ebook img

Financial Cryptography and Data Security: FC 2013 Workshops, USEC and WAHC 2013, Okinawa, Japan, April 1, 2013, Revised Selected Papers PDF

249 Pages·2013·5.32 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Financial Cryptography and Data Security: FC 2013 Workshops, USEC and WAHC 2013, Okinawa, Japan, April 1, 2013, Revised Selected Papers

Andrew A. Adams Michael Brenner Matthew Smith (Eds.) 2 6 Financial Cryptography 8 7 S C and Data Security N L FC 2013 Workshops, USEC and WAHC 2013 Okinawa, Japan, April 2013 Revised Selected Papers 123 Lecture Notes in Computer Science 7862 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen TUDortmundUniversity,Germany MadhuSudan MicrosoftResearch,Cambridge,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum MaxPlanckInstituteforInformatics,Saarbruecken,Germany Andrew A. Adams Michael Brenner Matthew Smith (Eds.) Financial Cryptography and Data Security FC 2013 Workshops, USEC and WAHC 2013 Okinawa, Japan, April 1, 2013 Revised Selected Papers 1 3 VolumeEditors AndrewA.Adams MeijiUniversity CentreforBusinessInformationEthics KandaSurugadai1-1 Tokyo101-8301,Japan E-mail:[email protected] MichaelBrenner LeibnizUniversitätHannover DistributedComputingandSecurityGroup SchloßwenderStraße5 30159Hanover,Germany E-mail:[email protected] MatthewSmith LeibnizUniversitätHannover DistributedComputingandSecurityGroup SchloßwenderStraße5 30159Hanover,Germany E-mail:[email protected] ISSN0302-9743 e-ISSN1611-3349 ISBN978-3-642-41319-3 e-ISBN978-3-642-41320-9 DOI10.1007/978-3-642-41320-9 SpringerHeidelbergNewYorkDordrechtLondon LibraryofCongressControlNumber:2013949274 CRSubjectClassification(1998):E.3,K.4.4,K.6.5,C.2,J.1 LNCSSublibrary:SL4–SecurityandCryptology ©InternationalFinancialCryptographyAssociation2013 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnection withreviewsorscholarlyanalysisormaterialsuppliedspecificallyforthepurposeofbeingenteredand executedonacomputersystem,forexclusiveusebythepurchaserofthework.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheCopyrightLawofthePublisher’slocation, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Permissionsforuse maybeobtainedthroughRightsLinkattheCopyrightClearanceCenter.Violationsareliabletoprosecution undertherespectiveCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Whiletheadviceandinformationinthisbookarebelievedtobetrueandaccurateatthedateofpublication, neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityforanyerrorsor omissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,withrespecttothe materialcontainedherein. Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface This volume contains the papers from the two workshops held along with the 16thInternationalConferenceonFinancial CryptographyandData Security, in Okinawa, Japan on 1st April, 2013. USEC 2013: Workshop on Usable Security Networked information systems permeate modern life. From the ATM to the tablet computer, they’re ubiquitous, as is increasingly their connectivity to the Internet. Securing these systems is a hard job at the technical level. The socio- technical side adds even more complexity. It is now well-understood that the humansideofsecuringsystemsisatleastasdifficultasthetechnicalside.While great strides have been made in making systems usable and technically secure, there is often an inherent contradiction in providing usable security: security is both an emergent property of the system as a whole and for some users/system elements/circumstances the aim of security is explicitly to apply the ultimate opposition of usability: denial of access. This apparent contradictionunderpins this workshop, which brings together researchersfrom a variety of disciplines including, but not limited to, computer science, psychology, business studies, to present and discuss recent advances in enabling systems to provide more easily usable security and privacy. Google, Inc. and the Centre for Business Information Ethics at Meiji Uni- versity sponsored the workshop’s keynote speaker, Dr. Alessandro Acquisti of Heinz College, Carnegie Mellon University, who gave a highly engaging talk on his recent work on the behavioral economics of security and privacy: Confessions of a Privacy Economist What drives people to disclose or protect their personal information? What are the tangible and intangible consequences of those decisions? In this talk, I will discussthetransitionfromtheeconomicstothebehavioraleconomicsofprivacy. In particular, I will present and contrast a series of opposing “frames,” or ways toframeandanalyzetheprivacydebate,usingthelensesofbehavioraleconomic research. I will start from frames I have analyzed in my research (for instance: is privacy really about “transparency” and “control”?) and progressively move onto less settled, and perhaps more controversial,frames of the debate. VI Preface The organisers,Steering Committee andProgramCommittee of USEC 2013 thanktheInternationalFinancialCryptographersAssociationandtheorganisers of Financial Crypto and Data Security 2013 for their support in hosting the workshop. July 2013 Andrew A. Adams Organization USEC Steering Committee Jean Camp Indiana University, USA Jim Blythe University of Southern California, USA Angela Sasse University College London, UK USEC 2013 Organising Committee Andrew A. Adams Meiji University, Japan Kiyoshi Murata Meiji University, Japan USEC 2013 Program Committee Sadia Afroz Drexel University, USA Rainer Bo¨hme University of Mu¨nster, Germany Pam Briggs Northumbria University, UK Lorrie Cranor Carnegie Mellon University, USA Neil Gandal University of Tel Aviv, Israel Seda Gu¨rses K.U. Leuven, Beligum Peter Gutmann University of Auckland, New Zealand Raquel Hill Indiana University, USA Tiffany Hyun-Jin Kim Carnegie Mellon University, USA Markus Jakobsson PayPal, USA Timothy Kelley Indiana University, USA Brian LaMacchia Microsoft Research, USA William Lehr MIT, USA Hui Kai Lung Hong Kong University of Science and Technology, China Hitoshi Okada National Institute of Informatics, Japan Frank Stajano University of Cambridge, UK Andrew Patrick Office of the Privacy Commissioner of Canada, Canada Hovav Schacham University of California at San Diego, USA Bruce Schneier BT, USA Dan Schutzer BITS, USA Sean Smith Dartmouth College, USA Douglas Stebila Queensland University of Technology, USA David Wagner University of California, Berkeley, USA Nicholas Weaver University of California, Berkeley, USA Tara Whalen Carleton University, Canada VIII Organization WAHC 2013: Workshop on Applied Homomorphic Cryptography Homomorphic Cryptography has become one of the hottest topics in mathe- maticsandcomputersciencesinceGentrypresentedthefirstfullyhomomorphic schemein2009.Thishasalsoenhancedtheinterestinsecretfunctionevaluation, privateinformationretrievalorsearchableencryptioningeneral.Manynewcryp- tographicschemeshavebeenproposed,creatingadiversemathematicalbasisfor further theoretical research.Researchon practical applications of homomorphic encryption, secret function evaluation, private information retrieval or search- able encryption is still less advanced due to the poor performance resulting on the complexity assumptions made in current encryption schemes. The goal of the WAHC was to bring together professionals, researchers, and practitioners in the area of computer security and applied cryptography with an interest in practical applications of homomorphic encryption, secure function evaluation, private information retrieval or searchable encryption to present, discuss, and share the latest findings in the field, and to exchange ideas that address real- world problems with practical solutions using homomorphic cryptography and other privacy preserving mechanisms. The workshop received 12 submissions, each of which was reviewed by at least 3 ProgramCommittee members. While all the papers were of high quality only 6 paperswere acceptedto the workshop.We wantto thank the researchers of all 12 submissions, the members of the Program Committee, the workshop participants,theFCgeneralchair,KazueSako,theprogramchair,Ahmad-Reza SadeghiandtheUSECworkshopchair,AndrewA.Adams.Specialthanksgoto VinodVaikuntanathanwhotraveledallthewaytoJapantogivetheworkshop’s keynotespeech,whichwasalsoenjoyedbytheattendeesoftheFinancialCrypto and Data Security 2013. The talk surveyed the recent progress in the areas of fully homomorphic encryption and functional encryption – two very powerful methods for computing on encrypted data. It also described the exciting work towards making these technologies practical, and some future directions in this field. July 2013 Michael Brenner Matthew Smith WAHC 2013 Program Committee Jose Maria Alcaraz Calero HP Labs, UK Lynn Batten Deakin University, Australia Zvika Brakerski Stanford University, USA Dario Fiore Max Planck Institute for Software Systems, Germany Kristin Lauter Microsoft, USA Aggelos Kiayias University of Connecticut, USA Vladimir Kolesnikov Bell Labs, USA David Naccache Ecole Normale Superieure, France Maire O’Neill Queen’s University Belfast, UK Elizabeth O’Sullivan Queen’s University Belfast, UK Henning Perl Universita¨t Hannover, Germany Benny Pinkas Bar Ilan University, Israel Kurt Rohloff BBN Technologies, USA Christoph Sorge Universit¨at Paderborn, Germany Osman Ugus Hochschule HAW Hamburg, Germany Yevgeniy Vahlis AT&T Labs, USA Vinod Vaikuntanathan University of Toronto, Canada Marten van Dijk MIT CSAIL, USA Fr´e Vercauteren K.U. Leuven, Belgium Adrian Waller Thales, UK Dirk Westhoff Hochschule Furtwangen University, Germany Xun Yi Victoria University, Australia Table of Contents The Workshop on Usable Security (USEC 13) I Think, Therefore I Am: Usability and Security of Authentication Using Brainwaves ................................................ 1 John Chuang, Hamilton Nguyen, Charles Wang, and Benjamin Johnson Usability and Security of Gaze-Based Graphical Grid Passwords ....... 17 Majid Arianezhad, Douglas Stebila, and Behzad Mozaffari The Impact of Length and Mathematical Operators on the Usability and Security of System-Assigned One-Time PINs .................... 34 Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks................................................. 52 Timothy Vidas, Emmanuel Owusu, Shuai Wang, Cheng Zeng, Lorrie Faith Cranor, and Nicolas Christin “Comply or Die” Is Dead: Long Live Security-Aware Principal Agents ......................................................... 70 Iacovos Kirlappos, Adam Beautement, and M. Angela Sasse Information Security as a Credence Good ........................... 83 Ping Fan Ke, Kai-Lung Hui, and Wei T. Yue Sorry, I Don’t Get It: An Analysis of Warning Message Texts.......... 94 Marian Harbach, Sascha Fahl, Polina Yakovleva, and Matthew Smith Soulmate or Acquaintance? Visualizing Tie Strength for Trust Inference........................................................ 112 Tiffany Hyun-Jin Kim, Virgil Gligor, Jorge Guajardo, Jason Hong, and Adrian Perrig AwarenessaboutPhotosontheWebandHowPrivacy-Privacy-Tradeoffs Could Help...................................................... 131 Benjamin Henne and Matthew Smith Bootstrapping Trust in Online Dating: Social Verification of Online Dating Profiles .................................................. 149 Gregory Norcie, Emiliano De Cristofaro, and Victoria Bellotti

Description:
This book constitutes the thoroughly refereed post-conference proceedings of the workshop on Usable Security, USEC 2013, and the third Workshop on Applied Homomorphic Cryptography, WAHC 2013, held in conjunction with the 17th International Conference on Financial Cryptology and Data Security, FC 201
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.