Bodies.dissemination-committee September 2019

bodies.dissemination-committee@internal.sparta.eu

5 participants
6 discussions

[SPARTA - bodies.dissemination-committee] Paper submission

by Lukas Malina

Dear all, we are submitting the paper “Towards Privacy and Secure IoT Services Based on Privacy-Enhancing Technologies” to International Workshop on Secure Internet of Things 2019 (SIOT) in conjunction with ESORICS 2019. Please find the paper in the attachment. The paper is in line with WP6 research program (Task 6.5 Privacy-by-Design) and does not contain any sensitive information. If the paper will be accepted and no objections will be raised by diss. committee, we would like to acknowledge to SPARTA. To be noted that Author Notification date is August 10th, 2019 and Camera Ready date is September 10th, 2019. I would be pleased to provide any further information. Thank you. Best regards, Lukas Malina (BUT) -- Ing. Lukáš Malina, Ph.D. E-mail: malina(a)feec.vutbr.cz Brno University of Technology Faculty of Electrical Engineering and Communication Department of Telecommunications Technicka 12 616 00 Brno Czech Republic

5 years, 11 months

[SPARTA - bodies.dissemination-committee] notification of submitted abstract

by mchoras＠itti.com.pl

Dear All, We just send 1-page abstract (attached) to the large AI confress to be held Poland: http://pp-rai.pwr.edu.pl/ We thought it's worth to communicate about SAFAIR/SPARTA - the abstract will be then online or in book of abstracts (if accepted). Kind Regards, prof. Michal Choras

6 years

[SPARTA - bodies.dissemination-committee] Three accepted publications related to WP6.5 for INRIA partner

by Vincent Roca

Dear all, This email is to inform you that my colleague Mathieu, who’s working in our PRIVATICS Inria team, has three publications related to WP6.5, all of them accepted for publication. These works have been done in the context of Guillaume C. PhD, work supported in part by SPARTA. All of them will be registered in the French HAL open access archive with the file (when camera ready will be available), regardless of the publisher practice. We have just added them to the official SPARTA-publications-data-management.xlsx file (it’s committed). Here is the information: - PoPETs2020 (https://www.petsymposium.org/ <https://www.petsymposium.org/>) "Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity Protocols » Guillaume Celosia, Mathieu Cunche Abstract: Apple Continuity protocols are the underlying network component of Apple Continuity services which allow seamless nearby applications such as activity and file transfer, device pairing and sharing a network connection. Those protocols rely on Bluetooth Low Energy (BLE) to exchange information between devices: Apple Continuity messages are embedded in the payload of BLE advertisement packets that are periodically broadcasted by devices. Recently, Martin et al. identified [1] a number of privacy issues associated with Apple Continuity protocols; we show that this was just the tip of the iceberg and that Apple Continuity protocols leak a wide range of personal information. In this work, we present a thorough reverse engineering of Apple Continuity protocols that we use to uncover a collection of privacy leaks. We introduce new artifacts, including identifiers, counters and battery levels, that can be used for passive tracking, and describe a novel active tracking attack based on Handoff messages. Beyond tracking issues, we shed light on severe privacy flaws. First, in addition to the trivial exposure of device characteristics and status, we found that HomeKit accessories betray human activities in a smarthome. Then, we demonstrate that AirDrop and Nearby Action protocols can be leveraged by passive observers to recover email addresses and phone numbers of users. Finally, we exploit passive observations on the advertising traffic to infer Siri voice commands of a user. - IoT S&P 2019 (workshop CCS) (https://www.sigsac.org/ccs/CCS2019/index.php/ccs-2019-workshops/#WIOTSP <https://www.sigsac.org/ccs/CCS2019/index.php/ccs-2019-workshops/#WIOTSP>) "Fingerprinting Bluetooth-Low-Energy Devices Based on the Generic Attribute Profile » Guillaume Celosia, Mathieu Cunche Abstract: Bluetooth Low Energy (BLE) is a short range wireless technology included in many consumer devices such as smartphones, earphones and wristbands. As part of the Attribute (ATT) protocol, discover- able BLE devices expose a data structure called Generic Attribute (GATT) profile that describes supported features using concepts of services and characteristics. This profile can be accessed by any device in range and can expose users to privacy issues. In this paper, we discuss how the GATT profile can be used to cre- ate a fingerprint that can be exploited to circumvent anti-tracking features of the BLE standard (i.e. MAC address randomization). Leveraging a dataset of more than 13000 profiles, we analyze the potential of this fingerprint and show that it can be used to uniquely identify a number of devices. We also shed light on several issues where GATT profiles can be mined to infer sensitive information that can impact privacy of users. Finally, we suggest solutions to mitigate those issues. - Mobiquitous 2019 (http://mobiquitous.org/ <http://mobiquitous.org/>) "Saving Private Addresses: An Analysis of Privacy Issues in the Bluetooth-Low-Energy Advertising Mechanism" Guillaume Celosia, Mathieu Cunche Abstract: The Bluetooth Low Energy (BLE) protocol is being included in a growing number of connected objects such as fitness trackers and headphones. As part of the service discovery mechanism of BLE, devices announce themselves by broadcasting radio signals called advertisement packets that can be collected with off-the-shelf hardware and software. To avoid the risk of tracking based on those messages, BLE features an address randomization mechanism that substitutes the device address with random temporary pseudonyms, called Private addresses. In this paper, we analyze the privacy issues associated with the advertising mechanism of BLE, leveraging a large dataset of advertisement packets collected in the wild. First, we identified that some implementations fail at following the BLE specifications on the maximum lifetime and the uniform distribution of random identifiers. Furthermore, we found that the payload of the advertisement packet can hamper the randomization mechanism by exposing counters and static identifiers. In particular, we discovered that advertising data of Apple and Microsoft proximity protocols can be used to defeat the address randomization scheme. Finally, we discuss how some elements of advertising data can be leveraged to identify the type of device, exposing the owner to inventory attacks. Best regards, Vincent, Mathieu, Joost, Thomas

6 years

[SPARTA - bodies.dissemination-committee] Notification of Accepted Paper

by Vivek Nigam

Dear Dissemination Committee, I am happy to announce that our attached paper has been accepted to the *9th IEEE International Workshop on Software Certification (WoSoCer)* We have acknowledged SPARTA. Best, Vivek Nigam -- fortiss · Landesforschungsinstitut des Freistaats Bayern An-Institut Technische Universität München Guerickestraße 25 80805 München Germany Tel.: +49 (89) 3603522 527 Fax: +49 (89) 3603522 50 E-Mail: nigam(a)fortiss.org http://www.fortiss.org Amtsgericht München: HRB: 176633 USt-IdNr.: DE263907002, Steuer-Nr.: 143/237/25900 Rechtsform: gemeinnützige GmbH Sitz der Gesellschaft: München Geschäftsführer: Dr. Harald Rueß, Thomas Vallon Vorsitzender des Aufsichtsrats: Dr. Manfred Wolter

6 years

Re: [SPARTA - bodies.dissemination-committee] notification of accepted paper

by Raimundas Matulevicius

Dear Dissemination Committee, Please see in the attachment a version of the paper accepted at the 27th International Conference on Cooperative Information Systems <http://www.otmconferences.org/index.php/conferences/coopis19>. Best greetings, Raimundas Dear all, I am happy to announce that our paper “Security Risk Management in Cooperative Intelligent Transportation Systems: A systematic literature review” is accepted at CoopiS 2019: 27th International Conference on Cooperative Information Systems <http://www.otmconferences.org/index.php/conferences/coopis19>. The paper is co-authored by Abasi-amefon O. Affia, Raimundas Matulevičius and Alexander Nolte (all from the University of Tartu). We will acknowledge the SPARTA project in the camera ready copy as follows: “This paper is supported in part by European Union’s Horizon 2020 research and innovation programme under grant agreement No 830892, project SPARTA." QUESTION: Do we need to communicate the camera-ready copy (one it is ready) with the SPARTA Dissemination committee? Best greetings, Raimundas

6 years, 1 month

[SPARTA - bodies.dissemination-committee] paper submission

by Qiang Tang

6 years, 1 month

2025

2024

2023

2022

2021

2020

2019

Bodies.dissemination-committee September 2019