Fraudsters Taught Us that Identity is Broken.

Cybercrime has grown into a trillion dollar problem. The online commercial ecosystem is built on a foundation of assumptions largely involving identity. Online fraudsters have proven that many of these assumptions are wrong. Online identity theft has advanced to the point that the most careful person can still be victimized, and security advice to the end user can no longer effectively protect them. It is time to question these fundamental assumptions and improve the foundation upon which the Internet is built. Allison Nixon (or someone impersonating her) will walk through some case studies of identity theft and highlight how the underlying infrastructure is the real point of failure and must be overhauled. Safe and effective online identity verification for the average person does not exist, and this is why cybercrime is a trillion dollar problem.

Allison Nixon is Chief Research Officer of Unit221B. She has been a background source for numerous investigations and articles that focus on the post-breach issue of "who dunnit?". Allison performs original threat research and specializes in DDoS attribution, cybercrime attribution, and criminal communities. In 2013, she spoke at Black Hat about bypassing DDoS protection. In 2014, she released a paper detailing methods for vetting leaked data. In October 2016, her findings placed her at the forefront of the Mirai botnet DDoS attacks against Dyn DNS. Throughout 2018 and 2019, her research has focused heavily on SIM swapping. In her spare time she grows tomatoes and makes puns.

Leveraging Bitcoin Testnet for Bidirectional Botnet Command and Control Systems. Federico Franzoni (Universitat Pompeu Fabra), Vanesa Daza (Universitat Pompeu Fabra), Iván Abellán (Universitat Pompeu Fabra)

Security Analysis on dBFT protocol of NEO. Qin Wang (Swinburne University of Technology), Jiangshan Yu (Monash University), Zhiniang Peng (Qihoo 360 Core Security), Vancuong Bui (Swinburne University of Technology), Shiping Chen (Csiro, Data61), Yong Ding (Cyberspace Security Research Center), Yang Xiang (Swinburne University of Technology)

Breaking the encryption scheme of the Moscow internet voting system. Pierrick Gaudry (CNRS, Inria, Université de Lorraine), Alexander Golovnev (Harvard University)

Short Paper: XOR Arbiter PUFs have Systematic Response Bias. Nils Wisiol (Technische Universität Berlin), Niklas Pirnay (Technische Universität Berlin)

Selfish Mining Re-Examined. Kevin Alarcón Negy (Cornell University), Peter R. Rizun (Bitcoin Unlimited), Emin Gün Sirer (Cornell University)

Fairness and Efficiency in DAG-based Cryptocurrencies. Georgios Birmpas (University of Oxford), Elias Koutsoupias (University of Oxford), Philip Lazos (Sapienza University of Rome), Francisco J. Marmolejo Cossío (University of Oxford)

Stake Shift in Major Cryptocurrencies: An Empirical Study. Rainer Stütz (Austrian Institute of Technology), Peter Gaži (IOHK), Bernhard Haslhofer (Austrian Institute of Technology), Jacob Illium (Chainalysis)

Coded Merkle Tree: Solving Data Availability Attacks in Blockchains. Mingchao Yu (University of Southern California), Saeid Sahraei (University of Southern California), Songze Li, Salman Avestimehr (University of Southern California), Sreeram Kannan (University of Washington), Pramod Viswanath (University of Illinois at Urbana-Champaign)

Decentralized Privacy-Preserving Netting Protocol on Blockchain for Payment Systems. Shengjiao Cao (Ant Financial), Yuan Yuan (Ant Financial), Angelo De Caro (IBM Research), Karthik Nandakumar (IBM Research), Kaoutar Elkhiyaoui (IBM Research), Yanyan Hu (IBM Research)

The Arwen Trading Protocols. Ethan Heilman (Boston University/Arwen), Sebastien Lipmann (Arwen), Sharon Goldberg (Boston University/Arwen)

SoK: A Classification Framework for Stablecoin Designs. Amani Moin (Cornell University), Kevin Sekniqi (Cornell University), Emin Gün Sirer (Cornell University)

Availability and Validity. Jeff Burdges (Web3 Foundation), Handan Kılınç Alper (Web3 Foundation), Alistair Stewart (Web3 Foundation)

Echidna: A Practical Smart Contract Fuzzer. John-Paul Smith (Trail of Bits), Alex Groce (Trail of Bits), Gustavo Grieco (Trail of Bits), Josselin Feist (Trail of Bits)

Taproot Analysis. Lloyd Fournier

Assessing or incentivising correct mixing without authorities. Jeff Burdges (Web3 Foundation)

A New Protocol for Fair Addition of a Transaction Fee When Closing a Payment Channel Uncooperatively. Takahiro Nagamine (The University of Tokyo) and Kanta Matsuura (The University of Tokyo)

On the Applicability of Behavioral Biometric Authentication on Smartphones. Ahmed Mahfouz (Minia University), Mohamed Alaa (Minia University), Ahmed Hamdy (Minia University), Tarek Mostafa (Minia University)

Rethinking Blockchain Layers: Do Payment Channel Networks Need a Blockchain?. Matthias Grundmann (Karlsruhe Institute of Technology), Hannes Hartenstein (Karlsruhe Institute of Technology)

Prevention of Bouncing Attack on Casper FFG. Ryuya Nakamura (The University of Tokyo)

SoK: Layer-Two Blockchain Protocols. Lewis Gudgeon (Imperial College London), Pedro Moreno-Sanchez (TU Wein), Stefanie Roos (TU Delft), Patrick McCorry (PISA Research), Arthur Gervais (Imperial College London)

MicroCash: Practical Concurrent Processing of Micropayments. Ghada Almashaqbeh (Columbia), Allison Bishop (Proof of Trading and Columbia), Justin Cappos (New York University)

LockDown: Balance Availability Attack against Lightning Network Channels. Cristina Pérez-Solà (Universitat Oberta de Catalunya), Alejandro Ranchal-Pedrosa (University of Sydney), Jordi Herrera-Joancomarti (Universitat Autònoma de Barcelona), Guillermo Navarro-Arribas (Universitat Autònoma de Barcelona), Joaquin Garcia-Alfaro (Institut Polytechnique de Paris)

Ride the Lightning: The Game Theory of Payment Channels. Zeta Avarikioti (ETH Zurich), Lioba Heimbach (ETH Zurich), Yuyi Wang (ETH Zurich), Roger Wattenhofer (ETH Zurich)

How to profit from payments channels. Oguzhan Ersoy (Delft University of Technology), Stefanie Roos (Delft University of Technology), Zekeriya Erkin (Delft University of Technology)

Boomerang: Redundancy Improves Latency and Throughput in Payment Networks. Joachim Neu (Stanford University), Vivek Bagaria (Stanford University), David Tse (Stanford University)

DLSAG: Non-Interactive Refund Transactions For Interoperable Payment Channels in Monero. Pedro Moreno-Sanchez (TU Wien), Arthur Blue, Duc Le (Purdue University), Sarang Noether (Monero Research Lab), Brandon Goodell (Monero Research Lab), Aniket Kate (Purdue University)

Cerberus Channels: Incentivizing Watchtowers for Bitcoin. Zeta Avarikioti (ETH Zurich), Orfeas Stefanos Thyfronitis Litos (University of Edinburgh), Roger Wattenhofer (ETH Zurich)

An afternoon at the beach, including rainforest trail tours and a beach barbecue.

Communication-Efficient (Client-Aided) Secure Two-Party Protocols and Its Application. Satsuya Ohata (AIST), Koji Nuida (The University of Tokyo / AIST)

Secure Computation of the kth-Ranked Element in a Star Network. Anselme Tueno (SAP SE), Florian Kerschbaum (University of Waterloo), Stefan Katzenbeisser (University of Passau), Yordan Boev (SAP SE), Mubashir Qureshi (SAP SE)

Insured MPC: Efficient Secure Computation with Financial Penalties. Carsten Baum (Aarhus University), Bernardo David (IT University of Copenhagen), Rafael Dowsley (Bar-Ilan University)

Zether: Towards Privacy in a Smart Contract World. Benedikt Bünz (Stanford University), Shashank Agrawal (Visa Research), Mahdi Zamani (Visa Research), Dan Boneh (Stanford University)

An airdrop that preserves recipient privacy. Riad S. Wahby (Stanford), Dan Boneh (Stanford), Christopher Jeffrey (Purse.io), Joseph Poon (Lightning Network)

RingCT 3.0 for Blockchain Confidential Transaction: Shorter Size and Stronger Security. Tsz Hon Yuen (The University of Hong Kong), Shi-feng Sun (Monash University), Joseph K. Liu (Monash University), Man Ho Au (Hong Kong Polytechnic University), Muhammed F. Esgin (Monash University), Qingzhao Zhang (Shanghai Jiao Tong University), Dawu Gu (Shanghai Jiao Tong University)

BLAZE: Practical Lattice-Based Blind Signatures for Privacy-Preserving Applications. Nabil Alkeilani Alkadri (Technische Universität Darmstadt), Rachid El Bansarkhani (QuantiCor Security GmbH), Johannes Buchmann (Technische Universität Darmstadt)

Non-Interactive Proofs of Proof-of-Work. Aggelos Kiayias (University of Edinburgh and IOHK), Andrew Miller (University of Illinois at Urbana-Champaign), Dionysis Zindros (University of Athens and IOHK)

Proof-of-Burn. Kostis Karantias (IOHK), Aggelos Kiayias (University of Edinburgh and IOHK), Dionysis Zindros (University of Athens and IOHK)

Non-interactive Cryptographic Timestamping based on Verifiable Delay Functions. Esteban Landerreche (CWI Amsterdam), Marc Stevens (CWI Amsterdam), Christian Schaffner (University of Amsterdam)

Crypto engineering for the real world

Whether we work on traditional financial crypto or on blockchains, defending valuable assets against capable motivated opponents needs more than mathematics. Products have to be usable by customers, and tools have to be usable by programmers. Service providers have to think about a whole range of attacks, from malware to supply-chain tampering. We see blockchain firms adopting the hardware security modules developed to support bank ATMs, and SIM swap attacks on bitcoin users spreading to bank customers too. What lessons can the two financial crypto communities learn from each other?

Open Market or Ghost Town? The Curious Case of OpenBazaar. James E. Arps (Carnegie Mellon University), Nicolas Christin (Carnegie Mellon University)

Exploring the Monero Peer-to-Peer Network. Tong Cao (University of Luxembourg), Jiangshan Yu (Monash University), Jérémie Decouchant (University of Luxembourg), Xiapu Luo (The Hong Kong Polytechnic University), Paulo Esteves-Veríssimo (University of Luxembourg)

Surviving the Cryptojungle: Perception and Management of Risk Among North American Cryptocurrency (Non)Users. Artemij Voskobojnikov (University of British Columbia), Borke Obada-Obieh (University of British Columbia), Yue Huang (University of British Columbia), Konstantin Beznosov (University of British Columbia)

Address clustering heuristics for Ethereum. Friedhelm Victor (Technical University of Berlin)

What are the Actual Flaws in Important Smart Contracts (and How Can We Find Them)?. Alex Groce (Northern Arizona University), Josselin Feist (Trail of Bits), Gustavo Grieco (Trail of Bits), Michael Colburn (Trail of Bits)

Characterizing Code Clones in the Ethereum Smart Contract Ecosystem. Ningyu He (Peking University), Lei Wu (Zhejiang University), Haoyu Wang (Beijing University of Posts and Telecommunications), Yao Guo (Peking University), Xuxian Jiang (PeckShield, Inc)

Short Paper: Smart Contracts for Government Processes Case Study and Prototype Implementation. Magnus Krogsbøll (IT University of Copenhagen), Liv Hartoft (IT University of Copenhagen), Tijs Slaats (University of Copenhagen), Søren Debois (IT University of Copenhagen)

A: Sapi Island Snorkeling

B: City & Wetlands Tour

C: Mari Mari Cultural Village

Note: the timing of the lunch and breaks is coordinated among all of the workshops, but some workshops might start earlier in the morning or end later in the afternoon. See their individual programs for details. Workshop registrants can attend any of the workshops and can switch between them as desired.

AsiaUSEC'20: 1st Asian Workshop on Usable Security
Location: Kinabalu Room 2 & 3

CoDeFi'20: 1st Workshop on Coordination of Decentralized Finance
Location: Tanjung Room 1

VOTING'20: 5th Workshop on Advances in Secure Electronic Voting
Location: Kinabalu Room 1

WTSC'20: 4th Workshop on Trusted Smart Contracts
Location: Tanjung Room 2 & 3

AsiaUSEC'20: 1st Asian Workshop on Usable Security
Location: Kinabalu Room 2 & 3

CoDeFi'20: 1st Workshop on Coordination of Decentralized Finance
Location: Tanjung Room 1

VOTING'20: 5th Workshop on Advances in Secure Electronic Voting
Location: Kinabalu Room 1

WTSC'20: 4th Workshop on Trusted Smart Contracts
Location: Tanjung Room 2 & 3

AsiaUSEC'20: 1st Asian Workshop on Usable Security
Location: Kinabalu Room 2 & 3

CoDeFi'20: 1st Workshop on Coordination of Decentralized Finance
Location: Tanjung Room 1

VOTING'20: 5th Workshop on Advances in Secure Electronic Voting
Location: Kinabalu Room 1

WTSC'20: 4th Workshop on Trusted Smart Contracts
Location: Tanjung Room 2 & 3

AsiaUSEC'20: 1st Asian Workshop on Usable Security &
VOTING'20: 5th Workshop on Advances in Secure Electronic Voting &
WTSC'20: 4th Workshop on Trusted Smart Contracts
Location: Kinabalu Room
Keynote: Peter Gutmann, University of Auckland

Availability and Security: Choose any One

Availability/dependability considerations assert that "in case of any issues, keep going at any cost" while security mandates "in case of any issues, raise the alarm and shut things down". In other words once you've found the single bit that's out of place, you've won and there's no need to think about continuing. Needless to say, these two concepts are more than a little incompatible. This talk looks at the thorny issue of availability/dependability vs. security, complete with hair-raising examples, as instances of wicked problems, a concept taken from the field of social planning. To the annoyance of geeks everywhere, the talk will conclude without presenting any obvious solutions.

Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures and security usability. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption, and is the author of the open source cryptlib security toolkit, "Cryptographic Security Architecture: Design and Verification" (Springer, 2003), and an upcoming book on security engineering. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about the lack of consideration of human factors in designing security systems.

CoDeFi'20: 1st Workshop on Coordination of Decentralized Finance
Location: Tanjung Room 1