Financial Cryptography and Data Security 2012

International Financial Cryptography Association logo

Sixteenth International Conference
February 27–March 2, 2012
Divi Flamingo Beach Resort

Please note, this program is provisional and subject to change.

All events take place in the Peter Hughes Meeting Room unless otherwise noted.
Thursday-Sunday, February 23-26, 2012

Dive Certification Course
Location: Divi Dive Bonaire
Sunday, February 26, 2012

5:00pm–6:00pm Registration Reception
Location: Calabas Garden
Monday, February 27, 2012

8:30am–9:00am Registration

9:00am–9:15am Opening Remarks

Keynote Address
Scott M Zoldi, Ph.D.
Vice President Analytic Science

Analytic Techniques for Combating Financial Fraud

Effective detection and prevention of financial transaction fraud requires analytic techniques capable of characterizing the transaction stream and determining the likelihood of fraud or misuse in real time. The nature of fraud makes the development of transaction monitoring models challenging, and inspires new Analytic innovations to respond to the ever changing tactics taken on by fraudsters. In this talk, we will review traditional payment card fraud detection analytic techniques such as transaction profiling and neural network models, and then expand to new analytic techniques. These new techniques include Adaptive Analytics which allows a model in production to adjust its scores dynamically based on analyst fraud case dispositions; Self-Calibrating Analytics which determines outlier fraud features in streaming transactions through real-time estimations of variable distributions; and Global Intelligent Profiles which enable profiling of various entities in the fraud decision such as ATMs, countries, and compromise clusters.

Scott Zoldi is a Vice President of Analytic Science at FICO. He has responsibility for the analytic development of FICO's transaction analytics products and solutions, including the FICO™ Falcon® Fraud Manager product. While at FICO, Scott has been responsible for authoring over 30 patent applications related to fraud and transaction analytics. He is actively involved in the development of FICO's new Falcon 6 product, which includes new analytic innovations such as adaptive analytics, global intelligent profiles, self-calibrating analytics and enterprise analytics. Before joining FICO, Scott was a director's postdoctoral fellow at Los Alamos National Laboratory. Scott received his Ph.D. in theoretical and computational physics from Duke University and was a DOE computational science graduate fellow.

10:30am–11:00am Break

Session Chair: Angelos Keromytis

Hyoungshick Kim, John Tang and Ross Anderson
Social Authentication: Harder than it Looks

Sonia Chiasson, Chris Deschamps, Elizabeth Stobert, Max Hlywa, Bruna Freitas Machado, Alain Forget, Nicholas Wright, Gerry Chan and Robert Biddle
The MVP Web-based Authentication Framework (Short Paper)

Joseph Bonneau, Sören Preibusch and Ross Anderson
A birthday present every eleven wallets? The security of customer-chosen banking PINs

12:20pm–1:20pm Lunch
Location: Calabas Restaurant

Securing the Stock Markets
Session Chair: Sonia Chiasson

Tyler Moore, Jie Han and Richard Clayton
The Postmodern Ponzi Scheme: Empirical Analysis of High-Yield Investment Programs

Dan Bogdanov, Riivo Talviste and Jan Willemson
Deploying secure multi-party computation for financial data analysis (Short Paper)

Christopher Thorpe and Steven Willis
Cryptographic Rule-Based Trading (Short Paper)

2:30pm–3:00pm Break

Session Chair: Sven Dietrich

Zi Lin, Denis Foo Kune and Nicholas Hopper
Efficient Private Proximity Testing with GSM Location Sketches

Benjamin Johnson, John Chuang, Jens Grossklags and Nicolas Christin
Metrics for Measuring ISP Badness: The Case of Spam (Short Paper)

Tao Wang, Kevin Bauer, Clara Forero and Ian Goldberg
Congestion-aware Path Selection for Tor

6:00pm–7:00pm Welcome Reception
Location: Flamingo's Nest
Tuesday, February 28, 2012

Session Chair: Nicolas Christin

Scott Wolchok, Eric Wustrow, Dawn Isabel and J. Alex Halderman
Attacking the Washington, D.C. Internet Voting System

Rainer Boehme
Security Audits Revisited

Attila A. Yavuz, Peng Ning and Mike Reiter
Efficient, Compromise Resilient and Append-only Cryptographic Schemes for Secure Audit Logging

10:00am–10:30am Break

Session Chair: Moti Yung

Morten Dahl, Chao Ning and Tomas Toft
On Secure Two-party Integer Division

Rafik Chaabouni, Helger Lipmaa and Bingsheng Zhang
A Non-Interactive Range Proof with Constant Communication

T-H. Hubert Chan, Elaine Shi and Dawn Song
Privacy-Preserving Stream Aggregation with Fault Tolerance

12:00pm–4:00pm Island Tour and Lunch at Rose Inn in Rincon

8:00pm–9:00pm IFCA General Meeting

9:00pm–12:00am Rump Session
Chair: Tyler Moore
Wednesday, February 29, 2012

Access Control and Privacy
Session Chair: Lenore Zuck

Daniel Slamanig
Dynamic Accumulator based Discretionary Access Control for Outsourced Storage with Unlinkable Access (Short Paper)

Mariana Raykova, Hang Zhao and Steven Bellovin
Privacy Enhanced Access Control for Outsourced Data Sharing

Andres Molina-Markham, George Danezis, Kevin Fu, Prashant Shenoy and David Irwin
Designing Privacy-preserving Smart Meters with Low-cost Microcontrollers

10:00am–10:30am Break

Secure Processing
Session Chair: Angelos Keromytis

Benjamin Mood, Lara Letaw and Kevin Butler
Memory Efficient Garbled Circuit Generation for Mobile Devices

Payman Mohassel and Salman Niksefat
Oblivious Decision Programs from Oblivious Transfer: Efficient Reductions

Kaoru Kurosawa and Yasuhiro Ohtaki
UC-Secure Searchable Symmetric Encryption

12:00pm–1:00pm Lunch
Location: Calabas Restaurant

Session Chair: Helger Lipmaa

Jeremy Clark and Aleksander Essex
CommitCoin: Carbon Dating Commitments with Bitcoin (Short Paper)

Simon Barber, Xavier Boyen, Elaine Shi and Ersin Uzun
Bitter to Better — How to Make Bitcoin a Better Currency

Moderator: Jason Cronk
Panelists: Peter Swire, Stuart Shapiro, Travis Breaux

Laws against adopting PETs (Privacy Enhancing Technologies)

As organizations look to mitigate their privacy risks, they are increasing being encouraged by regulatory authorities to consider privacy by design (PbD) and privacy enhancing technologies (PETs). PETs present an alternative to the standard model of most organizations: data collection coupled with data protection. PETs can either increase transparency, by allowing individual or collective auditing of company privacy practices (Google's Privacy Center) or increase opacity, by hiding or eliminating some of the links between data points (TOR anonymity network).

Laws and regulations can also affect the transparency and opacity of personal data. While some laws may adversely affect privacy for organizations following the standard model, other laws may directly impede privacy enhancement by requiring the collection of personal data that are not necessary for organization operations. This panel aims to look at laws and regulations that either directly or inadvertently are not PET friendly.

Peter P. Swire is the C. William O'Neill Professor of Law at the Moritz College of Law of the Ohio State University and a Senior Fellow at the Center for American Progress. Professor Swire has published extensively, testifies regularly before the Congress, and is quoted frequently in national and international press. Under President Clinton, he served as the Chief Counselor for Privacy, the only person to date to have government-wide responsibility for privacy policy. In that position, he chaired the White House Working Group on Encryption in the lead-up to the 1999 change to permit export of strong encryption. He is lead author of Information Privacy: Official Reference for the Certified Information Privacy Professional. His current research focuses on global laws governing encryption and lawful government access.

Dr. Stuart S. Shapiro is a Principal Information Privacy and Security Engineer and a member of the Privacy Community of Practice at the MITRE Corporation, a not-for-profit company performing technical research and consulting primarily for the U.S. government. At MITRE he has supported a wide range of privacy activities, including privacy impact assessments, for major government programs and coordinates MITRE research on enterprise privacy-enhancing technologies (ePETs). Prior to joining MITRE he was Director of Privacy at CareInsite, an e-health company, where his responsibilities included both policy and technical issues revolving around privacy and security. He has also held academic positions at several institutions, including the Centre for Research into Innovation, Culture and Technology at Brunel University in the U.K. and the Department of Science and Technology Studies at Rensselaer Polytechnic Institute in the U.S. He has taught courses on the history, politics, and ethics of information and communication technologies (ICTs), while his research and writing have focused on ICTs and privacy and on the history and sociology of software development.

Travis D. Breaux is an Assistant Professor of Computer Science, appointed in the Institute for Software Research of the School of Computer Science at Carnegie Mellon University. Dr. Breaux's research program searches for new methods and tools for developing correct software specifications and ensuring that software systems conform to those specifications in a transparent, reliable and trustworthy manner. This includes demonstrating compliance with U.S. and international privacy and security laws across multiple jurisdictions in finance and healthcare. Dr. Breaux has several publications in ACM and IEEE-sponsored journals and conference proceedings. Dr. Breaux is a member of the ACM SIGSOFT, IEEE Computer Society and a Council Member of the USACM Public Policy Committee.

R. Jason Cronk is licensed attorney in Florida, Certified Information Privacy Professional and currently works as a software architect in the Information Security Department of Verizon, Inc. Mr. Cronk lectures frequently on the topics of privacy and privacy by design with a special emphasis on employing PETs (Privacy Enhancing Techniques) in information systems. Mr. Cronk was an original attendee of Financial Cryptography 97, where he gave a rump session speech on using statistical sampling for authenticating streaming microcash.

6:30pm–8:30pm BBQ
Location: Calabas Restaurant and Calabas Garden
Thursday, March 1, 2012

Interfacing with the Physical
Session Chair: Burt Rosenberg

Jens Bender, Özgür Dagdelen, Marc Fischlin and Dennis Kügler
The PACE|AA Protocol for Machine Readable Travel Documents, and its Security

Aleksander Essex and Urs Hengartner
Oblivious Printing of Secret Messages in a Multi-party Setting

Anthony Van Herrewege, Stefan Katzenbeisser, Roel Maes, Roel Peeters, Ahmad-Reza Sadeghi, Ingrid Verbauwhede and Christian Wachsmann
Reverse Fuzzy Extractors: Enabling Lightweight Mutual Authentication for PUF-enabled RFIDs

10:00am–10:30am Break

Systems Cryptography
Session Chair: Alex Halderman

Junaid Jameel Ahmad, Shujun Li, Ahmad-Reza Sadeghi and Thomas Schneider
CTL: A Platform-Independent Crypto Tools Library Based on Dataflow Programming Paradigm

Michael Weiß, Benedikt Heinz and Frederic Stumpf
A Cache Timing Attack on AES in Virtualization Environments

Franz Ferdinand Brasser, Sven Bugiel, Atanas Filyanov, Ahmad-Reza Sadeghi and Steffen Schulz
Softer Smartcards: Usable Cryptographic Tokens with Secure Execution

12:00pm–12:15pm Closing Remarks

12:15pm–1:15pm Lunch
Location: Calabas Restaurant

1:15pm–6:00pm Free Afternoon with Activities

6:00pm–7:00pm Workshop Reception (for workshop registrants)
Location: Flamingo's Nest
Friday, March 2, 2012

9:00am–5:00pm Workshops
Locations: Peter Hughes Meeting Room and Capture Shop

7:00pm–10:00pm Paranda Party Bus (for workshop registrants)
Saturday, March 3, 2012

Jeep Excursion to Washington Slagbaai National Park




This conference is organized annually by the International Financial Cryptography Association.