This book constitutes the thoroughly refereed post-conference proceedings of the 13th International Conference on Financial Cryptography and Data Security, FC 2009, held in Accra Beach, Barbados, in February 2009.
The 20 revised full papers and 1 revised short papers presented together with 1 panel report and 1 keynote address were carefully reviewed and selected from 91 submissions. The papers are organized in topical sections on economics of information security, anonymity and privacy, private computation, authentication and identification, fraud detection and auctions.
Author(s): Roger Dingledine, Philippe Golle
Edition: 1
Publisher: Springer
Year: 2009
Language: English
Pages: 381
Introduction......Page 9
Related Work......Page 11
Risk Budget Assignment......Page 13
An Example......Page 14
Ratings......Page 15
Experiment One......Page 16
Experiment Two......Page 17
Risk Behaviors......Page 18
Risk Boundary......Page 19
Regulation Friction......Page 20
Risk Budget Mechanism as a Game......Page 21
Application of Our Mechanism......Page 22
Conclusion and Future Work......Page 23
Introduction......Page 25
Rogue Agents in Internet Advertising......Page 26
The Practical Unavailability of the Legal System in Typical Disputes between Advertising Principals and Agents......Page 27
Penalizing and Deterring Rogue Affiliates......Page 28
Delaying Payment: Good Agents’ Demands and Principal’s Costs......Page 29
Outcome under the Delayed-Payment Contract: Agents’ Profits......Page 30
Incentive-Compatible Choice of Delay......Page 31
Variations in Rogue Agents’ Profit Margins......Page 32
Calibrating the Model......Page 33
Variation in Rogue Agents’ Profit Margins......Page 34
Implementation in Practice......Page 36
References......Page 38
Introduction......Page 40
Our Contributions......Page 41
Related Previous Work......Page 45
The PIP Framework......Page 47
Homomorphic Encryption Schemes......Page 51
PIP for Computing the Moments of a Sample Distribution......Page 52
PIP of the Pearson Correlation Coefficient of Two Samples......Page 54
Introduction......Page 59
The Role of the Social Contract......Page 60
The Privacy Drivers in Federated Identity Management......Page 62
The Principle of Minimal Disclosure......Page 64
Linkages Only When Appropriate......Page 65
Lowering Exposure......Page 66
Liberty's Approach......Page 67
Liberty Protocols: A Brief Overview......Page 68
The Roles of Liberty's Privacy Guardians......Page 69
Further Steps in Liberty Privacy Protections: The Identity Governance Framework......Page 70
Privacy Leaks in Liberty Protocols......Page 71
Conclusions......Page 72
Federated Identity Frameworks: ID-FF and SAML......Page 74
Identity-Based Web Services Framework: ID-WSF......Page 75
Detailed Response to Alsaleh and Adams......Page 76
Introduction......Page 79
Consequences of Data Hemorrhages......Page 80
Inadvertent Data Hemorrhages......Page 84
Research Method and Analysis......Page 86
Conclusion......Page 93
References......Page 95
Introduction......Page 98
Cryptographic Preliminaries and Notation......Page 102
Simplex......Page 103
Secret Shared Arrays......Page 104
Privacy Preserving Simplex......Page 105
Translating the Body of Simplex......Page 106
Iteration and Termination......Page 109
Determining the Solution from the Table......Page 110
Choosing a Modulus......Page 111
Concluding Remarks......Page 112
Computing the Minimal of Multiple Values......Page 114
Introduction......Page 116
Model and Definition......Page 119
Zero Knowledge Proofs......Page 121
Camenisch-Lysyanskaya Signatures......Page 122
Verifiable Shuffles......Page 123
Existing Private Intersection Protocols......Page 124
Certified Sets......Page 125
Overview......Page 126
Detailed Description......Page 127
Security and Privacy......Page 129
Adding Fairness......Page 131
Conclusion......Page 132
Detailed Description of ZK Proofs......Page 134
Introduction......Page 136
Related Work......Page 138
Decision-Tree Learning......Page 140
Distributed Decision-Tree Learning......Page 142
Phase 1: Sharing the Attribute Values......Page 143
Phase 2: Computing Category Counts......Page 144
Phase 3: Selecting the Highest-Quality Split......Page 147
Security Properties......Page 148
Performance......Page 149
Conclusions......Page 150
Privacy-Preserving Evaluation of Decision Trees......Page 152
Horizontal Selection......Page 154
Introduction......Page 156
CIA, Investments, and Trade-offs......Page 159
The Model and Its Meaning......Page 161
Numerical Examples and Simulations......Page 165
Conclusions and Directions......Page 169
Discrete Time Representation and Stability of the Model......Page 171
Addition Rules......Page 173
Introduction......Page 175
Related Work......Page 176
Red: Attacker Incentives......Page 177
Blue: Defender Incentives......Page 178
Canonical Security Contribution Functions......Page 179
One Attacker, One Defender......Page 181
One Attacker, N Defenders......Page 182
M Attackers, N Defenders......Page 185
Conclusions......Page 186
Mixed Strategy for Weakest Target Game Without Mitigation......Page 190
Introduction......Page 192
Protocol Description......Page 194
Use in Online Banking......Page 198
Card Theft......Page 199
Middleperson Attacks......Page 200
Supply-Chain Infiltration......Page 201
Protocol Weaknesses......Page 202
Fixing the Vulnerabilities......Page 203
Policy Implications......Page 204
Annotated Protocol Log......Page 206
Introduction......Page 209
Modeling Signature Trustworthiness and Longevity......Page 212
{ f DSAS}: A Framework for Reducing Grey Periods......Page 214
Building-Block I: Anchor's Bulletin Board ({ f ABB})......Page 216
Building-Block II: Stateful Authentications ({ f AUTH})......Page 219
Putting the Pieces Together to Instantiate { f DSAS}......Page 220
Dealing with the Unexpected......Page 221
Conclusion and Future Work......Page 223
Cryptographic Preliminaries......Page 225
An Illustrative Example......Page 226
Design Rationale......Page 227
Introduction......Page 230
Optical DNA......Page 232
The DVD Manufacturing Process......Page 236
Summary......Page 237
Introduction......Page 238
Some Proposed Alternatives to Basic Passwords......Page 239
Barriers to Moving beyond Passwords......Page 240
Moving beyond Passwords......Page 241
Accelerating Progress and Predictions for 2019......Page 244
Introduction......Page 246
Understanding CSRF Attacks and Existing Defenses......Page 248
The CSRF Attack......Page 249
Real-World CSRF Vulnerabilities......Page 250
Existing CSRF Defenses......Page 251
A Variant of CSRF Attack......Page 252
Browser-Enforced Authenticity Protection (BEAP)......Page 254
Inferring the User's Intention......Page 255
Inferring the Sensitive Authentication Tokens......Page 256
Evaluation and Discussions......Page 259
Conclusions......Page 261
Performance Evaluation......Page 263
Introduction......Page 264
Data Collection Methodology......Page 265
Phishing-Website Demographics......Page 266
Types of Evil Search......Page 267
Linking Evil Search to Website Compromise......Page 268
Estimating the Extent of Evil Search......Page 270
Identifying When a Website Is Recompromised......Page 271
Measuring Website Recompromise Rates......Page 272
Evil Searching and Recompromise......Page 273
PhishTank and Recompromise......Page 274
Mitigation Strategies......Page 276
Conclusion......Page 278
Introduction......Page 281
The Denial of Service Attack......Page 282
Detecting the Attack......Page 284
Attacker Strategy......Page 286
Measuring Failure Rates in Tor......Page 288
Detection in Practice......Page 289
Conclusion......Page 291
Introduction......Page 293
Existing Commercial Protocols......Page 294
Related Work......Page 295
Cryptographic Combinatorial Securities Exchanges......Page 296
Problem Definition......Page 297
The Protocol......Page 299
Mechanics of the Protocol......Page 301
What Information Should Be Revealed?......Page 302
Revealing Portfolio Value and Dividends......Page 303
Portfolio Composition Statistics......Page 304
Pricing and Payment......Page 305
Keeping the Pool Safe......Page 306
Strengthening Secrecy......Page 307
Conclusions and Future Work......Page 308
Efficiency of Our Protocols......Page 310
Allocating Liquidation Costs......Page 311
Introduction......Page 313
Related Work......Page 315
Cryptographic Preliminaries......Page 316
Combinatorial Auctions......Page 317
Phase One: The Clock Auction......Page 318
Transition to the Proxy Phase......Page 321
Phase Two: The Proxy Auction......Page 322
Branch-and-Bound Search......Page 323
Establishing Correctness of Integer Program Solutions......Page 324
Application: The Winner Determination Problem (WDP)......Page 326
Conclusions......Page 327
Appendix: Further Details of the Auction Protocol......Page 329
Introduction......Page 333
The Application Scenario......Page 334
Introduction to Multiparty Computation......Page 337
The Cryptographic Protocols......Page 338
Adding Secure Comparison......Page 344
The Auction Implementation......Page 346
Conclusion......Page 349
Introduction......Page 352
Related Work......Page 353
Benaloh's Scheme......Page 354
Overview of the Scheme......Page 355
Compromising Voter Privacy......Page 356
Coercion Resistance......Page 357
Preliminaries......Page 359
Vote Casting Protocol......Page 361
Security......Page 362
Practical Considerations......Page 365
Conclusion......Page 366
Introduction......Page 370
System Model......Page 372
Privacy Model......Page 373
Adversarial Model......Page 374
Hierarchy of Privacy Notions......Page 375
Relations between Notions......Page 377
Online Systems......Page 378
Group Signatures......Page 379
Anonymous Communication......Page 381
Conclusions and Open Questions......Page 384
Proof of Lemma 3......Page 387
Proof of Lemma 4......Page 388