RFIDsec 2015 The 11th Workshop on RFID security

WiSec 2015 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks

June 22-26, 2015 NYIT Auditorium on Broadway New York City, New York

WiSec 2014

21st –25th July 2014 St. Anne’s College, Oxford

7th ACM Conference on Security and Privacy in Wireless and Mobile Networks

The 10th Workshop on RFID Security

2

The Location

WiSec 2015 and RFIDsec 2015 will be held at the New York Institute of Technology’s Auditorium on Broadway, located at 1871 Broadway,

New York – just a few blocks from Columbus Circle.

3

Schedule Tuesday, June 23, 2015 8:15 – 8:45 Continental Breakfast 8:45 – 10:15 RFIDsec Tutorial I 10:15 – 10:45 Coffee Break 10:45 – 12:15 RFIDsec Tutorial II 12:15 – 13:15 Lunch 13:15 – 14:15 RFIDsec Keynote 14:15 – 14:45 Coffee Break 14:45 – 16:15 RFIDsec Session 1: PUFs and Applications (Chair: Thomas Plos) 14:45 – 15:15 Security Evaluation and Enhancement of Bistable Ring PUFs (Xiaolin Xu, Ulrich Rührmair, Daniel Holcomb and Wayne Burleson) 15:15 – 15:45 On the Scaling of Machine Learning Attacks on PUFs with Application to Noise Bifurcation (Johannes Tobisch and Georg T. Becker) 15:45 – 16:15 ReSC: RFID-enabled Supply Chain Management and Traceability for Network Devices (Kun Yang, Domenic Forte and Mark Tehranipoor) 16:15 – 16:45 Coffee Break 16:45 – 17:45 RFIDsec Session 2: Side-Channels and Countermeasures (Chair: Matt Robshaw) 16:45 – 17:15 Side Channel Assisted Modeling Attacks on Feed-Forward Arbiter PUFs using Silicon Data (Raghavan Kumar and Wayne Burleson) 17:15 – 17:45 Sharing is Caring – On the protection of Arithmetic Logic Units against Passive Physical Attacks (Hannes Gross)

4

Schedule Wednesday, June 24, 2015 8:15 – 8:45 Continental Breakfast 8:45 – 9:05 Messages from the General Chairs and PC Chairs 9:05 – 10:00 WiSec & RFIDsec Keynote 10:00 – 10:20 Coffee Break 10:20 – 11:50 RFIDsec Session 3: RFID System Attacks 10:20 – 10:50 Practical Experiences on NFC Relay Attacks with Android: Virtual Pickpocketing Revisited (Ricardo J. Rodríguez and José Vila) 10:50 – 11:20 Algebraic Cryptanalysis and ISO/IEC 29167-15 (Carlos Cid, Loic Ferreira, Gordon Procter and Matt Robshaw) 11:20 – 11:50 An RFID Skimming Gate Using Higher Harmonics (Rene Habraken, Peter Dolron, Erik Poll and Joeri de Ruiter) 11:50 – 12:50 Lunch 12:50 – 14:20 WiSec Session 1 14:20 – 14:45 Coffee Break 14:45 – 16:00 WiSec Session 2 16:00 – 17:00 RFIDsec Session 4: Efficient Implementations 16:00 – 16:30 Efficient Full-Size E-Case on MULTOS SmartCards (Gesine Hinterwalder, Felix Riek and Christof Paar) 16:30 – 17:00 Efficient and Secure Delegation of Group Exponentiation to a Single Server (Bren Cavallo, Giovanni Di Crescenzo, Delaram Kahrobaei and Vladimir Shpilrain) 17:30 – Joint Social Event RFIDsec & WiSec

5

Schedule Thursday, June 25, 2015 8:00 – 8:45 Continental Breakfast 8:45 – 10:30 WiSec Session 3 10:30 – 11:00 Coffee Break 11:00 – 12:00 Keynote 12:00 – 12:45 Lunch 12:45 – 13:30 Demos + Posters 13:30 – 14:45 WiSec Session 4 14:45 – 15:00 Short Break 15:00 – 16:15 WiSec Panel 16:15 – 16:45 Coffee Break 16:45 – 18:15 WiSec Session 5

6

Schedule Friday, June 26, 2015 8:15 – 9:00 Continental Breakfast 9:00 – 10:30 WiSec Session 6 10:30 – 11:00 Coffee Break 11:00 – 12:30 WiSec Session 7 12:30 – 12:45 Concluding Remarks 12:45 – 14:00 Lunch (on your own) 14:00 – 17:00 WiSec Tutorial

7

WiSec Technical Sessions Session 1 - PHY Security (Chair: Vincent Lenders)

1. Daniel Steinmetzer, Matthias Schulz and Matthias Hollick. Lockpicking Physical Layer Key Exchange: Weak Adversary Models Invite the Thief

2. Nils Ole Tippenhauer, Heinrich Luecken, Marc Kuhn and Srdjan Capkun. UWB Rapid-Bit-Exchange System for Distance Bounding

3. Elena Pagnin, Anjia Yang, Gerhard Hancke and Aikaterini Mitrokotsa. Short: HB+DB: Mitigating Man-in-the-Middle Attacks Against HB+ with Distance Bounding

4. Roberto Di Pietro and Gabriele Oligeri. Short: Freedom of Speech: Thwarting Jammers via a Probabilistic Approach

Session 2 - Smartphone Security I (Chair: William Enck)

1. Xin Chen and Sencun Zhu. DroidJust: Automated Functionality-Aware Privacy Leakage Analysis for Android Applications

2. Daibin Wang, Haixia Yao, Yingjiu Li, Hai Jin, Deqing Zou and Robert H. Deng. Short: CICC: A Fine-Grained, Semantic-Aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers

3. Suranga Seneviratne, Harini Kolamunna and Aruna Seneviratne. Short: A Measurement Study on Tracking in Paid Mobile Applications

4. Julien Freudiger. Short: How Talkative is your Mobile Device? An Experimental Study of Wi-Fi Probe Requests

8

Session 3 - Smartphone Security II (Chair: N. Asokan) 1. Mingshen Sun, Mengmeng Li and John C.S. Lui. DroidEagle: Seamless

Detection of Visually Similar Android Apps 2. Zhen Xie and Sencun Zhu. AppWatcher: Unveiling the Underground

Market of Trading Mobile App Reviews 3. Denzil Ferreira, Vassilis Kostakos, Alastair R. Beresford, Janne Lindqvist

and Anind K. Dey. Securacy: An Empirical Investigation of Android Applications’ Network Usage, Privacy and Security

4. Roberto Gallo, Ricardo Dahab, Henrique Kawakami, Patricia Hongo, Kaio Karam, Luiz Navarro, Luander Ribeiro and Glauco Junqueira. Short: Security and System Architecture: Comparison of Android Customizations

Session 4 - Authentication and Integrity in Mobile Systems (Chair: Matthias Hollick)

1. Pieter Robyns, Peter Quax and Wim Lamotte. Injection Attacks on 802.11n MAC Frame Aggregation

2. Sebastian Brenza, Andre Pawlowski and Christina Pöpper. A Practical Investigation of Identity Theft Vulnerabilities in Eduroam

3. Lucky Onwuzurike and Emiliano De Cristofaro. Short: Danger is my middle name: Experimenting with SSL Vulnerabilities in Android Apps

Session 5 - Mobile (A)Social Network Security (Chair: Panagiotis Papadimitratos)

1. Stylianos Gisdakis, Thanassis Giannetsos and Panos Papadimitratos. SHIELD: A Data Verification Framework for Participatory Sensing Systems

2. Mahmudur Rahman, Mozhgan Azimpourkivi, Umut Topkara and Bogdan Carbunar. Liveness Verifications for Citizen Journalism Videos

3. Marcin Nagy, Thanh Bui, Emiliano De Cristofaro, N Asokan, Jorg Ott and Ahmad-Reza Sadeghi. How Far Removed Are You? Scalable Privacy-Preserving Estimation of Social Path Length with Social PaL

9

Session 6 - Vehicular Systems Security (Chair: Christina Pöpper)

1. David Förster, Frank Kargl and Hans Löhr. Short: A Framework for Evaluating Pseudonym Strategies in Vehicular Ad-Hoc Networks

2. Célestin Matte, Jagdish Prasad Achara and Mathieu Cunche. Short: Device-to-Identity Linking Attack Using Targeted Wi-Fi Geolocation Spoofing

3. Karim Emara, Wolfgang Wörndl and Johann Schlichter. CAPS: Context-Aware Privacy Scheme for VANET Safety Applications

4. Bruce Debruhl, Sean Weerakkody, Bruno Sinopoli and Patrick Tague. Is Your Commute Driving you Crazy? A Study of Misbehavior in Vehicular Platoons

Session 7 - Side Channels (Chair: Yossi Oren)

1. Yajin Zhou, Lei Wu, Zhi Wang and Xuxian Jiang. Harvesting Developer Credentials in Android Apps

2. Dan Ping, Xin Sun and Bing Mao. TextLogger: inferring longer inputs on touch screen using motion sensors

3. Xingmin Cui, Jingxuan Wang, Lucas C.K. Hui, Zhongwei Xie, Tian Zeng and S.M. Yiu WeChecker: Efficient and Precise Detection of Privilege Escalation Vulnerabilities in Android Apps

10

RFIDsec Tutorial 1 (Tue, 8:45 – 10:15) Contactless Payments Joeri de Ruiter University of Birmingham ABSTRACT This tutorial will explain the EMV contactless protocols, both the Visa and MasterCard variants, and the original EMV protocols on which these are based, and discuss various weaknesses that have been discovered over the years. Here we also discuss and demo the possibilities with relay attacks, and discuss the options for payments with NFC phones. During the tutorial there will be the opportunity to experiment with your own bank cards, if you have a laptop with a working contactless reader. Participants are encouraged to bring all their bank and credit cards. ABOUT THE SPEAKER Joeri de Ruiter is a research fellow in the Security and Privacy group of the University of Birmingham in the United Kingdom. Before that, he worked on his PhD in the Digital Security group of the Radboud University Nijmegen in the Netherlands. His research interests include formal and practical analysis of real-world security protocols. His research resulted in a formal analysis of the EMV protocol (used in bank cards) and the discovery of vulnerabilities in a card reader used for online banking and several widely used TLS implementations.

11

RFIDsec Tutorial 2 (Tue, 10:45 – 12:15) ABCs in Theory and Practice Gergely Alpar Radboud University ABSTRACT Attribute-based credentials (ABCs) were already been designed 10-15 years ago. Yet it is just now that devices — and smart cards, in particular — are strong enough to make them practical. Not only technical possibilities, but also infrastructural and societal demands are arising. Electronic identity systems provide increasingly more functions, and simultaneously, privacy is demanded more and more in such nation-wide ecosystems (see e.g. German eID). ABCs are capable of supporting authentic personal data management in a user-centric and privacy-friendly way. Also, the Internet of Things is a new realm in which ABC implementations can play an important role. This tutorial gives an accessible introduction to the mathematics and cryptography of ABCs (many nice ideas!), and also to demonstrate the IRMA approach, that is, our view about how ABCs can be put in practice. We also present some on-going and future research directions. The topics include: Zero-knowledge, Signatures and commitments, Attribute-based credentials, U-Prove and/or Idemix, IRMA technology, Future of ABCs ABOUT THE SPEAKER Gergely Alpar is a postdoctoral researcher and teacher at the Radboud University (Nijmegen, The Netherlands) with a research focus on privacy, cryptography, identity management and education. He received his Ph.D. in computer science from the Radboud University's Digital Security group in 2015. He holds two Masters degrees, one from Eötvös Loránd University, Hungary, and one from Eindhoven University of Technology, The Netherlands. He plays a leading role in the IRMA project (www.irmacard.org) that puts attribute-based identity management in practice. Gergely also takes active part in the Privacy and Identity Lab, an interdisciplinary research institute in the Netherlands. More information can be obtained from his personal web site (www.cs.ru.nl/~gergely).

12

RFIDsec Keynote (Tue, 13:15 – 14:15) Hardware Trojans for ASICs and FPGAs Christof Paar Ruhr University Bochum & University of Massachusetts Amherst ABSTRACT Countless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security critical, e.g., medical devices, automotive electronics, or SCADA systems. If the underlying ICs in such applications are maliciously manipulated through hardware Trojans, the security of the entire system can be compromised. In recent years, hardware Trojans have drawn the attention of governments and the scientific community. Initially, the primary attacker model was a malicious foundry that could alter the design, i.e., introduce hardware Trojans which could interfere with the (security-sensitive) functionality of a chip. Many other attacker models exist too. For instance, a legitimate IC manufacturer, e.g., a consumer electronics company abroad, might be in cohort with a foreign intelligence agency to alter its products in a way that compromises their security. Even though hardware Trojans have been considerably studied, little is known about how they might look, especially those that are particularly designed to avoid detection. In this talk we introduce two recent research projects which deal with the Trojan insertion in two different types of hardware platforms, ASICs and FPGAs. This is joint work with Georg Becker, Wayne Burleson, Marc Fyrbiak, Philipp Koppe, Franceso Regazzoni and Pawel Swierczynski. ABOUT THE SPEAKER Christof Paar has the Chair for Embedded Security at the University of Bochum, Germany, and is research professor at the University of Massachusetts at Amherst. He co-founded, with Cetin Koc, the CHES conference. Christof’s research interests include highly efficient software and hardware realizations of cryptography, physical security, penetration of real-world systems, trusted systems and cryptanalytical hardware. He also works on real-world applications of embedded security, e.g., in cars, consumer devices, smart cards and RFID. Christof has over 150 peer-reviewed publications and is co-author of the textbook Understanding Cryptography (Springer, 2009). He has given invited talks at MIT, Yale, Stanford University, IBM Labs and Intel. He has taught cryptography extensively in industry, including courses at NASA, Motorola Research, and Philips Research. Christof is Fellow of the IEEE and recipient of the German IT Security Award 2010. He co-founded ESCRYPT Inc. – Embedded Security, a leading system provider in industrial security which is now part of Bosch.

13

WiSec and RFIDsec Keynote (Wed, 9:00 – 10:00)

Why we should build a Secure Positioning Infrastructure Srdjan Capkun ETH Zurich ABSTRACT In this talk I will argue for the development of a new positioning infrastructures that offers security and privacy by design. Such an infrastructure should provide resilience to location and time spoofing, location verification as well as support, to the full feasible extent, identity and location privacy. This infrastructure should also be terrestrial, to enable better protection against DoS attacks and should be distributed and controlled by local operators, which will make it more resilient to global failures. I will review the main challenges in designing and building such an infrastructure as well as research opportunities that will arise as a part of this effort. ABOUT THE SPEAKER Srdjan Čapkun is a Full Professor in the Department of Computer Science, ETH Zurich and Director of the Zurich Information Security and Privacy Center (ZISC). He was born in Split, Croatia where he received his Dipl.Ing. Degree in Electrical Engineering / Computer Science from the University of Split in 1998. He received his Ph.D. degree in Communication Systems from EPFL in 2004. Prior to joining ETH Zurich in 2006 he was a postdoctoral researcher in the Networked & Embedded Systems Laboratory (NESL), University of California Los Angeles and an Assistant Professor in the Informatics and Mathematical Modelling Department, Technical University of Denmark (DTU). His research interests are in system and network security. He is a co-founder of 3db Access, a spin-off focusing on secure proximity-based access control.

14

WiSec and RFIDsec Keynote (Thu, 11:00 – 12:00) Security for Low-End IoT Devices: When Energy is Not Enough, What is One to Do? Wade Trappe Rutgers University ABSTRACT There is a push to extend the boundary of the Internet to include a wide array of nontraditional computing devices, ranging from programmable thermostats to wearable systems to devices that monitor and track people/objects. Many of these new networkable devices, which constitute the Internet of Things (IoT), are low-end, low-energy and lightweight computing devices. This talk will present the viewpoint that securing the low-end of the IoT cannot be addressed using the cryptographic tools as the operating energy and computational regime for this portion of the IoT will not be conducive for traditional security approaches. The low-end, low-energy, and lightweight computing that will characterize the edge of the Internet of Things will come with considerable restrictions on how one designs their various functions. What is needed is a change of perspective, where at the outset one takes into account the resource sparsity and the limitations that might result in terms of security. In this talk, we examine the challenge of securing devices that are characterized as having significant limitations in functionality, and energy resources. We outline the various security objectives that one might desire in the Internet of Things. Next, we argue that there is no simple solution that will provide enough energy to allow these low-end IoT devices to operate on their own and allow one to support additional functionality beyond the basic (non-security) functions of these devices. Further, we also examine conventional cryptographic methods and make the case that it is unlikely that strong cipher suites will ever be suitably designed and implemented to operate in such an energy-sparse setting. We thus arrive at the main thesis of this talk, which suggests alternative approaches for providing security for low-end IoT devices. We identify a few directions at the device itself, as well as suggest that one powerful avenue for supporting security involves exploiting an inherent asymmetry in the typical deployment scenarios: low-end devices

15

are typically communicating with higher-end, more resource-rich devices that can perform more computation (and, in particular, signal analysis) to ensure the sanctity of their low-end counterpart's communication. The talk concludes by highlighting future directions in supporting security for light-weight devices. ABOUT THE SPEAKER Wade Trappe received his B.A. in Mathematics from The University of Texas at Austin in 1994 and his Ph.D. in Applied Mathematics and Scientific Computing from the University of Maryland in 2002. He is currently a Professor in the Electrical and Computer Engineering Department at Rutgers University, and Associate Director of the Wireless Information Network Laboratory (WINLAB), where he directs WINLAB’s research in wireless security. He has led several federally funded in the area of cybersecurity and communication systems, projects involving security and privacy for sensor networks, physical layer security for wireless systems, a security framework for cognitive radios, the development of wireless testbed resources (the ORBIT testbed, www.orbit-lab.org), and new RFID technologies. Prof. Trappe led a DARPA initiative into validating and prototyping physical layer security mechanisms, an Army Research Office project on the theory of physical layer security, and is currently leading an Army project on cognitive radio networks and MIMO communications. He has developed several cross-layer security mechanisms for wireless networks, jamming detection and jamming defense mechanisms for wireless networks, and has investigated privacy-enhancing routing methods. He has published over 150 papers, including six best papers awards. His experience in network security and wireless spans over 15 years, and he has co- authored a popular textbook in security, Introduction to Cryptography with Coding Theory, as well as several notable monographs on wireless security, including Securing Wireless Communications at the Physical Layer and Securing Emerging Wireless Systems: Lower-layer Approaches. Professor Trappe has served as an editor for IEEE Transactions on Information Forensics and Security (TIFS), IEEE Signal Processing Magazine (SPM), and IEEE Transactions on Mobile Computing (TMC). He is currently the US Regional Director for the IEEE Signal Processing Society.

16

WiSec Tutorial (Fri, 14:00 – 17:00) Millimeter Wave Cellular Wireless Networks for 5G Sundeep Rangan University of Michigan, Ann Arbor & Bell Labs ABSTRACT With the severe spectrum shortage in conventional cellular bands millimeter wave (mmWave) frequencies, roughly between 30 and 300 GHz, have attracted growing attention for next-generation micro- and pico-cellular wireless networks. The mmWave bands offer vastly greater spectrum than current cellular allocations and enable very high-dimension antenna arrays for further gains via beamforming and spatial multiplexing. However, the propagation of mmWave signals in outdoor non line-of-sight (NLOS) links remains challenging. In this tutorial, I will provide an overview of the recent measurements, trials and capacity projections that suggest that these systems may offers orders of magnitude greater capacity than current cellular allocations. However, reaching the full potential of the mmWave bands will require significant changes in the way networks are designed today and I will discuss various research efforts and preliminary results in the PHY, MAC and networking layers. The tutorial should be of interest to engineers and researchers in any area of wireless networks or related field. ABOUT THE SPEAKER Sundeep Rangan received the B.A.Sc. at the University of Waterloo, Canada and the M.Sc. and PhD at the University of California, Berkeley, all in Electrical Engineering. He has held postdoctoral appointments at the University of Michigan, Ann Arbor and Bell Laboratories, Murray Hill, NJ. In 2000, he co-founded (with four others) Flarion Technologies, a spin off of Bell Labs, that developed Flash OFDM, one of the first cellular OFDM data systems and precursor to modern 4G system such as LTE. In 2006, Flarion was acquired by Qualcomm Technologies where Dr. Rangan was a Director of Engineering involved in OFDM infrastructure products. He joined the ECE department at NYU-Poly in 2010 as an Associate Professor. He is also the Associate Director of NYU WIRELESS -- an industry-academic partnership program for shaping 5G cellular. His research interests are in wireless communications, signal processing, information theory and control theory.

17

WiSec Posters

• Meiko Jensen (Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD), Germany): Applying the Protection Goals for Privacy Engineering to Mobile Devices

• Wanqing You (Southern Polytechnic State University), Kai Qian (Southern Polytechnic State University), Minzhe Guo (University of Cincinnati), Prabir Bhattacharya (University of Cincinnati), and Ying Qian (East China Normal University, China): A Hybrid Approach for Mobile Security Threat Analysis

• Matthias Schäfer (University of Kaiserslautern, Germany), Daniel Berger (University of Kaiserslautern, Germany), Vincent Lenders (Armasuisse, Switzerland), and Jens Schmitt (University of Kaiserslautern, Germany): Security By Mobility in Location and Track Verification

• Pradeep Podiyan, Sergey Butakov, Pavol Zavarsky (Concordia University College of Alberta, Canada): Study of compliance of Android location APIs with Geopriv

• Sadegh Farhang, Yezekael Hayel , Quanyan Zhu (New York University): Physical Layer Location Privacy Issue in Wireless Small Cell Networks

• Guqian Dai, Jigang Ge, Minghang Cai, Daoqian Xu, Wenjia Li (New York Institute of Technology): SVM-based Malware Detection for Android Applications

WiSec Demos

• Max Maass, Uwe Müller, Tom Schons, Daniel Wegemer, and Matthias Schulz (Technische Universität Darmstadt, Germany): NFCGate - An NFC Relay Application for Android

• Marcin Nagy, Thanh Bui, Swapnil Udar, N. Asokan, Joerg Ott (Aalto University, Finland): SpotShare and nearbyPeople – Applications of the Social PaL framework

18

Social Events Monday, June 22, 2015, 18:00 Opening Reception RFIDsec 2015 Location: NYIT Auditorium on Broadway Wednesday, June 24, 2015, 17:30 Banquet WiSec/RFIDsec 2015 Location: Carmine’s Restaurant, 200 W 44th Street. Social Event WiSec/RFIDsec 2015: Les Miserables Location: Imperial Theatre, 249 W 45th Street.

19

Committees RFIDsec 2015 General Chairs:

• Paolo Gasti, New York Institute of Technology, USA • Ramesh Karri, New York University, USA

Program Chairs:

• Stefan Mangard, TU Graz, Austria • Patrick Schaumont, Virginia Tech, USA

Technical Program Committee:

• Gildas Avoine, UC Louvain, Belgium • Frederik Armknecht, University of Mannheim, Germany • Lejla Batina, Radboud University, The Netherlands • Srdjan Capkun, ETH Zurich, Switzerland • Thomas Eisenbarth, Worcester Polytechnic Institute, USA • Martin Feldhofer, NXP, Austria • Aurelien Francillon, Eurecom, France • Gerhard Hancke, City University of Hong Kong, Hong Kong • Julio Hernandez-Castro, University of Kent, UK • Daniel Holcomb, UMass Amherst, USA • Michael Hutter, Cryptography Research, USA • Stefan Mangard (co-chair), TU Graz, Austria • Daisuke Moriyama, NICT, Japan • Berna Ors, Istanbul Technical University, Turkey

20

• Christof Paar, Ruhr University Bochum, Germany • Axel Poschmann, NXP, Germany • Bart Preneel, KU Leuven, Belgium • Matt Robshaw, Impinj, USA • Kazuo Sakiyama, University of Electro-Communications, Japan • Nitesh Saxena, University of Alabama at Birmingham, USA • Patrick Schaumont (co-chair), Virginia Tech, USA • Rajat Subhra Chakraborty, IIT Kharagpur, India • Erich Wenger, TU Graz, Austria • Avishai Wool, Tel Aviv University, Israel

Steering Committee:

• Lejla Batina, RU Nijmegen, The Netherlands (chair) • Srdjan Capkun, ETH Zurich, Switzerland • Yingjiu Li, Singapore Management University, Singapore • Andrew Martin, University of Oxford, UK • Ivan Martinovic, University of Oxford, UK • Christof Paar, RUB, Germany • Bart Preneel, KU Leuven, Belgium • Ahmad-Reza Sadeghi, Technische Universitât Darmstadt, Germany • Nitesh Saxena, University of Alabama at Birmingham, USA • Patrick Schaumont, Virginia Tech, US

Wisec 2015 General Chairs:

• Paolo Gasti, New York Institute of Technology, USA • Ramesh Karri, New York University, USA

Program Chairs:

• Ivan Martinovic, University of Oxford, UK • Guevara Noubir, Northeastern University, USA

21

Technical Program Committee: • Frederik Armknecht, Universität Mannheim, Germany • David Barrera, ETH Zürich, Switzerland • Lejla Batina, Radboud University Nijmegen, The Netherlands • Erik-Oliver Blass, Airbus Group Innovations, Germany • Kevin Butler, University of Florida, USA • Levente Buttyan, Budapest University of Technology and Economics,

Hungary • Claude Castelluccia, INRIA Rhone-Alpes, France • Yingying Chen, Stevens Institute of Technology, USA • Mauro Conti, University of Padua, Italy • William Enck, North Carolina State University, USA • Aurélien Francillon, Eurecom, France • Francesco Gringoli, University of Brescia, Italy • Thorsten Holz, Ruhr-Universität Bochum, Germany • Amir Herzberg, Bar-Ilan Unviersity, Israel • Matthias Hollick, TU Darmstadt, Germany • Murtuza Jadliwala, Wichita State University, USA • Sneha Kasera, University of Utah, USA • Frank Kargl, University of Ulm, Germany • Yongdae Kim, KAIST, Republic of Korea • Engin Kirda, Northeastern University, USA • Cedric Lauradoux, INRIA, France • Loukas Lazos, University of Arizona, USA • Vincent Lenders, Armasuisse, Switzerland • Ming Li, Utah State University, USA • Long Lu, Stony Brook University, USA • Di Ma, University of Michigan-Dearborn, USA • Rene Mayrhofer, JRC u’smile and Johannes Kepler University Linz,

Austria • Muriel Medard, MIT, USA • Refik Molva, EURECOM, France

22

• Nick Nikiforakis, Stony Brook University, USA • Panos Papadimitratos, KTH, Sweden • Roberto Di Pietro, Dipartimento di Matematica e Fisica, Università di

Roma Tre, Italy • Christina Pöpper, Ruhr-University Bochum, Germany • Kasper Bonne Rasmussen, University of Oxford, UK • Cristina Nita Rotaru, Purdue University, USA • Utz Roedig, Lancaster University, UK • Ahmad-Reza Sadeghi, Technische Universität Darmstadt, Germany • Jens Schmitt, TU Kaiserslautern, Germany • Reza Shokri, The University of Texas at Austin, USA • Claudio Soriente, ETH Zürich, Switzerland • Patrick Tague, Carnegie Mellon University, USA • Wade Trappe, Rutgers University, USA • Patrick Traynor, University of Florida, USA • Yanchao Zhang, Arizona State University, USA • Sencun Zhu, Penn State University, USA • Gildas Avoine, UC Louvain, Belgium • Frederik Armknecht, University of Mannheim, Germany

Steering Committee:

• N. Asokan, Aalto University and University of Helsinki, Finland • Srdjan Capkun, ETH Zurich, Switzerland • Cristina Nita-Rotaru, Purdue University, USA • Ahmad-Reza Sadeghi, Technische Universitat Darmstadt, Germany • Patrick Traynor, University of Florida, USA • Gene Tsudik, University of California, Irvine, USA (chair)

Publicity Chairs:

• Erik-Oliver Blass, Airbus, Germany • Ming Li, Utah State University • Wenjia Li, New York Institute of Technology, USA

23

Publication Chair: • Amirali Sanatinia, Northeastern University, USA • Martin Strohmeier, University of Oxford, UK

Poster/Demo Chair:

• Wenjia Li, New York Institute of Technology, USA • Quanyan Zhu, New York University, USA

Web Chair:

• Wenjia Li, New York Institute of Technology, USA Local Organizer:

• Jonathan Voris, New York Institute of Technology, USA Finance Chair:

• N. Sertac Artan, New York Institute of Technology, USA

24

Sponsors We would like to thank the National Science Foundations (NSF), the Army Research Office (ARO), and the Association for Computing Machinery (ACM) for their generous donations in support of WiSec student attendees.