Invited Talk 1
13:40-14:40, November 7, 2012
Abstract.
We performed a sanity check of public keys collected on the
web. Our main goal was to test the validity of the assumption that
different random choices are made each time keys are generated. We
found that the vast majority of public keys work as intended. A more
disconcerting finding is that two out of every one thousand RSA moduli
that we collected offer no security. Our conclusion is that the
validity of the assumption is questionable and that generating keys in
the real world for ``multiple-secrets'' cryptosystems such as RSA is
significantly riskier than for ``single-secret'' ones such as ElGamal
or (EC)DSA which are based on Diffie-Hellman.
Materials.
Invited Talk 2
11:30-12:30, November 8, 2012
- The Insider Problem, Inside Out
Matt Bishop
Department of Computer Science,
University of California, Davis
Abstract.
The insider problem is considered one of the most serious in computer
security. But the precise definition of "insider" varies, sometimes
wildly, among researchers. The result is that the problem, in its most
broadest sense, is ill-defined. This talk will examine the problem of
insider attacks, beginning with a characterization that encompasses
earlier definitions of the "insider". It then will examine current
defenses and detection methods, placing them in that context, and
propose an analysis technique for identifying those who might pose the
greatest risk. We conclude by using this approach to examine the
buying and selling of real estate over the Internet.
Invited Talk 3
13:50-14:50, November 8, 2012
- Recent Topics on Functional Encryption
Katsuyuki Takashima
Mitsubishi Electric
Abstract.
In a traditional public key encryption system, data is encrypted to a particular individual who is fixed by a public key. Functional encryption (FE) gives a new way of sharing encrypted data, and removes this restriction on receivers, where a sender can specify a wide variety of receiver sets, and has fine-grained control over revealed information on encrypted data, under the same public key. Several specific encryption systems fall into this general framework, e.g. identity-based encryption (IBE), inner product encryption (IPE), and attribute-based encryption (ABE), which realize flexible private data sharing. However, since the security of the expressive systems is given by a complicated condition, proving their security is especially challenging. This presentation will introduce a notion of FE, and recent progress on security enhancement techniques on FE. It includes a randomness amplification technique for the complicated security condition under a ``short" public key, for achieving fully secure ``unbounded" FE, which is published in ASIACRYPT 2012.
Invited Talk 4
10:00-11:10, November 9, 2012
- Challenges for making scalable security management for information and communication infrastructure
Suguru Yamaguchi
Nara Institute of Science and Technology
Abstract.
Management of information security has No.1 priority in operation of
information infrastructure for various organizations in both public
and private sectors. Adding more components such as mobile devices and
cloud computing clusters has made the more complicated reality for
infrastructure management tasks. Introducing various technology and
engineering for improving the scalability on information security
management is highly required today, otherwise, management tasks
overflows with various security management, especially for data
security management in huge space of storages. In this invited talk,
the speaker summarizes the current situation on rapidly changing
aspect of information infrastructure, and overviews technical
requirement on security management for today. The speaker also
introduces his challenges on such scalability improvements for
security management tasks.
James Hughes
Huawei Technology