The 14th International Conference on Information Security Practice and Experience (ISPEC 2018) will be held in Tokyo in September 2018. The ISPEC conference is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and their integration with IT systems in various vertical sectors. In previous years, ISPEC has taken place in Singapore (2005), Hangzhou, China (2006), Hong Kong, China (2007), Sydney, Australia (2008), Xi'an, China (2009), Seoul, Korea (2010), Guangzhou, China (2011), Hangzhou, China (2012), Lanzhou, China (2013), Fuzhou, China (2014), Beijing, China (2015), Zhangjiajie, China (2016) and Melbourne, Australia (2017). For all sessions, the conference proceedings were published by Springer in the Lecture Notes in Computer Science series.
University of Tukuba, Japan
Mitsubishi Electric Corporation
Huawei Technologies Co., Ltd.
ISEC of IEICE, Japan
CSEC of IPSJ (Special Interest Group on Computer Security of Information Processing Society of Japan)
September 22, 2018 Conference proceeding is freely available online here.
August 7, 2018 Conference program is updated.
July 15, 2018 Keynote speaker information is updated.
July 10, 2018 Accepted paper list is updated.
June 7, 2018 Visa application is updated.
June 4, 2018 The deadline of registration payment for each accepted paper is changed to June 23, 2018.
June 4, 2018 The registration system is open.
April 17, 2018 The submission deadline is extended to 25th April, 2018, 23:59 JST (Strict! No more extension!).
April 2, 2018 The submission deadline is extended to 16th April, 2018, 23:59 JST.
March 01, 2018 The paper submission is available.
Note: The order of speakers is sorted according to the alphabetical order of surname.
Assistant Professor Sherman S. M. Chow
Affiliation: The Chinese University of Hong Kong
Title: Password-Hardening Services
Password remains the most widespread means of authentication, especially on the Internet. As such, it is the Achilles heel of many modern systems. We witnessed the trend of recurring breaches where (salted) password databases get stolen. This is disastrous as low-entropy passwords can be guessed by brute-force attacks easily. Facebook pioneered using a cryptographic server to harden password-based authentication. We call it password-hardening (PH) service. The crypto server serves as a helper in the validation process and as a rate-limiter to thwart online dictionary attack. We first show that the PH scheme of Schneider et al. (ACM CCS '16) is vulnerable to offline attacks just after a single validation query. We then suggest stronger security definitions, and an even more efficient construction, Phoenix, to achieve them. It can handle up to three times more than Pythia (USENIX Security '15), the first and the only solution remains secure before our work. PH only provides user-authentication but cannot provide confidentiality of sensitive user data (e.g., credit card number for an e-commerce site). Although encryption somewhat alleviates the problem, decryption is often needed for utility, and keeping the decryption key within reach is obviously dangerous. To address this seemingly unavoidable problem, we propose the notion of password-hardened encryption (PHE). PHE inherits the security features of PH, in particular, the crypto rate-limiter learns neither the password nor the sensitive data, while validating the password and helping in decryption. More importantly, both the crypto rate-limiter and the crypto-service client can rotate their secret keys, providing a proactive security mechanism mandated by the Payment Card Industry Data Security Standard. We build an extremely simple PHE which can handle more than 525 encryption and (successful) decryption requests per second per core on a 10-core Intel Xeon E5-2640 CPU. This talk is based on two papers appeared in USENIX Security 2017 and 2018.
Professor Robert Deng
Affiliation: Singapore Management University
Title: A User Centric and Layered Approach to Mobile Security
Mobile computing has become a fundamental feature in the lives of billions of people, who have developed an unprecedented reliance on smart phones and tablets compared to any previous computing technology. With the trend of bring your own device, mobile devices are increasingly used to access and store sensitive corporate information as well. However, not only mobile devices and applications present a unique set of risks to personal privacy, they also pose new security challenges to enterprise information systems. This talk will provide an overview of the research activities conducted in the Secure Mobile Center at the Singapore Management University, from techniques to fortifying mobile platforms with a user centric trust anchor, mobile malware analysis, detection and containment, secure and usable schemes for local and remote authentication, to scalable and efficient access control of encrypted data in the cloud for mobile users whose devices are constrained in both power and computation capabilities.
Professor Shin’ichiro Matsuo
Affiliation: Georgetown University
Title: Era of Elusiveness in Security and Privacy
When we think about security and privacy, we try and tend to establish a consistent model to design and evaluate technologies. Such a model helps understandings of problems, development of theory and technologies over the same common ground. Thus, we believe that creating a concrete model and goal for a kind of technologies are required to achieve enough security and privacy. Recent progress of application protocol raises a question to such a style of security research. Bitcoin, a protocol proposed in an anonymous paper without a consistent model and peer review, realizes unexpected economic impacts than other cryptographic protocols. The protocol is a beautiful combination of many different kinds of theoretical backgrounds; hence, the reverse-engineering to produce a consistent model is hard, and there are no successful attempts to obtain it. Beyond Bitcoin, blockchain is expected to be used for broad applications than payment in Bitcoin. For those wide ranges of applications, we need to deal with additional many uncertain factors to evaluate security and privacy of blockchain based systems, over the bitcoin which still lacks a consistent model. System model, trust model and decentralization, security assumptions, and performance requirements are in a trade-off relationship. Designers of each blockchain based system deal with elusive and non-static security and privacy model. In this keynote, I will show how bitcoin and blockchain give a new perspective to analyze the nature of these protocols, and what is needed for security researchers to deal with practical but elusive technologies.
Professor Kui Ren
Affiliation: Zhejiang University
Title: Attributing Pictures to Smartphones via Camera Fingerprinting
Today’s society faces numerous data leakage incidents, which affect users’ privacy more severe than ever. Existing user authentication practices based on traditional cryptography and biometric techniques have become largely insufficient, if not ineffective, as we move into the AI and IoT era. In order to address this challenge, smartphones have been widely explored by both academia and industry as a readily available possession device of the users. In this talk, we explore the technique of camera fingerprinting to develop a brand-new hardware-rooted smartphone authentication mechanism. Various security issues underlying the proposed authentication mechanism are discussed in-depth. The usability of the proposed solution is also demonstrated through real-world experiments.
Professor Mark Ryan
Affiliation: University of Birmingham
Title: Security of machine learning
Machine learning has achieved impressive results in a wide variety of computing problems, including computer vision, speech recognition, content filtering, anomaly detection, and competitive game playing. However, the models in machine learning are often insecure, both from a confidentiality and an integrity point of view. In a confidentiality compromise, say involving a machine learning model mapping symptoms to disease diagnosis, an attacker could extract from the model data about specific individuals used in its training. Integrity compromises include the possibility that an attacker subtly alters query data, for example by modifying the pixel values of an image in ways that can't be detected by a human viewer, in order to achieve a particular result. The talk will introduce machine learning, and review existing attacks and defences concerning its security. Plenty of examples and intuitions will be given.
Eiji Okamoto, University of Tsukuba, Japan
Kazumasa Omote, University of Tsukuba, Japan
Jiageng Chen, Central China Normal University, China
Chunhua Su, University of Aizu, Japan
Hiroaki Kikuchi, Meiji University, Japan
Naoto Yanai, Osaka University, Japan
Keita Emura, NICT, Japan
Weizhi Meng, Technical University of Denmark, Denmark
Takeshi Okamoto, Tsukuba University of Technology, Japan
Debiao He, Wuhan University, China
Atsuo Inomata, Tokyo Denki University/NAIST, Japan
Masaki Fujikawa, Kogakuin University, Japan
Kaitai Liang, University of Surrey, UK
Man Ho Au, The Hong Kong Polytechnic University, Hong Kong
Joonsang Baek, University of Wollongong, Australia
Aniello Castiglione, University of Salerno, Italy
David Chadwick, University of Kent, UK
Xiaofeng Chen, Xidian University, China
Chen-Mou Cheng, Osaka University, Japan
Kim-Kwang Raymond Choo, The University of Texas at San Antonio, USA
Mauro Conti, University of Padua, Italy
Robert Deng, Singapore Management University, Singapore
Dieter Gollmann, Hamburg University of Technology, Gemerny
Stefanos Gritzalis, University of the Aegean, Greece
Gerhard Hancke, City University of Hong Kong, Hong Kong
Shoichi Hirose, University of Fukui, Japan
Xinyi Huang, Fujian Normal University, China
Julian Jang-Jaccard, Massey University, Nеw Zеаlаnd
Kwangjo Kim, Korea Advanced Institute of Science and Technology, Korea
Noboru Kunihiro, The University of Tokyo, Japan
Miroslaw Kutylowski, Wroclaw University of Technology, Poland
Albert Levi, Sabanci University, Turkey
Costas Lambrinoudakis, University of Piraeus, Greece
Giovanni Livraga, Politecnico di Milano, Italy
Shujun Li, University of Kent, UK
Yingjiu Li, Singapore Management University, Singapore
Joseph Liu, Monash University, Australia
Zhe Liu, University of Luxembourg, Luxembourg
Javier Lopez, University of Malaga, Spain
Rongxing Lu, University of New Brunswick, Canada
Di Ma, University of Michigan, USA
Weizhi Meng, Technical University of Denmark, Denmark
Chris Mitchell, Royal Holloway, University of London, UK
David Naccache, École normale supérieure, France
Günther Pernul, Universität Regensburg, Gemerny
Josef Pieprzyk, Queensland University of Technology, Australia
C. Pandu Rangan, Indian Institute of Technology Madras, India
Indrajit Ray, Colorado State University, USA
Na Ruan, Shanghai Jiaotong University, China
Sushmita Ruj, Indian Statistical Institute, India
Pierangela Samarati, Universita' degli Studi di Milano, Italy
Jun Shao, Zhejiang Gongshang University, China
Willy Susilo, University of Wollongong, Australia
Qiang Tang, Cornell University, USA
Cong Wang, City University of Hong Kong, Hong Kong
Ding Wang, Peking University, China
Qianhong Wu, Beihang University, China
Shouhuai Xu, University of Texas at San Antonio, USA
Toshihiro Yamauchi, Okayama University, Japan
Wun-She Yap, Universiti Tunku Abdul Rahman, Malaysia
Kuo-Hui Yeh, National Dong Hwa University, Taiwan
Xun Yi, RMIT University, Australia
Siu Ming Yiu, The University of Hong Kong, Hong Kong
A New Insight - Proxy Re-Encryption under LWE with Strong Anti-Collusion
Wei Yin, Qiaoyan Wen, Wenmin Li, Hua Zhang and Zhengping Jin
Non-adaptive Group-Testing Aggregate MAC Scheme
Shoichi Hirose and Junji Shikata
A Generic Construction of Integrated Secure-Channel Free PEKS and PKE
Tatsuya Suzuki, Keita Emura and Toshihiro Ohigashi
Efficient and Secure Firmware Update/Rollback Method for Vehicular Devices(Invited Paper)
Yuichi Komano, Zhengfan Xia, Takeshi Kawabata and Hideo Shimizu
Efficient Evaluation of Low Degree Multivariate Polynomials in Ring-LWE Homomorphic Encryption Schemes
Sergiu Carpov and Oana Stan
Macros Finder: Do You Remember LOVELETTER?
Hiroya Miura, Mamoru Mimura and Hidema Tanaka
An Almost Non-Interactive Order Preserving Encryption Scheme
Jingjing Guo, Jianfeng Wang, Zhiwei Zhang and Xiaofeng Chen
Leakage-Resilient Chosen-Ciphertext Secure Functional Encryption from Garbled Circuits
Huige Wang, Kefei Chen, Joseph K. Liu and Ziyuan Hu
Towards Securing Challenge-based Collaborative Intrusion Detection Networks via Message Verification
Wenjuan Li, Weizhi Meng, Yu Wang, Jinguang Han and Jin Li
TMGMap: Designing Touch Movement-based Geographical Password Authentication on Smartphones
Weizhi Meng and Zhe Liu
Constrained (Verifiable) Pseudorakkndom Function from Functional Encryption
Time Series Analysis: Unsupervised Anomaly Detection Beyond Outlier Detection
Max Landauer, Markus Wurzenberger, Florian Skopik, Giuseppe Settanni and Peter Filzmoser
HanT_SM: Elliptic Curve Scalar Multiplication Algorithm Secure against Single-Trace Attacks
Bo-Yeon Sim, Kyu Young Choi, Dukjae Moon, Hyo Jin Yoon, Jihoon Cho and Dong-Guk
Keyword-Based Delegable Proofs of Storage
Binanda Sengupta and Sushmita Ruj
Certificateless Public Key Signature Schemes from Standard Algorithms
Zhaohui Cheng and Liqun Chen
Recovering Memory Access Sequence with Differential Flush+Reload Attack
Zhiwei Yuan, Yang Li, Kazuo Sakiyama, Takeshi Sugawara and Jian Wang
Revisiting the Sparsification Technique in Kannan’s Embedding Attack on LWE
Yuntao Wang and Thomas Wunderer
Universal Wavelet Relative Distortion: A New Counter Forensic Attack on Photo Response Non-Uniformity based Source Camera Identification
Udaya Sameer Venkata and Ruchira Naskar
Efficient Trapdoor Generation from Multiple Hashing in Searchable Symmetric Encryption(Invited paper)
Takato Hirano, Yutaka Kawai and Yoshihiro Koseki
Hierarchical Secret Sharing Schemes Secure against Rushing Adversary: Cheater Identification and Robustness
Partha Sarathi Roy, Sabyasachi Dutta, Kirill Morozov, Avishek Adhikari, Kazuhide Fukushima, Shinsaku Kiyomoto and Kouichi Sakurai
A New Design of Online/Offline Signatures Based on Lattice
Mingmei Zheng, Shao-Jun Yang, Wei Wu, Jun Shao and Xinyi Huang
CHQS: Publicly Verifiable Homomorphic Signatures Beyond the Linear Case
Lucas Schabhüser, Denis Butin and Johannes Buchmann
Seeing is believing: authenticating users with what they see and remember.
Wayne Chiu, Kuo-Hui Yeh and Akihito Nakamura
An Efficient and Provably Secure Private Polynomial Evaluation Scheme
Zhe Xia, Bo Yang, Mingwu Zhang and Yi Mu
Achieving Almost-Full Security for Lattice-based Fully Dynamic Group Signatures with Verifier-local Revocation
Maharage Nisansala Sevwandi Perera and Takeshi Koshiba
Compact Ring Signature in the Standard Model for Blockchain
Hao Ren, Peng Zhang, Qingchun Shentu, Joseph K. Liu and Tsz Hon Yuen
A Two-Stage Classifier Approach for Network Intrusion Detection
Wei Zong, Yang-Wai Chow and Willy Susilo
Secure Computation of Inner Product of Vectors with Distributed Entries & its Applications to SVM
Sabyasachi Dutta, Nishant Nikam and Sushmita Ruj
Attribute-based Traceable Anonymous Proxy Signature Strategy for Mobile Healthcare
Entao Luo and Guojun Wang
DSH: Deniable Secret Handshake Framework
Yangguang Tian, Yingjiu Li, Yinghui Zhang, Nan Li, Guomin Yang and Yong Yu
M-ORAM Revisited: Security and Construction Updates
Efficient Traceable Oblivious Transfer and Its Applications
Weiwei Liu, Yinghui Zhang, Yi Mu, Guomin Yang and Yangguang Tian
Entanglement between Hash Encodings and Signatures from ID Schemes with Non-Binary Challenges: a Case Study on Lightweight Code-based Signatures
Bagus Santoso, Taiyo Yamaguchi and Tomoyuki Ohkubo
(k,l)-clustering for Transactional Data Streams Anonymization
Jimmy Tekli, Bechara Al Bouna, Youssef Bou Issa, Marc Kamradt and Ramzi Haraty
Generic Framework for Accountable Optimistic Fair Exchange Protocol
Jia-Ch'Ng Loh, Swee-Huay Heng and Syh-Yuan TanA
Regulating IoT messages
Alban Gabillon and Emmanuel Bruno
Leveled Hierarchical Identity-Based Fully Homomorphic Encryption from Learning with Rounding
Fucai Luo, Kunpeng Wang and Changlu Lin
Security cycle clock synchronization method based on mobile reference nodes in Wireless Sensor Networks
Jing Xu, Yuqiang Zhang and Fei Xu
Privacy-preserving data collection for mobile phone sensing tasks
Yining Liu, Yanping Wang, Xiaofen Wang, Zhe Xia and Jingfang Xu
Registration payment is required by 23rd June 2018 for EACH accepted paper. This deadline will be strictly enforced. Failure to pay the registration fee by 23rd June 2018 will result in the exclusion of the papers from the Conference Proceedings. The registration system will be closed on 10th September 2018.
|Registration Fee (in Japanese Yen)
|[Early] By 6 August 2018 (23:59 JST)
|[Late] Until 10 September 2018 (23:59 JST)
Both types of registration include: full attendance of the conference, conference proceedings, conference banquet, lunches and coffee break.
For the early registration before 6th August 2018, the registration fees are refundable after deducting the necessary handling fee, but Non-Refundable after 20th August. The registration fees are Non-Refundable for the late registration that is done after 6th August 2018.
You can proceed your conference registration here .
ISPEC 2018 will be held at Tokyo Campus, University of Tsukuba, Myogadani St., Tokyo. Tokyo Campus of University of Tsukuba is located near Myogadani Station of Tokyo Metro Marunouchi Line.
Address: 3-29-1 Otsuka, Bunkyo-ku, Tokyo 112-0012 Japan.
All participants of ISPEC2018 should be very careful about visa requirements and should make travel plan in advance enough. Visitors are fully responsible for acquiring all documents needed for entering Japan.
Japan provides waiver of visa requirements with more than 60 countries and regions. Please refer to the recent status on the visa waiver program from the Ministry of Foreign Affairs of Japan (MOFA).
If you need a visa for attendance, you should prepare all required documents according to the visa information page by MOFA. If you have any questions, please contact diplomatic establishments of Japan in your residential area.
We will issue an invitation letter ONLY for those who have presentation(s) at ISPEC2018 upon request. If you need an invitation letter for visa application, please send the following documents to
(ispec2018-visa *at* ml.cc.tsukuba.ac.jp)
(please replace *at* with @.)
after paying the registration fee via ISPEC2018 website and fixing your accommodation during the conference. (You can download a copy of participation information sheet and schedules of stay sheet from here.)
We will respond with a detailed procedure for invitation letter request. Please make sure to make a registration for ISPEC2018 before the request.
According to the Act on the Protection of Personal Information Held by Independent Administrative Agencies and others of Japan, the information submitted to ISPEC2018 in this page will be kept secret and used only for processing the invitation letter requests. In some cases, ISPEC2018 will share those information with a part of organizing committee members concerned for resolving issues (e.g. checking registration status and paper acceptance etc.). We will not use any information received for other purposes, except those required by laws and rules of Japan.