Researchers from TUW contribute to ACM CCS 2023

TUW researches actively contributed to the ACM Conference on Computer and Communications Security (CCS) held in Copenhagen, Denmark, from November 26 to 30, 2023. This conference serves as the annual flagship event of the Special Interest Group on Security, Audit, and Control (SIGSAC) within the Association for Computing Machinery (ACM), attracting information security researchers, practitioners, developers, and users worldwide to explore cutting-edge ideas and results.

2023-11-29

During November 27-29, the conference featured the presentation of the following research contributions:

  • CheckMate: Automated Game-Theoretic Security Reasoning authored by Lea Salome Brugger, Laura Kovács, Anja Petković Komel, Sophie Rain, and Michael Rawson, all from TUW, presented in the track “Formal Methods and Programming Languages.” CheckMate is a framework designed for automated game-theoretic security analysis, with a specific emphasis on blockchain technologies. The framework proves protocol security through defense strategies or identifies all possible attack vectors. In cases where protocols are deemed insecure, CheckMate provides the weakest preconditions for achieving security, if possible. CheckMate implements a sound and complete encoding of game-theoretic security in first-order linear real arithmetic, thereby reducing security analysis to satisfiability solving. Additionally, it automates the efficient handling of case splitting on arithmetic terms.

  • Let’s Go Eevee! A Friendly and Suitable Family of AEAD Modes for IoT-to-Cloud Secure Computation by Amit Singh Bhati (KU Leuven, Belgium), Erik Pohle (KU Leuven, Belgium), Aysajan Abidin (KU Leuven, Belgium), Elena Andreeva (TUW), Bart Preneel (KU Leuven, Belgium) in the track: “Applied Cryptography”. Eevee, a novel and provably secure family of lightweight modes designed for authenticated encryption with associated data, was presented. The Eevee family boasts fully parallel decryption, making it well-suited for multi-party computation (MPC) protocols in which the round complexity depends on the function they compute. Moreover, the modes leverage the lightweight forkcipher primitive, characterized by fixed-length output expansion and a compact yet parallelizable internal structure. All Eevee members exhibit substantial improvements over the limited selection of state-of-the-art MPC-friendly modes and other standard solutions.

  • IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis by David Schmidt (TUW), Carlotta Tagliaro (TUW), Kevin Borgolte (Ruhr University Bochum, Germany) and Martina Lindorfer (TUW) in the track “Network Security”. IoTFlow is introduced as a novel static analysis approach for IoT devices, utilizing their mobile companion apps to tackle challenges related to diversity and scalability. It combines Value Set Analysis (VSA) with more general data-flow analysis to automatically reconstruct and derive how companion apps communicate with IoT devices and remote cloud-based backends, what data they receive or send, and with whom they share it.