2012 IEEE Symposium on Security and Privacy Workshops

Physical Unclonable Functions (PUFs) or Physical One Way Functions (P-OWFs) are physical systems whose responses to input stimuli are easy to measure but hard to clone. The unclonability property is due to the accepted hardness of replicating the multitude of uncontrollable manufacturing characteristics and makes PUFs useful in solving problems such as device authentication, software protection an... View full abstract»

Until recently, known fault attacks against (non-CRT) exponentiation-based cryptosystems were supposed to be of rather theoretical nature, as they require a precise fault injection, e.g., a bit flip. However, Schmidt and Herbst (FDTC 2008) reported practical fault-attacks against RSA in standard mode using low-cost equipment. Although their attacks were described against RSA, they readily extend t... View full abstract»

This work provides a detailed study of two finalists of the SHA-3 competition from the side-channel analysis point of view. For both functions when used as a MAC, this paper presents detected strategies for performing a power analysis. Besides the classical MAC mode, two additionally proposed constructions, the envelope MAC for Grøstl and the Skein-MAC for Skein, are analyzed. Consequently,... View full abstract»

We report on the development of Blue Jay, a hybrid Rabin-based public key encryption cryptosystem that is suitable for ultra-lightweight (total 2000-3000 GE) platforms such as micro sensors and RFID authentication tags. The design is related to authors Passerine and the Oren-Feldhofer WIPR proposals, but is suitable to a wider array of applications. The encryption mechanism is significantly faster... View full abstract»

We introduce Slender PUF protocol, an efficient and secure method to authenticate the responses generated from a Strong Physical Unclonable Function (PUF). The new method is lightweight, and suitable for energy constrained platforms such as ultra-low power embedded systems for use in identification and authentication applications. The proposed protocol does not follow the classic paradigm of expos... View full abstract»

The increasing use of online review sites is creating new challenges for user privacy. Although reviews are public, many users inadvertently disclose private information about relationship, location, and temporal attributes to the world. This research protects users of online review sites from the inadvertent disclosure of private information in three ways. First, the types of unstructured and str... View full abstract»

There is a wealth of sensitive information available on the Web about any individual that is generated either by her or by others on social networking sites. This information could be used to make important decisions about that individual. The problem is that although people know that searches for their personal information are possible, they have no way to either control the data that is put on t... View full abstract»

This paper introduces two generic mechanisms allowing to compare security policies from a semantical point of view. First, a notion of embedding is defined in order to compare policies over a common domain. Then, interpretations of security policies are introduced in order to consider their properties over arbitrary domains. Thus, combining interpretations and embeddings allows to compare policies... View full abstract»

We propose a mixed logical and game theoretic framework for modeling decision making under the potential for deception. This framework is most appropriate for online communities in which a decision maker must act upon information being provided by various sources with various different motivations. We show that in the simple three-player game we propose there are always equilibria in pure strategi... View full abstract»

Current state of the art intrusion detection and prevention systems (IDPS) are signature-based systems that detect threats and vulnerabilities by cross-referencing the threat or vulnerability signatures in their databases. These systems are incapable of taking advantage of heterogeneous data sources for analysis of system activities for threat detection. This work presents a situation-aware intrus... View full abstract»

We present our ongoing work on user data and contextual privacy preservation in mobile devices through semantic reasoning. Recent advances in context modeling, tracking and collaborative localization have led to the emergence of a new class of smart phone applications that can access and share embedded sensor data. Unfortunately, this also means significant amount of user context information is no... View full abstract»