The 3-volume set LNCS 14583-14585 constitutes the proceedings of the 22nd International Conference on Applied Cryptography and Network Security, ACNS 2024, which took place in Abu Dhabi, UAE, in March 2024.
The 54 full papers included in these proceedings were carefully reviewed and selected from 230 submissions. They have been organized in topical sections as follows:
Part I: Cryptographic protocols; encrypted data; signatures;
Part II: Post-quantum; lattices; wireless and networks; privacy and homomorphic encryption; symmetric crypto;
Part III: Blockchain; smart infrastructures, systems and software; attacks; users and usability.
Author(s): Christina Pöpper; Lejla Batina
Publisher: Springer Cham
Year: 2024
Preface
Organization
Abstracts of Keynote Talks
Applying Machine Learning to Securing Cellular Networks
Real-World Cryptanalysis
CAPTCHAs: What Are They Good For?
Contents – Part III
Blockchain
Mirrored Commitment: Fixing ``Randomized Partial Checking'' and Applications
1 Introduction
1.1 Notation
2 Chaumian Randomized Partial Checking (RPC) Mix Net
2.1 Protocol Description
2.2 RPC Audit
2.3 Attacks on RPC
3 Mirrored Randomized Partial Checking (mRPC)
3.1 Protocol Description
3.2 mRPC Audit
3.3 Attack Examples on mRPC
3.4 Security of mRPC
4 Privacy Guarantees of RPC and mRPC
4.1 Constant Number of Mix-Servers
4.2 Mixing Time
5 Application: CryptoCurrency Unlinkability
6 Conclusions
A Proofs
A.1 Proof of Lemma 4
A.2 Proof of Lemma 6
A.3 Proof of Lemma 7
References
Bitcoin Clique: Channel-Free Off-Chain Payments Using Two-Shot Adaptor Signatures
1 Introduction
1.1 Our Contributions
1.2 Related Work
2 Preliminaries
3 Model
3.1 Blockchain and Transaction Model
3.2 Commit-Chain Model
3.3 Communication and Adversarial Assumptions
3.4 Security and Performance Guarantees
4 Protocol Overview
5 Bitcoin Clique Protocol
6 Future Work
A Bitcoin Clique Healing
A.1 Healing Extension Details
A.2 Discussion and Future Work
References
Programmable Payment Channels
1 Introduction
1.1 Our Contributions
1.2 Related Work
2 Preliminaries
3 Programmable Payment Channels
3.1 Defining FPPC
3.2 PPC Preliminaries
3.3 Ideal Functionality FPPC
3.4 Concrete Implementation of FPPC
3.5 Lightweight Applications of Programmable Payments
3.6 Implementation and Evaluation
4 State Channels from FPPC
4.1 Modifying FPPC to Capture State Channels
4.2 Defining FSC
4.3 Implementing FSC in theFPPC-Hybrid World
5 Conclusions
References
Fair Private Set Intersection Using Smart Contracts
1 Introduction
1.1 Other Coin-Compensated PSI
2 Related Work
3 Preliminaries and Notations
4 Fair PSI Using Smart Contracts
4.1 Smart Contract as the TTP in Optimistic Mutual PSI
4.2 Security Model
4.3 Ideal Functionality for Coin-Compensated PSI
5 A Coin-Compensated Fair SC-Aided PSI
5.1 Security Analysis
6 Improving the Efficiency of
6.1 Our Technique for Optimizing the Protocol
6.2 Overview of *
6.3 Security Analysis
7 Complexity Analysis
8 Implementation
8.1 Evaluation
9 Concluding Remarks
References
Powers-of-Tau to the People: Decentralizing Setup Ceremonies
1 Introduction
2 Related Work
2.1 Multiparty Setup Ceremonies
2.2 Setup Ceremonies in Practice
2.3 Proof Systems with Transparent Setup
3 A Powers-of-Tau System: Definitions
4 Powers-of-Tau Setup with Full Data On-Chain
4.1 Security
5 Powers-of-Tau Setup Protocol with Data Off-Chain
5.1 Off-Chain Setup Using a Transparent Succinct Proof
5.2 Off-Chain Setup Using AFGHO Commitments On-Chain
6 Implementation and Evaluation on Ethereum
7 Concluding Discussion and Open Problems
7.1 Incentives for Participation
7.2 Verifying Participation
7.3 Sequential Participation and Denial-of-Service
7.4 Verification with General-Purpose Roll-Ups
7.5 Protocol-Specific ZK Rollups via Proof Batching
7.6 Protocol-Specific Optimistic Verification and Checkpointing
7.7 Fully Off-Chain Verification via IVC/PCD
7.8 Forking/Re-starting
A Proof of Theorem 2
B Inner-Pairing Product Arguments for Sect.5.2
C Off-Chain Setup from IPP Arguments with a Smaller Setup
D Powers-of-Tau with a Punctured Point
References
Smart Infrastructures, Systems and Software
Self-sovereign Identity for Electric Vehicle Charging
1 Introduction
2 Background
2.1 E-mobility
2.2 Self-Sovereign Identity (SSI)
3 Related Work
4 System Model and Requirement Analysis
4.1 Scope
4.2 Attacker Model
4.3 Functional Requirements
4.4 Security and Privacy Requirements
5 SSI Concept
5.1 Concept Overview
5.2 Provisioning DID Creation
5.3 Contract Credential Installation
5.4 Charging Process and Credential Validation
5.5 Integration into ISO 15118-20
6 Implementation
7 Evaluation
7.1 Performance Measurements
7.2 Security and Privacy Analysis with Tamarin
7.3 Discussion of Requirements
8 Conclusion
References
``Hello? Is There Anybody in There?'' Leakage Assessment of Differential Privacy Mechanisms in Smart Metering Infrastructure
1 Introduction
2 Preliminaries
2.1 Differential Privacy
2.2 Statistical t-test Analysis
3 System and Threat Model
3.1 Threat Surfaces
3.2 Capabilities of the Adversary
3.3 Goal of the Adversary
4 Formal Analysis of Leakage Due to Privacy-Utility Trade-Off in Smart Metering Systems
5 Proposed Attack Methodology
5.1 Precomputation Phase
5.2 t-test Based Attack Methodology
6 Evaluation of the Proposed Attack Methodology
6.1 Experimental Setup
6.2 Experimental Evaluation
7 Discussion
8 Conclusion and Future Work
References
Security Analysis of BigBlueButton and eduMEET
1 Introduction
2 Background
2.1 WebRTC
2.2 WebRTC Architectures in Conferencing Systems
3 Analysis Method
3.1 High-Level Analysis
3.2 Source Code Supported Security Analysis
4 Architectures of the Analyzed Open-Source Conferencing Systems (RQ1)
4.1 Shared Architecture
4.2 Implementation of BigBlueButton
4.3 Implementation of eduMEET
5 Features and User Roles (RQ2)
5.1 Comparison of Features
5.2 User Roles
6 Attacker Model
7 Evaluation (RQ3)
7.1 BigBlueButton
7.2 eduMEET
7.3 Responsible Disclosure
8 Discussion
8.1 BigBlueButton
8.2 eduMEET
8.3 Limitations
9 Related Work
10 Conclusions and Future Work
A Appendix
A.1 eduMEET
A.2 Status of Fixes in BigBlueButton
References
An In-Depth Analysis of the Code-Reuse Gadgets Introduced by Software Obfuscation
1 Introduction
2 Background
2.1 Code Obfuscation
2.2 Code-Reuse Attack
3 Code-Reuse Gadgets Introduced by Obfuscation
3.1 Benchmark and Obfuscation Selection
3.2 Gadget Measurement
4 Study Results
4.1 Gadget Quantity
4.2 Gadget Exploitability
4.3 Gadget Quality
4.4 Code-Reuse Attack Risk
5 The Anatomy of the Obfuscations and Gadgets
5.1 Instructions Substitution
5.2 Control Flow Flattening
5.3 Bogus Control Flow
5.4 Virtualization
5.5 Just-In-Time Dynamic
5.6 Self-modification
5.7 Encode Components
6 Mitigation
6.1 Strategy
6.2 Evaluation
7 Related Work
8 Conclusion
References
ProvIoT: Detecting Stealthy Attacks in IoT through Federated Edge-Cloud Security
1 Introduction
2 Background
2.1 Fileless Attacks on IoT Devices
2.2 System Provenance and Graph Learning
3 Threat Model
4 System Overview
4.1 Local Brain
4.2 Cloud Brain
5 Federated Detection
5.1 Graph Building and Path Selection
5.2 Document Embedding Model
5.3 Federated Autoencoder
6 Implementation
7 Evaluation
7.1 Dataset
7.2 Experimental Protocol
7.3 IoT Malware Detection
7.4 APT Detection
7.5 Federated Learning Benefits
7.6 ProvIoT Overhead
8 Limitations
9 Related Work
10 Discussion and Future Work
11 Conclusion
A Appendix
A.1 IoT Workload.
A.2 Dataset Statistics.
A.3 APT Scenarios
References
Attacks
A Practical Key-Recovery Attack on LWE-Based Key-Encapsulation Mechanism Schemes Using Rowhammer
1 Introduction
1.1 Paper Organization
2 Preliminaries
2.1 Learning with Errors (LWE) Problem and Its Variants
2.2 LPR Public-Key Encryption
2.3 Kyber
2.4 Saber
2.5 Related Works
3 Our Attack Using Binary Decision Tree on the LPR-Based Schemes
3.1 Implementing a Parallel Plaintext Checking (PC) Oracle
3.2 Generic Attack Model Using PC Oracle
3.3 Model for Kyber and Saber
3.4 Comparing Our Attack with the State-of-the-Art
4 Realization of the Fault Model
4.1 Nature of the Fault in the Attack
4.2 Our Target Devices
4.3 Probabilities of Incorporating Precise Fault Using Random Rowhammer
5 Discussion and Future Direction
5.1 Shuffling and Masking:
5.2 Extension of Our Attack on Other PQC Schemes
5.3 Combining of Lattice Reduction Techniques with Our Attack
5.4 Possible Countermeasures
References
A Side-Channel Attack on a Higher-Order Masked CRYSTALS-Kyber Implementation
1 Introduction
2 Previous Work
3 Background
3.1 Notation
3.2 Kyber Algorithm
4 Adversary Model
5 Attack Description
5.1 Profiling Stage
5.2 Attack Stage
6 Experimental Setup
7 Leakage Analysis
7.1 Unprotected Message Encoding
7.2 Masked Message Encoding
7.3 Finding New Leakage Points
8 Neural Network Training
8.1 Trace Acquisition and Pre-processing
8.2 Network Architecture and Training Parameters
9 New Chosen Ciphertext Construction Method
9.1 Constructing Chosen Ciphertexts
9.2 Selecting Optimal Mapping
10 Experimental Results
10.1 Message Recovery Attack
10.2 Secret Key Recovery Attack
11 Countermeasures
12 Conclusion
References
Time Is Money, Friend! Timing Side-Channel Attack Against Garbled Circuit Constructions
1 Introduction
2 Background and Adversary Model
2.1 Yao's Garbled Circuit (GC)
2.2 k-means Algorithm
2.3 Cache Architecture
2.4 Adversary Model
3 Timing Side-Channel Leakage in Garbling Tools: An Observation
4 Goblin and Its Building Blocks
4.1 Our Eviction Method: Junk Generator
4.2 Measuring Time on CPUs
4.3 Recovering Garbler's Input
4.4 Performance Metric
5 Experimental Results
5.1 Results for Benchmark Functions
5.2 Scalability of Goblin
5.3 Impact of the Number of Traces
6 Discussion
6.1 Potential Countermeasures
7 Conclusion
8 Responsible Disclosure
References
Related-Tweak and Related-Key Differential Attacks on HALFLOOP-48
1 Introduction
2 Preliminaries
2.1 Differential Cryptanalysis
2.2 Related-Key and Related-Tweak Differential Cryptanalyses
2.3 Specification of HALFLOOP-48
3 Automatic Search of Differentials
3.1 Boolean Satisfiability Problem
3.2 SAT Models for Linear Operations of HALFLOOP-48
3.3 SAT Model for the S-Box of HALFLOOP-48
3.4 SAT Model for the Objective Function
3.5 Finding More Differential Characteristics in the Differential
4 Differential Properties of HALFLOOP-48
4.1 Conventional Differential Properties of HALFLOOP-48
4.2 Related-Tweak Differential Properties of HALFLOOP-48
4.3 Related-Key Differential Properties of HALFLOOP-48
5 Differential Attacks on HALFLOOP-48
5.1 Related-Tweak Differential Attack on HALFLOOP-48
5.2 Full-Round Related-Key Differential Attack on HALFLOOP-48
6 Conclusion
References
Users and Usability
How Users Investigate Phishing Emails that Lack Traditional Phishing Cues
1 Introduction
2 Background
3 Related Work
4 Method and Study Design
4.1 Participant Recruitment
4.2 Ethical Study Design
4.3 Email and Webpage Content Design
4.4 Data Collection and Cleaning
5 Overview of Study Data and Participant Population
6 Study Results
6.1 Mapping of Responses to the Human-In-The-Loop-Model
6.2 Impact of Features on Participants' Reactions
7 Discussion and Contextualization of Results
7.1 Noticing, Expecting and Suspecting Context
7.2 Investigative Measures
7.3 Biases and Limitations
8 Future Work
9 Conclusion
A Appendix: Survey Instrument
A.1 Demography
A.2 Phishing Emails and Reactions
A.3 IT-Context and Sensitization
B Appendix: Large Scale Images of Phishing Content
C Appendix: HITL-Model: Figures
D Appendix: Resulting Correlations
References
Usable Authentication in Virtual Reality: Exploring the Usability of PINs and Gestures
1 Introduction
2 Background
2.1 Virtual Reality
2.2 Authentication
2.3 Usability
3 Related Work
3.1 Interaction in VR
3.2 Authentication in VR
3.3 Usability Issues in VR Authentication
4 Study Design and Implementation
4.1 Methodology
4.2 Recruitment
4.3 Data Collection
4.4 Pilot Testing
4.5 Data Analysis
4.6 Ethical Considerations
5 Results
5.1 Authentication Type and Usability
5.2 Authentication Type and Login Time
5.3 PIN: Experienced vs. First-Time User
5.4 Gesture: Experienced vs. First-Time User
6 Discussion
6.1 Impact of Authentication Type on Usability in VR
6.2 Impact of Experience on Usability in VR
6.3 Limitations
7 Conclusion and Future Work
A System Usability Scale
References
Living a Lie: Security Analysis of Facial Liveness Detection Systems in Mobile Apps
1 Introduction
2 Background
2.1 Facial Recognition Pipeline
2.2 Design Patterns of Mobile Facial Recognition Systems
2.3 Modes of Liveness Detection
3 Threat Model
4 Mobile Facial Liveness Detection Protocols
4.1 General Protocol Flow
4.2 Design and Implementation Details
5 Weakness of Liveness Detection SDKs
5.1 Insufficient Client-Side Code Protection
5.2 Insecure Protocol Design
5.3 Flaws in SDK Implementations
5.4 Mistakes by App Developers
6 Empirical Study
6.1 Retrieval of Face SDKs
6.2 Security Metrics of Face SDKs
6.3 Face SDKs in High-Profile Financial Apps
6.4 Market Scale Evaluation
6.5 Case Study
7 Discussion on Mitigation
8 Related Work
9 Conclusion
A Flawed Encryption Scheme and Oracle Attack
B Face SDK Scanning Result of App Categories
C Reference Protocol with Security and Usability Consideration
References
Author Index
