The conference main theme will be supported by invited papers and talks. The following have gracefully accepted to talk:
Prof. Bart Preneel, Head of Computer Security and Industrial Cryptography (COSIC) at Katholieke Universiteit Leuven, Leuven, Belgium:
Research Challenges in Cryptology
Abstract: Cryptology is a key enabling technology for information security. In the 1990s, cryptography has moved from closed hardware systems to software implementations and mass market use; the next step will be an environment with cryptography everywhere, that is, from desktops, PDAs and phones to identity cards, household goods, sensor networks and RFID tags. In this talk we review the recent developments in cryptography; this includes the weaknesses discovered in hash functions and stream ciphers, the development of new side channel attacks, and the design of advanced cryptographic algorithms. Next we will explain how advanced cryptographic techniques can contribute to address future challenges related to privacy, trusted computing, distributed trust and ambient intelligence. We also discuss the impact of quantum cryptography and of quantum computing.
Prof. Marc Joye, Thomson R&D, France:
Abstract: White-box cryptography techniques are aimed at protecting software implementations of cryptographic algorithms against key recovery. They are primarily used in DRM-like applications as a cost-effective alternative to token-based protections. In this talk, we compare those two approaches and present an overview of the different known models: the black-box model, the grey-box model, and the white-box model.
Prof. Elisabeth Oswald, Cryptography and Information Security Group, University of Bristol, Bristol, UK:
Power Analysis AttacksA Very Brief Introduction
Abstract: Power analysis attacks allow extracting keys from cryptographic devices with low effort. While so called differential power analysis attacks assume only very limited knowledge about the device under attack, template-based power analysis attacks assume much more knowledge. Naturally, this leads to better attacks. This talk will survey existing power analysis techniques and countermeasures.
Prof. Çetin Kaya KOÇ, Istanbul Commerce U., Turkey, & Oregon State U., USA:
Micro-Architectural Side-Channel Attacks & Branch
Abstract: We give an overview of side-channel attacks on commodity processors, particularly for computers running as servers. These attacks, named as micro-architectural attacks, exploit the cache and branch prediction behavior of the processor. The branch prediction attacks have been shown to be quite successful, and require that software and hardware architects develop countermeasures against such attacks.
Prof. Mehmet Ufuk ÇAĞLAYAN, Bogaziçi U., Turkey:
Secure Routing in Ad Hoc Networks and Model Checking
Abstract: Although secure routing issues in mobile ad hoc networks (MANETs) have always been a major focus in the recent years, the success of delivering a guarantee of secure communication has never been entirely achieved by any secure routing protocol. In this work, we give a survey on secure routing issues in MANETs, with a brief summary of the current state of the art in secure routing protocols and their resistance to known attacks. We describe formal specification and verification methods that are applicable in security property verification, especially having our focus on model checking. We also present current state of our research on using model checking to analyze security properties of secure routing protocols for MANETs. A formal security analysis of SAODV and ARIADNE by using a well-known model checker, SPIN, is provided. By modeling the SAODV protocol and formally specifying the security properties, we present two attacks automatically found by SPIN, in the presence of an external attacker. SPIN is also used to flag a sequence of possible events in the ARIADNE protocol, leading to an attack where the two compromised nodes collaborate to remove the intermediate nodes from the route discovery process.
Dr. Karthik BHARGAWAN, Microsoft Research Cambridge, UK:
Web Services Security: Protocols, Implementations, and Proofs
Abstract: This talk will overview recent work in verifying security properties for protocols being standardized as part of the XML Web Services framework. I will introduce the WS-Security and its associated standards and discuss how these protocols differ from traditional cryptographic protocols. Through examples, we will see how to write and generate models and implementations of these protocols. I will discuss flaws in some protocols and their implementations, and for others we shall see how to achieve formal proofs of correctness under the Dolev-Yao threat model. All our papers and some of our verification tools are available online at http://Securing.WS.