Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices

These proceedings contain the papers selected for presentation at the 4th Wo- shop on Information Security Theory and Practice (WISTP 2010), held during April 12-14, 2010 in Passau, Germany. In response to the call for papers, 69 papers were submitted to the wo- shop. These papers were evaluated on the basis of their signi?cance, novelty, and technicalquality. Eachpaper was reviewedby four members of the Program Committee. Reviewing was double-blind meaning that the Program Committee was not able to see the names and a?liations of the authors, and the authors were not told which committee members reviewed which papers. The Program Committee meeting was held electronically, holding intensive discussions over a periodoftwo weeks.Of the papers submitted, 20 full papersand 10shortpapers were selected for presentation at the workshop. This workshop was sponsored by Vodaphone, who also provided a best - per award. We would like to thank this organization for their support, which helped make this workshop possible. Their continued support helps to reduce registration fees and make WISTP a continuing success. WISTP 2010 was also organized in cooperation with the International - sociation for Cryptologic Research (IACR), the IFIP WG 11.2 Pervasive S- tems Security, and ACM SIGSAC. Their support has signi?cantly contributed to raising the pro?le of WISTP, which is re?ected in the number of high-quality submissions that we received.

Inhalt

Embedded Security.- Efficient and Effective Buffer Overflow Protection on ARM Processors.- Efficient Entropy Estimation for Mutual Information Analysis Using B-Splines.- A Probabilistic Diffusion Scheme for Anomaly Detection on Smartphones.- A Smart Card Implementation of the McEliece PKC.- Evaluation Metrics of Physical Non-invasive Security.- Protocols.- Trust in Peer-to-Peer Content Distribution Protocols.- Generic Constructions of Biometric Identity Based Encryption Systems.- Design and Analysis of a Generalized Canvas Protocol.- Highly Constrained Embedded Systems.- Efficient Mutual Authentication for Multi-domain RFID Systems Using Distributed Signatures.- Practical Schemes for Privacy and Security Enhanced RFID.- MoteAODV - An AODV Implementation for TinyOS 2.0.- Security.- Random Number Generation Based on Fingerprints.- Improvements of pan-European IDM Architecture to Enable Identity Delegation Based on X.509 Proxy Certificates and SAML.- Fraud Detection for Voice over IP Services on Next-Generation Networks.- Smart Card Security.- Proxy Smart Card Systems.- Can We Support Applications' Evolution in Multi-application Smart Cards by Security-by-Contract?.- Website Credential Storage and Two-Factor Web Authentication with a Java SIM.- Algorithms.- Attribute-Based Encryption with Break-Glass.- On the Security of a Two-Factor Authentication Scheme.- The Design of Secure and Efficient P2PSIP Communication Systems.- Hardware Implementations.- Novel FPGA-Based Signature Matching for Deep Packet Inspection.- Towards Electrical, Integrated Implementations of SIMPL Systems.- A Very Compact Hardware Implementation of the KASUMI Block Cipher.- Embedded Systems.- Secure and Usable Out-Of-Band Channels for Ad Hoc Mobile Device Interactions.- Identification and Verification of Security Relevant Functions in Embedded Systems Based on Source Code Annotations and Assertions.- Security Analysis of Mobile Phones Used as OTP Generators.- An Energy-Efficient Symmetric Cryptography Based Authentication Scheme for Wireless Sensor Networks.- Anonymity/Database Security.- The Market Failure of Anonymity Services.- Exploiting Node Mobility for Coordinating Data Usage in Crisis Scenarios.- Predicting and Preventing Insider Threat in Relational Database Systems.