Omschrijving
This book constitutes the thoroughly refereed proceedings of the 11th International Conference on Financial Cryptography and Data Security, FC 2007, and the co-located 1st International Workshop on Usable Security, USEC 2007, both held in Scarborough, Trinidad/Tobago, in February 2007.
The book includes 17 revised full papers, 1 system presentation paper and the transcriptions of 5 panel sessions from FC 2007. The papers, which were carefully reviewed and selected from 85 submissions, are organized in topical sections on Payment Systems, Anonymity, Authentication, Anonymity and Privacy, Cryptography and Commercial Transactions, Financial Transactions and Web Services, and Cryptography. The book concludes with 5 revised full and 5 revised short papers from the USEC 2007 workshop. This workshop brought together an interdisciplinary group of researchers and practitioners to discuss usability problems and deepen the understanding of users' capabilities and motivations in performing security tasks. The 11th International Conference on Financial Cryptography and Data Security (FC 2007, http://fc07. ifca. ai), organized by the International Financial Crypt- raphy Association (IFCA, http://www. ifca. ai/), was held in Tobago, February 12¿15, 2007. The conference is a well-established and premier international - rum for research, advanced development, education, exploration, and debate - garding security in the context of ?nance and commerce. We continue to cover all aspects of securing transactions and systems, which this year included a range of technical areas such as cryptography, payment systems, anonymity, privacy, - thentication, and commercial and ?nancial transactions. For the ?rst time, there was an adjacent workshop on Usable Security, held after FC 2007 in the same - cation. The papers are included in the last part of this volume. The conference goal was to bring together top cryptographers, data-security specialists, and c- puter scientists with economists, bankers, implementers, and policy makers. The goal was met this year: there were 85 submissions, out of which 17 research papers and 1 system presentation paper were accepted. In addition, the conference featured two distinguished speakers, Mike Bond and Dawn Jutla, and two panel sessions, one on RFID and one on virtual economies. As always, there was the rump session on Tuesday evening, colorful as usual. Keynote Address
Leaving Room for the Bad Guys (Abstract)
1
Mike Bond
Payment Systems
Vulnerabilities in First-Generation RFID-enabled Credit Cards
2
Thomas S. Heydt-Benjamin, Daniel V. Bailey, Kevin Fu, Ari Juels, and Tom O'Hare
Conditional E-Cash
15
Larry Shi, Bogdan Carbunar, and Radu Sion
A Privacy-Protecting Multi-Coupon Scheme with Stronger Protection Against Splitting
29
Liqun Chen, Alberto N. Escalante B., Hans L hr, Mark Manulis, and Ahmad-Reza Sadeghi
Panel
Panel: RFID Security and Privacy (Abstract)
45
Kevin Fu
Position Statement in RFID S&P Panel: RFID and the Middleman
46
Ross Anderson
Position Statement in RFID S&P Panel: Contactless Smart Cards
50
Jon Callas
Position Statement in RFID S&P Panel: From Relative Security to Perceived Secure
53
Yvo Desmedt
Anonymity
A Model of Onion Routing with Provable Anonymity
57
Joan Feigenbaum. Aaron Johnson, and Paul Syverson
K-Anonymous Multi-party Secret Handshakes
72
Shouhuai Xu and Moti Yang
Authentication
Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer
88
Mohammad Mannan and P.C. van Oorschot
Scalable Authenticated Tree Based Group Key Exchange for Ad-Hoc Groups
104
Yvo Desrnedt, Tanja Lange, and Mike Burmester
On Authentication with HMAC and Non-random Properties
119
Christian Rechberger and Vincent Rijmen
Anonymity and Privacy
Hidden Identity-Based Signatures
134
Aggelos Kiayias and Hong-Sheng Zhou
Space-Efficient Private Search with Applications to Rateless Codes
148
George Danezis and Claudia Diaz
Cryptography and Commercial Transactions
Cryptographic Securities Exchanges
163
Christopher Thorpe and David C. Parkes
Improved Multi-party Contract Signing
179
Aybek Mukhamedov and Mark Ryan
Informant: Detecting Sybils Using Incentives
192
N. Boris Margolin and Brian N. Levine
Financial Transactions and Web Services
Dynamic Virtual Credit Card Numbers
208
Ian Molloy, Jianytao Li, and Ninghui Li
The Unbearable Lightness of PIN Cracking
224
Omer Berkman and Odelia Moshe Ostrovsky
Panel
Virtual Economies: Threats and Risks
239
Christopher Thorpe, Jessica Hammer, Jean Camp, Jon Callas, and Mike Bond
Invited Talk
Usable SPACE: Security, Privacy, and Context for the Mobile User (Abstract)
245
Dawn Jutla
System Presentation
Personal Digital Rights Management for Mobile Cellular Devices
246
Siddharth Bhatt, Bogdan Carbunar, Radu Sion, and Venu Vasudevan
Cryptography
Certificate Revocation Using Fine Grained Certificate Space Partitioning
247
Vipul Goyal
An Efficient Aggregate Shuffle Argument Scheme
260
Jun Furukawa and Hideki Imai
Usable Security Workshop
Preface
277
Rachna Dhamija
Full Papers
An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks
281
Collin Jackson, Daniel R. Simon, Desney S. Tan, and Adam Barth
WSKE: Web Server Key Enabled Cookies
294
Chris Masone, Kwang-Hyun Back, and Sean Smith
Usability Analysis of Secure Pairing Methods
307
Ersin Uzun, Kristiina Karvonen, and N. Asokan
Low-Cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup
325
Cynthia Kuo, Jesse Walker, and Adrian Perrig
Empirical Studies on Software Notices to Inform Policy Makers and Usability Designers
341
Jens Grossklags and Nathan Good
Short Papers
What Instills Trust? A Qualitative Study of Phishing
356
Markus Jakobsson, Alex Tsow, Ankur Shah, Eli Blevis, and Youn-Kyung Lim
Phishing IQ Tests Measure Fear, Not Ability
362
Vivek Anandpara, Andrew Dingman, Markus Jakobsson, Debin Liu, and Heather Roinestad
Mental Models of Security Risks
367
Farzaneh Asgharpour, Debin Liu, and L. Jean Camp
Improving Usability by Adding Security to Video Conferencing Systems
378
April Slayden Mitchell and Alan H. Karp
A Sense of Security in Pervasive Computing Is the Light on When the Refrigerator Door Is Closed?
383
Jakob Illebovg Pagter and Marianne Graves Petersen
Author Index
389