LEADER 12634nam 22008175 450 001 9910842289103321 005 20240305163210.0 010 $a3-031-54776-4 024 7 $a10.1007/978-3-031-54776-8 035 $a(CKB)30597574400041 035 $a(MiAaPQ)EBC31200936 035 $a(Au-PeEL)EBL31200936 035 $a(DE-He213)978-3-031-54776-8 035 $a(EXLCZ)9930597574400041 100 $a20240228d2024 u| 0 101 0 $aeng 135 $aur||||||||||| 181 $ctxt$2rdacontent 182 $cc$2rdamedia 183 $acr$2rdacarrier 200 10$aApplied Cryptography and Network Security $e22nd International Conference, ACNS 2024, Abu Dhabi, United Arab Emirates, March 5?8, 2024, Proceedings, Part III /$fedited by Christina Pöpper, Lejla Batina 205 $a1st ed. 2024. 210 1$aCham :$cSpringer Nature Switzerland :$cImprint: Springer,$d2024. 215 $a1 online resource (476 pages) 225 1 $aLecture Notes in Computer Science,$x1611-3349 ;$v14585 311 $a3-031-54775-6 320 $aIncludes bibliographical references and index. 327 $aIntro -- Preface -- Organization -- Abstracts of Keynote Talks -- Applying Machine Learning to Securing Cellular Networks -- Real-World Cryptanalysis -- CAPTCHAs: What Are They Good For? -- Contents - Part III -- Blockchain -- Mirrored Commitment: Fixing ``Randomized Partial Checking'' and Applications -- 1 Introduction -- 1.1 Notation -- 2 Chaumian Randomized Partial Checking (RPC) Mix Net -- 2.1 Protocol Description -- 2.2 RPC Audit -- 2.3 Attacks on RPC -- 3 Mirrored Randomized Partial Checking (mRPC) -- 3.1 Protocol Description -- 3.2 mRPC Audit -- 3.3 Attack Examples on mRPC -- 3.4 Security of mRPC -- 4 Privacy Guarantees of RPC and mRPC -- 4.1 Constant Number of Mix-Servers -- 4.2 Mixing Time -- 5 Application: CryptoCurrency Unlinkability -- 6 Conclusions -- A Proofs -- A.1 Proof of Lemma 4 -- A.2 Proof of Lemma 6 -- A.3 Proof of Lemma 7 -- References -- Bitcoin Clique: Channel-Free Off-Chain Payments Using Two-Shot Adaptor Signatures -- 1 Introduction -- 1.1 Our Contributions -- 1.2 Related Work -- 2 Preliminaries -- 3 Model -- 3.1 Blockchain and Transaction Model -- 3.2 Commit-Chain Model -- 3.3 Communication and Adversarial Assumptions -- 3.4 Security and Performance Guarantees -- 4 Protocol Overview -- 5 Bitcoin Clique Protocol -- 6 Future Work -- A Bitcoin Clique Healing -- A.1 Healing Extension Details -- A.2 Discussion and Future Work -- References -- Programmable Payment Channels -- 1 Introduction -- 1.1 Our Contributions -- 1.2 Related Work -- 2 Preliminaries -- 3 Programmable Payment Channels -- 3.1 Defining FPPC -- 3.2 PPC Preliminaries -- 3.3 Ideal Functionality FPPC -- 3.4 Concrete Implementation of FPPC -- 3.5 Lightweight Applications of Programmable Payments -- 3.6 Implementation and Evaluation -- 4 State Channels from FPPC -- 4.1 Modifying FPPC to Capture State Channels -- 4.2 Defining FSC. 327 $a4.3 Implementing FSC in theFPPC-Hybrid World -- 5 Conclusions -- References -- Fair Private Set Intersection Using Smart Contracts -- 1 Introduction -- 1.1 Other Coin-Compensated PSI -- 2 Related Work -- 3 Preliminaries and Notations -- 4 Fair PSI Using Smart Contracts -- 4.1 Smart Contract as the TTP in Optimistic Mutual PSI -- 4.2 Security Model -- 4.3 Ideal Functionality for Coin-Compensated PSI -- 5 A Coin-Compensated Fair SC-Aided PSI -- 5.1 Security Analysis -- 6 Improving the Efficiency of -- 6.1 Our Technique for Optimizing the Protocol -- 6.2 Overview of * -- 6.3 Security Analysis -- 7 Complexity Analysis -- 8 Implementation -- 8.1 Evaluation -- 9 Concluding Remarks -- References -- Powers-of-Tau to the People: Decentralizing Setup Ceremonies -- 1 Introduction -- 2 Related Work -- 2.1 Multiparty Setup Ceremonies -- 2.2 Setup Ceremonies in Practice -- 2.3 Proof Systems with Transparent Setup -- 3 A Powers-of-Tau System: Definitions -- 4 Powers-of-Tau Setup with Full Data On-Chain -- 4.1 Security -- 5 Powers-of-Tau Setup Protocol with Data Off-Chain -- 5.1 Off-Chain Setup Using a Transparent Succinct Proof -- 5.2 Off-Chain Setup Using AFGHO Commitments On-Chain -- 6 Implementation and Evaluation on Ethereum -- 7 Concluding Discussion and Open Problems -- 7.1 Incentives for Participation -- 7.2 Verifying Participation -- 7.3 Sequential Participation and Denial-of-Service -- 7.4 Verification with General-Purpose Roll-Ups -- 7.5 Protocol-Specific ZK Rollups via Proof Batching -- 7.6 Protocol-Specific Optimistic Verification and Checkpointing -- 7.7 Fully Off-Chain Verification via IVC/PCD -- 7.8 Forking/Re-starting -- A Proof of Theorem 2 -- B Inner-Pairing Product Arguments for Sect.5.2 -- C Off-Chain Setup from IPP Arguments with a Smaller Setup -- D Powers-of-Tau with a Punctured Point -- References. 327 $aSmart Infrastructures, Systems and Software -- Self-sovereign Identity for Electric Vehicle Charging -- 1 Introduction -- 2 Background -- 2.1 E-mobility -- 2.2 Self-Sovereign Identity (SSI) -- 3 Related Work -- 4 System Model and Requirement Analysis -- 4.1 Scope -- 4.2 Attacker Model -- 4.3 Functional Requirements -- 4.4 Security and Privacy Requirements -- 5 SSI Concept -- 5.1 Concept Overview -- 5.2 Provisioning DID Creation -- 5.3 Contract Credential Installation -- 5.4 Charging Process and Credential Validation -- 5.5 Integration into ISO 15118-20 -- 6 Implementation -- 7 Evaluation -- 7.1 Performance Measurements -- 7.2 Security and Privacy Analysis with Tamarin -- 7.3 Discussion of Requirements -- 8 Conclusion -- References -- ``Hello? Is There Anybody in There?'' Leakage Assessment of Differential Privacy Mechanisms in Smart Metering Infrastructure -- 1 Introduction -- 2 Preliminaries -- 2.1 Differential Privacy -- 2.2 Statistical t-test Analysis -- 3 System and Threat Model -- 3.1 Threat Surfaces -- 3.2 Capabilities of the Adversary -- 3.3 Goal of the Adversary -- 4 Formal Analysis of Leakage Due to Privacy-Utility Trade-Off in Smart Metering Systems -- 5 Proposed Attack Methodology -- 5.1 Precomputation Phase -- 5.2 t-test Based Attack Methodology -- 6 Evaluation of the Proposed Attack Methodology -- 6.1 Experimental Setup -- 6.2 Experimental Evaluation -- 7 Discussion -- 8 Conclusion and Future Work -- References -- Security Analysis of BigBlueButton and eduMEET -- 1 Introduction -- 2 Background -- 2.1 WebRTC -- 2.2 WebRTC Architectures in Conferencing Systems -- 3 Analysis Method -- 3.1 High-Level Analysis -- 3.2 Source Code Supported Security Analysis -- 4 Architectures of the Analyzed Open-Source Conferencing Systems (RQ1) -- 4.1 Shared Architecture -- 4.2 Implementation of BigBlueButton -- 4.3 Implementation of eduMEET. 327 $a5 Features and User Roles (RQ2) -- 5.1 Comparison of Features -- 5.2 User Roles -- 6 Attacker Model -- 7 Evaluation (RQ3) -- 7.1 BigBlueButton -- 7.2 eduMEET -- 7.3 Responsible Disclosure -- 8 Discussion -- 8.1 BigBlueButton -- 8.2 eduMEET -- 8.3 Limitations -- 9 Related Work -- 10 Conclusions and Future Work -- A Appendix -- A.1 eduMEET -- A.2 Status of Fixes in BigBlueButton -- References -- An In-Depth Analysis of the Code-Reuse Gadgets Introduced by Software Obfuscation -- 1 Introduction -- 2 Background -- 2.1 Code Obfuscation -- 2.2 Code-Reuse Attack -- 3 Code-Reuse Gadgets Introduced by Obfuscation -- 3.1 Benchmark and Obfuscation Selection -- 3.2 Gadget Measurement -- 4 Study Results -- 4.1 Gadget Quantity -- 4.2 Gadget Exploitability -- 4.3 Gadget Quality -- 4.4 Code-Reuse Attack Risk -- 5 The Anatomy of the Obfuscations and Gadgets -- 5.1 Instructions Substitution -- 5.2 Control Flow Flattening -- 5.3 Bogus Control Flow -- 5.4 Virtualization -- 5.5 Just-In-Time Dynamic -- 5.6 Self-modification -- 5.7 Encode Components -- 6 Mitigation -- 6.1 Strategy -- 6.2 Evaluation -- 7 Related Work -- 8 Conclusion -- References -- ProvIoT: Detecting Stealthy Attacks in IoT through Federated Edge-Cloud Security -- 1 Introduction -- 2 Background -- 2.1 Fileless Attacks on IoT Devices -- 2.2 System Provenance and Graph Learning -- 3 Threat Model -- 4 System Overview -- 4.1 Local Brain -- 4.2 Cloud Brain -- 5 Federated Detection -- 5.1 Graph Building and Path Selection -- 5.2 Document Embedding Model -- 5.3 Federated Autoencoder -- 6 Implementation -- 7 Evaluation -- 7.1 Dataset -- 7.2 Experimental Protocol -- 7.3 IoT Malware Detection -- 7.4 APT Detection -- 7.5 Federated Learning Benefits -- 7.6 ProvIoT Overhead -- 8 Limitations -- 9 Related Work -- 10 Discussion and Future Work -- 11 Conclusion -- A Appendix -- A.1 IoT Workload. -- A.2 Dataset Statistics. 327 $aA.3 APT Scenarios -- References -- Attacks -- A Practical Key-Recovery Attack on LWE-Based Key-Encapsulation Mechanism Schemes Using Rowhammer -- 1 Introduction -- 1.1 Paper Organization -- 2 Preliminaries -- 2.1 Learning with Errors (LWE) Problem and Its Variants -- 2.2 LPR Public-Key Encryption -- 2.3 Kyber -- 2.4 Saber -- 2.5 Related Works -- 3 Our Attack Using Binary Decision Tree on the LPR-Based Schemes -- 3.1 Implementing a Parallel Plaintext Checking (PC) Oracle -- 3.2 Generic Attack Model Using PC Oracle -- 3.3 Model for Kyber and Saber -- 3.4 Comparing Our Attack with the State-of-the-Art -- 4 Realization of the Fault Model -- 4.1 Nature of the Fault in the Attack -- 4.2 Our Target Devices -- 4.3 Probabilities of Incorporating Precise Fault Using Random Rowhammer -- 5 Discussion and Future Direction -- 5.1 Shuffling and Masking: -- 5.2 Extension of Our Attack on Other PQC Schemes -- 5.3 Combining of Lattice Reduction Techniques with Our Attack -- 5.4 Possible Countermeasures -- References -- A Side-Channel Attack on a Higher-Order Masked CRYSTALS-Kyber Implementation -- 1 Introduction -- 2 Previous Work -- 3 Background -- 3.1 Notation -- 3.2 Kyber Algorithm -- 4 Adversary Model -- 5 Attack Description -- 5.1 Profiling Stage -- 5.2 Attack Stage -- 6 Experimental Setup -- 7 Leakage Analysis -- 7.1 Unprotected Message Encoding -- 7.2 Masked Message Encoding -- 7.3 Finding New Leakage Points -- 8 Neural Network Training -- 8.1 Trace Acquisition and Pre-processing -- 8.2 Network Architecture and Training Parameters -- 9 New Chosen Ciphertext Construction Method -- 9.1 Constructing Chosen Ciphertexts -- 9.2 Selecting Optimal Mapping -- 10 Experimental Results -- 10.1 Message Recovery Attack -- 10.2 Secret Key Recovery Attack -- 11 Countermeasures -- 12 Conclusion -- References. 327 $aTime Is Money, Friend! Timing Side-Channel Attack Against Garbled Circuit Constructions. 330 $aThe 3-volume set LNCS 14583-14585 constitutes the proceedings of the 22nd International Conference on Applied Cryptography and Network Security, ACNS 2024, which took place in Abu Dhabi, UAE, in March 2024. The 54 full papers included in these proceedings were carefully reviewed and selected from 230 submissions. They have been organized in topical sections as follows: Part I: Cryptographic protocols; encrypted data; signatures; Part II: Post-quantum; lattices; wireless and networks; privacy and homomorphic encryption; symmetric crypto; Part III: Blockchain; smart infrastructures, systems and software; attacks; users and usability. 410 0$aLecture Notes in Computer Science,$x1611-3349 ;$v14585 606 $aData protection 606 $aData structures (Computer science) 606 $aInformation theory 606 $aOperating systems (Computers) 606 $aApplication software 606 $aCryptography 606 $aData encryption (Computer science) 606 $aData and Information Security 606 $aData Structures and Information Theory 606 $aOperating Systems 606 $aComputer and Information Systems Applications 606 $aCryptology 606 $aSecurity Services 615 0$aData protection. 615 0$aData structures (Computer science). 615 0$aInformation theory. 615 0$aOperating systems (Computers). 615 0$aApplication software. 615 0$aCryptography. 615 0$aData encryption (Computer science). 615 14$aData and Information Security. 615 24$aData Structures and Information Theory. 615 24$aOperating Systems. 615 24$aComputer and Information Systems Applications. 615 24$aCryptology. 615 24$aSecurity Services. 676 $a005.8 702 $aPo?pper$b Christina 702 $aBatina$b Lejla 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910842289103321 996 $aApplied Cryptography and Network Security$9771881 997 $aUNINA