAP and WINSYS, covering a broad range of related fields, including data communication networking, e-business, optical communication systems, security and privacy, signal processing and multimedia applications, and wireless networks and information systems.
Sponsored by INSTICC (the Institute for Systems and Technologies of Information, Control and Communication) and co-organized by the Austrian Computer Society and the Vienna University of Technology, the SECRYPT is technically sponsored by SBA Research and held in cooperation with ACM SIGDOC (Special Interest Group on Design of Communication), ACM SIGSAC (Special Interest Group on Security, Audit and Control) and IACR (International Association for Cryptologic Research). Moreover, it has WfMC (Workflow Management Coalition), OMG (Object Management Group), and FIPA (The Foundation for Intelligent Physical Agents) as an Organizational Sponsors.
We would like to emphasize that ICETE 2014 includes five distinguished keynote lectures, delivered by experts in their fields, including (alphabetically): Ivona Brandic (Vienna UT, Austria), Matteo Golfarelli (University of Bologna, Italy), Seymour Goodman (Georgia Institute of Technology, United States), Dimitris Karagiannis (University of Vienna, Austria), and Edgar Weippl (Secure Business Austria - Vienna University of Technology, Austria).
With its six segments, we expect it to appeal to a global audience of the engineers, scientists, business practitioners and policy experts, interested in R&D on Telecommunication Systems and Services. All tracks focus on research related to real world applications and rely on contributions not only from academia, but also from industry, business and government, with different solutions for end-user applications and enabling technologies, in a diversity of communication environments. The accepted papers demonstrate a number of new and innovative solutions and the vitality of these research areas.
In response to the call for papers, 139 manuscripts were submitted to SECRYPT 2014. The reviewing process was double blind (meaning the identity of the authors was not known to reviewers, and vice-versa). Each paper was reviewed by at least 3 members of the Program Committee. The review process was rigorous and selective, resulting in the acceptance of 13 full papers (9% acceptance rate). With this acceptance ratio, SECRYPT 2014 continues the tradition of previous conferences as a distinguished and high-quality conference. Extended versions of selected best papers of the conference will be invited to appear in a post-conference book that will be published by Springer.
A successful conference involves more than paper presentations alone. It is also a meeting place, where ideas about new research projects and other ventures are discussed and debated. Therefore, a social event including a conference dinner/banquet has been planned for evening of August 29th in order to promote this kind of social networking.
We would like to express our thanks to all colleagues involved in supporting this conference. . We would like to thank in particular: the members of the Program Committee and the external reviewers, who really did a great job, devoting expertise and time in reviewing the papers and participating in the discussion process. We would like to thank all the authors who submitted papers, whether or not the paper was eventually included in the program. We would like to thank Giovanni Livraga for serving as publicity chair. We would also like to thank the panelists and invited speakers for their invaluable contribution, in sharing their vision, knowledge and research outcomes. Special thanks go to the leadership, faculty and staff of Vienna University of Technology for hosting the conference.
Finally, a word of appreciation for the hard work of the INSTICC team; organizing a conference of this level is a task that can only be achieved by the collaborative effort of a dedicated and highly capable team.
We hope that the papers accepted and included in the proceedings may be helpful references in future works for all those who need to address topics in security and cryptography, as well as other ICETE knowledge areas.
Enjoy the program and your stay in Vienna.
CloudaSec: A Novel Public-key Based Framework to Handle Data Sharing Security in Clouds
Recent years have witnessed the trend of leveraging cloud-based services for large scale content storage, processing, and distribution. Data security and privacy are among top concerns for the public cloud environments. Towards these security challenges,...
Keeping Intruders at Large
It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with
intruders. However, most current approaches use honeynets relying on the assumption that simply attracting
intruders into honeypots would ...
Adaptive Oblivious Transfer with Hidden Access Policy Realizing Disjunction
We propose an efficient adaptive oblivious transfer protocol with hidden access policies. This scheme allows a receiver to anonymously recover a message from a database which is protected by hidden attribute based access policy if the receiverâ s ...
A Secure Anonymous Proxy Multi-signature Scheme
A proxy signature scheme enables a signer to delegate its signing rights to any other user, called the proxy signer, to produce a signature on its behalf. In a proxy multi-signature scheme, the proxy signer can produce one single signature on behalf of ...
Pairing-free Single Round Certificateless and Identity Based Authenticated Key Exchange Protocols
Designing efficient key agreement protocols is a fundamental cryptographic problem. In this paper, we first define a security model for key agreement in certificateless cryptography that is an extension of earlier models. We note that the existing ...
Mobile Devices: A Phisherźs Paradise
Mobile devices - especially smartphones - have gained widespread adoption in recent years, due to the plethora of features they offer. The use of such devices for web browsing and accessing email services is also getting continuously more popular. The ...
Dynamic Analysis of Usage Control Policies
Usage control extends access control by enabling the specification of requirements that should be satisfied before, while and after access. To ensure that the deployment of usage control policies in target domains achieves the required security goals, ...
Formal Analysis of Electronic Exams
Universities and other educational organizations are adopting computer and Internet-based assessment tools (herein called e-exams) to reach widespread audiences. While this makes examination tests more accessible, it exposes them to new threats. At ...
Towards a Framework for Assessing the Feasibility of Side-channel Attacks in Virtualized Environments
Physically co-located virtual machines should be securely isolated from one another, as well as from the underlying layers in a virtualized environment. In particular the virtualized environment is supposed to guarantee the impossibility of an adversary ...
FORCE
Payment schemes based on mobile devices are expected to supersede traditional electronic payment approaches in the next few years. However, current solutions are limited in that protocols require at least one of the two parties to be on-line, i.e. ...
Privacy Preserving Delegated Word Search in the Cloud
In this paper, we address the problem of privacy preserving delegated word search in the cloud. We consider a scenario where a data owner outsources its data to a cloud server and delegates the search capabilities to a set of third party users. In the ...
Identifying Cryptographic Functionality in Android Applications
Mobile devices in corporate IT infrastructures are frequently used to process security-critical data. Over the past few years powerful security features have been added to mobile platforms. However, for legal and organisational reasons it is difficult ...
A Formal Model for Forensic Storage Media Preparation Tools
This paper defines a model of a special type of digital forensics tools, known as digital media preparation forensic tools, using the formal refinement language Event-B. The complexity and criticality of many types of computer and Cyber crime nowadays ...
An Efficient Lightweight Security Algorithm for Random Linear Network Coding
Recently, several encryption schemes have been presented to Random Linear Network Coding (RLNC). The recent proposed lightweight security system for Network Coding is based upon protecting the Global Encoding Vectors (GEV) and using other vector to ...
A Steganographic Protocol Based on Linear Error-Block Codes
We present a steganographic protocol based on linear error-block codes. Recent works have showed that these codes allow to increase the number of information carrier bits within a given cover by exploiting multiple bit planes (not only LSB plane) from ...
Enhanced Intrusion Detection System Based on Bat Algorithm-support Vector Machine
As new security intrusions arise so does the demand for viable intrusion detection systems. These solutions must deal with huge data volumes, high speed network traffics and countervail new and various types of security threats. In this paper we combine ...
Robust Multispectral Palmprint Identification System by Jointly Using Contourlet Decomposition & Gabor Filter Response
In current society, reliable identiï cation and veriï cation of individuals are becoming more and more necessary tasks for many ï elds, not only in police environment, but also in civilian applications, such as access control or ï nancial transactions. ...
Shellcode Detection in IPv6 Networks with HoneydV6
More and more networks and services are reachable via IPv6 and the interest for security monitoring of these IPv6 networks is increasing. Honeypots are valuable tools to monitor and analyse network attacks. HoneydV6 is a low-interaction honeypot which ...
Signaling Attacks in Mobile Telephony
Mobile telephony based on UMTS uses finite-state control schemes for wireless channels and for signaling across the network. These schemes are used systematically in various phases of the communication and are vulnerable to attacks that can bring down ...
Efficient Construction of Infinite Length Hash Chains with Perfect Forward Secrecy Using Two Independent Hash Functions
One-way hash chains have been used to secure many applications over the last three decades. To overcome the fixed length limitation of first generation designs, so-called infinite length hash chains have been introduced. Such designs typically employ ...
SMS Spam
Spam has been infesting our emails and Web experience for decades; distributing phishing scams, adult/dating scams, rogue security software, ransomware, money laundering and banking scams... the list goes on. Fortunately, in the last few years, user ...
Constructing Empirical Tests of Randomness
In this paper we introduce a general framework for automatic construction of empirical tests of randomness. Our new framework generalises and improves a previous approach (Å venda et al., 2013) and it also provides a clear statistical interpretation of ...
Hybrid-Style Personal Key Management in Ubiquitous Computing
In ubiquitous computing environment it is common that a user owns and uses multiple computing devices, but managing cryptographic keys in those devices is a complicated matter. If certificate-based cryptography (PKI) is used such that each device has ...
Using the Juliet Test Suite to Compare Static Security Scanners
Security issues arise permanently in different software products. Making software secure is a challenging endeavour. Static analysis of the source code can help eliminate various security bugs. The better a scanner is, the more bugs can be found and ...
Secure Video Player for Mobile Devices Integrating a Watermarking-based Tracing Mechanism
Content protection relies on several security mechanisms: (i) encryption to prevent access to the content during transport, (ii) trusted computation environment to prevent access during decoding, and we can also add (iii) forensic watermarking to deter ...
On Privacy Protection in the Internet Surveillance Era
Snowden's whistleblower from the last year made people more aware of the fact that we are living in the Internet surveillance era. Privacy of Internet communication has been disrupted. In this paper, application for privacy protection in chat ...
Framework for Securing Data in Cloud Storage Services
Nowadays, users rely on cloud storage as it offers cheap and unlimited data storage that is available for use by multiple devices (e.g. smart phones, notebooks, etc.). Although these cloud storage services offer attractive features, many customers are ...
Partial Fingerprint Identification Through Correlation-Based Approach
Partial fingerprints are likely to be fragmentary or low quality, which mandates the development of accurate fingerprint verification algorithms. Two fingerprints should be aligned properly, in order to measure the similarity between them. Moreover, the ...
Framework Implementation Based on Grid of Smartcards to Authenticate Users and Virtual Machines
The Security for the Future Networks (SecFuNet) project proposes to integrate the secure microcontrollers in order to introduce, among its many services, authentication and authorization functions for Cloud and virtual environments. One of the main ...
On Reliability of Clock-skew-based Remote Computer Identification
Clocks have a small in-built error. As the error is unique, each clock can be identified. This paper explores
remote computer identification based on the estimation of clock skew computed from network packets. The
previous knowledge of the method is ...
Index Terms
- Proceedings of the 11th International Joint Conference on e-Business and Telecommunications - Volume 4