Information Systems Security: 16th International Conference, ICISS 2020, Jammu, India, December 16–20, 2020, Proceedings

Preface
Organization
Abstracts of Keynote Talks
On Adversarial Testing of Cellular Network Protocols
Formalizing Data Deletion in the Context of the Right to be Forgotten
Insecurity Analysis of the IoT Platforms and Systems
A Defense Against Trojan Attacks on Deep Neural Networks
Access Control Convergence: Challenges and Opportunities
Contents
Access Control
A Unified Access Control Model for Calibration Traceability in Safety-Critical IoT
	1 Introduction
	2 Calibration Traceability and Access Control: A Case for Unification
		2.1 Information Flow Constraints
		2.2 Existing Access Control Models and Calibration Traceability
	3 A Unified Access Control Model for Calibration Traceability
	4 Evaluation
		4.1 Case Example: Calibration Traceability for a Sensor Device
		4.2 Performance Evaluation
	5 Discussion and Limitations
	6 Related Work
	7 Conclusion
	References
Learning Attribute-Based and Relationship-Based Access Control Policies with Unknown Values
	1 Introduction
	2 Learning Three-Valued Logic Formulas
		2.1 Problem Definition
		2.2 Learning a Multi-way Decision Tree
		2.3 Algorithm for Learning a Three-Valued Logic Formula
	3 Policy Language with Unknown Attribute Values
	4 The Problem: ReBAC Policy Mining with Unknowns
	5 ReBAC Policy Mining Algorithm
		5.1 Phase 1: Learn Decision Tree and Extract Rules
		5.2 Phase 2: Improve the Rules
	6 Evaluation Methodology
		6.1 Datasets
		6.2 Policy Similarity Metrics
	7 Evaluation Results
		7.1 Comparison with DTRM and DTRM-
		7.2 Experiments with Unknown Attribute Values
	8 Related Work
	References
Reliability and Security for Safety-Critical Service Compositions
	1 Introduction
	2 Background
		2.1 Secure Multiparty Computation
		2.2 Secret Sharing
		2.3 Threshold Signatures
	3 System Model
		3.1 Security Objectives
		3.2 Actors and Data Flow
		3.3 Creation of a Validator Subnet
	4 Reliable Service Composition Protocol
	5 Evaluation
		5.1 Case Study
		5.2 Implementation
		5.3 Performance
		5.4 Discussion and Future Work
	6 Related Work
	7 Conclusion
	References
AI/ML in Security
A Defence Against Input-Agnostic Backdoor Attacks on Deep Neural Networks
	1 Introduction
	2 Backdoor Attacks
	3 A Plug-In Backdoor Defense: STRIP
		3.1 Overview
		3.2 Results
		3.3 Experimental Setup
		3.4 MNIST
		3.5 CIFAR10
		3.6 Discussion
	4 Conclusion
	References
An Overview of Cyber Threat Intelligence Platform and Role of Artificial Intelligence and Machine Learning
	1 Introduction
	2 Overview of Cyber Threat Intelligence
	3 GAP Identified
	4 Role of AI and ML in CTI Platform
	5 Proposed Model for Using AI and ML with Cyber Threat Intelligence Domain
		5.1 Outline of the Proposed Model
		5.2 Data Accumulation
		5.3 Feature Extraction and Language Processing
		5.4 Machine Learning Classifier
		5.5 Performance of the Proposed Model
	6 Future Scope of the Proposed Model
	7 Conclusion
	References
Machine Learning Based Android Vulnerability Detection: A Roadmap
	1 Introduction
	2 Related Work
	3 Data Extraction Methodology
	4 Android Vulnerability Trend
	5 Discussions and Future Directions
	6 Conclusion
	References
Privacy and Web Security
Revelio: A Lightweight Captcha Solver Using a Dictionary Based Approach
	1 Introduction
	2 Automatic Captcha Solver
		2.1 Captcha Characteristics
		2.2 Captcha Training
		2.3 Captcha Solving
	3 Experiments
		3.1 CNN Based Approach
		3.2 Results
		3.3 Design Recommendations
	4 Related Work
	5 Conclusion
	References
Privacy-Preserving Friend Recommendation in an Integrated Social Environment
	1 Introduction
		1.1 Problem Definition
		1.2 Problem Relevance
		1.3 Adversary Model and Protocol Overview
	2 Preliminaries
		2.1 Friend Recommendation Based on Mutual Friends
		2.2 Differential Privacy (DP)
	3 The Proposed Protocol
		3.1 Protocol Initialization
		3.2 The Main Protocol
		3.3 Security Analysis
		3.4 Complexity Analysis
	4 Experimental Results
		4.1 Experimental Setup
		4.2 Empirical Analysis
	5 Related Work
	6 Conclusion
	References
A Toolkit for Security Awareness Training Against Targeted Phishing
	1 Introduction
	2 Background and Related Work
		2.1 Security Awareness Training
		2.2 Targeted Phishing
		2.3 Existing Tooling for (targeted) Phishing Simulations
		2.4 Discussion
	3 Proposed Framework and Implementation
		3.1 Email Customization
		3.2 Domain Selection
	4 A Case Study Application to Oliveira et al.
		4.1 Scenario Limitation of Previous Studies and Research Gap
		4.2 Improved Experiment Design
		4.3 Discussion
	5 Conclusion
	A Phishing Email Templates
		A.1 Liking and Security Template
		A.2 Reciprocation and Social Template
	References
Forensic Source Identification of OSN Compressed Images
	1 Introduction
	2 Proposed Deep Learning Model for Source Camera Identification of OSN Compressed Images
		2.1 Network Architecture
		2.2 Network Parameters
	3 Experiments, Results and Discussion
		3.1 Experimental Setup
		3.2 Performance Evaluation
		3.3 Comparison
	4 Conclusion and Future Work
	References
Cryptography
Cheating Detectable Ramp Secret Sharing with Optimal Cheating Resiliency
	1 Introduction
		1.1 Our Contribution
	2 Preliminaries
		2.1 Ramp Secret Sharing
		2.2 Cheating Model
	3 Ramp Secret Sharing with Cheating Detection
		3.1 Construction - I
		3.2 Construction - II
		3.3 Few Words on Share Size
	4 Conclusion
	References
LiARX: A Lightweight Cipher Based on the LTS Design Strategy of ARX
	1 Introduction
	2 Lightweight Cryptography
		2.1 General Characteristics
		2.2 Existing Designs
	3 ARX
		3.1 Current Scenario
	4 Cipher Design Strategies
		4.1 Wide Trail Strategy (WTS)
		4.2 Long Trail Strategy (LTS)
	5 The LiARX Cipher
		5.1 MARX-2
		5.2 Linear Layer
		5.3 Key Schedule
	6 Experiments
		6.1 Performance Metrics
		6.2 Scenarios
		6.3 Results
	7 Conclusion
	References
Color Visual Cryptography Schemes Using Linear Algebraic Techniques over Rings
	1 Introduction
		1.1 Related Works
		1.2 Our Contribution
	2 Prerequisites
		2.1 The Color Model
		2.2 Color Visual Cryptographic Scheme
		2.3 Some Mathematical Results
	3 Main Results
		3.1 Constructing Color VCS from Smaller Schemes
		3.2 Construction of (n,n)c-CVCS
		3.3 Construction of (2,n)c-CVCS
		3.4 Construction of (k,n)c-CVCS
		3.5 Modification of the Technique
	4 Discussions and Experimental Results
		4.1 Comparison
	5 Conclusion
	References
Systems Security
Secure Calculation for Position Information of IoT Device with Few Communication and Small Secret Information
	1 Introduction
		1.1 Background
		1.2 Communication Types and Security
		1.3 Our Purpose
	2 Preliminaries
		2.1 W-OTS+
		2.2 HMAC
	3 Proposed Method
		3.1 Preparation Phase
		3.2 Commitment Phase
		3.3 Verification Phase
	4 Effectiveness in Practical Operations
		4.1 Accuracy and Computational Cost
		4.2 Influence of Size of Entropy
		4.3 How to Determine the Value of wi
	5 Example Calculation
		5.1 Procedure
		5.2 Evaluation of Efficiency
	6 Security Evaluations
		6.1 Threat Scenario
		6.2 Inverse Calculation of Position Information of Player
		6.3 Forgery Attack of Commitment
		6.4 Impersonation Attack of Player/Verifier
		6.5 Importance of Random Element r
	7 Conclusions
	References
Attacks on Android-Based Smartphones and Impact of Vendor Customization on Android OS Security
	1 Introduction
	2 Literature Survey
	3 Android and Camera Subsystem Security
		3.1 Android\'s Camera Architecture
		3.2 Android Camera\'s Security Mechanisms
	4 Circumventing Android\'s Camera Security
		4.1 Granting Critical Permissions Without Prompting User
		4.2 Capture Picture from Background
		4.3 Disabling Logs
	5 Conclusions
	References
Detection of Malign and Benign PE Files Using Texture Analysis
	1 Introduction
	2 Related Work
	3 PE File Format
	4 Method Proposed
	5 Experiment and Results
	6 Conclusion
	References
Estimating the Cost of Cybersecurity Activities with CAsPeA: A Case Study and Comparative Analysis
	1 Introduction
	2 Costs of Cybersecurity
	3 Related Work
	4 Method Description
	5 Case Study
		5.1 Input Data
		5.2 Results
	6 Comparative Analysis with SQUARE
		6.1 Input Data
		6.2 Results Obtained with CAsPeA
		6.3 Results Obtained with SQUARE
		6.4 Results Analysis
	7 Conclusions
	References
Author Index