Lucas C.K. Hui · S.H. Qing Elaine Shi · S.M. Yiu (Eds.) Information and 8 Communications 5 9 8 S Security C N L 16th International Conference, ICICS 2014 Hong Kong, China, December 16–17, 2014 Revised Selected Papers 123 Lecture Notes in Computer Science 8958 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zürich, Switzerland John C. Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany More information about this series at http://www.springer.com/series/7410 Lucas C.K. Hui S.H. Qing (cid:129) Elaine Shi S.M. Yiu (Eds.) (cid:129) Information and Communications Security 16th International Conference, ICICS 2014 – Hong Kong, China, December 16 17, 2014 Revised Selected Papers 123 Editors Lucas C.K.Hui ElaineShi TheUniversity of HongKong University of Maryland Hong Kong CollegePark China USA S.H. Qing S.M.Yiu PekingUniversity TheUniversity of HongKong Beijing Hong Kong China China ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notesin Computer Science ISBN 978-3-319-21965-3 ISBN978-3-319-21966-0 (eBook) DOI 10.1007/978-3-319-21966-0 LibraryofCongressControlNumber:2015944432 LNCSSublibrary:SL4–SecurityandCryptology SpringerChamHeidelbergNewYorkDordrechtLondon ©SpringerInternationalPublishingSwitzerland2015 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade. Printedonacid-freepaper SpringerInternationalPublishingAGSwitzerlandispartofSpringerScience+BusinessMedia (www.springer.com) Preface TheICICSconferenceseriesisawell-establishedforumforresearchersinuniversities, research institutes, and industry to get together to share the latest research results and exchange ideas in the areas of information and communication security. ICICS has taken place in a number of different countries including China (1997, 2001, 2003, 2005, 2007, 2009, 2011, 2013), Australia (1999), Hong Kong (2012), Singapore (2002),Spain(2004,2010),USA(2006),andUK(2008).Thiswasthesecondtimethe ICICS conference (the 16th event in the series) was hosted by the Center for Infor- mationSecurityandCryptography(CISC)oftheUniversityofHongKong(December 16–17, 2014). We received 87 submissions and the committee decided to accept 22 paperscoveringvariousaspectsofinformationsecurity.Theprogramalsoincludedtwo remarkableinvitedtalksgivenbyAndreiSabelfeldtitled“SecuringWebApplications” and by K.P. Chowtitled “Occupy Central and Cyber Wars: The Technologies Behind the Political Event in Hong Kong.” We would like to thank all authors who submitted their papers to ICICS 2014 and the 33 Program Committee members as well as the external reviewers for their excellent work in reviewing the papers. We would also like to thank the Information SecurityandForensicsSociety(ISFS),ourco-organizertheInstituteofSoftwareofthe Chinese Academy of Sciences (ISCAS), and the National Natural Science Foundation of China (Grant No. 61170282) for their valuable support and sponsorship. Last, but not the least, we give special thanks to the local organizing team led by Catherine Chan. The conference would not have been so successful without their assistance. December 2014 Lucas C.K. Hui S.H. Qing Elaine Shi S.M. Yiu Organization Program Committee Man Ho Au University of Wollongong, Australia Alex Biryukov University of Luxembourg Zhenfu Cao Shanghai Jiao Tong University, China Chin-Chen Chang Feng Chia University, Taiwan Xiaolin Chang Beijing Jiaotong University, China Kefei Chen Shanghai Jiaotong University, China Zhong Chen Peking University, China Tat Wing Chim The University of Hong Kong, SAR China Sherman S.M. Chow Chinese University of Hong Kong, SAR China Cas Cremers University of Oxford, UK Reza Curtmola New Jersey Institute of Technology, USA Dieter Gollmann Hamburg University of Technology, Germany Hsu-Chun Hsiao National Taiwan University, Taiwan Kwangjo Kim KAIST, South Korea Tiffany Kim HRL Laboratories, USA Ming Li Utah State University, USA Joseph Liu Institute for Infocomm Research, Singapore Di Ma University of Michigan-Dearborn, USA Damon McCoy George Mason University, USA Andrew Miller University of Maryland, USA Chris Mitchell Royal Holloway, University of London, UK Raphael C.-W. Phan Loughborough University, UK Pierangela Samarati Università degli Studi di Milano, Italy Elaine Shi University of Maryland, USA Willy Susilo University of Wollongong, Australia Abhradeep Thakurta Pennsylvania State University, USA Wen-Guey Tzeng National Chiao Tung University, Taiwan Zhihui Wang Dalian University of Technology, China Andreas Wespi IBM Zurich Research Laboratory, Switzerland Yang Xiang Deakin University, Australia S.M. Yiu The University of Hong Kong, SAR China Shucheng Yu University of Arkansas at Little Rock, USA Tsz Hon Yuen The University of Hong Kong, SAR China Fangguo Zhang Sun Yat-sen University, China Jianqing Zhang Intel Wen Tao Zhu Institute of Information Engineering, Chinese Academy of Sciences, China VIII Organization Additional Reviewers Bassily, Raef Peris-Lopez, Pedro Chow, Sherman S.M. Perrin, Léo Dai, Shuguang Phong, Le Trieu Derbez, Patrick Pustogarov, Ivan Ding, Daniel C. Servant, Victor Dixit, Kashyap Shao, Jun Dong, Xiaolei Sharad, Kumar Fan, Xiong Velichkov, Vesselin Han, Jinguang Wang, Boyang Horvat, Marko Wang, Meiqin Huang, Xinyi Wang, Xinlei Khovratovich, Dmitry Wang, Yang Lai, Russell W.F. Wei, Yongzhuang Li, Huige Xiong, Weiwei Li, Yanlin Xue, Hui Liang, Kaitai Yeh, Kuo-Hui Liu, Feng-Hao Zhang, Huang Liu, Zhen Zhang, Kai Livraga, Giovanni Zhang, Tao Mohassel, Payman Zhang, Yuexin Pan, Jiaxin Zhao, Yongjun Pelosi, Gerardo Contents Error-Tolerant Algebraic Side-Channel Attacks Using BEE . . . . . . . . . . . . . 1 Ling Song, Lei Hu, Siwei Sun, Zhang Zhang, Danping Shi, and Ronglin Hao SEDB: Building Secure Database Services for Sensitive Data. . . . . . . . . . . . 16 Quanwei Cai, Jingqiang Lin, Fengjun Li, and Qiongxiao Wang Mdaak: A Flexible and Efficient Framework for Direct Anonymous Attestation on Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Qianying Zhang, Shijun Zhao, Li Xi, Wei Feng, and Dengguo Feng Protecting Elliptic Curve Cryptography Against Memory Disclosure Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Yang Yang, Zhi Guan, Zhe Liu, and Zhong Chen 4P_VES: A Collusion-Resistant Accountable Virtual Economy System . . . . . 61 Hong Zhang, Xiaolei Dong, Zhenfu Cao, and Jiachen Shen Privacy-Preserving Distance-Bounding Proof-of-Knowledge. . . . . . . . . . . . . 74 Ahmad Ahmadi and Reihaneh Safavi-Naini Distance Lower Bounding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Xifan Zheng, Reihaneh Safavi-Naini, and Hadi Ahmadi Efficient Adaptive Oblivious Transfer Without q-type Assumptions in UC Framework. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Vandana Guleria and Ratna Dutta TagDroid: Hybrid SSL Certificate Verification in Android. . . . . . . . . . . . . . 120 Hui Liu, Yuanyuan Zhang, Hui Wang, Wenbo Yang, Juanru Li, and Dawu Gu A Guess-Then-Algebraic Attack on LFSR-Based Stream Ciphers with Nonlinear Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Xiao Zhong, Mingsheng Wang, Bin Zhang, and Shengbao Wu A Private Lookup Protocol with Low Online Complexity for Secure Multiparty Computation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Peeter Laud Reverse Product-Scanning Multiplication and Squaring on 8-Bit AVR Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Zhe Liu, Hwajeong Seo, Johann Großschädl, and Howon Kim X Contents New Security Proof for the Boneh-Boyen IBE: Tight Reduction in Unbounded Multi-challenge Security. . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Nuttapong Attrapadung, Goichiro Hanaoka, and Shota Yamada Method for Determining Whether or not Text Information Is Leaked from Computer Display Through Electromagnetic Radiation. . . . . . . . . . . . . 191 De-gang Sun, Jun Shi, Dong Wei, Meng Zhang, and Wei-qing Huang How to Compare Selections of Points of Interest for Side-Channel Distinguishers in Practice? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Yingxian Zheng, Yongbin Zhou, Zhenmei Yu, Chengyu Hu, and Hailong Zhang Attribute Based Key-Insulated Signatures with Message Recovery. . . . . . . . . 215 Y. Sreenivasa Rao and Ratna Dutta XOR Based Non-monotone t-ðk;nÞ(cid:2)-Visual Cryptographic Schemes Using Linear Algebra . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 Sabyasachi Dutta and Avishek Adhikari A Visual One-Time Password Authentication Scheme Using Mobile Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 Yang-WaiChow,WillySusilo,ManHoAu,andAriMoesriamiBarmawi Secure and Efficient Scheme for Delegation of Signing Rights. . . . . . . . . . . 258 Rajeev Anand Sahu and Vishal Saraswat Fully Secure Ciphertext-Policy Attribute Based Encryption with Security Mediator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274 Yuechen Chen, Zoe L. Jiang, S.M. Yiu, Joseph K. Liu, Man Ho Au, and Xuan Wang MOVTCHA: A CAPTCHA Based on Human Cognitive and Behavioral Features Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 Asadullah Al Galib and Reihaneh Safavi-Naini SecurityAnalysisofEMVChannelEstablishmentProtocolinAnEnhanced Security Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 Yanfei Guo, Zhenfeng Zhang, Jiang Zhang, and Xuexian Hu Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321