Conference Program

All events take place in Scarborough Ballroom 1 at
the Hilton Tobago Resort unless otherwise noted.
Sunday, February 11, 2007

5:00pm–7:00pm Registration Reception
Location: Scarborough Ballroom Terrace
Monday, February 12, 2007

8:00am–8:30am Registration

8:30am–8:45am Welcome
Dexter Trim, Executive Assistant to the Secretary for Tourism, Tobago House of Assembly

8:45am–9:00am Conference Opening
Conference Chairs

Keynote Address
Mike Bond

Title: Leaving Room for the Bad Guys

When designing a crypto protocol, or building a large security architecture, no competent designer ignores considering the bad guy, and anticipating his plans. But often we designers find ourselves striving to build totally secure systems and protocols—in effect writing the bad guys entirely out of the equation. In a large system, when you exclude the bad guys, they soon muscle their way in elsewhere, and maybe in a new and worse way over which you may have much less control. A crypto protocol with no known weaknesses may be a strong tool, but when it does break, it will break in an unpredictable way.

This talk explores the hypothesis that it is safer and better for designers to give the bad guys their cut, but to keep it small, and keep in control. It may not just be our systems but also our protocol building blocks that should be designed to make room for the bad guy to take his cut. The talk is illustrated with examples of very successful systems with known weaknesses, drawn primarily from the European EMV payment system, and banking security in general. We also discuss a few "too secure" systems that end up failing in worse ways as a result.

10:00am–10:30am Break

Technical Paper Session
Payment Systems

Session Chair: Jon Callas

Vulnerabilities in First-Generation RFID-enabled Credit Cards, Thomas S. Heydt-Benjamin (University of Massachusetts Amherst, USA), Daniel V. Bailey (RSA Laboratories, USA), Kevin Fu (University of Massachusetts Amherst, USA), Ari Juels (RSA Laboratories, USA), and Tom O'Hare (Innealta, Inc.)

Conditional E-Cash, Larry Shi and Bogdan Carbunar (Motorola Labs) and Radu Sion (Stony Brook University, USA)

A Privacy-Protecting Multi-Coupon Scheme with Stronger Protection against Splitting, Liqun Chen (HP Laboratories), Alberto Escalante, Hans Löhr, Mark Manulis, and Ahmad-Reza Sadeghi (Horst Görtz Institute Bochum, Germany)

12:00pm–1:00pm Lunch

1:00pm–2:30pm Panel: RFID - yes or no
Moderator: Kevin Fu
Panelists: Ross Anderson, Jon Callas, Yvo Desmedt

2:30pm–3:00pm Break

Technical Paper Session

Session Chair: Yvo Desmedt

A Model of Onion Routing with Provable Anonymity, Joan Feigenbaum (Yale University), Aaron Johnson (Yale University, USA), and Paul Syverson (Naval Research Laboratory, USA)

K-Anonymous Multi-party Secret Handshakes, Shouhuai Xu (UTSA) and Moti Yung (RSA Laboratories and Columbia University, USA)

4:00pm Adjourn

4:30pm–6:00pm Reception
Location: Scarborough Ballroom Terrace
Tuesday, February 13, 2007

Technical Paper Session

Session Chair: Moti Yung

Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer, Mohammad Mannan and Paul C. van Oorschot (Carleton University, Canada)

Scalable Authenticated Tree Based Group Key Exchange for Ad-Hoc Groups, Yvo Desmedt (University College London, UK), Tanja Lange (Eindhoven University of Technology, Netherlands) and Mike Burmester (Florida State University, USA)

On Authentication with HMAC and Non-Random Properties, Christian Rechberger and Vincent Rijmen (Graz University of Technology, Austria)

10:30am–11:00am Break

Technical Paper Session
Anonymity and Privacy

Session Chair: Radu Sion

Hidden Identity-Based Signatures, Aggelos Kiayias and Hong-Sheng Zhou (University of Connecticut, USA)

Space-Efficient Private Search, George Danezis and Claudia Diaz (K.U. Leuven, Belgium)

12:00pm Adjourn — Box Lunches Available

8:00pm–9:00pm IFCA General Meeting

9:00pm–12:00am Rump Session
Chair: Jon Callas
Wednesday, February 14, 2007

Technical Paper Session
Cryptography and Commercial Transactions

Session Chair: Kazue Sako

Cryptographic Securities Exchanges, Christopher Thorpe and David C. Parkes (Harvard University, USA)

Improved multi-party contract signing, Aybek Mukhamedov and Mark Ryan (University of Birmingham, UK)

Informant: Detecting Sybils Using Incentives, N. Boris Margolin and Brian Neil Levine (University of Massachusetts Amherst, USA)

10:30am–11:00am Break

Technical Paper Session
Financial Transactions & Web Services

Session Chair: Bernhard Esslinger

Dynamic Virtual Credit Card Numbers, Ian Molloy (Purdue University, USA), Jiangtao Li (Intel Corporation) and Ninghui Li (Purdue University, USA)

The unbearable lightness of PIN cracking, Omer Berkman (The Academic College of Tel Aviv Yaffo, Israel) and Odelia Moshe Ostrovsky (Algorithmic Research Ltd. and Tel Aviv University, Israel)

12:00pm–1:00pm Lunch

1:00pm–2:30pm Panel: Virtual Economies - Threats and Risks
Moderator: Jean Camp
Panelists: Mike Bond, Jon Callas, Christopher Thorpe

2:30pm Adjourn

6:00pm–9:00pm Beach BBQ
Location: Friday's Bar and Grill
Thursday, February 15, 2007

Invited Talk
Dawn Jutla

Title: Usable SPACE: Security, Privacy, and Context for the Mobile User

Users breach the security of data within many financial applications daily as human and/or business expediency to access and use information wins over corporate security policy guidelines. Recognizing that changing user context often requires different security mechanisms, we discuss end-to-end solutions combining several security and context mechanisms for relevant security control and information presentation in various mobile user situations. We illustrate key concepts using Dimitri Kanevsky's (IBM Research) early 2000s patented inventions for voice security and classification.

10:00am–10:30am Break

Systems Presentation Session
Session Chair: Stuart Shechter

Personal Digital Rights Management for Mobile Cellular Devices, Siddharth Bhatt (Stony Brook University, USA), Bogdan Carbunar (Motorola Labs), Radu Sion (Stony Brook University, USA), and Venu Vasudevan (Motorola Labs)

Technical Paper Session

Session Chair: Burton Rosenberg

Certificate Revocation using Fine Grained Certificate Space Partitioning, Vipul Goyal (UCLA, USA)

An Efficient Aggregate Shuffle Argument Scheme, Jun Furukawa (NEC Corporation, Japan) and Hideki Imai (National Institute of Advanced Industrial Science and Technology, Japan)

12:00pm–1:00pm Conference Closing/Lunch
Conference Chairs