The 10th International Conference on Security for Information Technology and Communications (SecITC 2017) will be held in Bucharest, Romania on June 8th, 2017. The conference venue will be the Palace of the National Military Circle, located right in the heart of Bucharest, the capital city of Romania.
Program Committee Chairs:
 | Emil SIMION | ITA – Advanced Technologies Institute and University “Politehnica” from Bucharest | ROMANIA |
 | Pooya FARSHIM | ENS | FRANCE |
Program Committee – Surname alphabetical order
 | Elena ANDREEVA | COSIC, KU Leuven | BELGIUM |
| Ludovic APVRILLE | Institut Mines-Telecom / Telecom ParisTech | FRANCE |
| Gildas AVOINE | INSA Rennes | FRANCE |
 | Manuel BARBOSA | HASLab – INESC TEC and FCUP | PORTUGAL |
| Ion BICA | Military Technical Academy | ROMANIA |
| Catalin BOJA | Bucharest University of Economic Studies | ROMANIA |
 | Liqun CHEN | Surrey University | UK |
| Christophe CLAVIER | Université de Limoges | FRANCE |
 | Paolo D’ARCO | University of Salerno | ITALY |
 | Joan DAEMEN | STMicroelectronics and Radboud University in Nijmegen | NETHERLANDS |
| Roberto De Prisco | Università degli Studi di Salerno | ITALY |
 | Eric DIEHL | Sony Pictures | USA |
 | Iati DINUR | Ben Gurion University | ISRAEL |
 | Stefan DZIEMBOWSKI | Warsaw University | POLAND |
 | Bao FENG | Huawei | CHINA |
| Eric FREYSSINET | Ministry of Interior / Cyberthreats delegation | FRANCE |
| Nicolas GAMA | University of Versailles | FRANCE |
| Helena HANDSCHUH | Rambus – Cryptography Research | USA |
 | Shoichi HIROSE | University of Fukui | JAPAN |
| Xinyi HUANG | Fujian Normal University | CHINA |
| Miroslaw KUTYLOWSKI | Wroclaw University of Technology | POLAND |
| Jean-Louis LANET | INRIA | FRANCE |
| Giovanni LIVRAGA | Università degli Studi di Milano | ITALY |
| Konstantinos MARKANTONAKIS | ISG, Royal Holloway, University of London | UK |
 | Florian MENDEL | TU Graz | AUSTRIA |
| Bart MENNINK | Radboud University in Nijmegen | NETHERLANDS |
| Kazuhiko MINEMATSU | NEC Corporation | JAPAN |
| David NACCACHE | ENS | FRANCE |
| Rene PERALTA | NIST | USA |
| Bart PENEEL | COSIC, KU Leuven | BELGIUM |
 | Reza REYHANITABAR | NEC Laboratories Europe | GERMANY |
 | Peter Y.A. RYAN | University of Luxembourg | LUXEMBOURG |
| Victor Valeriu PATRICIU | Military Technical Academy | ROMANIA |
| Damien SAUVERON | University of Limoges | FRANCE |
 | Agusti SOLANAS | Smart Health Research Group, Rovira i Virgili University | SPAIN |
| Rainer STEINWANDT | Florida Atlantic University | USA |
 | Willy SUSILO | University of Wollongong | Australia |
| Mihai TOGAN | Military Technical Academy | ROMANIA |
| Cristian TOMA | Bucharest University of Economic Studies | ROMANIA |
| Ferucio Laurentiu TIPLEA | Alexandru Ioan Cuza University of Iasi | ROMANIA |
 | Denis TRCEK | University of Ljubljana | SLOVENIA |
| Michael TUNSTALL | Rambus – Cryptography Research | USA |
 | Serge VAUDENAY | EPFL | SWITZERLAND |
| Ingrid VERBAUWHEDE | COSIC, KU Leuven | BELGIUM |
| Guilin WANG | Huawei | CHINA |
| Qianhong WU | Beihang University | CHINA |
| Lei ZHANG | East China Normal University | CHINA |
Organization Committee and Technical Support Team
- Mihai DOINEA – Bucharest University of Economic Studies, ROMANIA
- Cristian CIUREA – Bucharest University of Economic Studies, ROMANIA
- Luciana MOROGAN – Military Technical Academy, ROMANIA
- Andrei-George OPRINA – Advanced Technologies Institute, ROMANIA
- Marius POPA – Bucharest University of Economic Studies, ROMANIA
- Mihai PURA – Military Technical Academy, ROMANIA
- Mihai TOGAN – Military Technical Academy, ROMANIA
- Marian HAIDUCU – IMAR – Institute of Mathematics of the Romanian Academy, ROMANIA
Call for papers:
SECITC brings together computer security researchers, cryptographers, industry representatives and graduate students interested in any aspect of information security and privacy. One of SECITC’s primary goals is to bring together security and privacy researchers and professionals from different communities and provide a forum allowing the informal exchanges necessary for the emergence of new scientific and industrial collaborations. SECITC 2016 post-proceedings was published by Springer as LNCS vol. 10006 and for SECITC 2015 post-proceedings was published by Springer as LNCS vol. 9522 in a book titled “Innovative Security Solutions for Information Technology and Communications”. Paper submission and refereeing for SECITC 2017 will take place via EasyChair and the post-proceedings will be published by Springer in the Lecture Notes in Computer Science (LNCS) series.
One originality of SECITC is its Exploits Session. In this session, new exploit authors will be invited to explain how exploits were discovered and submit a formal research paper describing their discoveries. While the discovery of new exploits is a high-risk high-gain investment that requires creativity and tenacious work, exploits are usually difficult to publish in mainstream research conferences. Exploit paper acceptance criteria will be the exploit’s nature, novelty and impact.
The conference topics comprise all aspects of information security, including but not limited to the following areas:
Access control, Algorithmic tools for security and cryptography, All aspects of cryptography, Application security, Attacks and defences, Authentication biometry, Censorship and censorship-resistance, Cloud Security, Distributed systems security, Embedded systems security, Digital forensics, Hardware security, Information flow analysis, Internet of Things (IoT) Security, Intrusion detection, Language-based security, Malware, Mobile security and privacy, Network security, New exploits, Policy enforcements, Privacy and anonymity, Protocol security, Reverse-engineering and code obfuscation, Security architectures, Security aspects of alternative currencies, Side channel attacks, Surveillance and anti-surveillance, System security.
| DEADLINES – PROGRAM: |
| Important deadlines: Full Paper Submission: April 24, 2017 at 23:59 UTC/GMT Notification of decision: May 15, 2017 Proceedings version due: May 21, 2017 Conference: June 8, 2017 |
Program:
The conference program is available now for download.
| KEYNOTE SPEAKERS: |
| David NACCACHE Bio: David Naccache heads the ENS’ ISG. My research areas are code security, forensics, the automated and the manual detection of vulnerabilities. Before joining ENS Paris (PSL), he was a professor during 10 years at UP2 (Sorbonne Universités). He previously worked for 15 years for Gemplus (now Gemalto), Philips (now Oberthur) and Thomson (now Technicolor). He studied at UP13 (BSc), UP6 (MSc), IMAC (Eng), TPT (PhD), UP7 (HDR), IHEDN and ICP (STB underway). He is a forensic expert by several courts, a member of OSCP and the incumbant of the Law and IT forensics chair at EOGN. Visit www.ens-paris.fr for for contact information, affiliations, ex-PhD students, editorial boards, awards, publications and hobbies.Title of the presentation: Exploring Naccache-Stern Knapsack Encryption, Common work with Eric Brier and Rémi Géraud Abstract: The Naccache–Stern public-key cryptosystem (NS) relies on the conjectured hardness of the modular multiplicative knapsack problem: Given Given this scheme’s algebraic structure it is interesting to systematically explore its variants and generalizations. In particular it might be useful to enhance NS with features such as semantic security, re-randomizability or an extension to higher-residues. This paper addresses these questions and proposes several such variants. Damien Vergnaud Bio: Damien Vergnaud is an associate professor at École normale supérieure (Paris, France). He holds a doctorate degree in mathematics from the Université de Caen Basse-Normandie (France). His research interests include the design of efficient and secure cryptographic protocols, theoretical aspects of provable security and number theory. In 2017, he was nominated at the “Institut Universitaire de France”.Title of the presentation: Security of Pseudo-Random Number Generators With Input Abstract: A pseudo-random number generator (PRNG) is a deterministic algorithm that produces numbers whose distribution is indistinguishable from uniform. A formal security model for PRNG with input was proposed in 2005 by Barak and Halevi. This model involves an internal state that is refreshed with a (potentially biased) external random source, and a cryptographic function that outputs random numbers from the internal state. In this talk, we will discuss the Barak-Halevi model and its extension proposed in 2013 by Dodis, Pointcheval, Ruhault, Wichs and Vergnaud to include a new security property capturing how a PRNG should accumulate the entropy of the input data into the internal state. We will present analysis of the security of real-life PRNGs in this model and present efficient constructions that achieve provable security. Peter Y A Ryan Bio: Peter Ryan is full Professor of Applied Security at the University of Luxembourg. He has over 20 years of experience in cryptography, information assurance and formal verification. He was one of the pioneers in the application of process algebras to modelling and analysis of secure systems. Ryan has published extensively on cryptography, cryptographic protocols, mathematical models of computer security and, most recently, high assurance voting systems. He is the creator of Prêt à Voter, Pretty Good Democracy (with Vanessa Teague) and OpenVote (with Feng Hoa) and Selene (with P Roenne and V Iovino) verifiable voting schemes. With Feng Hao he proposed the Password Authenticated Key Establishment Protocol J-PAKE. Peter Ryan has (co-) chaired or been on the program committees of numerous, prestigious security conferences. He founded and co-chaired the new workshop series Voting’16 and Voting’17 in association with Financial Crypto. He is a Visiting Professor at the University of Surrey and the ENS Paris.Title of the presentation: Securing the Foundations of Democracy Abstract: Democracy is under threat. This has been high-lighted by the recent US residential election which was fraught with suspicions of hacking of voting technologies, the campaign Processes, media bias and fake news, information bubbles in social media etc. Many of these problems arise from insecurities in digital technologies. The partial recounts conducted, against fierce legal opposition, in Pennsylvania, Michigan and Wisconsin did not produce evidence of vote manipulation, but they did serve to expose the serious vulnerabilities in many US voting technologies, in particular the pure electronic, paperless (DRE) devices. In this talk I focus on the technologies surrounding the conduct of elections, a small but important element in the problem, but one in which significant progress has been made in recent years. I argue that elections should be “evidence based”, that is to say they should be conducted in such a way as to produce sufficient evidence to convince even skeptics, e.g. the losers, that the announced result is a true reflection of the legitimately cast votes. But we must of course balance such transparency against requirements of ballot privacy and coercion resistance. I will overview recent advances in “end-to-end verifiable” schemes and risk-limiting audits. Sylvain GUILLEY Bio: Sylvain GUILLEY is director of the Business Line “Think Ahead” at Secure-IC (http://www.Secure-IC.com), an international SME headquartered in Rennes (France), with business branches in Paris, Singapore and Tokyo.Sylvain is also “Ingénieur en Chef des Mines” and Full Professor atTelecom ParisTech, Universite Paris-Saclay, France. He has been conducting researches towards defining provable securearchitectures for trusted computing for more than ten years.Altogether, Sylvain authored more than 200 scientific publications andpatents related to security and embedded systems.He is a member of the IACR, of the IEEE and of the Cryptarchi club(senior member).Sylvain graduated from Ecole Polytechnique (X97), TELECOM-ParisTech(ENST 2002), and got a MSc from ENS Paris 6 University (2010, in thefield of quantum physics), a PhD from TELECOM-ParisTech (2007, in thefield of digital electronics) and an HDR from Paris 7 University (2012,in the field of mathematical cryptography).Today, Sylvain is an active member in the ISO/IEC sub-committee SC27,dealing with information security.Sylvain is editor for standard projects on physically unclonable functions (ISO 20897) and side-channel calibration (ISO 20085). Sylvain is also a rapporteur for a study period on White Box Cryptography,and leads a French-wide national project on quantum-safecryptography (RISQ: http://www.risq.fr).Title of the presentation: Stochastic Side-Channel Leakage Analysis via Orthonormal Decomposition Abstract: Side-channel attacks of maximal efficiency require an accurate knowledge of the leakage function.Template attacks have been introduced by Chari et al. at CHES 2002 to estimate the leakage function using available training data. Schindler et al. noticed at CHES 2005 that the complexity of profiling could be alleviated if the evaluator has some prior knowledge on the leakage function.The initial idea of Schindler is that an engineer can model the leakage from the structure of the circuit.However, for some thin CMOS technologies or some advanced countermeasures, the engineer intuition might not be sufficient. Therefore, a method to research a leakage function based on profiling is important. In the state-of-the-art, though, the profiling stage is conducted based on a linear regression in a non-orthonormal basis, which does not allow for easy interpretation, since components are not independent. In this paper, we present a method to characterize the leakage based ona Walsh-Hadamard orthonormal basis with staggered degrees, which allows for direct interpretation in terms of bits interactions.The straightforward application is the characterization of a class of devices, in a view to understand their leakage structure.Such information is precious for designers and also for evaluators, who can devise attack bases relevantly. Claudio ORLANDI Bio: Claudio Orlandi got his PhD in 2011 from Aarhus University (Denmark), where he works now as an associate professor after a postdoc at Bar-Ilan University (Israel). During the last decade he has made significant contributions to the theory and practice of cryptographic protocols, with focus on two-party secure computation protocols with security against active adversaries. He is the chair of the CryptoAction, a EU funded network of research in cryptography.Title of the presentation: Faster Zero-Knowledge Protocols and Applications Abstract: Zero-knowledge protocols (ZKP) are one of the cornerstones of mod- ern cryptography. In a nutshell, a ZKP allows a prover P (with a secret input x) to persuade a verifier V that f(x) = 1 for some public function f, without disclosing to V any other information about x. In this talk I will present two recent ZKPs, known as ZKGC [4, 2] and ZKBoo [3]. These are the first ZKPs that allow to prove interesting, non-algebraic statements (such as “I know x such that SHA-256(x) = y” for a public y), in the order of tens of milliseconds on a standard computer. As ZKPs are ubiquitous in cryptography, this line of research has already enabled many interesting applications. In particular, I will show how ZKBoo allows to construct post-quantum signature schemes using symmetric-key primitives [1] only. Acknowledgements. Research supported by the Danish Council for Independent Research, COST Action IC1306 and the the European Union Horizon 2020 re- search and innovation programme under grant agreement No 731583 (SODA). Ferucio Laurentiu TIPLEA Bio: Ferucio Laurentiu Tiplea received the Ph.D. degree in computer science from “Alexandru Ioan Cuza” University of Iasi, Romania, in 1993. He joined the Department of Computer Science of the aforementioned university in 1990, where he is currently Professor of Computer Science. Dr. Tiplea’s research interests lie in the area of theories and tools for high-level modeling, design, and analysis of systems, computability and complexity, and cryptography and computer security. He published more than 80 papers in professional journals and refereed conference proceedings in these areas, co-edited five conference volumes, contributed to six edited volumes, and delivered invited talks at many universities and international conferences. Dr. Tiplea was the recipient of several fellowships, such as the Fulbright Fellowship, German Academy Fellowship, DAAD Fellowship, Monbusho Fellowship. From December 2003 to May 2006 he held a Visiting Professor position at University of Central Florida, School of Computer Science, Orlando (USA).Title of the presentation: Key-policy Attribute-based Encryption from Bilinear Maps Abstract: Attribute-based encryption (ABE) is a new paradigm in cryptography, where messages are encrypted and decryption keys are computed in accordance with a given set of attributes and an access structure on the set of attributes. There are two forms of ABE: key-policy ABE (KP-ABE) and cipher text-policy ABE (CP-ABE). In a KP-ABE, each message is encrypted together with a set of attributes and the decryption key is computed for the entire access structure; in a CP-ABE, each message is encrypted together with an access structure while the decryption keys are given for specific sets of attributes. In this talk we discuss on the possibility of constructing KP-ABE schemes from bilinear maps or simpler forms of leveled multi-linear maps. Selective security of the schemes in the standard model is also discussed. Konstantinos MARKANTONAKIS Bio: Prof Konstantinos Markantonakis B.Sc. (Lancaster University), M.Sc., MBA, Ph.D. (London) received his BSc (Hons) in Computer Science from Lancaster University in 1995, his MSc in Information Security in 1996, his PhD in 2000 and his MBA in International Management in 2005 from Royal Holloway, University of London. He is the Director of the Information Security Group Smart Card Centre (SCC). His main research interests include smart card security and applications, secure cryptographic protocol design, key management, embedded system security and trusted execution environments, mobile phone operating systems/platform security, NFC/RFID/HCE security, grouping proofs, electronic voting protocols. He has published more than 160 papers in international conferences and journals. Since completing his PhD, he has worked as an independent consultant in a number of information security and smart card related projects. He is also a member of the IFIP Working Group 8.8 on Smart Cards. Since June 2014, he is vice chair of IFIP WG 11.2 Pervasive Systems Security. He continues to act as a consultant on a variety of topics including smart card security, key management, information security protocols, mobile devices, smart card migration program planning/project management for financial institutions, transport operators and technology integrators.Title of the presentation: Ambient Sensing Based Relay Attack Detection in Smartphone Contactless Transactions Abstract: Relay attacks are passive man in the middle attacks, aiming to extend the physical distance of devices involved in a transaction beyond their operating environment. In the field of smart cards, distance bounding protocols have been proposed in order to counter relay attacks. In the field of smartphones, proposals have been put forward suggesting sensing the natural ambient environment as a potentially effective means for proximity/relay attack detection. However, these proposals are not in compliance with industry imposed constraints (e.g. EMV and ITSO) that mandate that transactions should complete within a certain time-frame (e.g. 500ms for EMV contactless transactions). We evaluated the effectiveness of 17 ambient sensors, widely available in modern smartphones, as a proximity/relay attack detection method for time restricted contactless transactions. Threshold-based and machine learning analysis techniques demonstrated limited effectiveness of natural ambient sensing in countering relay attacks in such transactions. We proposed the generation of an artificial ambient environment (AAE) as a potential alternative. The use of infrared light as an AAE actuator was evaluated. Our results indicate a high success rate, while the proposed solution is in compliance with industry requirements. |