ebook img

Financial Cryptography and Data Security: FC 2020 International Workshops, AsiaUSEC, CoDeFi, VOTING, and WTSC, Kota Kinabalu, Malaysia, February 14, 2020, Revised Selected Papers PDF

635 Pages·2020·23.826 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Financial Cryptography and Data Security: FC 2020 International Workshops, AsiaUSEC, CoDeFi, VOTING, and WTSC, Kota Kinabalu, Malaysia, February 14, 2020, Revised Selected Papers

Matthew Bernhard · Andrea Bracciali · L. Jean Camp · Shin’ichiro Matsuo · Alana Maurushat · Peter B. Rønne · Massimiliano Sala (Eds.) 3 6 0 Financial Cryptography 2 1 S C and Data Security N L FC 2020 International Workshops, AsiaUSEC, CoDeFi, VOTING, and WTSC Kota Kinabalu, Malaysia, February 14, 2020 Revised Selected Papers Lecture Notes in Computer Science 12063 Founding Editors Gerhard Goos Karlsruhe Institute of Technology, Karlsruhe, Germany Juris Hartmanis Cornell University, Ithaca, NY, USA Editorial Board Members Elisa Bertino Purdue University, West Lafayette, IN, USA Wen Gao Peking University, Beijing, China Bernhard Steffen TU Dortmund University, Dortmund, Germany Gerhard Woeginger RWTH Aachen, Aachen, Germany Moti Yung Columbia University, New York, NY, USA More information about this series at http://www.springer.com/series/7410 Matthew Bernhard Andrea Bracciali (cid:129) (cid:129) ’ L. Jean Camp Shin ichiro Matsuo (cid:129) (cid:129) ø Alana Maurushat Peter B. R nne (cid:129) (cid:129) Massimiliano Sala (Eds.) Financial Cryptography and Data Security FC 2020 International Workshops, AsiaUSEC, CoDeFi, VOTING, and WTSC Kota Kinabalu, Malaysia, February 14, 2020 Revised Selected Papers 123 Editors MatthewBernhard Andrea Bracciali University of Michigan–Ann Arbor Computing Science andMathematics AnnArbor, USA University of Stirling Stirling, UK L. JeanCamp Computer Science Department Shin’ichiro Matsuo Indiana University Department ofComputer Science Bloomington,USA Georgetown University Washington, WA,USA Alana Maurushat Western Sydney University PeterB. Rønne Parramatta, Australia Maison duNombre University of Luxembourg Massimiliano Sala Esch-sur-Alzette, Luxembourg Dipartimento di Matematica University of Trento Trento, Trento, Italy ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notesin Computer Science ISBN 978-3-030-54454-6 ISBN978-3-030-54455-3 (eBook) https://doi.org/10.1007/978-3-030-54455-3 LNCSSublibrary:SL4–SecurityandCryptology ©SpringerNatureSwitzerlandAG2020 Thechapter“Marlowe:ImplementingandAnalysingFinancialContractsonBlockchain”islicensedunder the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/ licenses/by/4.0/).Forfurtherdetailsseelicenseinformationinthechapter. Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictionalclaimsin publishedmapsandinstitutionalaffiliations. ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSwitzerlandAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland AsiaUSEC 2020 Preface USEC has always been targeted to be the global platform for usable security since its inception in 2012 at Financial Cryptography in Bonaire. Financial Cryptography has always been open to novel approaches, to incentives, and evaluations of the costs as well as benefits of new technologies. Ensuring effective security and privacy in real-world technology requires considering not only technical but also human aspects, aswellasthecomplexwayinwhichthesecombine.Thesimplefactisthatifahighly secure system is unusable, users will move their data to less secure but more usable systems. Security avoidance and workarounds have been major contributors to catas- trophicaswellaschronicsecurityfailures.Givenallthis,FinancialCryptographywas an excellent place for USEC to begin, and to return. USEC moved to the Internet Society’s annual Network and Distributed Systems event in 2014 for ease of travel and outreach to a broader community. Because of the reliable quality of the work in NDSS, USEC expanded in 2014 to include an annual European event. In 2020, the main USEC workshop moved back to Financial Cryp- tographyinordertoevaluatethepotential forasemi-annualUSECeventfocusingon, and more accessible to, the Asian usable security research communities. The confer- ence attendance was decreased by (what we now recognize as) the COVID-19 pan- demic, yet the final keynote by Peter Gutmann had at least 50 people. ItistheaimofUSECtocontributetoanincreaseofthescientificqualityofresearch in human factors in security and privacy. To this end, we encouraged comparative studies on different populations, including replication studies to validate previous research findings. Theresearchincludeddocumentationofhumanbehaviors:anexplorationofprivacy versussharingbehaviorandperception,andacomparisonofbrowserchoicesinSouth Korea. And in the workplace, an explanation of how the behaviors of out-sourced employees create risks is only more applicable with social distancing. In terms of human performance one study examined how users leverage cues to differentiate phishing emails from legitimate ones, and how people deal with various typesofauditorystimuliwhensolvingCAPTCHAs.Anoperationalbrowserextension that leverages usability and entertainment showed that focusing on the person rather than the threat can greatly increase human efficacy in the face of masquerade attacks. At a higher level, one author returned to the topic of how insights from psychology researchcanhelpeducatepeopleaboutcybersecuritybringingthesefromthefieldinto the classroom. Twoinvestigationsofmentalmodelsofemailwerecomplementedbyastudyofthe mental models of workers with respect to privacy at work. A stand-alone qualitative inquiryintotheperceptionsofsmartdevicesprovidedglimpsesintothemindsofhow non-experts deal with the risks of always-on always-listening in-home computing. A comparative study of privacy and security perceptions illustrated that culture and jurisdiction can play a role in these. vi AsiaUSEC 2020Preface Intermsofimprovingefficacyofsecuresystems,theresearchincludedanextension of graphical password authentication and an innovative work examining empathy as opposed to fear as a motivator. A comparative study of SpotBugs, SonarQube, Cryptoguard, and CogniCrypt identified strengths in each and refined the need for improvements in security testing tools. AteveryUSECeventwehopetobringtogetherresearchersalreadyengagedinthis inherently interdisciplinary effort with other computer science domains. Financial Cryptography, with its history of scholarship on technical trust combined with social events that include all workshop and conference attendees, is an exemplar of how to bring the different areas of computing research together in a collegial environment. March 2020 L. Jean Camp Alana Maurushat AsiaUSEC 2020 Organization Chairs L. Jean Camp Indiana University, USA Alana Maurushat Western Sydney University, Australia Program Committee Abdulmajeed Alqhatani UNC Charlotte, USA Ada Lerner Wellesley College, USA Alisa Frik ICSI, University of California at Berkeley, USA Andrew A. Adams Meiji University, Japan Hamza Sellak CSIRO, Australia Heather Crawford Florida Institute of Technology, USA Julian Jang-Jaccard Massey University, New Zealand Julian Williams Durham University, UK Julie Haney National Institute of Standards and Technology, USA Karen Renaud Rhodes University, South Africa, and University of Glasgow, UK Mahdi Nasrullah Al-Ameen Utah State University, USA Maija Poikela Fraunhofer AISEC, Germany Marthie Grobler CSIRO, Australia Matt Bishop University of California at Davis, USA Mohan Baruwal Chhetri CSIRO, Australia Nicholas Weaver ISCI, USA Pam Briggs Northumbria University, UK Patrick Traynor University of Florida, USA Paul Watters La Trobe University, Australia Peter Gutmann The University of Auckland, New Zealand Sanchari Das American Express, USA Shigeng Zhang Central South University, China Shrirang Mare University of Washington, USA Sid Stamm Rose-Hulman Institute of Technology, USA Sven Dietrich City University of New York, USA Ruth Shillair Michigan State University, USA Tim Kelley Naval Surface Warfare Center Crane Division, USA Vaibhav Garg Comcast Cable, USA Wendy Seltzer MIT, USA Zinaida Benenson University of Erlangen-Nuremberg, Germany CoDeFi 2020 Preface The workshop on Coordination of Decentralized Finance (CoDeFi) is a newly organized workshop associated with Financial Cryptography 2020. The goal of CoDeFiistodiscussmultidisciplinaryissuesregardingtechnologiesandoperationsof decentralized finance based on permissionless blockchain. From an academic point of view, security and privacy protection are some of the leading research streams. The Financial Cryptography conference discusses these research challenges. On the other hand, other stakeholders than cryptographers and blockchain engineers have different interestsinthesecharacteristicsofblockchaintechnology.Forexample,regulatorsface difficulty to trace transactions in terms of anti-money laundering (AML) against privacy-enhancing crypto-asset. Another example isconsumer protection in the case of cyberattacks on crypto-asset custodians.Blockchainbusinessentitiessometimesstarttheirbusinessbeforematuring technology, but the technology and operations are not transparent to regulators and consumers. The main problem is a lack of communication among stakeholders of the decentralized finance ecosystem. G20 discussed the issue of insufficient communica- tionamongstakeholdersin2019.Itconcludedthatthereisanessential needtohavea multi-stakeholder discussion among engineers, regulators, business entities, and operators based on the neutrality of academia. CoDeFi aims to have common understandings of technology and regulatory goals and discussions on essential issues of blockchain technology by all stakeholders mentioned above. CoDeFI 2020 was a historical workshop because we could involve regulators and engineers in the discussion at the venue of the Financial Cryptography conference. The workshop consisted of two parts; presentations by all stakeholders and unconference style discussions. The presentations were selected by a peer-review process, and each stakeholder presented needs for multi-stakeholder discussions and painpoints.Thispartwasanexcellentopportunitytosharecommonunderstandingsof goals and pain points. In the second part, we discussed two topics; a suitable style for multi-stakeholder discussion and balancing privacy protection. Presentations and discussions are included as papers in these proceedings. May 2020 Shin’ichiro Matsuo CoDeFi 2020 Organization Workshop Chair Shin’ichiro Matsuo Georgetown University and BSafe.network, USA Program Committee Byron Gibson Stanford Center for Blockchain Research, USA Shin’ichiro Matsuo Georgetown University and BSafe.network, USA (Workshop Chair) Robert Schwentker DLT Education and BSafe.network, USA Yonatan Sompolinsky The Hebrew University of Jerusalem, DAGlabs, Israel Shigeya Suzuki BSafe.network, BASE Alliance, WIDE Project, Keio University, Japan Yuta Takanashi JFSA, Japan Pindar Wong BSafe.network, USA Anton Yemelyanov Base58 Association, Canada Aviv Zohar The Hebrew University of Jerusalem, Israel

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.