LEADER 12230nam 22008775 450 001 9910483583603321 005 20200629173651.0 010 $a3-319-27152-0 024 7 $a10.1007/978-3-319-27152-1 035 $a(CKB)4340000000001238 035 $a(SSID)ssj0001599567 035 $a(PQKBManifestationID)16306103 035 $a(PQKBTitleCode)TC0001599567 035 $a(PQKBWorkID)14892234 035 $a(PQKB)11211884 035 $a(DE-He213)978-3-319-27152-1 035 $a(MiAaPQ)EBC6303486 035 $a(MiAaPQ)EBC5591017 035 $a(Au-PeEL)EBL5591017 035 $a(OCoLC)933755772 035 $a(PPN)19088469X 035 $a(EXLCZ)994340000000001238 100 $a20151208d2015 u| 0 101 0 $aeng 135 $aurnn#008mamaa 181 $ctxt 182 $cc 183 $acr 200 10$aSecurity Standardisation Research $eSecond International Conference, SSR 2015, Tokyo, Japan, December 15-16, 2015, Proceedings /$fedited by Liqun Chen, Shin'ichiro Matsuo 205 $a1st ed. 2015. 210 1$aCham :$cSpringer International Publishing :$cImprint: Springer,$d2015. 215 $a1 online resource (X, 267 p. 41 illus. in color.) 225 1 $aSecurity and Cryptology ;$v9497 300 $aBibliographic Level Mode of Issuance: Monograph 311 $a3-319-27151-2 327 $aIntro -- Preface -- Security Standardisation Research 2015 -- Contents -- Bitcoin and Payment -- Authenticated Key Exchange over Bitcoin -- 1 Introduction -- 2 Background -- 2.1 Bitcoin -- 2.2 Transaction Signature -- 3 Key Exchange Protocols -- 3.1 Setting the Stage -- 3.2 Authentication -- 3.3 Diffie-Hellman-over-Bitcoin Protocol -- 3.4 YAK-over-Bitcoin Protocol -- 4 Security Analysis -- 4.1 Security of Diffie-Hellman-over-Bitcoin -- 4.2 Security of YAK-over-Bitcoin -- 4.3 Security of ECDSA Signatures -- 5 Implementation -- 5.1 Time Analysis -- 5.2 Note About Domain Parameters -- 6 Conclusion -- References -- Tap-Tap and Pay (TTP): Preventing the Mafia Attack in NFC Payment -- 1 Introduction -- 2 Our Solution: Tap-Tap and Pay (TTP) -- 2.1 Threat Model -- 2.2 Overview of the Solution -- 2.3 Sensor Data Preprocessing -- 2.4 Similarity Comparison -- 3 System Evaluation -- 3.1 Experiment Setup and Data Collection -- 3.2 Results -- 3.3 Online and Offline Modes -- 4 Usability Study -- 4.1 Experiment Setup and Data Collection -- 4.2 Findings -- 5 Comparison with Previous Works -- 6 Further Related Works -- 7 Conclusion -- References -- Protocol and API -- Robust Authenticated Key Exchange Using Passwords and Identity-Based Signatures -- 1 Introduction -- 1.1 Our Contributions -- 1.2 Related Work -- 1.3 Organization -- 2 Preliminaries -- 3 Security Model -- 4 Our Identity-Based Signature Scheme -- 5 Our IBS-PAKE Protocols -- 5.1 Generic Construction -- 5.2 Instances -- 5.3 Security Proofs -- 6 Performance Analysis -- 6.1 Performance Comparison -- 6.2 Experimental Results -- 7 Conclusion -- A Bilinear Maps -- B Computational Assumptions -- C Simplified IBS-PAKE Protocols -- References -- Non-repudiation Services for the MMS Protocol of IEC 61850 -- 1 Introduction -- 2 The State of the Art -- 2.1 The standard IEC 61850 -- 2.2 The Standard IEC 62351. 327 $a2.3 The Weak Point of IEC 62351 -- 2.4 Additional Security Requirements -- 3 A Security Solution for the A-Profile -- 3.1 Difference Between NROT and NRDT -- 3.2 Generation of NROT and NRDT -- 3.3 The Verification of the APDUs -- 3.4 Checking the NRDT -- 3.5 NRD Tokens for the Server -- 3.6 The Application Security Sublayer -- 3.7 Providing the APDUs with Tokens -- 3.8 Access Control Lists -- 3.9 Logging of Events -- 4 An Implementation Using XML Signatures -- 4.1 How the Process Works -- 4.2 The Modified Communication -- 4.3 Example -- 4.4 Advantages of XML Signatures and Tokens -- 4.5 Possible Disadvantages of XML Signatures -- 5 Conclusion -- References -- Analysis of the PKCS#11 API Using the Maude-NPA Tool -- 1 Introduction -- 2 Maude-NPA -- 2.1 Preliminaries on Unification and Narrowing -- 2.2 Maude-NPA Syntax and Semantics -- 2.3 Never Patterns in Maude-NPA -- 3 PKCS#11 -- 4 Specification of PKCS#11 in Maude-NPA -- 4.1 Formal Model of PKCS#11 in Maude-NPA -- 4.2 Specification of PKCS#11 in Maude-NPA's Syntax -- 5 Experiments -- 6 Related Work -- 7 Conclusions -- References -- Analysis on Cryptographic Algorithm -- How to Manipulate Curve Standards: A White Paper for the Black Hat http://bada55.cr.yp.to -- 1 Introduction -- 1.1 Elliptic-Curve Cryptography. -- 1.2 Organization. -- 1.3 Research Contributions of this Paper. -- 2 Public Security Analyses -- 2.1 Warning: Math Begins Here. -- 2.2 Review of Public ECDLP Security Criteria. -- 2.3 ECC Security vs. ECDLP Security. -- 2.4 The Probability of Passing Public Criteria. -- 2.5 The Probabilities for Various Feasible Attacks. -- 3 Manipulating Curves -- 3.1 Curves Without Public Justification. -- 3.2 The Attack. -- 3.3 Implementation. -- 4 Manipulating Seeds -- 4.1 Hash Verification Routine. -- 4.2 Acceptability Criteria. -- 4.3 The Attack. -- 4.4 Optimizing the Attack. -- 4.5 Implementation. 327 $a5 Manipulating Nothing-up-my-sleeve Numbers -- 5.1 The Brainpool Procedure. -- 5.2 The BADA55-VPR-224 Procedure. -- 5.3 How BADA55-VPR-224 Was Generated: Exploring the Space of Acceptable Procedures. -- 5.4 Manipulating Bit-Extraction Procedures. -- 5.5 Manipulating Choices of Hash Functions. -- 5.6 Manipulating Counter Sizes. -- 5.7 Manipulating Hash Input Sizes. -- 5.8 Manipulating the (a,b) Hash Pattern. -- 5.9 Manipulating Natural Constants. -- 5.10 Implementation. -- 6 Manipulating Minimality -- 6.1 NUMS Curves. -- 6.2 Choice of Security Level. -- 6.3 Choice of Prime. -- 6.4 Choice of Ordering of Field Elements. -- 6.5 Choice of Curve Shape and Cofactor Requirement. -- 6.6 Choice of Twist Security. -- 6.7 Choice of Global vs. Local Curves. -- 6.8 More Choices. -- 6.9 Overall Count. -- 7 Manipulating Security Criteria -- Security of the SM2 Signature Scheme Against Generalized Key Substitution Attacks -- 1 Introduction -- 1.1 Our Contributions -- 2 Preliminaries -- 2.1 Collision-Resistant Hash Functions -- 2.2 Uniform (Smooth) Hash Functions -- 2.3 Almost-Invertibility of Conversion Functions -- 3 Definitions -- 4 Generalized WKS Attacks Against a General Framework of ISO/IEC CD 14888-3 -- 5 Security of the SM2 Signature Scheme -- 5.1 SM2 Digital Signature Scheme -- 5.2 EUF-CMA Security of SM2 -- 5.3 Security of SM2 Against Generalized SKS Attacks -- References -- Side Channel Cryptanalysis of Streebog -- 1 Introduction -- 2 Description of Streebog -- 3 The Message Recovery Attack -- 3.1 Implications of Our Attack -- 4 Countermeasures -- 5 Conclusions -- References -- Privacy -- Improving Air Interface User Privacy in Mobile Telephony -- 1 Introduction -- 2 Background -- 2.1 Mobile Telephony Systems -- 2.2 Proactive UICC -- 2.3 The AKA Protocol -- 3 User Privacy Threats -- 4 Threat Model -- 5 A Pseudonymity Approach -- 6 Predefined Multiple IMSIs. 327 $a6.1 USIM-Initiated IMSI Change -- 6.2 Network-Initiated IMSI Change -- 7 Modifiable Multiple IMSIs -- 8 Experimental Validation -- 9 Analysis -- 9.1 User Privacy -- 9.2 IMSI Synchronisation -- 10 Related Work -- 11 Conclusions -- References -- Generating Unlinkable IPv6 Addresses -- 1 Introduction -- 2 Background -- 2.1 Stateless Address Autoconfiguration (SLAAC) -- 2.2 Privacy Extensions to SLAAC -- 2.3 The Gont Approach -- 2.4 The Rafiee-Meinel Scheme -- 2.5 Other Schemes -- 2.6 A Summary -- 3 Practical Limitations to Privacy -- 3.1 Use of Randomness -- 3.2 Privacy Goals -- 3.3 RFC 4941 Method 1 -- 3.4 RFC 4941 Method 2 and the Rafiee-Meinel Scheme -- 3.5 The Gont Scheme -- 4 Practical Measures to Improve Randomness Generation -- 4.1 Generating Randomness -- 4.2 A Simple Improvement to RFC 4941 Method 1 -- 4.3 Making the Gont Scheme More Robust -- 5 Summary and Conclusions -- References -- Trust and Formal Analysis -- A Practical Trust Framework: Assurance Levels Repackaged Through Analysis of Business Scenarios and Related Risks -- 1 Introduction -- 2 Related Work on Trust Framework -- 3 Assessment Criteria of Assurance Levels -- 3.1 Credential Issuance and Identity Proofing Process Requirements -- 3.2 Authentication Process Requirements -- 3.3 Requirements for Certification -- 4 Analysis of Business Scenarios in Terms of Assurance Levels -- 4.1 Design Objectives of Field Survey -- 4.2 Classification of Business Scenarios -- 4.3 Self-Regulation and Objectivity -- 4.4 Effectiveness of High Level Authentication Processes -- 5 Level of Assurance 1+ -- 6 Concluding Remarks -- References -- First Results of a Formal Analysis of the Network Time Security Specification -- 1 Introduction -- 2 Security for Packet-Based Time Synchronization -- 2.1 Time Synchronization Methods -- 2.2 Criteria for Different Stages of Analysis. 327 $a2.3 Choice of Tool for the Analysis -- 3 Basic Assumptions and Protocol Notation -- 4 The Protocol Steps Under Analysis -- 4.1 The Network Time Security Project -- 4.2 Overview of the Protocol Sequence -- 5 Performing the Analysis -- 6 Results of the First Analysis -- 7 Conclusion -- A ProVerif Source Code -- A.1 Cryptographic Primitives -- A.2 Global Variables and Constants -- A.3 Events -- A.4 The Trusted Authority Process -- A.5 The Server Side Processes -- A.6 The Client Side Processes -- A.7 The Environment Process -- A.8 ProVerif Queries -- References -- Formal Support for Standardizing Protocols with State -- 1 Introduction -- 2 The Envelope Protocol -- 3 State-Respecting Bundles -- 3.1 Enriching Bundles with State -- 3.2 Our Axioms of State -- 3.3 Enrich-by-need for Stateful Protocols -- 4 Analysis of the Envelope Protocol -- 4.1 The Importance of Observer Ordering -- 5 Related Work -- 6 Protocol Security Goals -- 7 Conclusion -- References -- Author Index. 330 $aThis book constitutes the refereed proceedings of the Second International Conference on Security Standardisation Research, SSR 2015, held in Tokyo, Japan, in December 2015. The 13 papers presented in this volume were carefully reviewed and selected from 18 submissions. They are organized in topical sections named: bitcoin and payment; protocol and API; analysis on cryptographic algorithm; privacy; and trust and formal analysis. . 410 0$aSecurity and Cryptology ;$v9497 606 $aComputer security 606 $aData encryption (Computer science) 606 $aComputer communication systems 606 $aSoftware engineering 606 $aData structures (Computer science) 606 $aComputer science?Mathematics 606 $aSystems and Data Security$3https://scigraph.springernature.com/ontologies/product-market-codes/I28060 606 $aCryptology$3https://scigraph.springernature.com/ontologies/product-market-codes/I28020 606 $aComputer Communication Networks$3https://scigraph.springernature.com/ontologies/product-market-codes/I13022 606 $aSoftware Engineering$3https://scigraph.springernature.com/ontologies/product-market-codes/I14029 606 $aData Structures$3https://scigraph.springernature.com/ontologies/product-market-codes/I15017 606 $aMath Applications in Computer Science$3https://scigraph.springernature.com/ontologies/product-market-codes/I17044 615 0$aComputer security. 615 0$aData encryption (Computer science). 615 0$aComputer communication systems. 615 0$aSoftware engineering. 615 0$aData structures (Computer science). 615 0$aComputer science?Mathematics. 615 14$aSystems and Data Security. 615 24$aCryptology. 615 24$aComputer Communication Networks. 615 24$aSoftware Engineering. 615 24$aData Structures. 615 24$aMath Applications in Computer Science. 676 $a005.8 702 $aChen$b Liqun$4edt$4http://id.loc.gov/vocabulary/relators/edt 702 $aMatsuo$b Shin'ichiro$4edt$4http://id.loc.gov/vocabulary/relators/edt 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910483583603321 996 $aSecurity standardisation research$92065770 997 $aUNINA