Proceedings containing abstracts 09:00 - 09:30 Coffee and registration 09:30 - 09:40 Welcome 09:40 - 10:40 Session 1 Michael Backes, Pascal Berrang, Anne Hecksteden, Mathias Humbert, Andreas Keller and Tim Meyer. Tracking Personal MicroRNA Expression Profiles over Time Paulo Esteves-Verissimo and Jérémie Decouchant. The big data deluge in biomedicine: addressing the privacy vs. sharing dilemma Pedro Moreno-Sanchez, Tim Ruffing and Aniket Kate. REPTAR: Enabling Anonymous Payments with a (R)ound-(E)fficient (P)rotocol for (T)raffic (A)nalysis (R)esistant Anonymous Communication 10:40 - 11:00 Coffee 11:00 - 12:00 Invited talk by Karthikeyan Bhargavan. Freak, Logjam, and Sloth: Protecting TLS from legacy crypto
The Transport Layer Security (TLS) protocol suffers from legacy bloat: after 20 years of evolution, it features many versions, extensions, and ciphersuites, some of which are obsolete and known to be insecure. Implementations and deployments of TLS deal with this complexity by implementing composite state machines that allow new and old features to coexist for interoperability, while waiting for deprecated features to be disabled over time. Getting this composition right is tricky, and any flaw can result in a serious attack that bypasses the expected security of TLS.
This talk will discuss three recent vulnerabilities discovered in our group: FREAK uses legacy support for export-grade RSA cipher suites to break into connections between mainstream browsers and 25% of the web; Logjam exploits a protocol flaw to confuse DHE key exchanges into using export-grade Diffie-Hellman groups; SLOTH exploits hash function collisions to mount downgrade and impersonation attacks on TLS. These attacks rely on a combination of protocol-level weaknesses, implementation bugs, and weak cryptography. The talk will advocate principled methods to avoid such weaknesses in the future, such as software verification and new robust designs for new protocols like TLS 1.3.
12:00 - 13:30 Lunch 13:30 - 14:50 Session 2 Ralf Kuesters, Johannes Mueller, Enrico Scapin and Tomasz Truderung. sElect: A Lightweight Verifiable Remote Voting System Marjan Skrobot, Jean Lancrenon and Qiang Tang. Two More Efficient Variants of the J-PAKE Protocol Jan Camenisch, Robert R. Enderlein, Stephan Krenn, Ralf Kuesters and Daniel Rausch. Universal Composition with Responsive Environments Sjouke Mauw, Jorge Toro-Pozo and Rolando Trujillo-Rasua. A class of precomputation-based distance-bounding protocols 14:50 - 15:10 Coffee 15:10 - 16:10 Session 3 Minyue Ni, Yang Zhang, Weili Han and Jun Pang. An Empirical Study on User Access Control in Online Social Networks Vincent Rahli, Francisco Rocha, Marcus Völp and Paulo Esteves-Verissimo. Deconstructing MinBFT for Security and Verifiability Lukas Krämer, Johannes Krupp and Christian Rossow. AmpPot: Monitoring and Defending Against Amplification DDoS Attacks 16:10 - 16:30 Coffee 16:30 - 17:10 Session 4 Stefano Calzavara, Riccardo Focardi, Niklas Grimm and Matteo Maffei. Micro-Policies for Web Session Security Daniel Fett, Ralf Kuesters and Guido Schmitz. A Comprehensive Formal Security Analysis of OAuth 2.0
Alicia Filipiak, Véronique Cortier, Saïd Gharout and Jacques Traoré. Designing and proving an EMV-compliant payment protocol for mobile devices[talk cancelled]