Lecture Notes in Computer Science 6672 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen TUDortmundUniversity,Germany MadhuSudan MicrosoftResearch,Cambridge,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum MaxPlanckInstituteforInformatics,Saarbruecken,Germany Feng Bao Jian Weng (Eds.) Information Security Practice and Experience 7th International Conference, ISPEC 2011 Guangzhou, China, May 30 – June 1, 2011 Proceedings 1 3 VolumeEditors FengBao InstituteforInfocommResearch 1FusionopolisWay,#19-01Connexis(SouthTower) Singapore138632,Singapore E-mail:[email protected] JianWeng JinanUniversity HuangpuAvenueWest601,TianheDistrict Guangzhou510632,China E-mail:[email protected] ISSN0302-9743 e-ISSN1611-3349 ISBN978-3-642-21030-3 e-ISBN978-3-642-21031-0 DOI10.1007/978-3-642-21031-0 SpringerHeidelbergDordrechtLondonNewYork LibraryofCongressControlNumber:2011926870 CRSubjectClassification(1998):E.3,D.4.6,C.2.0,H.2.0,K.6.5,K.4.4,J.1 LNCSSublibrary:SL4–SecurityandCryptology ©Springer-VerlagBerlinHeidelberg2011 Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,etc.inthispublicationdoesnotimply, evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevantprotectivelaws andregulationsandthereforefreeforgeneraluse. Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface The 7th InternationalConference on Information Security Practice and Experi- ence(ISPEC2011)washeldduringMay30–June1,2011,inGuangzhou,China. The ISPEC conference series is an established forum that brings together researchersandpractitionerstoprovideaconfluenceofnewinformationsecurity technologies, including their applications and their integration with IT systems in various vertical sectors. In previous years, ISPEC took place in Singapore (2005), Hangzhou, China (2006), Hong Kong, China (2007), Sydney, Australia (2008), Xi’an, China (2009), and Seoul, Korea. For all the conferences in the series,as this one,the conferenceproceedings werepublished by Springer inthe Lecture Notes in Computer Science series. Acceptance into the conference proceedings was very competitive. The Call forPapersattracted108submissions,outofwhich26regularpapersand6short paperswereselectedforinclusioninthe proceedings.Theacceptedpaperscover multiple topics in information security, from technologies to systems and appli- cations.Eachsubmissionwasanonymouslyreviewedbyatleastthree reviewers. In addition to the contributed papers,there were two invited talks. One was given by Dieter Gollmann and the other by Liqun Chen. This conference was made possible through the contributions of many indi- vidualsandorganizations.Wewouldliketothankalltheauthorswhosubmitted papers. We are grateful to the Program Committee, which was composed of 44 well-known international security experts. We heartily thank them as well as all external reviewers for their time and valuable contribution to the tough and time-consuming reviewing process. We sincerely thank the Honorary Chair Jun Hu for his generous and strong support. Special thanks are due to Ying Qing andZhichaoLinformanagingtheonlinepaperreviewsystemandtheconference website, respectively. We are grateful to Jinan University, Guangzhou, China, for organizing and hostingISPEC2011.Wewouldliketothankallthepeopleinvolvedinorganizing thisconference.Inparticular,wewouldliketothankthe OrganizingCommittee members,colleaguesandourstudentsfortheirtimeandeffort.Finally,wewould like to thank all the participants for their contribution to making ISPEC 2011 a success. May 2011 Feng Bao Jian Weng Robert H. Deng Guoxiang Yao Organization ISPEC 2011 was organizedby the department of Computer Science, Jinan Uni- versity, Guangzhou, China, and held during May 30–June 1, 2011. Honorary Chair Jun Hu Jinan University, P.R. China General Co-chairs Robert H. Deng Singapore Management University, Singapore Guoxiang Yao Jinan University, P.R. China Program Co-chairs Feng Bao Institute for Infocomm Research, Singapore Jian Weng Jinan University, P.R. China Organizing Committee Dehua Zhou Jinan University, P.R. China Dongsheng Xiao Jinan University, P.R. China Zhixiu Yu Jinan University, P.R. China Kai He Jinan University, P.R. China Yingkai Li Jinan University, P.R. China Program Committee Kefei Chen Shanghai Jiaotong University, P.R. China Liqun Chen HP Bristol Labs, UK Jintai Ding University of Cincinnati, USA Debin Gao Singapore Management University, Singapore Dieter Gollmann TU Hamburg, Germany Lucas Hui Hong Kong University, Hong Kong Shaoquan Jiang UESTC, P.R. China Marc Joye Technicolor, France Stefan Katzenbeisser Technical University of Darmstadt, Germany Jin Kwak Soonchunhyang University, Korea Xuejia Lai Shanghai Jiao Tong University, P.R. China Heejo Lee Korea University, Korea Ninghui Li Purdue University, USA VIII Organization Yingjiu Li Singapore Management University, Singapore Tieyan Li Institute for Infocomm Research, Singapore Dongdai Lin SKLOIS, P.R. China Shengli Liu Shanghai Jiaotong University, P.R. China Javier Lopez University of Malaga, Spain Jianfeng Ma Xidian University, P.R. China Chris Mitchell RH University of London, UK Yi Mu University of Wollongong, Australia David Nacache University of Paris, France Dingyi Pei Guangzhou University, P.R. China Ying Qiu Institute for Infocomm Research, Singapore Mark Ryan University of Birmingham, UK Kouichi Sakurai Kyushu University, Japan Joerg Schwenk Ruhr University Bochum, Germany Willy Susilo University of Wollongong, Australia Tsuyoshi Takagi Kyushu University, Japan Vijay Varadharajan Macquarie University, Australia Zhiguo Wan Tsinghua University, P.R. China Huaxiong Wang Nanyang TechnologicalUniversity, Singapore Lina Wang Wuhan University, P.R. China Duncan Wong City University of Hong Kong, Hong Kong Hongjun Wu Nanyang TechnologicalUniversity, Singapore Tzong-Chen Wu National Taiwan University of Science and Technology, Taiwan Wenling Wu Chinese Academy of Sciences, P.R. China Chunxiang Xu UESTC, P.R. China Yanjiang Yang Institute for Infocomm Research, Singapore Fangguo Zhang Sun Yat-Sen University, P.R. China Rui Zhang AIST, Japan Yunlei Zhao Fudan University, P.R. China Jianying Zhou Institute for Infocomm Research, Singapore Huafei Zhu Institute for Infocomm Research, Singapore External Reviewers Cristina Alcaraz Yu Chen Zheng Gong Man Ho Au Rong Cheng Fuchun Guo Joonsang Baek Shu Cheng Hua Guo Stanislav Bulygin Tat Wing Chim Payas Gupta Sergiu Bursuc Cheng-Kang Chu Keisuke Hakuta Shaoying Cai Junwu Dong Jinguang Han Aldar Chan Ming Duan Yasufumi Hashimoto P.F. Chan Reza RezaeianFarashahi Yijun He Haining Chen Kunihiko Fujita Olivier Heen Xiao-Ming Chen Chongzi Gao Shuhui Hou Organization IX Changhui Hu Ching Yu Ng Christopher Wolf Jialin Huang Khoa Nguyen Wei Wu Qiong Huang Phuong Ha Nguyen Jing Xu Tao Huang Michiharu Niimi Toshihiro Yamauchi Xinyi Huang Chao Ning Qiang Yan Tibor Jager Takashi Nishide Li Yang Koichi Kamijo David NuA˜ez Yatao Yang Pinhui Ke Yanbin Pan Qingsong Ye Dalia Khader Serdar Pehlivanoglu Kazuki Yoneyama Assadarat Khurat Francesco Regazzoni Yong Yu Junzuo Lai Rodrigo Roman Tsz Hon Yuen Fagen Li Sven Scha¨ge Shengke Zeng Wei Li Hovav Shacham Lei Zhang Yan Li Wook Shin Liangfeng Zhang Hoon Wei Lim Francesco Sica Liting Zhang Qiping Lin Nigel Smart Mingwu Zhang Joseph Liu Ben Smyth Ping Zhang Jun’E Liu Song Luo Xiujie Zhang Yu Long Yu Chen Xusheng Zhang Yiyuan Luo Jungsuk Song Yun Zhang John Lyle Dong Su Zhifang Zhang Xu Ma Yi Tang Zongyang Zhang Kirill Morozov Tianze Wang Chang-An Zhao Sascha Mu¨ller Yongtao Wang Quan Zhou Pablo Najera Lei Wei Table of Contents Public Key Encryption Public-Key Encryptions Tolerating Adaptive and Composable Adversaries ..................................................... 1 Huafei Zhu Encryption Simulatability Reconsidered............................. 14 Yamin Liu, Bao Li, Xianhui Lu, and Xiaoying Jia Fully Secure Cipertext-Policy Hiding CP-ABE....................... 24 Junzuo Lai, Robert H. Deng, and Yingjiu Li GenericMethodstoAchieveTighterSecurityReductionsforaCategory of IBE Schemes.................................................. 40 Yu Chen, Liqun Chen, and Zhong Chen New Fully Secure Hierarchical Identity-Based Encryption with Constant Size Ciphertexts......................................... 55 Song Luo, Yu Chen, Jianbin Hu, and Zhong Chen Cloud Security Toward Trustworthy Clouds’ Internet Scale Critical Infrastructure...... 71 Imad M. Abbadi Realizing Fine-Grained and Flexible Access Control to Outsourced Data with Attribute-Based Cryptosystems .......................... 83 Fangming Zhao, Takashi Nishide, and Kouichi Sakurai Hierarchical Attribute-Set Based Encryption for Scalable, Flexible and Fine-Grained Access Control in Cloud Computing.................... 98 Jun’e Liu, Zhiguo Wan, and Ming Gu Security Applications Privacy Enhanced Access Control by Means of Policy Blinding......... 108 Saeed Sedghi, Pieter Hartel, Willem Jonker, and Svetla Nikova Policy-BasedAuthentication for Mobile Agents ...................... 123 Yikai Wang, Yi Mu, and Minjie Zhang Lightweight Delegated Subset Test with Privacy Protection ........... 138 Xuhua Zhou, Xuhua Ding, and Kefei Chen XII Table of Contents Post-quantum Cryptography and Side-Channel Attack Improving BDD Cryptosystems in General Lattices .................. 152 Michael Rose, Thomas Plantard, and Willy Susilo Kipnis-Shamir Attack on Unbalanced Oil-Vinegar Scheme............. 168 Weiwei Cao, Lei Hu, Jintai Ding, and Zhijun Yin A Novel Group Signature Scheme Based on MPKC................... 181 Guangdong Yang, Shaohua Tang, and Li Yang How to Characterize Side-Channel Leakages More Accurately?......... 196 Jiye Liu, Yongbin Zhou, Yang Han, Jiantang Li, Shuguo Yang, and Dengguo Feng Block Ciphers and MACs New Impossible Differential and Known-Key Distinguishers for the 3D Cipher.......................................................... 208 Jorge Nakahara Jr Meet-in-the-Middle Attack on 8 Rounds of the AES Block Cipher under 192 Key Bits .............................................. 222 Yongzhuang Wei, Jiqiang Lu, and Yupu Hu BCBC: A More Efficient MAC Algorithm ........................... 233 Bo Liang, Wenling Wu, and Liting Zhang On the Security of 4-Bit Involutive S-Boxes for Lightweight Designs .... 247 Bozhong Liu, Zheng Gong, Weidong Qiu, and Dong Zheng Signature, Secrete Sharing and Traitor Tracing Short Convertible Undeniable Signature in the Standard Model ........ 257 Qiong Huang and Duncan S. Wong A Practical (Non-interactive) Publicly Verifiable Secret Sharing Scheme ......................................................... 273 Mahabir Prasad Jhanwar An Efficient Group-Based Secret Sharing Scheme .................... 288 Chunli Lv, Xiaoqi Jia, Jingqiang Lin, Jiwu Jing, and Lijun Tian Traitor Tracing against Public Collaboration ........................ 302 Xingwen Zhao and Fangguo Zhang Table of Contents XIII System Security and Network Security Policy-Centric Protection of OS Kernel from Vulnerable Loadable Kernel Modules.................................................. 317 Donghai Tian, Xi Xiong, Changzhen Hu, and Peng Liu Sanitizing Microdata without Leak: Combining Preventive and Curative Actions................................................. 333 Tristan Allard, Benjamin Nguyen, and Philippe Pucheral Hidden Bot Detection by Tracing Non-human Generated Traffic at the Zombie Host .................................................... 343 Jonghoon Kwon, Jehyun Lee, and Heejo Lee A Model for Constraint and Delegation Management ................. 362 Quan Pham, Jason Reid, and Ed Dawson Security Protocols Non-black-Box Computation of Linear Regression Protocols with Malicious Adversaries ............................................ 372 Huafei Zhu A New Security Proof of Practical Cryptographic Devices Based on Hardware, Software and Protocols.................................. 386 An Wang, Zheng Li, Xianwen Yang, and Yanyan Yu A General and Efficient Obfuscation for Programs with Tamper-Proof Hardware ....................................................... 401 Ning Ding and Dawu Gu Analysis and Improvement of an Authenticated Key Exchange Protocol ........................................................ 417 Jiaxin Pan, Libin Wang, and Changshe Ma Another Elliptic Curve Model for Faster Pairing Computation ......... 432 Lijun Zhang, Kunpeng Wang, Hong Wang, and Dingfeng Ye Author Index.................................................. 447