## Program Committee Chairs:

 Emil SIMION ITA – Advanced Technologies Institute and University “Politehnica” from Bucharest ROMANIA Pooya FARSHIM ENS FRANCE

## Program Committee – Surname alphabetical order

 Elena ANDREEVA COSIC, KU Leuven BELGIUM Ludovic APVRILLE Institut Mines-Telecom / Telecom ParisTech FRANCE Gildas AVOINE INSA Rennes FRANCE Manuel BARBOSA HASLab – INESC TEC and FCUP PORTUGAL Ion BICA Military Technical Academy ROMANIA Catalin BOJA Bucharest University of Economic Studies ROMANIA Liqun CHEN Surrey University UK Christophe CLAVIER Université de Limoges FRANCE Paolo D’ARCO University of Salerno ITALY Joan DAEMEN STMicroelectronics and Radboud University in Nijmegen NETHERLANDS Roberto De Prisco Università degli Studi di Salerno ITALY Eric DIEHL Sony Pictures USA Iati DINUR Ben Gurion University ISRAEL Stefan DZIEMBOWSKI Warsaw University POLAND Bao FENG Huawei CHINA Eric FREYSSINET Ministry of Interior / Cyberthreats delegation FRANCE Nicolas GAMA University of Versailles FRANCE Helena HANDSCHUH Rambus – Cryptography Research USA Shoichi HIROSE University of Fukui JAPAN Xinyi HUANG Fujian Normal University CHINA Miroslaw KUTYLOWSKI Wroclaw University of Technology POLAND Jean-Louis LANET INRIA FRANCE Giovanni LIVRAGA Università degli Studi di Milano ITALY Konstantinos MARKANTONAKIS ISG, Royal Holloway, University of London UK Florian MENDEL TU Graz AUSTRIA Bart MENNINK Radboud University in Nijmegen NETHERLANDS Kazuhiko MINEMATSU NEC Corporation JAPAN David NACCACHE ENS FRANCE Rene PERALTA NIST USA Bart PENEEL COSIC, KU Leuven BELGIUM Reza REYHANITABAR NEC Laboratories Europe GERMANY Peter Y.A. RYAN University of Luxembourg LUXEMBOURG Victor Valeriu PATRICIU Military Technical Academy ROMANIA Damien SAUVERON University of Limoges FRANCE Agusti SOLANAS Smart Health Research Group, Rovira i Virgili University SPAIN Rainer STEINWANDT Florida Atlantic University USA Willy SUSILO University of Wollongong Australia Mihai TOGAN Military Technical Academy ROMANIA Cristian TOMA Bucharest University of Economic Studies ROMANIA Ferucio Laurentiu TIPLEA Alexandru Ioan Cuza University of Iasi ROMANIA Denis TRCEK University of Ljubljana SLOVENIA Michael TUNSTALL Rambus – Cryptography Research USA Serge VAUDENAY EPFL SWITZERLAND Ingrid VERBAUWHEDE COSIC, KU Leuven BELGIUM Guilin WANG Huawei CHINA Qianhong WU Beihang University CHINA Lei ZHANG East China Normal University CHINA

## Organization Committee and Technical Support Team

• Mihai DOINEA – Bucharest University of Economic Studies, ROMANIA
• Cristian CIUREA – Bucharest University of Economic Studies, ROMANIA
• Luciana MOROGAN – Military Technical Academy, ROMANIA
• Andrei-George OPRINA – Advanced Technologies Institute, ROMANIA
• Marius POPA – Bucharest University of Economic Studies, ROMANIA
• Mihai PURA – Military Technical Academy, ROMANIA
• Mihai TOGAN – Military Technical Academy, ROMANIA
• Marian HAIDUCU – IMAR – Institute of Mathematics of the Romanian Academy, ROMANIA

## Call for papers:

SECITC brings together computer security researchers, cryptographers, industry representatives and graduate students interested in any aspect of information security and privacy. One of SECITC’s primary goals is to bring together security and privacy researchers and professionals from different communities and provide a forum allowing the informal exchanges necessary for the emergence of new scientific and industrial collaborations. SECITC 2016 post-proceedings was published by Springer as LNCS vol. 10006 and for SECITC 2015 post-proceedings was published by Springer as LNCS vol. 9522 in a book titled “Innovative Security Solutions for Information Technology and Communications”. Paper submission and refereeing for SECITC 2017 will take place via EasyChair and the post-proceedings will be published by Springer in the Lecture Notes in Computer Science (LNCS) series.

One originality of SECITC is its Exploits Session. In this session, new exploit authors will be invited to explain how exploits were discovered and submit a formal research paper describing their discoveries. While the discovery of new exploits is a high-risk high-gain investment that requires creativity and tenacious work, exploits are usually difficult to publish in mainstream research conferences. Exploit paper acceptance criteria will be the exploit’s nature, novelty and impact.

The conference topics comprise all aspects of information security, including but not limited to the following areas:
Access control, Algorithmic tools for security and cryptography, All aspects of cryptography, Application security, Attacks and defences, Authentication biometry, Censorship and censorship-resistance, Cloud Security, Distributed systems security, Embedded systems security, Digital forensics, Hardware security, Information flow analysis, Internet of Things (IoT) Security, Intrusion detection, Language-based security, Malware, Mobile security and privacy, Network security, New exploits, Policy enforcements, Privacy and anonymity, Protocol security, Reverse-engineering and code obfuscation, Security architectures, Security aspects of alternative currencies, Side channel attacks, Surveillance and anti-surveillance, System security.

### Instructions for authors:

Submissions must not substantially duplicate work that any of the authors has published elsewhere or has submitted in parallel for consideration of any other journal, conference/workshop with proceedings. The submission should begin with a title followed by a short abstract and keywords. Submissions must be in PDF format and should have at most 12 pages excluding the bibliography and appendices, and at most 20 pages in total, using at least 11-point fonts and with reasonable margins. All submissions must be anonymous. The reviewers are not required to read appendices—the paper should be intelligible without them. Submissions not meeting these guidelines risk rejection without consideration of their merits. Authors of accepted papers should guarantee that at least one of the authors will attend the conference and present their paper.
Paper submission and review process is handled via EasyChair platform. All submissions must be in PDF format. For paper submission follow the following link: https://easychair.org/conferences/?conf=secitc2017

As the final accepted papers will be published in LNCS by Springer, it is recommended that the submissions be processed in LaTeX2e according to the instructions listed on the Springer’s LNCS Webpage: www.springer.com/lncs. These instructions are mandatory for the final papers.
In particular, Springer’s LNCS paper formatting requirements can be found at:
http://www.springer.com/computer/lncs/lncs+authors?SGWID=0-40209-0-0-0

## KEYNOTE SPEAKERS:

#### David NACCACHE

Bio: David Naccache heads the ENS’ ISG. My research areas are code security, forensics, the automated and the manual detection of vulnerabilities. Before joining ENS Paris (PSL), he was a professor during 10 years at UP2 (Sorbonne Universités). He previously worked for 15 years for Gemplus (now Gemalto), Philips (now Oberthur) and Thomson (now Technicolor). He studied at UP13 (BSc), UP6 (MSc), IMAC (Eng), TPT (PhD), UP7 (HDR), IHEDN and ICP (STB underway). He is a forensic expert by several courts, a member of OSCP and the incumbant of the Law and IT forensics chair at EOGN. Visit www.ens-paris.fr for for contact information, affiliations, ex-PhD students, editorial boards, awards, publications and hobbies.

Title of the presentation: Exploring Naccache-Stern Knapsack Encryption, Common work with Eric Brier and Rémi Géraud

Abstract: The Naccache–Stern public-key cryptosystem (NS) relies on the conjectured hardness of the modular multiplicative knapsack problem: Given $p,\{v_i\},\prod&space;v_i^{m_i}&space;\bmod&space;p,&space;find\&space;the&space;\&space;\{m_i\}.\smallskip$
Given this scheme’s algebraic structure it is interesting to systematically explore its variants and generalizations. In particular it might be useful to enhance NS with features such as semantic security, re-randomizability or an extension to higher-residues.
This paper addresses these questions and proposes several such variants.

#### Damien Vergnaud

Bio: Damien Vergnaud is an associate professor at École normale supérieure (Paris, France). He holds a doctorate degree in mathematics from the Université de Caen Basse-Normandie (France). His research interests include the design of efficient and secure cryptographic protocols, theoretical aspects of provable security and number theory. In 2017, he was nominated at the “Institut Universitaire de France”.

Title of the presentation: Security of Pseudo-Random Number Generators With Input

Abstract: A pseudo-random number generator (PRNG) is a deterministic  algorithm that produces numbers whose distribution is indistinguishable from uniform. A formal security model for PRNG with input was proposed in 2005 by Barak and Halevi. This model involves an internal state that is refreshed with a (potentially biased) external random source, and a cryptographic function that outputs random numbers from the internal state. In this talk, we will discuss the Barak-Halevi model and its extension proposed in 2013 by Dodis, Pointcheval, Ruhault, Wichs and Vergnaud to include a new security property capturing how a PRNG should accumulate the entropy of the input data into the internal state. We will present analysis of the security of real-life PRNGs in this model and present efficient constructions that achieve provable security.

#### Peter Y A Ryan

Bio: Peter Ryan is full Professor of Applied Security at the University of Luxembourg. He has over 20 years of experience in cryptography, information assurance and formal verification. He was one of the pioneers in the application of process algebras to modelling and analysis of secure systems. Ryan has published extensively on cryptography, cryptographic protocols, mathematical models of computer security and, most recently, high assurance voting systems. He is the creator of Prêt à Voter, Pretty Good Democracy (with Vanessa Teague) and OpenVote (with Feng Hoa) and Selene (with P Roenne and V Iovino) verifiable voting schemes. With Feng Hao he proposed the Password Authenticated Key Establishment Protocol J-PAKE. Peter Ryan has (co-) chaired or been on the program committees of numerous, prestigious security conferences. He founded and co-chaired the new workshop series Voting’16 and Voting’17 in association with Financial Crypto. He is a Visiting Professor at the University of Surrey and the ENS Paris.

Title of the presentation: Securing the Foundations of Democracy

Abstract: Democracy is under threat. This has been high-lighted by the recent US residential election which was fraught with suspicions of hacking of voting technologies, the campaign Processes, media bias and fake news, information bubbles in social media etc. Many of these problems arise from insecurities in digital technologies. The partial recounts conducted, against fierce legal opposition, in Pennsylvania, Michigan and Wisconsin did not produce evidence of vote manipulation, but they did serve to expose the serious vulnerabilities in many US voting technologies, in particular the pure electronic, paperless (DRE) devices.  In this talk I focus on the technologies surrounding the conduct of elections, a small but important element in the problem, but one in which significant progress has been made in recent years. I argue that elections should be “evidence based”, that is to say they should be conducted in such a way as to produce sufficient evidence to convince even skeptics, e.g. the losers, that the announced result is a true reflection of the legitimately cast votes. But we must of course balance such transparency against requirements of ballot privacy and coercion resistance. I will overview recent advances in “end-to-end verifiable” schemes and risk-limiting audits.

#### Sylvain GUILLEY

Bio: Sylvain GUILLEY is director of the Business Line “Think Ahead” at Secure-IC (http://www.Secure-IC.com), an international SME headquartered in Rennes (France), with business branches in Paris, Singapore and Tokyo.Sylvain is also “Ingénieur en Chef des Mines” and Full Professor atTelecom ParisTech, Universite Paris-Saclay, France. He has been conducting researches towards defining provable securearchitectures for trusted computing for more than ten years.Altogether, Sylvain authored more than 200 scientific publications andpatents related to security and embedded systems.He is a member of the IACR, of the IEEE and of the Cryptarchi club(senior member).Sylvain graduated from Ecole Polytechnique (X97), TELECOM-ParisTech(ENST 2002), and got a MSc from ENS Paris 6 University (2010, in thefield of quantum physics), a PhD from TELECOM-ParisTech (2007, in thefield of digital electronics) and an HDR from Paris 7 University (2012,in the field of mathematical cryptography).Today, Sylvain is an active member in the ISO/IEC sub-committee SC27,dealing with information security.Sylvain is editor for standard projects on physically unclonable functions (ISO 20897) and side-channel calibration (ISO 20085). Sylvain is also a rapporteur for a study period on White Box Cryptography,and leads a French-wide national project on quantum-safecryptography (RISQ: http://www.risq.fr).

Title of the presentation: Stochastic Side-Channel Leakage Analysis via Orthonormal Decomposition

Abstract: Side-channel attacks of maximal efficiency require an accurate knowledge of the leakage function.Template attacks have been introduced by Chari et al. at CHES 2002 to estimate the leakage function using available training data. Schindler et al. noticed at CHES 2005 that the complexity of profiling could be alleviated if the evaluator has some prior knowledge on the leakage function.The initial idea of Schindler is that an engineer can model the leakage from the structure of the circuit.However, for some thin CMOS technologies or some advanced countermeasures, the engineer intuition might not be sufficient. Therefore, a method to research a leakage function based on profiling is important. In the state-of-the-art, though, the profiling stage is conducted based on a linear regression in a non-orthonormal basis, which does not allow for easy interpretation, since components are not independent. In this paper, we present a method to characterize the leakage based ona Walsh-Hadamard orthonormal basis with staggered degrees, which allows for direct interpretation in terms of bits interactions.The straightforward application is the characterization of a class of devices, in a view to understand their leakage structure.Such information is precious for designers and also for evaluators, who can devise attack bases relevantly.

#### Claudio ORLANDI

Bio: Claudio Orlandi got his PhD in 2011 from Aarhus University (Denmark), where he works now as an associate professor after a postdoc at Bar-Ilan University (Israel). During the last decade he has made significant contributions to the theory and practice of cryptographic protocols, with focus on two-party secure computation protocols with security against active adversaries. He is the chair of the CryptoAction, a EU funded network of research in cryptography.

Title of the presentation: Faster Zero-Knowledge Protocols and Applications

Abstract: Zero-knowledge protocols (ZKP) are one of the cornerstones of mod- ern cryptography. In a nutshell, a ZKP allows a prover P (with a secret input x) to persuade a verifier V that f(x) = 1 for some public function f, without disclosing to V any other information about x. In this talk I will present two recent ZKPs, known as ZKGC [4, 2] and ZKBoo [3]. These are the first ZKPs that allow to prove interesting, non-algebraic statements (such as “I know x such that SHA-256(x) = y” for a public y), in the order of tens of milliseconds on a standard computer. As ZKPs are ubiquitous in cryptography, this line of research has already enabled many interesting applications. In particular, I will show how ZKBoo allows to construct post-quantum signature schemes using symmetric-key primitives [1] only.
Acknowledgements. Research supported by the Danish Council for Independent Research, COST Action IC1306 and the the European Union Horizon 2020 re- search and innovation programme under grant agreement No 731583 (SODA).

References
1. Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ra- macher, Christian Rechberger, Daniel Slamanig, and Greg Zaverucha. Post-quantum zero-knowledge and signatures from symmetric-key primitives. Cryptology ePrint Archive, Report 2017/279, 2017. http://eprint.iacr.org/2017/279.
2. Tore Kasper Frederiksen, Jesper Buus Nielsen, and Claudio Orlandi. Privacy-free garbled circuits with applications to efficient zero-knowledge. In Advances in Cryp- tology – EUROCRYPT 2015, pages 191–219, 2015.
3. Irene Giacomelli, Jesper Madsen, and Claudio Orlandi. Zkboo: Faster zero- knowledge for boolean circuits. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016., pages 1069–1083, 2016.
4. Marek Jawurek, Florian Kerschbaum, and Claudio Orlandi. Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently. In 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, Berlin, Germany, November 4-8, 2013, pages 955–966, 2013.

#### Ferucio Laurentiu TIPLEA

Bio: Ferucio Laurentiu Tiplea received the Ph.D. degree in computer science from “Alexandru Ioan Cuza” University of Iasi, Romania, in 1993. He joined the Department of Computer Science of the aforementioned university in 1990, where he is currently Professor of Computer Science. Dr. Tiplea’s research interests lie in the area of theories and tools for high-level modeling, design, and analysis of systems, computability and complexity, and cryptography and computer security. He published more than 80 papers in professional journals and refereed conference proceedings in these areas, co-edited five conference volumes, contributed to six edited volumes, and delivered invited talks at many universities and international conferences. Dr. Tiplea was the recipient of several fellowships, such as the Fulbright Fellowship, German Academy Fellowship, DAAD Fellowship, Monbusho Fellowship. From December 2003 to May 2006 he held a Visiting Professor position at University of Central Florida, School of Computer Science, Orlando (USA).

Title of the presentation: Key-policy Attribute-based Encryption from Bilinear Maps

Abstract: Attribute-based encryption (ABE) is a new paradigm in cryptography, where messages are encrypted and decryption keys are computed in accordance with a given set of attributes and an access structure on the set of attributes. There are two forms of ABE: key-policy ABE (KP-ABE) and cipher text-policy ABE (CP-ABE). In a KP-ABE, each message is encrypted together with a set of attributes and the decryption key is computed for the entire access structure; in a CP-ABE, each message is encrypted together with an access structure while the decryption keys are given for specific sets of attributes.
In this talk we discuss on the possibility of constructing KP-ABE schemes from bilinear maps or simpler forms of leveled multi-linear maps. Selective security of the schemes in the standard model is also discussed.

#### Konstantinos MARKANTONAKIS

Bio: Prof Konstantinos Markantonakis B.Sc. (Lancaster University), M.Sc., MBA, Ph.D. (London) received his BSc (Hons) in Computer Science from Lancaster University in 1995, his MSc in Information Security in 1996, his PhD in 2000 and his MBA in International Management in 2005 from Royal Holloway, University of London. He is the Director of the Information Security Group Smart Card Centre (SCC). His main research interests include smart card security and applications, secure cryptographic protocol design, key management, embedded system security and trusted execution environments, mobile phone operating systems/platform security, NFC/RFID/HCE security, grouping proofs, electronic voting protocols. He has published more than 160 papers in international conferences and journals. Since completing his PhD, he has worked as an independent consultant in a number of information security and smart card related projects. He is also a member of the IFIP Working Group 8.8 on Smart Cards. Since June 2014, he is vice chair of IFIP WG 11.2 Pervasive Systems Security. He continues to act as a consultant on a variety of topics including smart card security, key management, information security protocols, mobile devices, smart card migration program planning/project management for financial institutions, transport operators and technology integrators.

Title of the presentation: Ambient Sensing Based Relay Attack Detection in Smartphone Contactless Transactions

Abstract: Relay attacks are passive man in the middle attacks, aiming to extend the physical distance of devices involved in a transaction beyond their operating environment. In the field of smart cards, distance bounding protocols have been proposed in order to counter relay attacks. In the field of smartphones, proposals have been put forward suggesting sensing the natural ambient environment as a potentially effective means for proximity/relay attack detection. However, these proposals are not in compliance with industry imposed constraints (e.g. EMV and ITSO) that mandate that transactions should complete within a certain time-frame (e.g. 500ms for EMV contactless transactions). We evaluated the effectiveness of 17 ambient sensors, widely available in modern smartphones, as a proximity/relay attack detection method for time restricted contactless transactions. Threshold-based and machine learning analysis techniques demonstrated limited effectiveness of natural ambient sensing in countering relay attacks in such transactions. We proposed the generation of an artificial ambient environment (AAE) as a potential alternative. The use of infrared light as an AAE actuator was evaluated. Our results indicate a high success rate, while the proposed solution is in compliance with industry requirements.

## REGISTRATION:

#### Fees

• The conference registration fee is 300 € (EURO) for non-students.
• The conference promotes results obtained by young researchers (undergraduate, graduate, master students, and Ph.D. students) by providing free participation opportunities, but the publishing and operational costs are covered by a fee of 150 € (EURO). Young researchers must provide proof of their university enrollment and must present results obtained individually or with other fellow students.

#### Payment

• Payment can be done only by bank transfer.
• The bank accounts (IBAN) are:

• For ROL (Romanian currency), Transilvania Bank: RO21 BTRL RONC RT00 G606 7701
• For EUR (European currency), Transilvania Bank: RO06 BTRL EURC RT00 G606 7701
• The SWIFT code of Transilvania Bank is: BTRLRO22
• BENEFICIARY DETAILS: “Asociatia Clubul Informaticii Economice – Cyber Knowledge Club” Non-Profit Association, Fiscal Registration Code (CIF) / Unique Registration Code (CUI): 31079668, No. Reg. Comm.: J84/21.11.2012, Social Address: Bld. Mărăşeşti 19/4, District 4, Bucharest, with postal address: str. Calea Dorobantilor no. 15-17, “Virgil Madgearu” Building, room 2210 / 2315, District 1, Bucharest, web: www.cyberknowledgeclub.org
• Authors are requested to send to the Conference e-mail (secitc@ase.ro and secitc@gmail.com) the bank transfer confirmation document in order to validate the payment. Until the secretariat receives the document, the registration is considered incomplete.
• Authors must pay the international transfer fee requested by the bank.

#### Registration benefits

• Paper publication in the Springer’s LNCS or Conference Proceedings volume with ISBN / ISSN number.
• Access to all conference sessions, keynote lectures, coffee breaks, other documentation, conference bag / conference folder.
• Authors of the papers will receive an invitation to submit a version of their work to the on-line journal, JMEDS
• Authors of the papers which contains quantitative security tests will receive an invitation to submit a version of their work to the on-line journal, JAQM.

#### Important notes

• There will be no refunds for cancellations received after the registration date.
• If the payment is made by cheque, the authors must support the extra fee for bank handling costs.

## INFO:

SECITC 2017 will take place in the heart of Bucharest, the capital of Romania, at Bucharest University of Economic Studies – www.ase.ro. For the location please check out Google Maps: https://goo.gl/maps/x3WCLJwRMvS2. For the complete URL, please access this link.

The Google map – embedded object: