Information Systems Security and Privacy: 6th International Conference, ICISSP 2020, Valletta, Malta, February 25–27, 2020, Revised Selected Papers (Communications in Computer and Information Science)

Preface
Organization
Contents
Inferring Sensitive Information in Cryptocurrency Off-Chain Networks Using Probing and Timing Attacks
	1 Introduction
		1.1 Our Contributions
		1.2 Organization
	2 Preliminaries
	3 Related Work
	4 Probing Attack
		4.1 Design
		4.2 Lab Implementation
		4.3 BTC Testnet Evaluation
		4.4 Results, Implications, and Further Considerations
	5 Timing Attack
		5.1 Design
		5.2 Lab Implementation
		5.3 BTC Testnet Evaluation
		5.4 Results, Implications and Further Considerations
	6 Conclusion
	References
Secure Ownership Transfer for Resource Constrained IoT Infrastructures
	1 Introduction
	2 System Model and Assumptions
	3 Adversary Model and Problem Description
		3.1 Adversary Model
		3.2 Trust Model
		3.3 Requirements
		3.4 Problem Statement
	4 IoT Infrastructure Ownership Transfer Model and Protocol Design
		4.1 Deployment
		4.2 Ownership Transfer Preparation
		4.3 Ownership Transfer
		4.4 Handling of Ownership Transfer Failures
	5 Security Analysis
		5.1 Tamarin Prover
		5.2 Modeling the Ownership Transfer Protocol
	6 Implementation and Experimental Evaluations
		6.1 Test Setup
		6.2 Test Scenario
		6.3 Ownership Transfer Time
		6.4 Energy Consumption
		6.5 Memory Overhead
	7 Related Work
		7.1 IoT Ownership Transfer
		7.2 IoT Ownership Transfer with Blockchain Technology and Smart Contracts
		7.3 Ownership Transfer Protocols for RFID-Tags
		7.4 RFID Single Ownership Transfer
		7.5 RFID Group Ownership Transfer
	8 Conclusion
	References
Untangling the XRP Ledger: Insights and Analysis
	1 Introduction
		1.1 Why the XRP Ledger Calls for a Deeper Investigation
	2 The Faces of Trust in Distributed Ledger Systems
		2.1 The XRP Ledger Through the Lens of Trust
	3 Core Technical Components
		3.1 Peer-to-Peer Communication Network
		3.2 Consensus
		3.3 Transactions
	4 Digging into the XRP Ledger Consensus Protocol
		4.1 Protocol Overview
		4.2 Preliminaries
		4.3 The XRP LCP Step-by-Step
	5 Security Analysis
		5.1 Desiderata and Adversary Model
		5.2 Achieving Safety and Liveness in the XRP Ledger
	6 Related Work
	7 Concluding Remarks
	References
End to End Autorship Email Verification Framework for a Secure Communication
	1 Introduction
	2 Background
		2.1 Email Spoofing
		2.2 Authorship
	3 Related Work
	4 Scenario
		4.1 Attack Model
		4.2 Architecture
	5 Authorship Implementation
		5.1 Features Based Classifier
		5.2 Word Embedding Classifier
	6 Experiments
		6.1 Dataset Analysis
		6.2 Training and Evaluation
	7 Results
		7.1 Individual Writing Style Verification Results
		7.2 End to End Writing Style Verification Results
	8 Discussion
	9 Conclusion and Future Work
	References
Symmetric and Asymmetric Schemes for Lightweight Secure Communication
	1 Introduction
	2 State-of-the-Art and Technical Background
	3 Proposed TRNG/PUF Module for Secure Authentication and Communication
		3.1 Authentication Against Central Authentication Authority
		3.2 Mutual Device Authentication
		3.3 Secure Communication Using Asymmetric Encryption Scheme
		3.4 Secure Communication
	4 Feasibility Review and Testing
	5 Conclusions
	References
Credential Intelligence Agency: A Threat Intelligence Approach to Mitigate Identity Theft
	1 Introduction
	2 Related Work
		2.1 The User Perspective on Passwords
		2.2 Identity Leakage
		2.3 Threat Intelligence and Information Retrieval
	3 Context and Idea of the Threat Intelligence System
	4 A System for Generating Threat Intelligence Feeds
	5 Gathering News Articles
	6 Classifying News Articles
		6.1 Building and Evolving Test and Training Set
		6.2 The Classifier
		6.3 Preprocessing
		6.4 Choosing Suitable Quality Measures and Hyperparameter
		6.5 Evolving the Model and the Labeled Dataset
	7 Attributing Articles
	8 Presenting the Threat Intelligence Feed
	9 Evaluation of the Unit Learn
		9.1 Specification of Datasets and Hardware
		9.2 Large Scale Analysis
		9.3 Analyzing the Best Performing Models
		9.4 A Brief Evaluation of the Evolution Step
	10 Conclusion
	References
Key Agreement in the Lightning Network Protocol
	1 Introduction
	2 The Symbolic Approach to Security Analysis
		2.1 The Dolev-Yao Model
		2.2 ProVerif
		2.3 The Applied -Calculus
		2.4 Secrecy and Authenticity
	3 Modelling the Lightning Network Key Agreement Protocol
		3.1 Security Properties
		3.2 Principals and Signature
		3.3 The Behaviour of the Protocol
	4 Representing and Analysing the Protocol Using ProVerif
		4.1 Two Models of Key Assignment
		4.2 The Analysis of the Generalized Model
		4.3 The Analysis of Pre-assigned Key Model
		4.4 A Solution to the Responder Authentication Failure
	5 Conclusions and Ideas for Further Work
	References
Effects of Explanatory Information on Privacy Policy Summarization Tool Perception
	1 Introduction
	2 Related Work
		2.1 Automated Privacy Policy Summaries
		2.2 Explanatory Information in Automated Systems
	3 Methodology
		3.1 Experiment Design
		3.2 Questionnaire
		3.3 Data Collection
	4 Results
		4.1 Sample Characteristics
		4.2 Westin Privacy Segmentation Index
		4.3 Understanding of the Privacy Policy Content
		4.4 Perception of the Tool
		4.5 Open-Ended Comments
	5 Discussion
		5.1 Limitations
	6 Conclusions
	A Appendix
		A.1 Questionnaire Items
		A.2 Interface Information
	References
Harmonic Group Mix: A Framework for Anonymous and Authenticated Broadcast Messages in Vehicle-to-Vehicle Environments
	1 Introduction
	2 Related Work
	3 System Model
		3.1 Group Signatures
		3.2 Mix Network
		3.3 WAVE
		3.4 Attacker
	4 Harmonized Group Mix
		4.1 High Level Overview
		4.2 Roles
		4.3 Protocol
		4.4 Security and Anonymity
	5 Evaluation
	6 Conclusion
	A  Notation
	References
Contextual Factors in Information Security Group Behaviour: A Comparison of Two Studies
	1 Introduction
	2 Information Security Behaviour: A Product of Circumstance?
	3 Experimentation
		3.1 Experimental Setup
		3.2 Contextual Environment
		3.3 Behavioural Threshold Analysis
	4 A Comparison of Two Studies Through Behavioural Threshold Analysis
	5 Discussion
	6 Conclusion
	Appendix
	References
Using MedBIoT Dataset to Build Effective Machine Learning-Based IoT Botnet Detection Systems
	1 Introduction
	2 Background Information
		2.1 Botnets and DDoS Attacks
		2.2 Intrusion Detection Systems
		2.3 Literature Review on Machine Learning-Based IDS
		2.4 IoT Botnet Attack Anomaly Detection Datasets
	3 Method
		3.1 IoT Network Topology
		3.2 IoT Behavior
		3.3 IoT Behavior Verification
	4 Results
		4.1 IoT Botnet Data Set
		4.2 IoT Behavior Verification
	5 Conclusions
	References
Author Index