Abstract:
Risk management is not new. It is something we are born with. The most basic risk management systems are part of our DNA. We adapt, develop and occasionally improve on aspects of our natural heritage to build resilience. Nature evolves --it changes, it learns, it gets better. This is key to long-term success and one we must embrace.

Speaker Biography:
Alessandro Acquisti is an associate professor at the Heinz College, Carnegie Mellon University (CMU) and the co-director of CMU Center for Behavioral and Decision Research. He investigates the economics of privacy. His studies have spearheaded the application of behavioral economics to the analysis of privacy and information security decision making, and the analysis of privacy and disclosure behavior in online social networks. His 2009 study on the predictability of Social Security numbers was featured in the "Year in Ideas" issue of the NYT Magazine (the SSNs assignment scheme was changed by the US Social Security Administration in 2011). Alessandro holds a PhD from UC Berkeley, and Master degrees from UC Berkeley, the London School of Economics, and Trinity College Dublin. He has held visiting positions at the Universities of Rome, Paris, and Freiburg (visiting professor); Harvard University (visiting scholar); University of Chicago (visiting fellow); Microsoft Research (visiting researcher); and Google (visiting scientist).

Abstract:
What drives people to disclose or protect their personal information? What are the tangible and intangible consequences of those decisions? In this talk, I will discuss the transition from the economics to the behavioral economics of privacy. In particular, I will present and contrast a series of opposing "frames," or ways to frame and analyze the privacy debate, using the lenses of behavioral economic research. I will start from frames I have analyzed in my research (for instance: is privacy really about "transparency" and "control"?) and progressively move onto less settled, and perhaps more controversial, frames of the debate.

Abstract:
This talk will survey the recent progress in the areas of fully homomorphic encryption and functional encryption -- two very powerful methods for computing on encrypted data. It will also describe the exciting work towards making these technologies practical, and some future directions in this field.

Speaker Biography: Vinod Vaikuntanathan is an assistant professor of Computer Science at the University of Toronto. He received a Ph.D. from MIT in 2009 under the guidance of Shafi Goldwasser. His research interests lie in cryptography, complexity theory and the theory of distributed algorithms. He is a recipient of the 2008 IBM Josef Raviv Postdoctoral Fellowship, the 2009 George M. Sprowls award for the best MIT Ph.D. thesis in Computer Science, and the 2013 Alfred P. Sloan Research Fellowship.

Dorit Ron and Adi Shamir
Quantitative Analysis of the Full Bitcoin Transaction Graph

Tyler Moore and Nicolas Christin
Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk [Short Paper]
[slides]

Elli Androulaki, Ghassan Karame, Marc Roeschlin, Tobias Scherer and Srdjan Capkun
Evaluating User Privacy in Bitcoin
[slides]

Serge Egelman and Stuart Schechter
The Importance of Being Earnest [in Security Warnings] [Short Paper]
[slides]

Alexander Gallego, Nitesh Saxena and Jonathan Voris
Exploring Extrinsic Motivation for Better Security: A Usability Study of Scoring-Enhanced Device Pairing [Short Paper]
[slides]

Tiffany Hyun-Jin Kim, Akira Yamada, Virgil Gligor, Jason Hong and Adrian Perrig
RelationGram: Tie-Strength Visualization for User-Controlled Online Identity Authentication [Short Paper]
[slides]

Bingsheng Zhang, Helger Lipmaa, Cong Wang and Kui Ren
Practical Fully Simulatable Oblivious Transfer with Sublinear Communication
[slides]

Mahabir Prasad Jhanwar and Reihaneh Safavi-Naini
Unconditionally-Secure Robust Secret Sharing with Minimum Share Size
[slides]

Marc Joye and Benoit Libert
A Scalable Scheme for Privacy-Preserving Aggregation of Time-Series Data
[slides]

David Aspinall and Mike Just
"Give Me Letters 2, 3 and 6!": Partial Password Implementations and Attacks
[slides]

Sascha Fahl, Marian Harbach, Marten Oltrogge, Thomas Muders and Matthew Smith
Hey, You, Get Off of My Clipboard - On How Usability Trumps Security in Android Password Managers
[slides]

Yuanyuan Zhou, Yu Yu, Francois-Xavier Standaert and Jean-Jacques Quisquater
On the Need of Physical Security for Small Embedded Devices: A Case Study with COMP128-1 Implementations in SIM Cards [Short Paper]
(Moved from Session 7: Hardware Security)
[slides]

Aude Plateaux, Vincent Coquet, Sylvain Vernois, Patrick Lacharme, Kumar Murty, and Christophe Rosenberger
A Privacy Preserving E-Payment Architecture

C.Gaber, B.Hemery, M.Achemlal, M.Pasquet, and P.Urien
Synthetic logs generator for fraud detection in mobile transfer services

Haruhiko Fujii and Yukio Tsuruoka
Three-factor user authentication method using biometrics challenge response

Tarik Moataz and Abdullatif Shikfa
Searchable Encryption Supporting General Boolean Expression Queries

G.Vidal
Communication services empowered with a classical chaos based cryptosystem

Aaron Johnson, Rob Jansen and Paul Syverson
Onions for Sale: Putting Privacy on the Market

Matthew Franklin and Haibin Zhang
Unique Ring Signatures: A Practical Construction [Short Paper]
[slides]

Kwangsu Lee, Dong Hoon Lee and Moti Yung
Aggregating CL-Signatures Revisited: Extended Functionality and Better Efficiency
[slides]

Tolga Acar, Sherman S.M. Chow and Lan Nguyen
Accumulators and U-Prove Revocation [Short Paper]
[slides]

Denise Demirel, Jeroen van de Graaf and Johannes Buchmann
Towards a Publicly-Verifiable Mix-Net Providing Everlasting Privacy [Short Paper]
[slides]

Andy Rupp, Gesine Hinterwalder, Foteini Baldimtsi and Christof Paar
P4R: Privacy-Preserving Pre-Payments with Refunds for Transportation Systems [Short Paper]
[slides]

Yu Sasaki, Yang Li, Hikaru Sakamoto and Kazuo Sakiyama
Coupon Collector's Problem for Fault Analysis – High Tolerance for Noisy Fault Injections [Short Paper]
[slides]

Jonas Maebe, Ronald De Keulenaer, Bjorn De Sutter and Koen De Bosschere
Mitigating smart card fault injection with link-time code rewriting: a feasibility study [Short Paper]
[slides]

Abdelrahaman Aly, Edouard Cuvelier, Sophie Mawet, Olivier Pereira and Van Vyve Mathieu
Securely Solving Simple Combinatorial Graph Problems
[slides]

Seny Kamara and Charalampos Papamanthou
Parallel and Dynamic Searchable Symmetric Encryption
[slides]

Thomas Schneider and Michael Zohner
GMW vs. Yao? Efficient Secure Two-Party Computation with Low Depth Circuits

Abstract:
Nearly every smartphone (and even some featurephones) today contains a hardware-based trusted execution environment (TEE). Smartphones with TEEs first appeared almost a decade ago. But their use has been limited -- app developers have not had the means to make use of TEEs to improve the security (and usability) of their apps. In this talk, I will discuss why TEEs are so widely deployed in mobile devices, and what kind of capabilities they support. I will then describe Nokia Research Center's On-board Credentials (ObC) system which opens up the device TEE to app developers. I will discuss some example applications that make use of ObC and conclude by briefly outlining recent developments in standardizing TEE functionality.

Speaker Biography:
N. Asokan is a Professor of Computer Science at the University of Helsinki.
Between 1995 and 2012, he worked in industrial research laboratories designing and building secure systems, first at the IBM Zurich Research Laboratory and then at Nokia Research Center. His primary research interest has been in applying cryptographic techniques to design secure protocols for distributed systems. Recently, he has also been investigating the use of Trusted Computing technologies for securing endnodes, and ways to make secure systems usable, especially in the context of mobile devices.
Asokan received his doctorate in Computer Science from the University of Waterloo, MS in Computer and Information Science from Syracuse University, and BTech (Hons.) in Computer Science and Engineering from the Indian Institute of Technology at Kharagpur.
For more information about Asokan's work see his website or e-mail him at asokan~at~acm~dot~org

Tilo Müller, Hans Spath, Richard Mäckl and Felix Freiling
Stark Tamperproof Authentication to Resist Keylogging
[slides]

Martin Emms, Budi Arief, Aad van Moorsel and Nicholas Little
Risks of offline Verify PIN on Contactless Cards [Short Paper]
[slides]

Yvo Desmedt, Ioannis Karaolis, Manal Adham and Amir Sadr-Azodi
How to Attack Two-Factor Authentication Internet Banking [Short Paper]

James Kasten, Eric Wustrow and J. Alex Halderman
CAge: Taming Certificate Authorities by Inferring Restricted Scopes [Short Paper]
[slides]

Gergely Biczók and Pern Hui Chia
Interdependent Privacy: Let Me Share Your Data
[slides]

Volker Roth, Benjamin Gueldenring, Eleanor Rieffel, Sven Dietrich and Lars Ries
A Secure Submission System for Online Whistleblowing Platforms [Short Paper]

Anupam Das and Nikita Borisov
Securing Anonymous Communication Channels under the Selective DoS Attack [Short Paper]
[slides]

Travis Mayberry, Erik-Oliver Blass and Agnes Chan
PIRMAP: Efficient Private Information Retrieval for MapReduce

Justin Cappos
Avoiding Theoretical Optimality to Efficiently and Privately Retrieve Security Updates [Short Paper]
[slides]