Proceedings containing abstracts

09:00 - 09:30 Coffee and registration

09:30 - 09:40 Welcome

09:40 - 10:40 Session 1

Michael Backes, Pascal Berrang, Anne Hecksteden, Mathias Humbert,
Andreas Keller and Tim Meyer. Tracking Personal MicroRNA Expression
Profiles over Time

Paulo Esteves-Verissimo and Jérémie Decouchant. The big data deluge in
biomedicine: addressing the privacy vs. sharing dilemma

Pedro Moreno-Sanchez, Tim Ruffing and Aniket Kate. REPTAR: Enabling
Anonymous Payments with a (R)ound-(E)fficient (P)rotocol for (T)raffic
(A)nalysis (R)esistant Anonymous Communication

10:40 - 11:00 Coffee

11:00 - 12:00 Invited talk by Karthikeyan Bhargavan.

Freak, Logjam, and Sloth: Protecting TLS from legacy crypto

The Transport Layer Security (TLS) protocol suffers from legacy bloat: after 20 years of evolution, it features many versions, extensions, and ciphersuites, some of which are obsolete and known to be insecure. Implementations and deployments of TLS deal with this complexity by implementing composite state machines that allow new and old features to coexist for interoperability, while waiting for deprecated features to be disabled over time. Getting this composition right is tricky, and any flaw can result in a serious attack that bypasses the expected security of TLS.

This talk will discuss three recent vulnerabilities discovered in our group: FREAK uses legacy support for export-grade RSA cipher suites to break into connections between mainstream browsers and 25% of the web; Logjam exploits a protocol flaw to confuse DHE key exchanges into using export-grade Diffie-Hellman groups; SLOTH exploits hash function collisions to mount downgrade and impersonation attacks on TLS. These attacks rely on a combination of protocol-level weaknesses, implementation bugs, and weak cryptography. The talk will advocate principled methods to avoid such weaknesses in the future, such as software verification and new robust designs for new protocols like TLS 1.3.

12:00 - 13:30 Lunch

13:30 - 14:50 Session 2

Ralf Kuesters, Johannes Mueller, Enrico Scapin and Tomasz Truderung.
sElect: A Lightweight Verifiable Remote Voting System

Marjan Skrobot, Jean Lancrenon and Qiang Tang. Two More Efficient
Variants of the J-PAKE Protocol

Jan Camenisch, Robert R. Enderlein, Stephan Krenn, Ralf Kuesters and
Daniel Rausch. Universal Composition with Responsive Environments

Sjouke Mauw, Jorge Toro-Pozo and Rolando Trujillo-Rasua. A class of
precomputation-based distance-bounding protocols

14:50 - 15:10 Coffee

15:10 - 16:10 Session 3

Minyue Ni, Yang Zhang, Weili Han and Jun Pang. An Empirical Study on
User Access Control in Online Social Networks

Vincent Rahli, Francisco Rocha, Marcus Völp and Paulo Esteves-Verissimo.
Deconstructing MinBFT for Security and Verifiability

Lukas Krämer, Johannes Krupp and Christian Rossow. AmpPot: Monitoring
and Defending Against Amplification DDoS Attacks

16:10 - 16:30 Coffee

16:30 - 17:10 Session 4

Stefano Calzavara, Riccardo Focardi, Niklas Grimm and Matteo Maffei.
Micro-Policies for Web Session Security

Daniel Fett, Ralf Kuesters and Guido Schmitz. A Comprehensive Formal
Security Analysis of OAuth 2.0

Alicia Filipiak, Véronique Cortier, Saïd Gharout and Jacques Traoré.
Designing and proving an EMV-compliant payment protocol for mobile devices
[talk cancelled]