Invited Speaker1: Dr. Hayyan Salman Hasan

Dept. Computer and automatic control engineering

Faculty of Mechanical and Electrical Engineering

Albaath university Syrian Arab Republic

Model Driven Engineering (MDE) for Android security

Android OS is the most used operation system in the mobile marketplace, and the number of Android users is growing tremendously. As a result, the number of risks that threatens Android users is increasing and cannot be ignored. These risks are coming from the vulnerable applications that have been uploaded every day into google play or into any other online store. Another source of risks is Android malware which have become real and growing risks to Android users. Traditional approaches tried to handle the various Android risks. These approaches used static or dynamic analyses to detect the vulnerable points or malicious payloads in the Android application code.

However, these approaches have many shortcomes in the case of scalability, reusability or integration. Another shortcome is the need to provide suitable and easy way to involve the analyzer in the analysis process. In this speech we highlight the impact of using Model Driven Engineering (MDE) approach on various Android security aspects. Using MDE provides the ability to extract the required information from the Android applications and integrate them into one model. Using models provides high level representations of the extracted information from Android applications and provides the ability to involve the analyzer in the analysis processes to achieve better results with less time and efforts.



 

Invited Speaker2: Dr. Mohammad Ali

Assistant Professor of the Department of Mathematics and computer science, Amirkabir University of Technology

Attribute-based remote data auditing and user authentication for cloud storage systems

Remote data auditing (RDA) protocol enables a cloud server to persuade an auditor that it is storing a data file honestly. Unlike digital signature (DS) schemes, in RDA protocols, the auditor can carry out the auditing procedure without having the entire data file. Therefore, RDA protocols seem to be attractive alternatives to DSs as they can effectively reduce bandwidth consumption. However, existing RDA protocols do not provide adequately powerful tools for user authentication. In this paper, we put forward a novel attribute-based remote data auditing and user authentication scheme. In our proposed scheme, without having a data file outsourced to a cloud server, an auditor can check its integrity and authenticity of its issuer. Indeed, through a challenge-response protocol, the auditor can check whether 1) the cloud server has changed the content of the data file or not; 2) the data owner possesses a specific attribute set or not. We present the formal security definition and prove the security of our scheme under the hardness assumption of the bilinear Diffie-Hellman (BDH) problem. Our experimental results indicate that our scheme is efficient and applicable.

Invited Speaker3: Dr. Javad Gharreh Chamani

Hong Kong University of Science and Technology

Secure and Practical Search over Dynamic Encrypted Datasets

We study the problem of dynamic symmetric searchable encryption (DSE) where one or more data owners store their encrypted data on an untrusted remote server, and wishes to efficiently search on it. We specifically focus on dynamic schemes with efficient support for data insertion, deletion, and modification. In particular, it is crucial to minimize the information revealed to the server as a result of not only search queries, but also updates. We present schemes that achieve the two strongest privacy notions for DSE: forward and backward privacy. The first makes it hard for the server to link an update operation with previous queries, while the second limits what the server can learn about entries that were deleted from the database, from queries that happen after the deletion. Our results improve the state-of-the-art in this area across multiple aspects, as we describe next.

First, we introduce novel constructions that are extremely lightweight while also achieving stronger backward privacy notions than existing ones. Our first scheme Mitra achieves Type-II backward privacy and is, to the best of our knowledge, the fastest and easiest to implement DSE scheme to date. Our second scheme Orion achieves even stronger Type-I backward privacy and is the only implemented scheme in the literature of its kind. Finally, our third scheme Horus improves the second one by reducing the number of communication roundtrips during queries but reveals slightly more information to the server (Type-III backward privacy). Second, we explicitly focus on DSE with efficient (optimal/quasi-optimal) search in the presence of deletions, i.e., constructions where the search overhead is within a polylogarithmic multiplicative factor of the theoretical optimal (i.e., the result size of a search). This property is achieved by our schemes Orion and Horus but we next aim at much more practically efficient schemes. Towards that end, we first propose OSSE, the first DSE scheme that can achieve asymptotically optimal search time, improving the previous state-of-the-art by a multiplicative logarithmic factor. We also propose an alternative scheme LLSE, that achieves a sublogarithmic search overhead compared to the optimal. While this is slightly worse than the previous scheme, it still outperforms all prior works, while also achieving faster deletions and smaller server storage. Finally, we prototype all our schemes and open-source their code. We evaluate their performance for different datasets and queryloads, experimentally compare them with prior state-of-the-art DSE schemes, and report the results.