Workshop Program

June 23, 2022 (GMT+2). Please join our workshop via Zoom with meeting ID: 876 0979 2887 (https://uniroma1.zoom.us/j/87609792887).

• Opening Remarks (9:00-9:10 am, GMT+2, Chair: Jingqiang Lin)
• Session 1 (9:10-10:10 am, GMT+2, Chair: Jingqiang Lin): Keynote

Hey... it’s a PDF. What can go wrong?

- Christian Mainka and Vladislav Mladenov (Ruhr-University Bochum, Germany)

• Session 2 (10:20-11:20 am, GMT+2, Chair: Jun Shao)

1. UniqueChain: Achieving (Near) Optimal Transaction Settlement Time via Single Leader Election (10:20-10:40 am)

- Peifang Ni and Jing Xu

2. PEPEC: Precomputed ECC Points Embedded in Certificates and Verified by CT Log Servers (10:40-11:00 am)

- Guangshen Cheng, Jiankuo Dong, Xinyi Ji, Bingyu Li, Haoling Fan and Pinchang Zhang

3. Efficient Software Implementation of GMT-672 and GMT8-542 Pairing-Friendly Curves for a 128-bit Security Level (11:00-11:20 am)

- Zihao Song, Junichi Sakamoto, Shigeo Mitsunari, Riku Anzai, Naoki Yoshida and Tsutomu Matsumoto

---

Keynote: Hey... it’s a PDF. What can go wrong? By: Dr. Christian Mainka and Dr. Vladislav Mladenov, Ruhr-University Bochum, Germany
Abstract: The basic idea of a PDF is simple. Users can open a document on different operating systems, and it has the same appearance as its printed equivalent. In the early 1990s, this conformance was a game-changer: it allowed sharing of documents on the Internet. Since then, PDFs have experienced an incredible evolution. The latest PDF standard supports calculation logic, 3D animations, and the filling and submitting of forms. PDF nowadays even supports JavaScript, a well-known scripting language used on websites. PDFs can also be signed and encrypted to ensure confidentiality, authenticity, and integrity. This talk sheds light on what can go wrong when a user opens a PDF. We present the art of breaking PDF signatures. We highlight the developers' contradictive interpretation of specifications and talk about the difficulties to validate PDF signatures properly. Finally, we conclude with an outlook of further threats raised from documents.
Speaker BIO: Christian Mainka is a post-doctoral researcher at Ruhr-University Bochum. His research covers web and data security topics, presented at academia's and industry's most significant security conferences. His journey began in 2009 with the security impact arising from data description languages such as JSON and XML. Since then, he has filed numerous CVEs in widespread applications and libraries. He also originates the penetration test tools WS-Attacker and the Single Sign-On Burpsuite Extension EsPReSSO. Together with his colleagues, he is developing new cyber attacks on PDF that won first place at the 2019 CSAW Applied Research Competition. At the 2021 ACM Conference on Computer and Communications Security (CCS), his collaborative publication on Cross-Site Leaks in Web Browsers won the Best Paper Award. Twitter: @chearix
Speaker BIO: Vladislav Mladenov works as a security researcher at the Chair of Network and Data Security at the Ruhr University Bochum since 2012. In his dissertation he analyzed the security of Single Sign-On protocols such as SAML 2.0, OpenID, OpenID Connect and OAuth and discovered various vulnerabilities. After completing his doctorate Vladislav Mladenov works as a PostDoc and additionally devotes his attention to the security of data description languages, e.g. JSON, XML and PostScript. Since 2018, Mr. Mladenov focused his research on the security of office documents and recently published several attacks on PDFs. Twitter: @v_mladenov

Accepted Papers

• #1 - UniqueChain: Achieving (Near) Optimal Transaction Settlement Time via Single Leader Election
• #2 - PEPEC: Precomputed ECC Points Embedded in Certificates and Verified by CT Log Servers
• #3 - Efficient Software Implementation of GMT-672 and GMT8-542 Pairing-Friendly Curves for a 128-bit Security Level

Note: Each accepted workshop paper needs one registration at full rate before (13th May), no matter student author or not. Please refer to ACNS 2022 registration link to finish this process.

• Secure implementations of crypto algorithms & protocols
• Fuzzing and vulnerabilities of crypto algorithms & protocols
• Measurement of cryptographic solutions in the wild, defective or updated
• Designs of random bit generators
• Weak cryptographic keys and defective random bit generators
• Side channel attacks and defenses
• Cryptographic key protections and memory attacks
• PKI certificate services and key management
• HTTPS/TLS vulnerabilities and attacks
• Measurement and bugs of certificate-based solutions
• Audit and monitoring of cryptographic services
• Physical attacks and defenses of cryptographic implementation
• Verification and evaluation of cryptographic implementation
• High-performance cryptographic engines
• Cryptographic hardware
• Cryptography for Blockchain
• Cryptography for IoT/CPS
• Cryptography for the Cloud
• Cryptography for Mobile systems
• Cryptography for VANET

• Florian Caullery HENSOLDT Cyber GmbH, Germany
• Bo Chen Michigan Technological Univ., USA
• Jiankuo Dong Nanjing University of Posts and Telecommunications, China
• Niall Emmart NVIDIA Corporation, USA
• Johann Großschädl University of Luxembourg, Luxembourg
• Miroslaw Kutylowski Wroclaw University of Technology, Poland
• Rongxing Lu University of New Brunswick, Canada
• Bingyu Li Beihang University, China
• Fengjun Li University of Kansas, USA
• Ximeng Liu Fuzhou University, China
• Chunli Lv China Agricultural University, China
• Di Ma ZDNS, CHINA
• Yuan Ma Chinese Academy of Sciences, China
• Ziqiang Ma Ningxia University, China
• Zhiguo Wan Shandong University, China
• Ding Wang Nankai University, China
• Juan Wang Wuhan University, China
• Fan Zhang Zhejiang University, China
• Fangyu Zheng Chinese Academy of Sciences, China
• Cong Zuo Nanyang Technological University, Singapore