The First International Workshop on Cyber Security
(CS-2015)

October 16-18, 2015, Xi'an, China

Keynote Speakers

Jie Chen, East China Normal University, China

 Title: Improved Dual System ABE in Prime-Order Groups via Predicate Encodings We present a modular framework for the design of efficient adaptively secure attribute-based encryption (ABE) schemes for a large class of predicates under the standard k-Lin assumption in prime-order groups; this is the first uniform treatment of dual system ABE across different predicates and across both composite and prime-order groups. Via this framework, we obtain concrete efficiency improvements for several ABE schemes. Our framework has three novel components over prior works: (i) new techniques for simulating composite-order groups in prime-order ones, (ii) a refinement of prior encodings framework for dual system ABE in composite-order groups, (iii) an extension to weakly attribute-hiding predicate encryption (which includes anonymous identity-based encryption as a special case). Bio:Jie Chen received the B.S. degree from Soochow University in 2008 and the Ph.D degree in Cryptography from Nanyang Technological University in 2012. In 2013, he joined the Department of Computer Science and Technology, East China Normal University. Currently, he is a Full Professor of East China Normal University. He has published a series of papers in cryptography conferences and journals, such as CRYPTO, EUROCRYPT, CT-RSA, SCN, Designs, Codes and Cryptography, Theoretical Computer Science etc. He served as PC of ACNS 2015 and subreviewer of CRYPTO, EUROCRYPT, ASIACRYPT, TCC, PKC etc. His research interests include Public-Key Cryptography, Pairing-Based Cryptography, and Lattice-Based Cryptography.

Shengli Liu, Shanghai Jiaotong University, China

 Title: Continuous Non-Malleable Key Derivation and Its Application to Related-Key Security Related-Key Attacks (RKAs) allow an adversary to observe the outcomes of a cryptographic primitive under not only its original secret key e.g., s, but also a sequence of modified keys ¦Õ(s), where ¦Õ is specified by the adversary from a class ¦µ of so-called Related-Key Derivation (RKD) functions. This paper extends the notion of nonmalleable Key Derivation Functions (nm-KDFs), introduced by Faust et al. (EUROCRYPT¡¯14), to continuous nm-KDFs. Continuous nm-KDFs have the ability to protect against any a-priori unbounded number of RKA queries, instead of just a single time tampering attack as in the definition of nm-KDFs. Informally, our continuous non-malleability captures the scenario where the adversary can tamper with the original secret key repeatedly and adaptively. We present a novel construction of continuous nm-KDF for any polynomials of bounded degree over a finite field. Essentially, our result can be extended to richer RKD function classes possessing properties of high output entropy and input-output collision resistance. The technical tool employed in the construction is the one-time lossy filter (Qin et al. ASIACRYPT¡¯13) which can be efficiently obtained under standard assumptions, e.g., DDH and DCR. We propose a framework for constructing ¦µ-RKA-secure IBE, PKE and signature schemes, using a continuous nm-KDF for the same ¦µ-class of RKD functions. Applying our construction of continuous nm-KDF to this framework, we obtain the first RKA-secure IBE, PKE and signature schemes for a class of polynomial RKD functions of bounded degree under standard assumptions, while previous constructions for the same class of RKD functions all rely on non-standard assumptions, e.g., d-extended DBDH assumption. Bio:Shengli Liu was born in Wuji County, Hebei Province in 1974. She earned a bachelor¡¯s, a master¡¯s and a doctorate from Xidian University from 1991 to 2000, then she went on to study for another Ph.D in Cryptography from Eindhoven University of Technology, in Netherlands in 2002. She is currently a professor with Shanghai Jiao Tong University in China. Her research interests include Public-Key Encryption and Information Theory Security.

Qianhong Wu, Beihang University, China

 Title: Online/Offline Large-Universe Predicate Encryption In this work, we provide a framework for constructing Online/Offline Public-Index Predicate Encryption (OO-PIPE). We achieve this goal in two typical security notions. First, we propose a generic transformation from LU-PIPE secure against Chosen Plaintext Attack (CPA) to CPA-secure OO-PIPE. The major challenge in this scenario is to prepare the ciphertext without the knowledge of the associated ciphertext attributes in the offline stage. We address this challenge by identifying an interesting attribute-malleability in many LU-PIPE schemes. The property allows an encryptor to efficiently malleate a ciphertext associated with one ciphertext attribute to any ciphertext attribute. Second, we propose a generic transformation from a CPA-secure LU-PIPE scheme to an OO-PIPE scheme secure against Adaptively Chosen Ciphertext Attack (CCA2) at the only cost of a Chameleon hash, assuming the underlying LU-PIPE has the properties of attribute-malleability and public verifiability. The main obstacle to construct CCA2-secure OO-PIPE is that the online/offline mechanism endogenously implies forgery in the sense that a pre-computed ciphertext must be able to be efficiently malleated to a resulting ciphertext associated with different ciphertext attributes and plaintext, while any efficient valid ciphertext forgery is prevented in CCA2 security. We circumvent this obstacle by exploiting the private forgery'' with the help of attribute-malleability and Chameleon hash, i.e., only the original encryptor can malleate the ciphertext to associate with different attributes and provide a hash collision of the ciphertext components. The resulting OO-PIPE schemes are secure in the same security model used for the underlying LU-PIPE. Finally, we show that our frameworks cover existing schemes and relieve one from designs in an ad hoc way. Following the proposed generic framework, we also instantiate several OO-PIPE schemes with efficient online encryption. Technically, in contrast to the previous main use of Chameleon hash in (online/offline) signatures, our work demonstrates Chameleon hash can have unique applications in construction of online/offline encryption schemes. Bio:Qianhong Wu received his Ph.D. in Cryptography from Xidian University in 2004. Since then, he has been with Wollongong University (Australia) as an associate research fellow, with Wuhan University (China) as an associate professor, and with Universitat Rovira i Virgili (Spain) as a research director. He is currently a professor with Beihang University in China. His research interests include cryptography, information security and privacy, VANET security and cloud computing security. He has been a holder/co-holder of 8 China/Australia/Spain funded projects. He has authored 10 patents and over 110 publications including those in Eurocrypt, Asiacrypt, IEEE/ACM Transactions on Networking, IEEE Transactions on Computers, IEEE Transactions on Information Forensics and Security, IEEE Transactions on Vehicular Technology. He has served in the program committee of several international conferences in information security and privacy. He is a member of IACR IEEE and ACM.

Yu Yu, Shanghai Jiao Tong University, China

 Title: Almost Optimal Constructions of Universal One-way Hash Functions from One-way Functions We revisit the problem of black-box constructions of universal one-way hash functions (UOWHFs) from several (from specific to more general) classes of one-way functions (OWFs), and give respective constructions that either improve or generalize the best previously known. In addition, the parameters we achieve are either optimal or almost optimal simultaneously up to small factors, e.g., arbitrarily small $\omega(1)$. (1) For any 1-to-1 one-way function, we give an optimal construction of UOWHFs with key and output length $\Theta(n)$ by making a single call to the underlying OWF. This improves the constructions of Naor and Yung (STOC 1989) and De Santis and Yung (Eurocrypt 1990) that need key length $O(n*\omega(log n))$. (2) For any known-(almost-)regular one-way function with known hardness, we give an optimal construction of UOWHFs with key and output length $\Theta(n)$ and a single call to the one-way function. (3) For any known-(almost-)regular one-way function, we give a construction of UOWHFs with key and output length $O(n*\omega(1))$ and by making $\omega(1)$ non-adaptive calls to the one-way function. This improves the construction of Barhum and Maurer (Latincrypt 2012) that requires key and output length $O(n*\omega(log n))$ and $\omega(log n)$ calls. (4) For any weakly-regular one-way function introduced by Yu et al. at TCC 2015 (i.e., the set of inputs with maximal number of siblings is of an $n^{-c}$-fraction for some constant $c$), we give a construction of UOWHFs with key length $O(n*log n)$ and output length $\Theta(n)$. This generalizes the construction of Ames et al. (Asiacrypt 2012) which requires an unknown-regular one-way function (i.e., $c=0$). Bio:Yu Yu is currently a research professor at Shanghai Jiao Tong University. He obtained his BSc from Fudan University in 2003, and his PhD from Nanyang Technological University in 2006. He worked as a researcher at the ICT security lab at T-Systems Singapore from 2006 to 2008, and as a postdoctoral researcher at the UCL Crypto Group from 2008-2010. After returned to China, he was employed by East China Normal University (2011-2012) and Tsinghua University (2012-2014). His research interests include foundations of cryptography, pseudorandomness, and leakage-resilient cryptography. He published papers at major venues such as CRYPTO, CCS, TCC, Asiacrypt, and CHES. He is currently serving on the board of the IACR as an observer and webmaster.

Fangguo Zhang, Sun Yat-sen University, China

 Title: Research Progress on ECDLP In the last 30 years, Elliptic Curve Cryptography (ECC) has become a mainstream primitive for cryptographic protocols and applications. The elliptic curve discrete logarithm problem (ECDLP) is the security kernel of ECC. In this talk, we will talk about the state of the art of ECDLP. Our talk will focus on some recent work from the following three aspects: Speedup for generic method; Effort on index calculation; Practice attack. Bio:Fangguo Zhang is a professor with Sun Yat-sen University in China. He is also the co-director of Guangdong Key Laboratory of Information Security Technology. He obtained his Ph.D. degree in Cryptography from Xidian University in 2001. His research mainly focuses on cryptography and its applications, specific interests are elliptic curve cryptography, secure multiparty computation, anonymity and privacy, etc.

Hsiao-Hwa Chen, National Cheng Kung University, Taiwan

 Title: Complementary Coded Code Hopping Multiple Access¨CA New PHY with Enhanced Security Code hopping multiple access (CHMA) is a newly emerging multiple access technique with its potential to implement high security communications. Unfortunately, orthogonality amongst user signals in existing CHMA schemes can be preserved only in synchronous channels under an assumption that neither multipath interference (MI) nor multiple access interference (MAI) exists. Exploiting their ideal orthogonality, we apply orthogonal complementary codes to CHMA systems to overcome the problems with existing CHMA schemes. In particular, we will show that the application of orthogonal complementary codes can significantly improve the performance of a CHMA system due to its unique collision resistant capability. The properties and BER performance of the proposed system are analyzed for both uplink and downlink applications, where the system may suffer MI and MAI simultaneously. Simulation results show that the complementary coded CHMA with channel coding offers a high capacity as another secure PHY for futuristic wireless communications. Bio:Hsiao-Hwa Chen is currently a Distinguished Professor in the Department of Engineering Science, National Cheng Kung University, Taiwan. He obtained his BSc and MSc degrees from Zhejiang University, China, and a PhD degree from the University of Oulu, Finland, in 1982, 1985 and 1991, respectively. He has authored or co-authored over 400 technical papers in major international journals and conferences, six books and more than ten book chapters in the areas of communications. He served as the general chair, TPC chair and symposium chair for many international conferences. He served or is serving as an Editor or/and Guest Editor for numerous technical journals. He is the founding Editor-in-Chief of Wiley¡¯s Security and Communication Networks Journal (www.interscience.wiley.com/journal/security). He is the recipient of the best paper award in IEEE WCNC 2008 and a recipient of IEEE Radio Communications Committee Outstanding Service Award in 2008. Currently, he also served as the Editor-in-Chief for IEEE Wireless Communications from 2012 Feb to 2015 June. He is a Fellow of IEEE, a Fellow of IET, and an elected Member at Large of IEEE ComSoc.

Rongxing Lu, Nanyang Technological University, Singapore

 Title: Behavior Rule Based Insider Threat Detection for Smart Grid In this talk, we will discuss a behavior rule based methodology for Insider Threat detection of data monitor devices in smart grid, where the continuity and accuracy of operations are of vital importance. Based on the DC power flow model and state estimation model, three behavior rules are extracted to depict the behavior norms of each device, such that a device (trustee) that is being monitored on its behavior can be easily checked on the deviation from the behavior specification. Specifically, a rule-weight and compliance-distance based grading strategy is designed, which greatly improves the effectiveness of the traditional grading strategy for evaluation of trustees. The statistical property, i.e., the mathematical expectation of compliance degree of each trustee, is particularly analyzed from both theoretical and practical perspectives, which achieves satisfactory trade-off between detection accuracy and false alarms to detect more sophisticated and hidden attackers. In addition, based on real data run in POWER WORLD for IEEE benchmark power systems, and through comparative analysis, we demonstrate that our methodology outperforms the state-of-arts for detecting abnormal behaviors in pervasive smart grid applications. Bio:Rongxing Lu has been an assistant professor at the School of Electrical and Electronic Engineering, Nanyang Technological University, Singapore, since May 2013. Before that, he worked as a Postdoctoral Fellow at the University of Waterloo from May 2012 to April 2013. Rongxing Lu was awarded the most prestigious Governor Generals Gold Medal, when he received his PhD degree from the Department of Electrical & Computer Engineering, University of Waterloo, Canada, in 2012; and won the 8th IEEE Communications Society (ComSoc) Asia Pacific (AP) Outstanding Young Researcher Award, in 2013. He is presently a member of IEEE Communications Society. His research interests include big data security and privacy, cloud and fog computing security, smart grid security, and applied cryptography. He has published extensively in his areas of expertise (with H-index 40 from Google Scholar currently), and was the recipient of the Student Best Paper Award, ITS Summit Singapore 2015, the IEEE IES Student Best Paper Award 2014, the Best Paper Awards of TSINGHUA Science and Technology Journal 2014, IEEE WCNC 2013, IEEE ICCC 2013, BodyNets 2010, ICCCN 2009, and Chinacom 2008. He has been on the editorial boards of several international referred journals, e.g., IEEE Networks, and currently serves the technical symposium co-chair of ICCC¡¯15, and many technical program committees of IEEE and others international conferences, including IEEE Infocom, Globecom, and ICC. (http://www.ntu.edu.sg/home/rxlu/)

Yunlei Zhao, Fudan University, China

 Title: The Evolution of TLS: History and Next Generation The Transport Layer ecurity (TLS) protocol is one of the most widely deployed cryptographic protocols this is used for protecting network security in every day. In this talk, we review the evolution history of TLS, the various attacks discovered up to now (including the most advanced ones developed recently). We then focus on the development of the next generation of TLS, specifically TLS1.3 that is actively underway by IETF now. In particular, we will discuss the changes between TLS1.2 and TLS1.3, and the underlying motivations and principles for TLS1.3. Bio:Yunlei Zhao received the Ph.D degree in computer science in 2004 from Fudan University, Shanghai, China. In the same year, he joined Hewlett-Packard European Research Center, Bristol, UK, as a Postdoc researcher. Since 2005, he worked at Fudan University, and is currently a professor at Software School, Fudan University. His research interests include theory and applications of cryptography, information security, and the interplay between complexity theory and cryptography.

Xiaodong Lin, University of Ontario Institute of Technology, Canada

 Title: Enterprise Wireless Network Security and Protection Wireless networks have increasingly being used in our daily life because of being now available everywhere, for example, from airport, to restaurants, to coffee shop. One popular wireless local area networking (WLAN) technology is Wi-Fi, which is defined in IEEE 802.11 standards, also known as IEEE WLAN standards. Booming Wi-Fi networks, particularly millions of public Wi-Fi access or hotspots all over the world, are bringing tremendous convenience to our daily lives. The rapidly evolving Wi-Fi technologies have become ubiquitous, for example, allowing people to stay connected anywhere, anytime. However, it also suffers from several security problems. As the result, threat of unauthorized access has increased. Due to the growing importance of wireless security, there is an increasing demand for more secure means of securing wireless access within an enterprise wireless network. In this talk, I will first show that the existing security system deployed in an enterprise wireless network is not entirely safe due to a combination of vulnerabilities caused by the operating systems used by mobile devices, as well as misconfigured wireless network systems that pose huge security and privacy risks. One such highly practical attack uses a combination of attacking tactics, including fake Access Point (AP), Man in the middle, Denial of service, and Brute force attacks. The attack is called Evil Twin, which is used against Wi-Fi Protected Access (WPA) enterprise wireless networks. Then, I will propose a lightweight client-side solution for defending Evil Twin attack. Finally I will present my view of future directions in this research area. Bio:Xiaodong Lin received the PhD degree in Information Engineering from Beijing University of Posts and Telecommunications, China, and the PhD degree (with Outstanding Achievement in Graduate Studies Award) in Electrical and Computer Engineering from the University of Waterloo, Canada. He is currently an Associate Professor with the Faculty of Business and Information Technology, University of Ontario Institute of Technology (UOIT), Canada. His research interests include wireless communications and network security, computer forensics, software security, and applied cryptography. Dr. Lin serves as an Associate Editor for many international journals. He has served or is serving as a guest editor for many special issues of IEEE, Elsevier and Springer journals and as a symposium chair or track chair for IEEE/ACM conferences. He also served on many program committees. He currently serves as Vice Chair for Publications of Communications and Information Security Technical Committee (CISTC) ¨C IEEE Communications Society (January 1, 2014 - December 31, 2015). He is a senior member of the IEEE.

Sheng Zhong, Nanjing University, China

 Title: Privacy Preserving Computing and Min and k-th Min Protecting users' privacy is extremely important in mobile sensing applications. In this work, we study how an aggregator can quickly compute the minimum or the k-th minimum of users' data, without learning the data. Two protocols are built, based on random coding and an XOR-homomorphic encryption scheme. These protocols are proved to be secure in the semi-honest model. Empirical data demonstrates that our protocols have greatly improved the efficiency compared with previous protocols. Bio:Sheng Zhong received his BS, MS from Nanjing University, and his PhD from Yale University, all in computer science. Before moving to the current job, he had worked as a faculty member at SUNY Buffalo for years, receiving NSF CAREER Award and early tenure promotion. Currently he is a Professor of Computer Science at Nanjing University. He is a recipient of the National Science Fund for Distinguished Young Scholars of China, and has also been supported by the 1000-Talent Recruit Program of China (Youth Class). He is an Editor of IEEE Transactions on Vehicular Technology, and an Associate Editor of Information Sciences.

The First International Workshop on Cyber Security (CS-2015)