Ho-won Kim Dooho Choi (Eds.) 3 0 Information 5 9 S C Security Applications N L 16th International Workshop, WISA 2015 Jeju Island, Korea, August 20–22, 2015 Revised Selected Papers 123 Lecture Notes in Computer Science 9503 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zürich, Switzerland John C. Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany More information about this series at http://www.springer.com/series/7410 Ho-won Kim Dooho Choi (Eds.) (cid:129) Information Security Applications 16th International Workshop, WISA 2015 – Jeju Island, Korea, August 20 22, 2015 Revised Selected Papers 123 Editors Ho-wonKim Dooho Choi PusanNational University Electronics andTelecommunications Busan Research Institute Korea (Republicof) Daejeon Korea (Republicof) ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notesin Computer Science ISBN 978-3-319-31874-5 ISBN978-3-319-31875-2 (eBook) DOI 10.1007/978-3-319-31875-2 LibraryofCongressControlNumber:2016934676 LNCSSublibrary:SL4–SecurityandCryptology ©SpringerInternationalPublishingSwitzerland2016 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade. Printedonacid-freepaper ThisSpringerimprintispublishedbySpringerNature TheregisteredcompanyisSpringerInternationalPublishingAGSwitzerland Preface The 16th International Workshop on Information Security Applications (WISA 2015) was held at Ocean Suites Jeju Hotel, Jeju Island, Korea, during August 20–22, 2015. The workshop was hosted by Korea Institute of Information Security and Cryptology (KIISC) and sponsored by the Ministry of Science, ICT and Future Planning (MSIP). It was also co-sponsored by Korea Internet and Security Agency (KISA), Electronics and Telecommunications Research Institute (ETRI), National Security Research Institute (NSR), AhnLab, Korea Information Certificate Authority (KICA), REDBC, and UNET systems. The excellent arrangements were led by the WISA 2015 general chair, Prof. ChoonSik Park, and organizing chair, Prof. Souhwan Jung. This year WISA 2015 provided an open forum for exchanging and sharing of ongoing hot issues and results of research, development, and applications in infor- mation security areas. The Program Committee prepared for an interesting program includinganinvitedtalkfromMr.HarryWechslerofGeorgeMasonUniversity,USA. The workshop had roughly nine tracks such as Hardware Security (Track 1), Cryp- tography 1 (Track 2), Side Channel Attacks and Countermeasures (Track 3), Security and Threat Analysis (Track 4), IoT Security 1 (Track 5), Network Security (Track 6), Cryptography 2 (Track 7), Application Security (Track 8), IoT Security 2 (Track 9). Wewouldliketothankallauthorswhosubmittedpapers.Eachpaperwasreviewedby at least three reviewers. External reviewers as well as Program Committee members contributed to the reviewing process from their particular areas of expertise. The reviewing and active discussions were provided by a Web-based system, EDAS. Through the system, we could check the amount of similarity between the submitted papers and previously published papers to prevent plagiarism and self-plagiarism. Following the strict reviewing processes, 35 outstanding papers from 12 countries were accepted for publication in this volume of Information Security Applications. There were five papers for Track 1, four papers for Track 2, four papers for Track 3, fourpapersforTrack4,threepapersforTrack5,threepapersforTrack6,fourpapers for Track 7, five papers for Track 7, and three papers for Track 7. Many people contributed to the success of WISA 2015. We would like to express our deepest appreciation to each of the WISA Organizing and Program Committee members as well as the paper contributors. Without their endless support and sincere dedication and professionalism, WISA 2015 must have been impossible. August 2015 Ho-won Kim Dooho Choi Organization Executive Committee General Chair ChoonSik Park Seoul Women’s University, Korea Organizing Committee Chair Souhwan Jung Soongsil University, Korea Organizing Committee Tae-Sung Kim Chungbuk University, Korea Taekyoung Kwon Yonsei University, Korea SeungWook Jung Soongsil University, Korea Namhi Kang Duksung Women’s University, Korea Huy Kang Kim Korea University, Korea Minho Park Soongsil University, Korea Jin Kwak Ajou University, Korea Kyungho Lee Korea University, Korea Hyoungshick Kim Sungkyunkwan University, Korea JeongHyen Yi Soongsil University, Korea Im-Yeong Lee Soonchunhyang University, Korea Gi-Wook Son NSR, Korea JeongNyeo Kim ETRI, Korea KyungHo Chung KISA, Korea Jaecheol Ryou Chungnam National University, Korea Yongtae Shin Soongsil University, Korea Okyoen Yi Kookmin University, Korea Kyung-Hyune Rhee Pukyong National University, Korea YooJae Won MSIP, Korea Sangchoon Kim Kangwon National University, Korea Program Committee Co-chairs Ho-won Kim Pusan National University, Korea Dooho Choi ETRI, Korea VIII Organization Program Committee Man Ho Au The Hong Kong Polytechnic University, Hong Kong, SAR China Aziz Mohaisen Verisign Labs, VA, USA Selcuk Baktir Bahcesehir University, Turkey Sang Kil Cha Carnegie Mellon University, USA Seong-je Cho Dankook University, Korea Daesun Choi ETRI, Korea Hyoung-Kee Choi Sungkyunkwan University, Korea Yoon-Ho Choi Pusan National University, Korea Jinguang Han Nanjing University of Finance and Economics, China Swee-Huay Heng Multimedia University, Malaysia Eul Gyu Im Hanyang University, Korea Seung-Hun Jin ETRI, Korea Namhi Kang Duksung Women’s University, Korea You Sung Kang ETRI, Korea Huy Kang Kim Korea University, Korea Hyoungshick Kim Sugkyunkwan University, Korea DaeYoub Kim Korea University, Korea Jong Kim POSTECH, Korea Yongdae Kim KAIST, Korea Jun Ho Kwon Pusan National University, Korea Taekyoung Kwon Yonsei University, Korea Dong Geon Lee NSR, Korea Mun-Kyu Lee Inha University, Korea Zhen Ling Southeast University, China Kirill Morozov Kyushu University, Japan Elizabeth O’Sullivan Queen’s University Belfast, UK Jeahoon Park NSR, Korea Kyung Hyune Rhee Pukyong University, Korea Junghwan Rhee NEC Laboratories America, USA Kouichi Sakurai Kyushu University, Japan Seungwon Shin KAIST, Korea Chao Yang Texas A&M University, USA Chung-Huang Yang National Kaohsiung Normal, Taiwan Yanjiang Yang Institute for Infocomm Research, Singapore Dae-Hyun Yum Myongji University, Korea Taek-Young Youn ETRI, Korea Xuehui Zhang Oracle, USA Raphael C.-W. Phan Multimedia University, Malaysia Keynote Speech Cyber Security Using Adversarial Learning and Conformal Prediction Harry Wechsler George MasonUniversity, Fairfax,USA This talk reviews new directions for cyber security built around machine learning and usingadversariallearningandconformalpredictiontoenhancenetworkandcomputing services defenses against adaptive, malicious, persistent, and tactical threats. The motivation for using conformal prediction and its immediate offspring, those of semi- supervised learning and transduction, comes from them supporting discriminative and non-parametric methods using likelihood ratios; demarcation using cohorts, local estimation, and non-conformity measures; randomness for hypothesis testing and inference using sensitivity and stability analysis; reliability indices on prediction out- comes using credibility and confidence to assist meta-reasoning and information fusion; and open set recognition including novelty detection and the reject option for negative selection. The solutions proffered are built around active learning, meta- reasoning, randomness, semantics and stratification using topics and most important and above all using adaptive Oracles that are effective and valid for the purpose of model selection and prediction. Effective to be resilient to malicious attacks aimed at subverting promptness, selective in separating the wheat (e.g., informative patterns) from the chaff (e.g., obfuscation), and valid and well - calibrated to not overrate the accuracy and reliability of the predictions made.