ebook img

Public Key Infrastructures, Services and Applications: 10th European Workshop, EuroPKI 2013, Egham, UK, September 12-13, 2013, Revised Selected Papers PDF

213 Pages·2014·5.394 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Public Key Infrastructures, Services and Applications: 10th European Workshop, EuroPKI 2013, Egham, UK, September 12-13, 2013, Revised Selected Papers

Sokratis Katsikas Isaac Agudo (Eds.) 1 4 3 Public Key Infrastructures, 8 S C Services and Applications N L 10th European Workshop, EuroPKI 2013 Egham, UK, September 2013 Revised Selected Papers 123 Lecture Notes in Computer Science 8341 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen TUDortmundUniversity,Germany MadhuSudan MicrosoftResearch,Cambridge,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum MaxPlanckInstituteforInformatics,Saarbruecken,Germany Sokratis Katsikas Isaac Agudo (Eds.) Public Key Infrastructures, Services andApplications 10th European Workshop, EuroPKI 2013 Egham, UK, September 12-13, 2013 Revised Selected Papers 1 3 VolumeEditors SokratisKatsikas UniversityofPiraeus DepartmentofDigitalSystems 150AndroutsouSt. Piraeus18532,Greece E-mail:[email protected] IsaacAgudo UniversityofMalaga DepartmentofComputerScience CampusdeTeatinoss/n 29071Málaga,Spain E-mail:[email protected] ISSN0302-9743 e-ISSN1611-3349 ISBN978-3-642-53996-1 e-ISBN978-3-642-53997-8 DOI10.1007/978-3-642-53997-8 SpringerHeidelbergNewYorkDordrechtLondon LibraryofCongressControlNumber:2013957062 CRSubjectClassification(1998):K.6.5,C.2,E.3,D.4.6,J.1,K.4.4 LNCSSublibrary:SL4–SecurityandCryptology ©Springer-VerlagBerlinHeidelberg2014 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnection withreviewsorscholarlyanalysisormaterialsuppliedspecificallyforthepurposeofbeingenteredand executedonacomputersystem,forexclusiveusebythepurchaserofthework.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheCopyrightLawofthePublisher’slocation, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Permissionsforuse maybeobtainedthroughRightsLinkattheCopyrightClearanceCenter.Violationsareliabletoprosecution undertherespectiveCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Whiletheadviceandinformationinthisbookarebelievedtobetrueandaccurateatthedateofpublication, neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityforanyerrorsor omissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,withrespecttothe materialcontainedherein. Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface This volume contains the papers presented at the 10th European Workshop on Public Key Infrastructures, Services and Applications (EuroPKI 2013) held during September 11–12, 2013 in conjunction with ESORICS 2013 in Egham, U.K. The workshop received 20 submissions. Each submission was subjected to a thorough review by at least three Program Committee members and external reviewers. The papers were evaluated on the basis of their significance, novelty, and technical quality. Reviewing was double-blind meaning that the Program Committee was not able to see the names and affiliations of the authors, and the authors were not told which Committee members reviewed which papers. Theseproceedingscontainthe 11acceptedpublicationsandthe presentation paper by the invited speaker Fabio Martinelli. We wish to thank everyone who contributed towardthe success of the work- shop: the authors of submitted contributions, the program chairs and the Pro- gram Committee for their efforts in reviewing and discussing the submissions under tight time constraints. We are also very grateful to all other ESORICS 2013 organizers whose work ensured a smooth organizational process. December 2013 Sokratis Katsikas Isaac Agudo Organization Program Chairs Sokratis Katsikas University of Piraeus, Greece Isaac Agudo University of Malaga, Spain Publicity Chair Christopher Dadoyan University of Piraeus, Greece Program Committee Lejla Batina Radboud University Nijmegen, The Netherlands Carlos Blanco Bueno Universidad de Cantabria, Spain David Chadwick University of Kent, UK Sherman S.M. Chow Chinese University of Hong Kong, Hong Kong Paolo D’Arco University di Salerno, Italy Sabrina De Capitani Di Vimercati DTI - Universita degli Studi di Milano, Italy Carmen Fernandez Gago University of Malaga, Spain Simone Fischer-Huebner Karlstad University, Sweden Sara Foresti DTI - Universita degli Studi di Milano, Italy Steven Furnell University of Plymouth, UK Dimitris Geneiatakis University of Piraeus, Greece Stefanos Gritzalis University of the Aegean, Greece Peter Gutmann University of Auckland, New Zealand Ravi Jhawar Universita` degli Studi di Milano, Italy Georgios Kambourakis University of the Aegean, Greece Dogan Kesdogan University of Siegen, Germany Elisavet Konstantinou University of the Aegean, Greece Costas Lambrinoudakis University of Piraeus, Greece Herbert Leitold A-SIT, Austria Dimitris Lekkas University of the Aegean, Greece Javier Lopez University of Malaga, Spain Fabio Martinelli IIT-CNR, Italy Catherine Meadows NRL, USA Chris Mitchell Royal Holloway, University of London, UK Stig Mjolsnes Norwegian University of Science and Technology NTNU, Norway VIII Organization Yi Mu University of Wollongong, Australia Svetla Nikova K.U. Leuven and University of Twente, The Netherlands Rolf Oppliger eSECURITY Technologies, Switzerland Massimiliano Pala Polytechnic Institute of New York University, USA Stefano Paraboschi Universit`a di Bergamo, Italy Andreas Pashalidis K.U.Leuven, The Netherlands Olivier Pereira Universit´e catholique de Louvain, Belgium Gu¨nther Pernul Universitt Regensburg, Germany Nineta Polemi University of Pireaus, Greece Sasa Radomirovic ETH Zu¨rich, Switzerland Pierangela Samarati DTI - Universita degli Studi di Milano, Italy Sean Smith Dartmouth College, UK Christos Xenakis University of Piraeus, Greece Additional Reviewers Broser, Christian Peters, Thomas Heupel, Marcel Reiter, Andreas Mavrogiannopoulos,Nikos Riesner, Moritz Nikov, Ventzi Table of Contents Partial Model Checking for the Verification and Synthesis of Secure Service Compositions............................................. 1 Fabio Martinelli and Ilaria Matteucci Efficient and Perfectly Unlinkable Sanitizable Signatures without Group Signatures......................................... 12 Christina Brzuska, Henrich C. P¨ohls, and Kai Samelin Revocation and Non-repudiation: When the First Destroys the Latter....................................................... 31 Johannes Braun, Franziskus Kiefer, and Andreas Hu¨lsing New Results for the Practical Use of Range Proofs ................... 47 S´ebastien Canard, Iwen Coisel, Amandine Jambert, and Jacques Traor´e STUNT: A Simple, Transparent, User-Centered Network of Trust ...... 65 Klaus Potzmader, Johannes Winter, and Daniel Hein What Public Keys Can Do for 3-Party, Password-Authenticated Key Exchange ....................................................... 83 Jean Lancrenon Towards a More Secure and Scalable Verifying PKI of eMRTD......... 102 Nicolas Buchmann and Harald Baier Mutual Restricted Identification ................................... 119 Lucjan Hanzlik, Kamil Kluczniak, Miros(cid:2)law Kutyl(cid:2)owski, and L(cid:2) ukasz Krzywiecki Trust Views for the Web PKI...................................... 134 Johannes Braun, Florian Volk, Johannes Buchmann, and Max Mu¨hlh¨auser A User-Centric Digital Signature Scheme ........................... 152 Felipe Carlos Werlang, Ricardo Felipe Custo´dio, and Mart´ın A.G. Vigil X Table of Contents A Test-Bed for Intrusion Detection Systems Results Post-processing.... 170 Georgios Spathoulas, Sokratis K. Katsikas, and Anastasios Charoulis Uncertainty in Intrusion Detection Signaling Games .................. 184 Ioanna Kantzavelou and Sokratis K. Katsikas Author Index.................................................. 205 Partial Model Checking for the Verification (cid:2) and Synthesis of Secure Service Compositions FabioMartinelliandIlariaMatteucci IIT-CNR,Pisa,Italy [email protected] Abstract. SecurityisoneofthemainaspectsofWebServicescomposition.In thispaperwedescribealogicalapproachbasedonpartialmodelcheckingtech- niqueandopensystemanalysisfortheverificationandsynthesisofsecureservice orchestrators.Indeedthroughthisframeworkweareabletospecifyasystemwith apossibleintruderandverifywhetherthewholesystemissecure,i.e.,whether thesystemsatisfiesagiventemporallogicformulathatdescribesacorrectbehav- ior(securityproperty).Moreoverweareabletodefineanorchestratoroperator abletoorchestrateseveralservicesinsuchawaytoguaranteebothfunctionaland securityrequirements. Keywords: SynthesisofFunctionalandSecureProcesses,SecureServiceCom- position,PartialModelChecking,Cryptography,ProcessAlgebras,Quantitative Security. 1 Introduction Inthelastdecades,theresearchonseveralaspectsofservicecompositionmadeagreat stepfurther.Inparticular,severalframeworkshavebeendevelopedinordertocompose servicesinordertosatisfyrequirementsandconstraintsimposedbyauser.TheService OrientedComputing(SOC)investigatesonnewapproachforbuildingsoftwareappli- cationsbycomposingandconfiguringexistingservices.Servicesaresoftwarecompo- nentsdevelopedtobere-usable,whichexposetheirdefinitionandwhichareaccessible bythirdparties.WebServicesarethemostpromisingclassofservices,exporttheirde- scriptionandareaccessiblethroughstandardnetworktechnologies,e.g.,SOAP,WSDL, UDDI,WS-BPEL,WS-Transaction,etc..WebServiceCompositioncombinesexisting services, available on the web, to provideadded-valueservices featuring higher level functionalities.Everyfunctionalityof a service networkdependson how the services compose each other. Service composition can be made in two ways, as a choreogra- phy or throughan orchestration.Choreographyidentifies the end-to-endcomposition between two services by mainly considering cooperation rules, e.g., the sequence of theexchangedmessagesandtheircontent.Orchestrationdealswiththecompositionof multipleservicesintermsofthebusinessprocesstheygenerate. (cid:2)WorkpartiallysupportedbytheEUprojectFP7-257930Aniketos:EnsuringTrustworthiness andSecurityinServiceCompositionandbytheEUprojectFP7-256980Nessos:Networkof ExcellenceonEngineeringSecureFutureInternetSoftwareServicesandSystems. S.KatsikasandI.Agudo(Eds.):EuroPKI2013,LNCS8341,pp.1–11,2014. (cid:2)c Springer-VerlagBerlinHeidelberg2014

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.