- Bodies.dissemination-committee

[SPARTA - bodies.dissemination-committee] Paper submission

by Lukas Malina

Dear all, we are submitting the paper “Towards Privacy and Secure IoT Services Based on Privacy-Enhancing Technologies” to International Workshop on Secure Internet of Things 2019 (SIOT) in conjunction with ESORICS 2019. Please find the paper in the attachment. The paper is in line with WP6 research program (Task 6.5 Privacy-by-Design) and does not contain any sensitive information. If the paper will be accepted and no objections will be raised by diss. committee, we would like to acknowledge to SPARTA. To be noted that Author Notification date is August 10th, 2019 and Camera Ready date is September 10th, 2019. I would be pleased to provide any further information. Thank you. Best regards, Lukas Malina (BUT) -- Ing. Lukáš Malina, Ph.D. E-mail: malina(a)feec.vutbr.cz Brno University of Technology Faculty of Electrical Engineering and Communication Department of Telecommunications Technicka 12 616 00 Brno Czech Republic

5 years, 11 months

1
1
0 0

[SPARTA - bodies.dissemination-committee] Paper accepted w.r.t. the SPARTA task T6.5

by Qiang Tang

Dear All, The attached paper has been accepted to the Inscrypt conference ( http://cs.nuaa.edu.cn/inscrypt2019/main.psp ), which will occur in this December in Nanjing China. I have acknowledged the SPARTA project in the paper. Cheers Qiang (See attached file: Inscrypt 2019.pdf) Senior Researcher Luxembourg Institute of Science and Technology & Adjunct Professor East China Normal University, Shanghai, China Website: http://www.tangqiang.eu/

6 years

2
1
0 0

[SPARTA - bodies.dissemination-committee] paper submission

by Lukas Malina

Dear all, we plan to submit a paper entitled "Privacy-Enhancing Signcryption Scheme" to the journal: "Information Sciences" (as an open access publication). The paper presents a new privacy-enhancing signcryption scheme which is efficient even on computationally restricted devices. Therefore, this paper is in line with WP6 that is focusing on security and privacy protection in IoT. Please find the prefinal version of our paper attached to this email. Additional sensitive information in the paper is not expected. If the paper will be accepted and no objections will be raised by diss. committee, we would like to acknowledge to SPARTA. Thank you very much! Best regards, Lukas Malina (BUT, WP6 Task 6.5) -- Ing. Lukáš Malina, Ph.D. E-mail: malina(a)feec.vutbr.cz Brno University of Technology Faculty of Electrical Engineering and Communication Department of Telecommunications Technicka 12 616 00 Brno Czech Republic

6 years

1
0
0 0

[SPARTA - bodies.dissemination-committee] notification of submitted abstract

by mchoras＠itti.com.pl

Dear All, We just send 1-page abstract (attached) to the large AI confress to be held Poland: http://pp-rai.pwr.edu.pl/ We thought it's worth to communicate about SAFAIR/SPARTA - the abstract will be then online or in book of abstracts (if accepted). Kind Regards, prof. Michal Choras

6 years

1
0
0 0

[SPARTA - bodies.dissemination-committee] Three accepted publications related to WP6.5 for INRIA partner

by Vincent Roca

Dear all, This email is to inform you that my colleague Mathieu, who’s working in our PRIVATICS Inria team, has three publications related to WP6.5, all of them accepted for publication. These works have been done in the context of Guillaume C. PhD, work supported in part by SPARTA. All of them will be registered in the French HAL open access archive with the file (when camera ready will be available), regardless of the publisher practice. We have just added them to the official SPARTA-publications-data-management.xlsx file (it’s committed). Here is the information: - PoPETs2020 (https://www.petsymposium.org/ <https://www.petsymposium.org/>) "Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity Protocols » Guillaume Celosia, Mathieu Cunche Abstract: Apple Continuity protocols are the underlying network component of Apple Continuity services which allow seamless nearby applications such as activity and file transfer, device pairing and sharing a network connection. Those protocols rely on Bluetooth Low Energy (BLE) to exchange information between devices: Apple Continuity messages are embedded in the payload of BLE advertisement packets that are periodically broadcasted by devices. Recently, Martin et al. identified [1] a number of privacy issues associated with Apple Continuity protocols; we show that this was just the tip of the iceberg and that Apple Continuity protocols leak a wide range of personal information. In this work, we present a thorough reverse engineering of Apple Continuity protocols that we use to uncover a collection of privacy leaks. We introduce new artifacts, including identifiers, counters and battery levels, that can be used for passive tracking, and describe a novel active tracking attack based on Handoff messages. Beyond tracking issues, we shed light on severe privacy flaws. First, in addition to the trivial exposure of device characteristics and status, we found that HomeKit accessories betray human activities in a smarthome. Then, we demonstrate that AirDrop and Nearby Action protocols can be leveraged by passive observers to recover email addresses and phone numbers of users. Finally, we exploit passive observations on the advertising traffic to infer Siri voice commands of a user. - IoT S&P 2019 (workshop CCS) (https://www.sigsac.org/ccs/CCS2019/index.php/ccs-2019-workshops/#WIOTSP <https://www.sigsac.org/ccs/CCS2019/index.php/ccs-2019-workshops/#WIOTSP>) "Fingerprinting Bluetooth-Low-Energy Devices Based on the Generic Attribute Profile » Guillaume Celosia, Mathieu Cunche Abstract: Bluetooth Low Energy (BLE) is a short range wireless technology included in many consumer devices such as smartphones, earphones and wristbands. As part of the Attribute (ATT) protocol, discover- able BLE devices expose a data structure called Generic Attribute (GATT) profile that describes supported features using concepts of services and characteristics. This profile can be accessed by any device in range and can expose users to privacy issues. In this paper, we discuss how the GATT profile can be used to cre- ate a fingerprint that can be exploited to circumvent anti-tracking features of the BLE standard (i.e. MAC address randomization). Leveraging a dataset of more than 13000 profiles, we analyze the potential of this fingerprint and show that it can be used to uniquely identify a number of devices. We also shed light on several issues where GATT profiles can be mined to infer sensitive information that can impact privacy of users. Finally, we suggest solutions to mitigate those issues. - Mobiquitous 2019 (http://mobiquitous.org/ <http://mobiquitous.org/>) "Saving Private Addresses: An Analysis of Privacy Issues in the Bluetooth-Low-Energy Advertising Mechanism" Guillaume Celosia, Mathieu Cunche Abstract: The Bluetooth Low Energy (BLE) protocol is being included in a growing number of connected objects such as fitness trackers and headphones. As part of the service discovery mechanism of BLE, devices announce themselves by broadcasting radio signals called advertisement packets that can be collected with off-the-shelf hardware and software. To avoid the risk of tracking based on those messages, BLE features an address randomization mechanism that substitutes the device address with random temporary pseudonyms, called Private addresses. In this paper, we analyze the privacy issues associated with the advertising mechanism of BLE, leveraging a large dataset of advertisement packets collected in the wild. First, we identified that some implementations fail at following the BLE specifications on the maximum lifetime and the uniform distribution of random identifiers. Furthermore, we found that the payload of the advertisement packet can hamper the randomization mechanism by exposing counters and static identifiers. In particular, we discovered that advertising data of Apple and Microsoft proximity protocols can be used to defeat the address randomization scheme. Finally, we discuss how some elements of advertising data can be leveraged to identify the type of device, exposing the owner to inventory attacks. Best regards, Vincent, Mathieu, Joost, Thomas

6 years

1
0
0 0

[SPARTA - bodies.dissemination-committee] Notification of Accepted Paper

by Vivek Nigam

Dear Dissemination Committee, I am happy to announce that our attached paper has been accepted to the *9th IEEE International Workshop on Software Certification (WoSoCer)* We have acknowledged SPARTA. Best, Vivek Nigam -- fortiss · Landesforschungsinstitut des Freistaats Bayern An-Institut Technische Universität München Guerickestraße 25 80805 München Germany Tel.: +49 (89) 3603522 527 Fax: +49 (89) 3603522 50 E-Mail: nigam(a)fortiss.org http://www.fortiss.org Amtsgericht München: HRB: 176633 USt-IdNr.: DE263907002, Steuer-Nr.: 143/237/25900 Rechtsform: gemeinnützige GmbH Sitz der Gesellschaft: München Geschäftsführer: Dr. Harald Rueß, Thomas Vallon Vorsitzender des Aufsichtsrats: Dr. Manfred Wolter

6 years

1
0
0 0

Re: [SPARTA - bodies.dissemination-committee] notification of accepted paper

by Raimundas Matulevicius

Dear Dissemination Committee, Please see in the attachment a version of the paper accepted at the 27th International Conference on Cooperative Information Systems <http://www.otmconferences.org/index.php/conferences/coopis19>. Best greetings, Raimundas Dear all, I am happy to announce that our paper “Security Risk Management in Cooperative Intelligent Transportation Systems: A systematic literature review” is accepted at CoopiS 2019: 27th International Conference on Cooperative Information Systems <http://www.otmconferences.org/index.php/conferences/coopis19>. The paper is co-authored by Abasi-amefon O. Affia, Raimundas Matulevičius and Alexander Nolte (all from the University of Tartu). We will acknowledge the SPARTA project in the camera ready copy as follows: “This paper is supported in part by European Union’s Horizon 2020 research and innovation programme under grant agreement No 830892, project SPARTA." QUESTION: Do we need to communicate the camera-ready copy (one it is ready) with the SPARTA Dissemination committee? Best greetings, Raimundas

6 years, 1 month

1
0
0 0

[SPARTA - bodies.dissemination-committee] paper submission

by Qiang Tang

6 years, 1 month

1
0
0 0

[SPARTA - bodies.dissemination-committee] Submitted Paper

by Sergej Proskurin

Dear all, Sorry for the delayed notification. We have submitted a paper with the following title and abstract: Title: "xMP: Selective Memory Protection for Kernel and User Space" Abstract: Attackers leverage memory corruption vulnerabilities to establish primitives for reading from or writing to the address space of the vulnerable process. These primitives form the foundation for code-reuse and data-oriented attacks. While various defenses against the former class of attacks have proven effective, mitigation of the latter remains an open problem. In this paper, we identify various shortcomings of the x86 architecture regarding memory isolation, and leverage virtualization to build an effective defense against data-oriented attacks. We implement xMP, which consists of (in-guest) selective memory protection primitives that equip VMs with the ability to isolate sensitive data in user or kernel space into disjoint protection domains. We interface the Xen altp2m subsystem with the Linux memory management system, lending VMs the flexibility to define custom policies. Contrary to conventional approaches, xMP takes advantage of virtualization extensions, but after initialization, it does not require any hypervisor intervention. To ensure the integrity of in-kernel management information, and pointers to sensitive data within protection domains, xMP protects pointers with HMACs bound to an immutable context, so that integrity validation succeeds only in the right context. We have applied xMP to fortify the page tables and process credentials of the Linux kernel, as well as sensitive data in various user-space applications. Overall, our evaluation shows that xMP introduces minimal overhead for real-world workloads and applications, and offers effective protection against data-oriented attacks. Once this paper gets accepted, we will acknowledge SPARTA. Best, ~Sergej -- Sergej Proskurin, M.Sc. Wissenschaftlicher Mitarbeiter Technische Universität München Fakultät für Informatik Lehrstuhl für Sicherheit in der Informatik Boltzmannstraße 3 85748 Garching (bei München) Tel. +49 (0)89 289-18592 Fax +49 (0)89 289-18579

6 years, 1 month

3
2
0 0

[SPARTA - bodies.dissemination-committee] [Fwd: Re: Submission]

by mchoras＠itti.com.pl

Dear All, Our paper for IDEAL (info/notification below) is accepted :-). We will send/upload to svn the final version soon. The paper will be published in Nov. Regards, prof. Michal Choras -------------------------- Wiadomość oryginalna -------------------------- Temat: Re: [SPARTA - bodies.dissemination-committee] Submission Od: mchoras(a)itti.com.pl Data: 1 Sierpnia 2019, 11:01 am, Cz Do: Bodies.dissemination-committee(a)internal.sparta.eu Kopia: "bodies.dissemination-committee(a)internal.sparta.eu" <bodies.dissemination-committee(a)internal.sparta.eu> -------------------------------------------------------------------------- Dear All, We submitted Sparta and Safair relevant paper for IDEAL'19 which is well known ML conference. Title: The feasibility of Deep learning use for adversarial model extraction in The cybersecurity domain. By: Pawlicki, Choras and Kozik. If accepted we will acknowledge SPARTA. Greetings from holidays in Italy. Regards, Prof. Michal Choras > Dear all, > > We have submitted the paper ?A Secure Self-Authenticable Data Transfer > Protocol for Wireless Medical Sensor Networks? > > Abstract: Development of IoT (The Internet of Things) introduces many new > challenges. As IoT devices are getting smaller and smaller the problems of > so called ?constrained devices? arise. The traditional Internet protocols > are not very well suited for constrained devices comprising localized > network nodes with tens devices primarily communicating with each other > (e. g. various sensors in Body Area Network communicating with each > other). These devices have very limited memory, processing and power > resources so traditional security protocols and architectures doesn?t fit > well also. To address these challenges the fog computing paradigm is used > in which all constrained devices or ?End Nodes? primarily communicate only > with less constrained ?Fog Node? device, which collects all data, > processes it and communicates with the outside world. A new lightweight > secure self-authenticable transfer protocol (SSATP) for communications > between ?Fog End? devices and ?Fog Nodes? is presented in this paper. The > primary target of the proposed protocol is to use it as a secure transport > for CoAP in place of UDP and DTLS which are traditional choices in this > scenario. SSATP uses modified header fields of standard UDP packets to > transfer additional protocol handling and data flow management information > as well as user data authentication information. The optional redundant > data may be used to provide increased resistance to data losses when > protocol is used in unreliable networks. The results of experiments > presented in this paper show that SSATP is better choice than UDP with > DTLS in the cases where CoAP block transfer mode is used and/or in lossy > networks. > > This paper is still under evaluation. > If it gets accepted, we will acknowledge SPARTA. > > Best, > Algimantas Venčkauskas > Kauno technologijos universitetas > -- > bodies.dissemination-committee mailing list > bodies.dissemination-committee(a)server.sparta.eu > http://server.sparta.eu/cgi-bin/mailman/listinfo/bodies.dissemination-commi… >

6 years, 1 month

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

Bodies.dissemination-committee