Affiliated events: Program overview
Eurocrypt 2017's affiliated events will be hosted in the Jussieu campus of Université Pierre et Marie Curie.Saturday, 29th April (8:00-18:00):
|
cataCrypt catastrophic events related to Cryptography 206
|
FOQUS Frontiers Of Quantum Safe Cryptography 106
|
MTP Models and Tools for Security Analysis and Proofs 109
|
|
S&B Security on Blockchains 105
|
TPT Tamarin-Prover Tutorial 203
|
CrossFyre Cryptography for Female Young Researchers 201
|
|
EuroUSEC European Workshop on Usable Security 107
|
IMPS Innovations in Mobile Privacy and Security 202
|
S4CIP Safety & Security aSSurance for Criticial Infrastructures Protection 116
|
Sunday, 30th April (8:00-18:00):
|
CFRG Crypto Forum Research Group 203
|
FewMul Fewer Multiplications in Cryptography 116
|
FOQUS Frontiers Of Quantum Safe Cryptography 106
|
|
QsCI Quantum-safe Crypto for Industry (RISQ) 106
|
SEMS Security for Embedded and Mobile Systems 109
|
TLS:DIV TLS 1.3: Design, Implementation, Verification 107
|
|
WCS 2nd workshop on Communication Security 202
|
wr0ng Random Number Generation Done Right 105
|
CrossFyre Cryptography for Female Young Researchers 201
|
Events affiliated to Eurocrypt 2017 are denoted in bold. Events only co-located with us are denoted in italic.
The number in the top-right corner is the room number.
cataCrypt -- catastrophic events related to Cryptography and possible solutions
Abstract:
Many cryptographic protocols are only based on the security of one cryptographic algorithm (e.g. RSA) and we don't know the exact RSA security. What if somebody finds a clever and fast factoring algorithm? Well, it is indeed a hypothesis but we know several instances of possible progress. A new fast algorithm is a possible catastroph if not handled properly. And there are other problems with hash functions, elliptic curves, also. Think also about the Heartbleed bug (April 2014): the discovery was very late and we were close to a catastrophic situation. This workshop deals with these possible problems and their solutions.
Program (Saturday, 29th; tentative)
| 8:30-9:00 | Registration |
| 9:00-10:30 | Session 1 |
|
Introduction to cataCRYPT (opening remarks)
Jean-Jacques Quisquater
|
|
|
Blueprints for a real quantum computer
Jean-Jacques Quisquater
|
|
|
Quantum cryptanalysis -- the catastrophe we know and don't know
Tanja Lange
|
|
| 10:30-11:00 | Coffee break |
| 11:00-12:00 | Session 2 |
|
Are quantum computers more powerful than traditional ones?
Jean-François Geneste
|
|
|
Smart cards against cataCRYPT
Louis Guillou
|
|
| 12:00-14:00 | Lunch (not provided) |
| 14:00-15:30 | Panel |
|
How to Promote Funding for Cryptanalysis?
Yvo Desmedt, Nicolas Courtois, TBA, …
|
|
| 15:30-16:00 | Coffee break |
| 16:00-17:30 | Session 3 |
|
A first catagorithm
Jean-François Geneste
|
|
|
Short talk
Louis Guillou
|
|
|
Open slots for short talks, announcements, and brain-storming.
|
Location:
Room 206
Jussieu campus of Université Pierre et Marie Curie
Website:
cataCrypt -- catastrophic events related to Cryptography and security with their possible solutions
CFRG -- Crypto Forum Research Group
Abstract:
The Crypto Forum Research Group (CFRG) is a general forum for discussing and reviewing uses of cryptographic mechanisms, both for network security in general and for the IETF in particular. It serves as a bridge between theory and practice, bringing new cryptographic techniques to the Internet community and promoting an understanding of the use and applicability of these mechanisms via Informational RFCs (in the tradition of, e.g., RFC 1321 (MD5) and RFC 2104 (HMAC). Our goal is to provide a forum for discussing and analyzing general cryptographic aspects of security protocols, and to offer guidance on the use of emerging mechanisms and new uses of existing mechanisms. IETF working groups developing protocols that include cryptographic elements are welcome to bring questions concerning the protocols to the CFRG for advice.
Program (Sunday, 30th)
| 16:00-16:10 |
CFRG status update from CFRG chairs
Kenny Paterson
|
| 16:10-16:35 | Dmitry Khovratovich |
| 16:35-16:50 | Dan Harkins |
| 16:50-17:15 |
Caesar's Role in the Fall of AE Security
Pooya Farshim
|
| 17:15-17:40 |
BIP32-Ed25519
Dmitry Khovratovich
|
| 17:40-18:00 | Open discussion |
| 18:00 | Finish |
Location:
Room 203
Jussieu campus of Université Pierre et Marie Curie
Website:
CFRG -- Crypto Forum Research GroupFewMul -- Fewer Multiplications in Cryptography
Abstract:
Cryptographic primitives realized with few multiplications can significantly improve (or even enable!) applications in areas as diverse as homomorphic encryption, side-channel attack countermeasures, secure multiparty computation, or zero-knowlege proofs. This one-time workshop aims to provide an overview of results, applications and current research in this area. This covers theory, design and analysis, as well as implementations. Major goals are to bring together researchers from the unusual set of relevant disciplines within cryptography/security and outside (e.g. circuit complexity), and to identify open problems and more applications. This is a one-day event consisting of invited talks only.
Program (Sunday, 30th)
| 8:00-9:00 | Breakfast |
| 9:00-10:30 | Session on Side-Channel Topics |
|
TBA
FX Standaert
|
|
|
FewMul-FewDepth-FewLength Triangle
Begul Bilgin
|
|
| 10:30-11:00 | Break |
| 11:00-12:00 | Session on Foundations |
|
Functions with known multiplicative complexity
Rene Peralta
|
|
| 12:00-14:00 | Lunch |
| 14:00-15:30 | Session on Applications |
|
Evaluating suitable cryptographic primitives within MPC engine
Emmanuela Orsini
|
|
|
Homomorphic Encryption
TBA
|
|
| 15:30-16:00 | Break |
| 16:00-17:30 | Session on Theory and Concrete Constructions |
|
Multiplicative complexity in block cipher design and analysis
Pavol Zajac
|
|
|
Update on LowMC v3
Tyge Tiessen
|
Location:
Room 116
Jussieu campus of Université Pierre et Marie Curie
Website:
FewMul -- Fewer Multiplications in CryptographyFOQUS -- Frontiers Of Quantum Safe Cryptography
Abstract:
The objective of the workshop is to promote research at the frontiers of Quantum-safe cryptography, i.e. to design and analyze cryptographic tasks secure against quantum-capable adversaries, using concepts and techniques from modern cryptography and/or quantum information. The program will be composed of invited talks. Target audience is composed of modern cryptographers interested in the implications of quantum information to cryptography as well as quantum information researchers interested in cryptography. The goal of the workshop will be to strengthen the collaboration between the two communities on some important topics in quantum-safe cryptography and to identify new ones.
Frontier research topics in Quantum-Safe Cryptography are:
- Security models for quantum-safe cryptography and their relation to "classical" models
- Power of quantum adversaries for lattice and code-based cryptography
- Design of quantum-safe cryptographic primitives
- Hardware security, attacks and implementation security certification
- Practical applications and deployment of quantum-safe cryptographic systems
Program (Saturday, 29th)
| 8:30-9:30 | Registration and Welcome Coffee |
| 9:30-11:45 | Session 1 |
|
The urgency of quantum-safe cryptography
Michele Mosca
|
|
|
Standardizing Lattice Cryptography
Vadim Lyubashevsky
|
|
|
Short Stickelberger Class Relations and application to Ideal-SVP
Leo Ducas
|
|
| 11:45-14:00 | Lunch |
| 14:00-15:30 | Session 2 |
|
Quantum Cryptography Beyond Quantum Key Distribution
Christian Schaffner
|
|
|
Breaking Symmetric Cryptosystems Using Quantum Algorithms
Gaëtan Leurent
|
|
| 15:30-16:00 | Coffee break |
| 16:00-17:30 | Session 3 |
|
Post-quantum security of hash functions
Dominique Unruh
|
|
|
Quantum algorithms for the subset-sum problem
Stacey Jeffery
|
Program (Sunday, 30th)
| 8:30-9:15 | Coffee break |
| 9:15-10:45 | Session 4 |
|
How secure are Quantum Key Distribution protocols and their implementations?
Norbert Lütkenhaus
|
|
|
Physical attacks against lattice-based schemes
Mehdi Tibouchi
|
|
| 10:45-11:15 | Coffee break |
| 11:15-12:45 | Session 5 |
|
Talk title to be announced
Stephanie Wehner
|
|
|
Finding approximate short vectors in certain ideal lattices with a quantum computer
Jean-François Biasse
|
Location:
Room 106
Jussieu campus of Université Pierre et Marie Curie
Website:
FOQUS -- Frontiers Of Quantum Safe Cryptography
MTP -- Models and Tools for Security Analysis and Proofs
Abstract:
It has become clear that computer aided tools and their associated abstract models are indispensable to scalable and rigorous analysis of cryptographic systems. The aim of the workshop is two-fold: to survey the state of the art in the area and to chart future research directions. The workshop is addressed to both researchers in the area of formal models and tools but also to cryptographers interested in the limits and support provided by existing tools. There will be plenty of scope for discussion.
Program (Saturday, 29th)
| 8:00-9:00 |
Registration & Breakfast
|
| 9:00-10:30 | Session 1 |
|
Programming language methods for cryptography
Gilles Barthe
|
|
|
Models and Tools for Electronic Voting protocols
Veronique Cortier
|
|
| 10:30-11:00 |
Coffee break
|
| 11:00-12:00 | Session 2 |
|
Two aproaches to verifying high-speed ECC software
Peter Schwabe
|
|
| 12:00-14:00 |
Lunch
|
| 14:00-15:30 | Session 3 |
|
HACL*: Writing and verifying a cryptographic library in F*
Karthik Barghavan
|
|
|
Type-based cryptographic verification in F*
Cedric Fournet
|
|
| 15:30-16:00 |
Coffee break
|
| 16:00-17:30 | Session 4 |
|
CryptoVerif: state of the art, perspectives, and relations to other tools
Bruno Blanchet
|
|
|
Measuring protocol strength with security goals
Joshua Guttman
|
Location:
Room 109
Jussieu campus of Université Pierre et Marie Curie
Website:
MTP -- Models and Tools for Security Analysis and Proofs
QsCI -- Quantum-safe Crypto for Industry (RISQ)
Abstract:
Quantum-Safe cryptography aims at constructing systems that are secure against quantum and conventional computers. The status of quantum-safe cryptography is currently completely changing. It is quickly moving from a purely academic theme to a topic of major industrial interest, driven by the fact that quantum-safe cryptography has recently received much attention from the standardization and policy spectra such as NIST, ETSI, CSA and ISO. The goal of the QsCI workshop is to regroup speakers from the industry and the academia to discuss of the construction and development of quantum-safe systems. The event will include a selection of speakers in the area of quantum-safe cryptography, standardization and industrial challenges for quantum-safe cryptography.
Program (Sunday, 30th)
| 13:30-14:00 |
RISQ & Quantum-Safe Crypto for Industry
Sylvain Guilley
|
| 14:00-15:00 |
Overview of Quantum-Safe Cryptography
Ludovic Perret, Thomas Prest
|
| 15:00-15:30 |
Real-life deployment of MQ
Jean-Charles Faugère
|
| 15:30-16:00 | Coffee break |
| 16:00-16:30 |
Security of Cryptographic Algorithms & Recommendations
Henri Gilbert
|
| 16:30-17:00 |
PQ-Crypto Standardization
Aline Gouget
|
| 17:00-18:00 |
Round-Table
All speakers + Louis Granboulan + Norbert Lütkenhaus
|
Location:
Room 106
Jussieu campus of Université Pierre et Marie Curie
Website:
QsCl -- Quantum-safe Crypto for Industry (RISQ)SEMS -- Security for Embedded and Mobile Systems
Abstract:
Embedded and mobile devices that provide security and crypto functionalities and manage private and confidential data are omnipresent in our daily lives. Examples of such devices range from smart cards and RFID tags, to mobile phones, tablets, and IoT devices. Ensuring the security and privacy of these devices is a challenging problem, as witnessed by recent breaking of crypto and security systems used in mobile phones, car keys, and RFID-enabled cards. Typical threats to extract the keys include side-channel and fault analysis. Additionally, the vulnerabilities of the devices also imply privacy concerns. The operating systems supporting some of those devices, particularly mobile phones and tablets, but also IoT ones, have become very complex. Various sorts of malware present a constant threat for users. Although measures like application sandboxing take place, they also open the court for new attacks by constantly collecting and organizing sensitive information about the user.
Program (Sunday, 30th)
| 9:00-10:00 | Invited talks |
|
Security and privacy challenges for the IoT
Bart Preneel
|
|
| 10:00-10:30 |
How to secure Over-The-Air software updates?
Marc Witteman
|
| 10:30-11:00 | Coffee break | 11:00-12:00 | Session 1: Side Channel Security |
|
Secure and Efficient RNS software implementation for Elliptic Curve Cryptography
Apostolos P. Fournaris
|
|
|
Practical Power Analysis on KCipher-2 Software on Low-End Microcontrollers
Wataru Kawai
|
|
|
Use of simulators for side-channel analysis
Nikita Veshchikov
|
|
| 12:00-14:00 | Lunch |
| 14:00-15:00 | Session 2: Mobile Security & Privacy |
|
The Curious Case of the Curious Case: Detecting touchscreen events using a smartphone case
Tomer Glick
|
|
|
Are You Really My Friend? Efficient and Secure Friend-matching in Mobile Social Networks
Mohammad Etemad
|
|
|
From Smashed Screens to Smashed Stacks: Attacking Mobile Phones using Malicious Aftermarket Parts
Omer Shwartz
|
|
| 15:00-15:30 |
Permutation-based cryptography for embedded and mobile systems
Gilles Van Assche
|
| 15:30-16:00 | Coffee break |
| 16:00-17:00 | Invited talk |
|
TBA
Srdjan Capkun
|
|
| 17:00-18:00 |
PANEL: "Security issues for IoT systems including standardization, malware and other attacks"
Srdjan Capkun
|
Location:
Room 109
Jussieu campus of Université Pierre et Marie Curie
Website:
SEMS -- Security for Embedded and Mobile SystemsS&B -- Security on Blockchains
Abstract:
Today, the security and privacy properties of blockchain technologies are still an emerging field that is need of further research. The Bitcoin electronic cash system introduced the new field of blockchain technology as a practical mechanism for a permissionless and censorship-resistant e-cash over the Internet. However, the decentralized network and public verifiability of Bitcoin often do not provide the security and privacy properties assumed by its users. For example, despite a common assumption that Bitcoin is anonymous, transactions can be de-anonymized, limiting the commercial utility of the network and also harms individual privacy. Generalizations of Bitcoin's underlying blockchain technology as a platform for smart contracts by Ethereum are still immature. For example, security issues in the underlying programming language for smart contracts in Ethereum led to the massive DAO hack. More than ever, proper security and privacy properties need to be designed into the underlying framework for blockchain technologies.
Program (Saturday, 29th)
| 8:00-9:00 | Registration |
| 9:00-10:30 | Introductory Remarks and Keynote |
|
Overview of Security and Privacy on Blockchain Workshop
Harry Halpin and Marta Piekarska
|
|
|
Research Challenges and Directions of Development for Future Bitcoin Solutions
Adam Back
|
|
| 10:30-11:00 | Coffee break |
| 11:00-12:30 | Research Papers |
|
BIP32-Ed25519: Hierarchical Deterministic Keys over a Non-linear Keyspace
Dmitry Khovratovich, Jason Law
|
|
|
Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies
Maria Borge, Eleftherios Kokoris-Kogias, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Bryan Ford
|
|
|
Proofs-of-delay and randomness beacons in Ethereum
Benedikt Bunz, Steven Goldfeder and Joseph Bonneau
|
|
| 12:30-14:00 | Lunch |
| 14:00-15:30 | Research Papers |
|
Zero-Collateral Lotteries in Bitcoin and Ethereum
Andrew Miller and Iddo Bentov
|
|
|
Design of a Privacy-Preserving Decentralized File Storage with Financial Incentives
Henning Kopp, David Mödinger, Franz Hauck, Frank Kargl and Christoph Bösch
|
|
|
Anonymous Alone? Measuring Bitcoin's Second-Generation Anonymization Techniques
Malte Möser and Rainer Boehme
|
|
| 15:30-16:00 | Coffee Break |
| 16:00-18:00 | Short Research Papers |
|
Long-term public blockchain: Resilience against Compromise of Underlying Cryptography
Masashi Sato and Shin’ichiro Matsuo
|
|
|
Auditable Zerocoin
Ken Naganuma, Masayuki Yoshino, Hisayoshi Sato and Takayuki Suzuki
|
|
|
Conditions of Full Disclosure: The Blockchain Remuneration Model
S. Matthew English and Ehsan Nezhadian
|
|
|
Towards Better Availability and Accountability for IoT Updates by means of a Blockchain
Aymen Boudguiga, Nabil Bouzerna, Louis Granboulan, Alexis Olivereau, Flavien Quesnel, Anthony Roger and Renaud Sirdey
|
|
|
Oligarchic Control of Business-To-Business Blockchains
Leif-Nissen Lundbaek and Michael Huth
|
|
| 18:00- | Open Space for "rump" talks, announcements, and brain-storming |
| Group Dinner plans to be announced (everyone pays for themselves) |
Location:
Room 105
Jussieu campus of Université Pierre et Marie Curie
Website:
S&B -- Security on Blockchains
TLS:DIV -- TLS 1.3: Design, Implementation, Verification
Abstract:
The goals of the TLS:DIV workshop are threefold: first, to explain and justify the latest changes to the TLS 1.3 design (from draft 13 to draft 19); second, to give an overview of some ongoing efforts to prove the cryptographic security of the TLS 1.3 protocol, and third, to showcase recent tools and methods to evaluate and improve the safety and security of TLS implementations, up to the level of cryptographic primitives.
Workshop topics:
- Evolution of the TLS 1.3 specification
- Cryptographic security proofs of the TLS 1.3 handshake and record
- Safe and secure implementations of cryptographic primitives
- Security evaluation of TLS implementations and deployment
- Applications built on top of new TLS 1.3 features (e.g. 0-RTT, late authentication)
Program (Sunday, 30th)
| 8:00-8:50 | Breakfeast |
| 8:50-9:00 | Opening remarks |
| 9:00-10:30 | Session 1 |
|
Status update on the TLS 1.3 Standard
Eric Rescorla
|
|
|
Implementing and Proving the TLS 1.3 Record Layer
Cédric Fournet
|
|
|
Secure Channels
Britta Hale
|
|
| 10:30-11:00 | Coffee break |
| 11:00-12:30 | Session 2 |
|
Project Wycheproof
Thai Duong
|
|
|
A Cryptographic Analysis of the TLS 1.3 Handshake
Felix Günther
|
|
|
TLS-Attacker: Future directions in testing and fuzzing
Juraj Somorovsky
|
|
| 12:30-14:00 | Lunch |
| 14:00-15:30 | Session 3 |
|
Mechanized Computational Proof of the TLS 1.3 Standard Candidate
Bruno Blanchet
|
|
|
Mitigating cryptographic and application security attacks against TLS1.3 0-RTT data
Colm MacCarthaigh
|
|
|
Verified Assembly Language for Fast Cryptography
Chris Hawblitzel
|
|
| 15:30-16:00 | Coffee break |
| 16:00-17:30 | Session 4 |
|
Tamarin analysis of TLS 1.3: What did we prove?
Sam Scott
|
|
|
Deployment and implementation of TLS 1.3 at Facebook
Subodh Iyengar
|
|
|
Preparing for post-quantum cryptography in TLS
Douglas Stebila
|
Location:
Room 107
Jussieu campus of Université Pierre et Marie Curie
Website:
TLS:DIV -- TLS 1.3: Design, Implementation, VerificationTPT -- Tamarin-Prover Tutorial
Abstract:
Tamarin is an automated verification tool that has been used to analyze group key protocols, public-key infrastructure proposals, and proposed standards, such as TLS. Using Tamarin, recently attacks were found in TLS 1.3. Tamarin works in the symbolic model of cryptographic protocols, and enables automatic analysis as well as a powerful interactive mode. It supports both falsification and unbounded verification of security protocols specified as multiset rewriting systems with respect to (temporal) first-order properties and a message theory that models Diffie-Hellman exponentiation combined with a user-defined subterm-convergent rewriting theory. In this tutorial, presentation and hands-on exercises will be combined to show attendees the basics of security protocol modeling with multiset rewriting, property specification, and analysis. Participants will model classic protocols, find attacks and perform verification, and leave with an understanding how to start modeling their own protocols of interest.
Program (Satuday, 29th)
| 9:00-10:30 | Initial lecture |
|
Security protocol analysis using the Tamarin-Prover
|
|
| 10:30-11:00 | Break |
| 11:00-12:00 | Hands-on session using Tamarin |
| 12:00-14:00 | Lunch break |
| 14:00-15:30 | Advanced lecture |
|
Advanced modeling, properties, and state space reduction
|
|
| 15:30-16:00 | Break |
| 16:00-18:00 | Hands-on session using Tamarin |
Location:
Room 203
Jussieu campus of Université Pierre et Marie Curie
Website:
TPT -- Tamarin-Prover Tutorial
WCS -- 2nd workshop on Communication Security
Abstract:
The workshop aims to provide a forum to discuss cutting-edge cross-disciplinary security research and to share visions for future joint advances in the fields of physical-layer security and cryptography. The one-day event will include the presentation of peer-reviewed papers and two prominent keynote talks by Jean-Claude Belfiore (Telecom ParisTech) and Stefano Tessaro (University of California, Santa Barbara).
Program (Sunday, 30th)
| 8:00-9:00 | Welcome Coffee |
| 9:00-10:30 | Session 1 |
|
A Study of Injection and Jamming Attacks in Wireless Secret Sharing Systems
Arsenia Chorti
|
|
|
Robust Secret Sharing for End-to-End Key Establishment with Physical Layer Keys under Active Attacks
Stefan Pfennig, Sabrina Engelmann, Elke Franz and Anne Wolf
|
|
|
Semantically-Secured Message-Key Trade-off over Wiretap Channels with Random Parameters
Alexander Bunin, Ziv Goldfeld, Haim Permuter, Shlomo Shamai, Paul Cuff and Pablo Piantanida
|
|
|
Hash-then-Encode: A Modular Semantically Secure Wiretap Code
Setareh Sharifian, Fuchun Lin and Rei Safavi-Naini
|
|
| 10:30-11:00 | Coffee break |
| 11:00-12:00 | Invited talk 1 |
|
Finite-Length Lattice Coding for Gaussian Wiretap Channels: A theta series perspective
Prof. Jean Claude Belfiore
|
|
| 12:00-14:00 | Lunch break |
| 14:00-15:00 | Invited talk 2 |
|
A Cryptographic Perspective on Information-theoretic Secrecy
Dr. Stefano Tessaro
|
|
| 15:00-15:30 | Session 2 |
|
A CCA-Secure Cryptosystem Using Massive MIMO Channels
Thomas Dean and Andrea Goldsmith
|
|
| 15:30-16:00 | Coffee break |
| 16:00-17:30 | Session 3 |
|
You are how you play: authenticating mobile users via game playing
Marco Baesso, Pasquale Capuozzo, Mauro Conti, Luciano Gamberini, Merylin Monaro, Giuseppe Sartori and Riccardo Spolao
|
|
|
Fuzzy Authentication using Rank Distance
Alessandro Neri, Joachim Rosenthal and Davide Schipan
|
|
|
A McEliece-based Key Exchange Protocol for Optical Communication Systems
Joo Yeon Cho, Helmut Griesser and Danish Rafique
|
|
|
An ICN-based Authentication Protocol for a Simplified LTE Architecture
Alberto Compagno, Mauro Conti and Muhammad Hassan Khan
|
Location:
Room 202
Jussieu campus of Université Pierre et Marie Curie
Website:
WCS -- 2nd workshop on Communication Securitywr0ng -- Random Number Generation Done Right
Abstract:
All cryptographic constructions heavily rely on the availability of random bits, for operations such as key generation, randomization of encryption or signatures and or nonces in protocols. Unfortunately, multiple incidents have demonstrated that the quality of the (pseudo-)random number generators leaves much to be desired. Even worse, in September 2013 it was revealed that the US government agency has deliberately undermined the security of cryptographic solutions by inserting a backdoor in the Dual EC random number generator included in ANSI, NIST and ISO standards. This highlights that a secure system can be fatally weakened by the insertion of just one flawed component; if the NSA can predict all randomness used by a system, it knows all secrets used during that time period and might even be able to recover long-term keys. In spite of their crucial importance, there are very few research papers on the topic and most industrial designs are proprietary. Moreover, existing designs and instances are notoriously difficult to evaluate. The goal of this workshop is to review new models, constructions, implementations, and evaluation methodologies. It will also be explored whether the area is mature enough to identify requirements and plan an open competition. The workshop will cover both truly random number generators and pseudo-random number generators.
Program (Sunday, 30th)
| 8:50-9:00 | Welcome |
| 9:00-10:30 | Session 1: Why Does Strong Randomness Matter? |
|
Random Number Generator Done Wrong
Nadia Heninger
|
|
|
Malleability of the Blockchain's Entropy
Cécile Pierrot
|
|
| 10:30-11:00 | Coffee break |
| 11:00-12:30 | Session 2: Backdoors in Random Number Generation |
|
Backdoors in PRGs and PRNGs
Kenneth Paterson
|
|
|
False Backdoors in Historical Symmetric Ciphers
Nicolas Courtois
|
|
| 12:30-14:00 | Lunch break |
| 14:00-15:30 | Session 3: True Random Number Generation and Entropy Evaluation |
|
Design of Secure TRNGs for Cryptography - Past, Present, and Future
Viktor Fischer
|
|
|
Evaluating Entropy for True Random Number Generators
Maciej Skorski
|
|
| 15:30-16:00 | Coffee break |
| 16:00-17:30 | Session 4: Constructions for Deterministic and Hybrid Random Number Generation |
|
Security of Pseudo-Random Number Generators With Input
Damien Vergnaud
|
|
|
Provably-robust Sponge-based PRNGs
Stefano Tessaro
|
|
| 17:30-18:00 |
Concluding Discussion
Pascal Paillier
|
Location:
Room 105
Jussieu campus of Université Pierre et Marie Curie
Website:
wr0ng 2017 -- Random Number Generation Done RightCrossFyre -- Cryptography, Robustness, and Provably Secure Schemes for Female Young Researchers
Abstract:
The CrossFyre Workshop aims to bring female researchers in the field of Cryptography and Information Security together to promote their research topics and careers as women in Computer Science and Engineering. We hope to encourage a tighter cooperation across women, and to motivate joint papers. In this spirit, you are kindly invited to attend and give a short presentation of your research topic to your fellow participants.
Program (Saturday 29th):
| 9:00-10:30 | Applications |
|
Reliability and topology-failure detection
Ammara Gul
|
|
|
Regulations for medical devices
Romina Muka
|
|
| 10:30-11:00 | Coffe break |
| 11:00-12:00 |
Keynote 1: topic TBA
Ioana Boureanu
|
| 12:00-13:30 | Lunch |
| 13:30-14:30 |
Keynote 2: topic TBA
Nadia Heninger
|
| 14:30-15:30 | Privacy |
|
Distributed storage and cloud computing with rational providers
Giulia Traverso
|
|
|
Towards blockchain transaction privacy
Rebekah Mercer
|
|
| 15:30-16:00 | Coffe break |
| 16:00- | Panel Discussion |
| 19:00- | Diner |
Program (Sunday, 30th)
| 8:00-9:00 | Registration |
| 9:00-10:30 | Implementations |
|
Obstacles to the Adoption of Secure Communication Tools
Ruba Abu-Salma
|
|
|
DES S-boxes
Lauren de Meyer
|
|
|
The Mifare Plus distance-bounding implementation
Rokia Lamrani Alaoui
|
|
| 10:30-11:00 | Coffe break |
| 11:00-12:00 |
Keynote 3: topic TBA
Catuscia Palamidessi
|
| 12:00-14:00 | Lunch |
Location:
Room 201
Jussieu campus of Université Pierre et Marie Curie
Website:
CrossFyre -- Cryptography, Robustness, and Provably Secure Schemes for Female Young Researchers
EuroUSEC -- European Workshop on Usable Security
Abstract:
The European Workshop on Usable Security (EuroUSEC) is the European sister of the established USEC workshop, and thus as a premier forum for research in the area of human factors in security and privacy. The European Workshop on Usable Security solicits previously unpublished work offering novel research contributions in any aspect of human factors in security and privacy for end-users and IT professional such as software developers and administrators of IT systems. The aim of this workshop is to bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security and privacy as well as researchers and practitioners from other domains such as psychology, social science and economics.
Program (Saturday, 29th):
| 8:00-9:00 |
Break, Registration, Coffee & Refreshments
|
| 9:00-9:10 |
Opening Remarks
|
| 9:10-10:30 | Session 1: IT professionals |
|
I'd Like to Have an Argument, Please: Using Dialectic for Effective App Security
C. Weir, A. Rashid
|
|
|
Finding Security Champions in Blends of Security Culture
I. Becker, S. Parkin, M. Sasse
|
|
|
I Do and I Understand. Not Yet True for Security APIs. So Sad
Luigi Lo Iacono, Peter Leo Gorski
|
|
|
Can Johnny build a protocol? Co-ordinating developer and user intentions for privacy-enhanced secure messaging protocols
Ksenia Ermoshina
|
|
| 10:30-11:00 |
Coffee break + refreshments
|
| 11:00-12:00 | Session 2: Work in Progress |
|
Security Narrative: Can Insecurities be Beneficial for Security Departments?
Karoline Busse
|
|
|
An Inquiry into Perception and Usage of Smartphone Permissions Models
Sophie Russ, Lena Reinfelder
|
|
|
Riddle me this! Context Sensitive CAPTCHAs
Tobias Urban, René Riedel, Norbert Pohlmann
|
|
|
Providing smartphone data visualizations to support Privacy Literacy
Timo Jakobi
|
|
|
Discussion
|
|
| 12:00-14:00 |
Lunch break
|
| 14:00-14:50 | Keynote |
|
Would you like some Anti-Virus Protection with that? Adventures in Point-of-Sale Security
Angela Sasse
|
|
| 14:50-15:30 | Session 3: What is secure? |
|
What is a Secure Email?
Joscha Lausch, Oliver Wiese, Volker Roth
|
|
|
Effects of information security risk visualization on managerial decision making
Esra Yildiz
|
|
| 15:30-16:00 | Break |
| 16:00-17:00 | Session 4a: Protecting end users |
|
The Security Blanket of the Chat World: An Analytic Evaluation and a User Study of Telegram
Ruba Abu-Salma
|
|
|
Personalized Security Messaging: Nudges for Compliance with Browser Warnings
Nathan Malkin
|
|
|
Information Leakage through Mobile Motion Sensors: User Awareness and Concerns
Kirsten Crager, Anindya Maiti, Murtuza Jadliwala, Jibo He
|
|
| 17:00-18:00 | Session 4b: People and Passwords |
|
Pass-Roll and Pass-Scroll : New Graphical User Interfaces for Improving Text Passwords
Harshal Tupsamudre
|
|
|
Pico in the Wild: Replacing Passwords, One Site at a Time
Seb Aebischer, Claudio Dettoni Jr., Graeme Jenkinson, Kat Krol, David Llewellyn-Jones
|
|
|
Password Logbooks and What Their Amazon Reviews Reveal About Their Users’ Motivations, Beliefs, and Behaviors
Ross Koppel
|
|
| 18:00 | Workshop end |
Location:
Room 107
Jussieu campus of Université Pierre et Marie Curie
Website:
EuroUSEC -- European Workshop on Usable Security
IMPS -- Innovations in Mobile Privacy and Security
Abstract:
IMPS aims to bring together researchers working on challenges in security and privacy for mobile platforms, broadly considered. We are interested in investigations into existing security platforms, their users, applications and app store ecosystems, and research into novel security or privacy mechanisms, tools and analysis techniques. Besides established mobile platforms such as iOS and Android, the workshop will consider new and emerging platforms including those for small and embedded devices for example, in the Internet-of-Things setting.
Program (Saturday, 29th):
| 8:00-9:00 |
Registration & Breakfast
|
| 9:00-9:15 |
Welcome to IMPS
|
| 9:15-10:30 |
Invited Talk 1: Industry Security Research: An Insider's View from an ex-Academic.
Federico Maggi, Trend Micro
|
| 10:30-11:00 |
Coffee break
|
| 11:00-12:00 | Session 1 |
|
RandomPad: Usability of Randomized Mobile Keypads for Defeating Inference Attacks
Anindya Maiti, Kirsten Crager, Murtuza Jadliwala, Jibo He, Kevin Kwiat, and Charles Kamhoua
|
|
|
Common Concerns in BYOD Policies
Joseph Hallett and David Aspinall
|
|
| 12:00-14:00 |
Lunch break
|
| 14:00-15:30 | Panel: Research Challenges in Mobile Privacy and Security |
| 15:30-16:00 |
Coffee break
|
| 16:00-17:00 |
Invited Talk 2: Challenges on Developing Secure Mobile Applications.
Sascha Fahl, CISPA, Saarland University
|
| 17:00-18:00 | Session 2 |
|
The cost of push notifications for smartphones using Tor hidden services
Stephan A. Kollmann, and Alastair R. Beresford
|
|
|
The Privacy API: Facilitating insights in how one's own user data is shared
Bram Bonné, Peter Quax, and Wim Lamotte
|
|
| 18:00-18:05 | Concluding remarks |
Location:
Room 202
Jussieu campus of Université Pierre et Marie Curie
Website:
IMPS -- Innovations in Mobile Privacy and Security
S4CIP -- 2nd Workshop on Safety & Security aSSurance for Criticial Infrastructures Protection
Abstract:
Modern society heavily relies on large, heterogeneous and complex software-intensive systems to support all kinds of daily activities. Services such as urban transportation, logistics, health-care, data communication, railway, aerospace, and power distribution, to name a few, are becoming more and more dependent on the availability of such infrastructures. Any discontinuity of service may lead to serious problems, from severe financial losses to fatalities or injuries; the causes have different natures, either human errors, unexpected acts of nature, or intentional attacks like sabotage. Safety and security (S&S) assessments in critical infrastructures measure how these disruptions are handled and what is the impact suffered by the critical infrastructure under stress. These assessments are normally performed using analytical or simulation-based techniques often addressing one single specific aspect at a time rather than studying these infrastructures in a holistic manner. This workshop aims at providing a forum for people from academia and industry to communicate their latest results on theoretical advances, industrial case studies, practical scenarios, and lessons learned in the assurance of S&S for critical infrastructures. Since the special interest on S&S assurance, a special focus will be put on model-based approaches; to the joint modelling and analysis of both cyber and physical aspects of critical infrastructures; and to the definition of unifying modelling and analysis methodologies. Research papers focused on safety or security assurance only are also welcome.
Program (Saturday, 29th)
| 8:00-9:00 | Coffee break |
| 9:00-10:30 | Session 1 (Chair: Simona Bernardi) |
|
Towards a Unified Definition of Cyber and Physical Vulnerability in Critical Infrastructures
S. Marrone
|
|
|
A Proof-theoretic Trust and Reputation Model for VANET
Giuseppe Primiero, Franco Raimondi, Taolue Chen and Rajagopal Nagarajan
|
|
|
Cyber-Attack Detection for Industrial Control System Monitoring with Support Vector Machine based on Communication Profile
Asuka Terai
|
|
| 10:30-11:00 | Coffee break |
| 11:00-13:00 | Session 2 (Chair: Stefano Marrone) |
|
Formal analysis of safety and security requirements of critical systems supported by an extended STPA methodology
Giles Howard, Michael Butler, John Colley and Vladimiro Sassone
|
|
|
Process Mining to enhance security of Web information systems
Simona Bernardi
|
|
|
Security Viewpoint in a Reference Architecture Model for Cyber-Physical Production Systems
Zhendong Ma, Aleksandar Hudic, Abdelkader Shaaban and Sandor Plosz
|
|
|
Challenges and Approaches in Securing Safety-Relevant Railway Signalling
Christian Schlehuber
|
Location:
Room 116
Jussieu campus of Université Pierre et Marie Curie
Website:
S4CIP -- 2nd Workshop on Safety & Security aSSurance for Criticial Infrastructures Protection