2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

23-27 April 2018

Filter Results

Displaying Results 1 - 25 of 30
  • [Title page i]

    Publication Year: 2018, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (93 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2018, Page(s): 3
    Request permission for commercial reuse | PDF file iconPDF (141 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2018, Page(s): 4
    Request permission for commercial reuse | PDF file iconPDF (119 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2018, Page(s):5 - 7
    Request permission for commercial reuse | PDF file iconPDF (88 KB)
    Freely Available from IEEE
  • Message from the Program and General Chairs

    Publication Year: 2018, Page(s):8 - 9
    Request permission for commercial reuse | PDF file iconPDF (87 KB)
    Freely Available from IEEE
  • Message from the Workshop Chairs

    Publication Year: 2018, Page(s): 10
    Request permission for commercial reuse | PDF file iconPDF (80 KB)
    Freely Available from IEEE
  • Organizing Committee

    Publication Year: 2018, Page(s): 11
    Request permission for commercial reuse | PDF file iconPDF (92 KB)
    Freely Available from IEEE
  • Vulnerability Detection on Mobile Applications Using State Machine Inference

    Publication Year: 2018, Page(s):1 - 10
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (584 KB) | HTML iconHTML

    Although the importance of mobile applications grows every day, recent vulnerability reports argue the application's deficiency to meet modern security standards. Testing strategies alleviate the problem by identifying security violations in software implementations. This paper proposes a novel testing methodology that applies state machine learning of mobile Android applications in combination wi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Inferring OpenVPN State Machines Using Protocol State Fuzzing

    Publication Year: 2018, Page(s):11 - 19
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (182 KB) | HTML iconHTML

    The reliability of a security protocol is of the utmost importance but can easily be compromised by a vulnerability in the implementation. A crucial aspect of an implementation is the protocol's state machine. The state machine of an implementation can be inferred by black box testing using regular inference. These inferred state machines provide a good insight into implementations and can be used... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Authenticated Data Structures for Privacy-Preserving Monero Light Clients

    Publication Year: 2018, Page(s):20 - 28
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (639 KB) | HTML iconHTML

    Monero, a leading privacy-oriented cryptocurrency, supports a client/server operating mode that allows lightweight clients to avoid storing the entire blockchain, instead relying on a remote node to provide necessary information about the blockchain. However, a weakness of Monero's current blockchain data structure is that lightweight clients cannot authenticate the responses returned from a remot... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Incentivized Delivery Network of IoT Software Updates Based on Trustless Proof-of-Distribution

    Publication Year: 2018, Page(s):29 - 39
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (367 KB) | HTML iconHTML

    The Internet of Things (IoT) network of connected devices currently contains more than 11 billion devices and is estimated to double in size within the next four years. The prevalence of these devices makes them an ideal target for attackers. To reduce the risk of attacks vendors routinely deliver security updates (patches) for their devices. The delivery of security updates becomes challenging du... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How to Squeeze a Crowd: Reducing Bandwidth in Mixing Cryptocurrencies

    Publication Year: 2018, Page(s):40 - 49
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (662 KB) | HTML iconHTML

    Several popular cryptocurrencies incorporate privacy features that "mix" real transactions with cover traffic in order to obfuscate the public transaction graph. The underlying protocols, which include CryptoNote and Monero's RingCT, work by first identifying a real transaction output (TXO), sampling a number of cover outputs, and transmitting the entire resulting set to verifiers, along with a ze... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Impact of Uncle Rewards on Selfish Mining in Ethereum

    Publication Year: 2018, Page(s):50 - 57
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (566 KB) | HTML iconHTML

    Many of today's crypto currencies use blockchains as decentralized ledgers and secure them with proof of work. In case of a fork of the chain, Bitcoin's rule for achieving consensus is selecting the longest chain and discarding the other chain as stale. It has been demonstrated that this consensus rule has a weakness against selfish mining in which the selfish miner exploits the variance in block ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A First Look at Browser-Based Cryptojacking

    Publication Year: 2018, Page(s):58 - 66
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (584 KB) | HTML iconHTML

    In this paper, we examine the recent trend to- wards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code- bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency - typically without her consent or knowledge - and pays out the seigniorage to the website. ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Blockchain as a Service (BaaS): Providers and Trust

    Publication Year: 2018, Page(s):67 - 74
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (169 KB) | HTML iconHTML

    Distributed ledger technologies (DLTs) are receiving much attention. As discussion focuses on the potential applications of DLTs, Blockchain-as-a-Service (BaaS) offerings are emerging to provide the underlying supporting infrastructure. BaaS entails a service provider supplying and managing aspects of a DLT infrastructure to facilitate and bring efficiencies regarding the development, experimentat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Decentralizing Digital Identity: Open Challenges for Distributed Ledgers

    Publication Year: 2018, Page(s):75 - 78
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (253 KB) | HTML iconHTML

    Distributed Ledger Technology (DLT) has been proposed as a new way to incorporate decentralization into a wide range of digital infrastructures. Applications of DLT to digital identity are increasing in prevalence, with a recent survey reporting that 55% of DLT technologies in development track digital identity. However, while proofs of concept, open source software, and new ideas are readily avai... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Interaction-Based Privacy Threat Elicitation

    Publication Year: 2018, Page(s):79 - 86
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (159 KB) | HTML iconHTML

    Threat modeling involves the systematic identification, elicitation, and analysis of privacy- and/or security-related threats in the context of a specific system. These modeling practices are performed at a specific level of architectural abstraction - the use of Data Flow Diagram (DFD) models, for example, is common in this context. To identify and elicit threats, two fundamentally different appr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Odyssey: Modeling Privacy Threats in a Brave New World

    Publication Year: 2018, Page(s):87 - 94
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (144 KB) | HTML iconHTML

    In the upcoming General Data Protection Regulation (GDPR), privacy by design and privacy impact assessments are given an even more prominent role than before. It is now required that companies build privacy into the core of their technical products. Recently, researchers and industry players have proposed employing threat modeling methods, traditionally used in security engineering, as a way to br... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy Risk Analysis to Enable Informed Privacy Settings

    Publication Year: 2018, Page(s):95 - 102
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (549 KB) | HTML iconHTML

    The work described in this paper is a contribution to enhancing individual control over personal data which is promoted, inter alia, by the new EU General Data Protection Regulation. We propose a method to enable better informed choices of privacy settings. The method relies on a privacy risk analysis parameterized by privacy settings. The user can express his choices, visualize their impact on th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • FP -TESTER : Automated Testing of Browser Fingerprint Resilience

    Publication Year: 2018, Page(s):103 - 107
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (208 KB) | HTML iconHTML

    Despite recent regulations and growing user awareness, undesired browser tracking is increasing. In addition to cookies, browser fingerprinting is a stateless technique that exploits a device's configuration for tracking purposes. In particular, browser fingerprinting builds on attributes made available from Javascript and HTTP headers to create a unique and stable fingerprint. For example, browse... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Methods and Tools for GDPR Compliance Through Privacy and Data Protection Engineering

    Publication Year: 2018, Page(s):108 - 111
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (139 KB) | HTML iconHTML

    In this position paper we posit that, for Privacy by Design to be viable, engineers must be effectively involved and endowed with methodological and technological tools closer to their mindset, and which integrate within software and systems engineering methods and tools, realizing in fact the definition of Privacy Engineering. This position will be applied in the soon-to-start PDP4E project, wher... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • It Takes a Village: A Community Based Participatory Framework for Privacy Design

    Publication Year: 2018, Page(s):112 - 115
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (149 KB) | HTML iconHTML

    As data-centric technologies are increasingly being considered in social contexts that intervene in marginalized peoples' lives, we consider design paradigms to create systems that fulfill their unique privacy needs and requirements. Disempowered populations often experience disparate harms from the loss of privacy but, typically, have a limited role in formulating the scope and nature of such int... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enhancing Transparency and Consent in the IoT

    Publication Year: 2018, Page(s):116 - 119
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (523 KB) | HTML iconHTML

    The development of the IoT raises specific questions in terms of privacy, especially with respect to information to users and consent. We argue that (1) all necessary information about collected data and the collecting devices should be communicated electronically to all data subjects in their range and (2) data subjects should be able to reply also electronically and express their own privacy cho... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy Compliance Via Model Transformations

    Publication Year: 2018, Page(s):120 - 126
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (677 KB) | HTML iconHTML

    Due to the upcoming, more restrictive regulations (like the European GDPR), designing privacy preserving architectures for information systems is becoming a pressing concern for practitioners. In particular, verifying that a design is compliant with the regulations might be a challenging task for engineers. This work presents an approach based on model transformations, which guarantee that an arch... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Simulation of a Trust and Reputation Based Mitigation Protocol for a Black Hole Style Attack on VANETs

    Publication Year: 2018, Page(s):127 - 135
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (178 KB) | HTML iconHTML

    From a security standpoint, VANETs (Vehicular ad hoc Networks) are vulnerable to attacks by malicious users, due to the decentralized and open nature of the wireless system. For many of these kinds of attacks detection is unfeasible, thus making it hard to produce security. Despite their characterization as dynamically reconfigurable networks, it is nonetheless essential to identify topology and p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.