Financial Cryptography and Data Security 2013

International Financial Cryptography Association logo

Seventeenth International Conference
April 1–5, 2013
Bankoku Shinryokan
The Busena Terrace
Okinawa, Japan


Sunday (March 31, 2013)

18:00 – 19:00 Registration Reception at Sunset Lounge
(Open to all paticipants)
Monday (April 1, 2013)

8:30 – 8:45 Registration at Ocean Hall

8:45 – 9:00 Welcome

9:00 – 10:00
FC Keynote
William H. Saito

Looking at nature to help us solve risk management issues

Risk management is not new. It is something we are born with. The most basic risk management systems are part of our DNA. We adapt, develop and occasionally improve on aspects of our natural heritage to build resilience. Nature evolves --it changes, it learns, it gets better. This is key to long-term success and one we must embrace.

(Open to all participants)

10:00– 10:30 Coffee break
(Open to all participants)

10:30 – 11:30
USEC Keynote
Alessandro Acquisti

Confessions of a Privacy Economist

Speaker Biography:
Alessandro Acquisti is an associate professor at the Heinz College, Carnegie Mellon University (CMU) and the co-director of CMU Center for Behavioral and Decision Research. He investigates the economics of privacy. His studies have spearheaded the application of behavioral economics to the analysis of privacy and information security decision making, and the analysis of privacy and disclosure behavior in online social networks. His 2009 study on the predictability of Social Security numbers was featured in the "Year in Ideas" issue of the NYT Magazine (the SSNs assignment scheme was changed by the US Social Security Administration in 2011). Alessandro holds a PhD from UC Berkeley, and Master degrees from UC Berkeley, the London School of Economics, and Trinity College Dublin. He has held visiting positions at the Universities of Rome, Paris, and Freiburg (visiting professor); Harvard University (visiting scholar); University of Chicago (visiting fellow); Microsoft Research (visiting researcher); and Google (visiting scientist).

What drives people to disclose or protect their personal information? What are the tangible and intangible consequences of those decisions? In this talk, I will discuss the transition from the economics to the behavioral economics of privacy. In particular, I will present and contrast a series of opposing "frames," or ways to frame and analyze the privacy debate, using the lenses of behavioral economic research. I will start from frames I have analyzed in my research (for instance: is privacy really about "transparency" and "control"?) and progressively move onto less settled, and perhaps more controversial, frames of the debate.

(Open to all participants)

11:30 – 12:30
WAHC Keynote
Vinod Vaikuntanathan

Computing on Encrypted Data: New Developments and Challenges

This talk will survey the recent progress in the areas of fully homomorphic encryption and functional encryption -- two very powerful methods for computing on encrypted data. It will also describe the exciting work towards making these technologies practical, and some future directions in this field.

Speaker Biography: Vinod Vaikuntanathan is an assistant professor of Computer Science at the University of Toronto. He received a Ph.D. from MIT in 2009 under the guidance of Shafi Goldwasser. His research interests lie in cryptography, complexity theory and the theory of distributed algorithms. He is a recipient of the 2008 IBM Josef Raviv Postdoctoral Fellowship, the 2009 George M. Sprowls award for the best MIT Ph.D. thesis in Computer Science, and the 2013 Alfred P. Sloan Research Fellowship.

(Open to all participants)

12:30– Lunch at Summit Hall
(Workshop Registrants only)

13:30 – USEC Workshop
(Workshop Registrants only)

14:00 – WAHC Workshop
(Workshop Registrants only)

18:30 – 19:30 Reception at Sunset Lounge
(Open to all participants)
Tuesday (April 2, 2013)

9:00 – 9:15 Registration at Ocean Hall

9:15 – 9:30 Opening Remarks

9:30 – 10:45
Session 1: Electronic Payment (Bitcoin)
Session Chair: Nicolas Christin

Dorit Ron and Adi Shamir
Quantitative Analysis of the Full Bitcoin Transaction Graph

Tyler Moore and Nicolas Christin
Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk [Short Paper]

Elli Androulaki, Ghassan Karame, Marc Roeschlin, Tobias Scherer and Srdjan Capkun
Evaluating User Privacy in Bitcoin

10:45 – 11:15 Coffee break

11:15 – 12:30
Session 2: Usability Aspects
Session Chair: Matthew Smith

Serge Egelman and Stuart Schechter
The Importance of Being Earnest [in Security Warnings] [Short Paper]

Alexander Gallego, Nitesh Saxena and Jonathan Voris
Exploring Extrinsic Motivation for Better Security: A Usability Study of Scoring-Enhanced Device Pairing [Short Paper]

Tiffany Hyun-Jin Kim, Akira Yamada, Virgil Gligor, Jason Hong and Adrian Perrig
RelationGram: Tie-Strength Visualization for User-Controlled Online Identity Authentication [Short Paper]

12:30 – 14:00 Lunch at Summit Hall

14:00 – 15:15
Session 3: Secure Computation
Session Chair: Sherman Chow

Bingsheng Zhang, Helger Lipmaa, Cong Wang and Kui Ren
Practical Fully Simulatable Oblivious Transfer with Sublinear Communication

Mahabir Prasad Jhanwar and Reihaneh Safavi-Naini
Unconditionally-Secure Robust Secret Sharing with Minimum Share Size

Marc Joye and Benoit Libert
A Scalable Scheme for Privacy-Preserving Aggregation of Time-Series Data

15:15 – 15:45 Coffee break

15:45 – 16:55
Session 4: Passwords
Session Chair: Adrian Perrig

David Aspinall and Mike Just
"Give Me Letters 2, 3 and 6!": Partial Password Implementations and Attacks

Sascha Fahl, Marian Harbach, Marten Oltrogge, Thomas Muders and Matthew Smith
Hey, You, Get Off of My Clipboard - On How Usability Trumps Security in Android Password Managers

Yuanyuan Zhou, Yu Yu, Francois-Xavier Standaert and Jean-Jacques Quisquater
On the Need of Physical Security for Small Embedded Devices: A Case Study with COMP128-1 Implementations in SIM Cards [Short Paper]
(Moved from Session 7: Hardware Security)

16:55 – 17:45
Poster Session

Aude Plateaux, Vincent Coquet, Sylvain Vernois, Patrick Lacharme, Kumar Murty, and Christophe Rosenberger
A Privacy Preserving E-Payment Architecture

C.Gaber, B.Hemery, M.Achemlal, M.Pasquet, and P.Urien
Synthetic logs generator for fraud detection in mobile transfer services

Haruhiko Fujii and Yukio Tsuruoka
Three-factor user authentication method using biometrics challenge response

Tarik Moataz and Abdullatif Shikfa
Searchable Encryption Supporting General Boolean Expression Queries

Communication services empowered with a classical chaos based cryptosystem

Aaron Johnson, Rob Jansen and Paul Syverson
Onions for Sale: Putting Privacy on the Market

18:00 – 20:00 Welcome Reception at Sugar Cane, the Busena Terrace
Wednesday (April 3, 2013)

9:15 – 10:30
Session 5: Privacy Primitives and Non-repudiation
Session Chair: Emiliano De Cristofaro

Matthew Franklin and Haibin Zhang
Unique Ring Signatures: A Practical Construction [Short Paper]

Kwangsu Lee, Dong Hoon Lee and Moti Yung
Aggregating CL-Signatures Revisited: Extended Functionality and Better Efficiency

Tolga Acar, Sherman S.M. Chow and Lan Nguyen
Accumulators and U-Prove Revocation [Short Paper]

10:30 – 11:00 Coffee break

11:00 – 11:45
Session 6: Anonymity
Session Chair: Michael Brenner

Denise Demirel, Jeroen van de Graaf and Johannes Buchmann
Towards a Publicly-Verifiable Mix-Net Providing Everlasting Privacy [Short Paper]

Andy Rupp, Gesine Hinterwalder, Foteini Baldimtsi and Christof Paar
P4R: Privacy-Preserving Pre-Payments with Refunds for Transportation Systems [Short Paper]

12:00 – 18:00 Excursion (Bus Departs at the Busena Terrace at 12:15 SHARP)

19:00 – 20:00
IFCA General Meeting at Ocean Hall

20:00 – 21:00 Rump Session at Ocean Hall
Session Chair: Tyler Moore
Thursday (April 4, 2013)

9:40 – 10:30
Session 7: Hardware Security
Session Chair: Yvo Desmedt

Yu Sasaki, Yang Li, Hikaru Sakamoto and Kazuo Sakiyama
Coupon Collector's Problem for Fault Analysis – High Tolerance for Noisy Fault Injections [Short Paper]

Jonas Maebe, Ronald De Keulenaer, Bjorn De Sutter and Koen De Bosschere
Mitigating smart card fault injection with link-time code rewriting: a feasibility study [Short Paper]

10:30 – 11:00 Coffee break

11:00 – 12:15
Session 8: Secure Computation and Secret Sharing
Session Chair: Moti Yung

Abdelrahaman Aly, Edouard Cuvelier, Sophie Mawet, Olivier Pereira and Van Vyve Mathieu
Securely Solving Simple Combinatorial Graph Problems

Seny Kamara and Charalampos Papamanthou
Parallel and Dynamic Searchable Symmetric Encryption

Thomas Schneider and Michael Zohner
GMW vs. Yao? Efficient Secure Two-Party Computation with Low Depth Circuits

12:15 – 13:45 Box Lunch at Sunset Longe / Cafe Terrace

13:45 – 14:45
FC Invited Talk:
N. Asokan

The Untapped Potential of Trusted Execution Environments on Mobile Devices

Nearly every smartphone (and even some featurephones) today contains a hardware-based trusted execution environment (TEE). Smartphones with TEEs first appeared almost a decade ago. But their use has been limited -- app developers have not had the means to make use of TEEs to improve the security (and usability) of their apps. In this talk, I will discuss why TEEs are so widely deployed in mobile devices, and what kind of capabilities they support. I will then describe Nokia Research Center's On-board Credentials (ObC) system which opens up the device TEE to app developers. I will discuss some example applications that make use of ObC and conclude by briefly outlining recent developments in standardizing TEE functionality.

Speaker Biography:
N. Asokan is a Professor of Computer Science at the University of Helsinki.
Between 1995 and 2012, he worked in industrial research laboratories designing and building secure systems, first at the IBM Zurich Research Laboratory and then at Nokia Research Center. His primary research interest has been in applying cryptographic techniques to design secure protocols for distributed systems. Recently, he has also been investigating the use of Trusted Computing technologies for securing endnodes, and ways to make secure systems usable, especially in the context of mobile devices.
Asokan received his doctorate in Computer Science from the University of Waterloo, MS in Computer and Information Science from Syracuse University, and BTech (Hons.) in Computer Science and Engineering from the Indian Institute of Technology at Kharagpur.
For more information about Asokan's work see his website or e-mail him at asokan~at~acm~dot~org

14:45 – 15:15 Coffee break

15:15 – 17:00
Session 9: Authentication Attacks and Countermeasures
Session Chair: Sven Dietrich

Tilo Müller, Hans Spath, Richard Mäckl and Felix Freiling
Stark Tamperproof Authentication to Resist Keylogging

Martin Emms, Budi Arief, Aad van Moorsel and Nicholas Little
Risks of offline Verify PIN on Contactless Cards [Short Paper]

Yvo Desmedt, Ioannis Karaolis, Manal Adham and Amir Sadr-Azodi
How to Attack Two-Factor Authentication Internet Banking [Short Paper]

James Kasten, Eric Wustrow and J. Alex Halderman
CAge: Taming Certificate Authorities by Inferring Restricted Scopes [Short Paper]

17:00 – 17:45
Panel: The State of the Art in e-Banking Security and Usability

18:15 – 22:00 Conference Dinner (Bus Departs at The Busena Terrace at 18:15 SHARP)
Friday (April 5, 2013)
9:15 – 10:30
Session 10: Privacy of Data and Communication
Session Chair: Kazue Sako

Gergely Biczók and Pern Hui Chia
Interdependent Privacy: Let Me Share Your Data

Volker Roth, Benjamin Gueldenring, Eleanor Rieffel, Sven Dietrich and Lars Ries
A Secure Submission System for Online Whistleblowing Platforms [Short Paper]

Anupam Das and Nikita Borisov
Securing Anonymous Communication Channels under the Selective DoS Attack [Short Paper]

10:30 – 11:00 Coffee break

11:00 – 11:45
Session 11: Private Data Retrieval
Session Chair: Radu Sion

Travis Mayberry, Erik-Oliver Blass and Agnes Chan
PIRMAP: Efficient Private Information Retrieval for MapReduce

Justin Cappos
Avoiding Theoretical Optimality to Efficiently and Privately Retrieve Security Updates [Short Paper]

11:45 – 12:00 Closing Remarks

12:00 – Lunch at the Busena Terrace
(Choise of La Tida, Mahae or Ryukasaien)

Shuttle Bus Departs for Naha Airport at 13:45 / 17:30




This conference is organized annually by the International Financial Cryptography Association.