Risks and Security of Internet and Systems: 13th International Conference, CRiSIS 2018, Arcachon, France, October 16–18, 2018, Revised Selected Papers PDF

248 Pages·2019·13.726 MB·English
Preview Risks and Security of Internet and Systems: 13th International Conference, CRiSIS 2018, Arcachon, France, October 16–18, 2018, Revised Selected Papers

Akka Zemmari Mohamed Mosbah Nora Cuppens-Boulahia Frédéric Cuppens (Eds.) Risks and Security of Internet and Systems 13th International Conference, CRiSIS 2018 Arcachon, France, October 16–18, 2018 Revised Selected Papers Lecture Notes in Computer Science 11391 Pandu Rangan Indian Institute of Technology Madras, Chennai, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA More information about this series at http://www.springer.com/series/7409 Akka Zemmari Mohamed Mosbah (cid:129) é é Nora Cuppens-Boulahia Fr d ric Cuppens (Eds.) Editors Akka Zemmari Nora Cuppens-Boulahia University of Bordeaux IMTAtlantique Talence,France Brest, France MohamedMosbah Frédéric Cuppens University of Bordeaux IMTAtlantique Talence,France Brest, France ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notesin Computer Science ISBN 978-3-030-12142-6 ISBN978-3-030-12143-3 (eBook) https://doi.org/10.1007/978-3-030-12143-3 Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictionalclaimsin publishedmapsandinstitutionalaffiliations. ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSwitzerlandAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Preface The 13th International Conference on Risks and Security of Internet and Systems (CRiSIS 2018) took place during October 16–18, 2018 in Arcachon, France. It con- tinued a tradition of successful conferences: Bourges (2005), Marrakech (2007), Tozeur (2008), Toulouse (2009), Montréal (2010), Timisoara (2011), Cork (2012), La Rochelle (2013), Trento (2014), Mytilene (2015), Roscoff (2016), and Dinard (2017). The CRiSIS conference constitutes an open forum for the exchange of state-of-the-artknowledgeonsecurityissuesinInternet-relatedapplications,networks, andsystems.Followingthetraditionofthepreviousevents,theprogramwascomposed ofhigh-qualitycontributedpapers.Theprogramcallforpaperslookedfororiginaland significant research contributions to the following topics: – Analysis and management of risk – Attacks and defenses – Attack data acquisition and network monitoring – Cryptography, biometrics, watermarking – Dependability and fault tolerance of Internet applications – Distributed and embedded systems security – Empirical methods for security and risk evaluation – Hardware-based security and physical security – Intrusion detection and prevention systems – Privacy protection and anonymization – Risk-aware access and usage control – Security and risk assessment and metrics – Security and dependability of operating systems – Security and safety of critical infrastructures – Security and privacy of peer-to-peer system and wireless networks – Security models and security policies – Security of new generation networks, security of VoIP and multimedia – Security of e-commerce, electronic voting, and database systems – Security of social networks – Security of industrial control systems – Smartphone security and privacy – Traceability, metrology and forensics – Trust management – Use of smart cards and personal devices for Internet applications – Web and cloud security. In response to this call for papers, 34 papers were submitted. Each paper was reviewedbyatleastthreereviewers,andjudgedaccordingtoscientificandpresentation quality, originality, and relevance to the conference topics. The Program Committee VI Preface selected 12 regular papers and six short papers. The program was completed with excellentinvitedtalksgivenbyDominiqueMery(UniversityofNancy,France),Manoj Singh Gaur (IIT Jammu, India), and Vijay Laxmi (MNIT Jaipur, India). Finally, the conference included two tutorials given by Tayssir Touili (University of Paris 13, France) and Romain Laborde (University of Toulouse, France). It is impossible to organize a successful program without the help of many indi- viduals. We would like to express our appreciation to the authors of the submitted papers, the Program Committee members, and the external referees. We owe special thanks to the Organizing Committee for the hard work they did locally in Arcachon. November 2018 Akka Zemmari Mohamed Mosbah Nora Cuppens-Boulahia Frédéric Cuppens Organization General Chairs Jean Louis Lanet LHS, Inria, France Mohamed Mosbah LaBRI, Bordeaux INP, France Program Co-chairs Nora Cuppens-Boulahia IMT Atlantique, France Akka Zemmari LaBRI, University Bordeaux, France Publicity Chairs Mohamed Mosbah Bordeaux INP, France Reda Yaich IRT SystemX, France Sponsorship and Publication Chair Frédéric Cuppens IMT Atlantique, France Axel Legay, UCL, Belgium Organization Co-chairs Mohamed Mosbah LaBRI, Bordeaux INP, France Akka Zemmari LaBRI, University of Bordeaux, France Local Organization Auriane Dantes LaBRI, University of Bordeaux, France Katel Guerin LaBRI, University of Bordeaux, France Sofian Maabout LaBRI, University of Bordeaux, France Nadia Chaabouni LaBRI, University of Bordeaux, France Charazed Ksouri LaBRI, University of Bordeaux, France Ghislaine Le Gall IMT Atlantique, France Program Committee Esma Aimeur University of Montreal, Canada Luca Allodi EindhovenUniversityofTechnology,TheNetherlands Jocelyn Aubert Luxembourg Institute of Science and Technology, Luxembourg Fabrizio Biondi Inria Rennes, France Anis Bkakria IMT Atlantique, France VIII Organization Yu Chen State University of New York Binghamton, USA Nora Cuppens-Boulahia IMT Atlantique, France Roberto Di Pietro Hamad Bin Khalifa University, Qatar José M. Fernandez Ecole Polytechnique de Montreal, Canada Joaquim Garcia-Alfaro Telecom SudParis, France Manoj Singh Gaur Indian Institute of Technology Jammu, India Bogdan Groza Politehnica University of Timisoara, Romania Ruan He Orange Labs, France Imen Jemili FSB Bizerte, Tunisia Christos Kalloniatis University of the Aegean, Greece Sokratis Katsikas Center for Cyber and Information Security, NTNU, Norway Nizar Kheir Thales Group, France Igor Kotenko St.PetersburgInstituteforInformaticsandAutomation of the Russian Academy of Sciences (SPIIRAS), Russia Marc Lacoste Orange Labs, France Jean-Louis Lanet LHS, Inria, Rennes, France Axel Legay UC Louvain, Belgium Mohamed Mosbah LaBRI, University of Bordeaux, France Raja Natarajan TIFR, India Stephen Neville University of Victoria, Canada Kai Rannenberg Goethe University, Frankfurt, Germany Michael Rusinowitch LORIA, Inria Nancy, France Ketil Stoelen SINTEF, Norway Nadia Tawbi Laval University, Canada Lingyu Wang Concordia University, Canada Rada Yaich IRT SystemX, Rennes, France Akka Zemmari LaBRI, University of Bordeaux, France Contents An Empirical Study on the Comprehensibility of Graphical Security Risk Models Based on Sequence Diagrams . . . . . . . . . . . . . . . . . . . . . . . . 1 Vetle Volden-Freberg and Gencer Erdogan Are Third-Party Libraries Secure? A Software Library Checker for Java . . . . 18 Fabien Patrick Viertel, Fabian Kortum, Leif Wagner, and Kurt Schneider A Prediction-Based Method for False Data Injection Attacks Detection in Industrial Control Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Lyes Bayou, David Espes, Nora Cuppens-Boulahia, and Frédéric Cuppens Outsourcing Signatures of Confidential Documents. . . . . . . . . . . . . . . . . . . 41 Hervé Chabanne, Julien Keuffer, and Emmanuel Prouff Trust Evaluation Model for Attack Detection in Social Internet of Things . . . 48 Wafa Abdelghani, Corinne Amel Zayani, Ikram Amous, and Florence Sèdes A Certificate-Less Key Exchange Protocol for IoT . . . . . . . . . . . . . . . . . . . 65 Ivan Marco Lobe Kome, Nora Cuppens-Boulahia, Frédéric Cuppens, and Vincent Frey Personalized, Browser-Based Visual Phishing Detection Based on Deep Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Alberto Bartoli, Andrea De Lorenzo, Eric Medvet, and Fabiano Tarlao Privacy Preserving Data Offloading Based on Transformation. . . . . . . . . . . . 86 Shweta Saharan, Vijay Laxmi, Manoj Singh Gaur, and Akka Zemmari DSTC: DNS-Based Strict TLS Configurations . . . . . . . . . . . . . . . . . . . . . . 93 Eman Salem Alashwali and Pawel Szalachowski Authenticated Quality of Service Aware Routing in Software Defined Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Samet Aytaç, Orhan Ermiş, Mehmet Ufuk Çağlayan, and Fatih Alagöz On Consent in Online Social Networks: Privacy Impacts and Research Directions (Short Paper). . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Sourya Joyee De and Abdessamad Imine

