Conference Program

ACM WiSec 2014 is collocated with RFIDSec'14, and the two events are scheduled together. The list of papers accepted to ACM WiSec 2014 can be found here. The list of papers accepted to RFIDSec'14 can be found here. The calendars linked at the bottom of the page shows the schedules for both events. Descriptions below are colour-coded as follows (the same colour code as on the registration information page):
  • Tutorials
  • RFIDSec
  • ACM WiSec
  • Both ACM WiSec and RFIDSec
We also have a paper version of the programme, published here.


RFIDSec'14 Invited Talk:
Clustering Distance Bounding Protocols
Prof. Gildas Avoine, INSA Rennes
Distance bounding protocols are security countermeasures designed to thwart relay attacks. Such attacks consist in relaying messages exchanged between two parties, making them believe they communicate directly with each other. Although distance bounding protocols have existed since the early nineties, this research topic resurrected with the deployment of contactless systems, against which relay attacks are particularly impactful. Given the impressive number of distance bounding protocols that are designed every year, it becomes urgent to provide researchers and engineers with a methodology to fairly compare the protocols in spite of their various properties. After reviewing the literature of distance bounding protocols, we will introduce in this talk a methodology based on concepts from the decision making field in order to compare distance bounding protocols.
Gildas Avoine is a professor of Information Security and Cryptography at INSA Rennes in France and UCL in Belgium, and a member of the Institut Universitaire de France. Previously, he was a researcher at the MIT (USA) in the CSAIL, and at the EPFL (Switzerland) in the LASEC, where he obtained a PhD degree in cryptography. He did his undergrade studies at the University of Caen (France) where he received a Bachelor degree in mathematics and Bachelor and Master degrees in computer science. Gildas Avoine's main research area is information security, which he addressed with a cryptographic approach. His topics of interest include privacy models, lightweight authentication, distance bounding protocols, cryptanalytic time-memory trade-offs, and forensics. His current research focuses on security and privacy in ubiquitous computing systems, in particular radio-frequency identification.
Keynote Speaker:
John O’Donnell, Cisco
IoT -- Connecting the Unconnected Securely

In the last 12 months, the Internet of Things (IoT) has gained tremendous market momentum with strategic investments from all of the major IT companies and governments around the world. IoT promises massive gains in efficiency, business growth and quality of life. In the next 7 years, 27 billion new devices will connect to the Internet, with half of all data traffic being generated by IoT.

Cisco’s go to market in this area is the Internet of Everything (IoE), which combines the things, with processes, data and people to create a holistic approach to derive value from the proliferation of these connected devices. In this new world we will need new infrastructure that’s much more scalable, secure, and intelligent than ever before to “connect the unconnected”. Big data generated by things will deliver new insights and predictions. This next wave of the Internet will touch every aspect of our lives: manufacturing, transportation, smart cities, energy, agriculture and health care which will all be transformed. Ultimately IoE is about the ability to get the right information to the right person at the right time and doing it in volume. For both private and public sectors.

John O’Donnell, Cisco’s IoE pre sales consultants manager for EMEAR and APJC, will explore these topics, discuss some of the challenges and the important roles that wireless and security has to play in realising the opportunities.


John O’Donnell is Cisco’s Internet of Everything (IoE) Pre Sales Consultants Manager across EMEAR & APJC. Together with his team of consultants, his key objective is to work with Cisco’s Customers and Partners to articulate and demonstrate how IoE architectures and solutions can be applied to drive business transformation across all walks of industry and government.

John has a passion for IoE, and the positive impact it can have on society and the value it can and will bring to corporations, strongly believing we are just at the dawn of the IoE era, and the immense value it will enable.

John has a strong history of driving innovative technologies enabling customers to embrace different ways of conducting business and optimizing business operations. Up until August 2013 he led the pre sales consultants team for Cisco’s Connected Safety & Security Solutions on a global basis. In the late 1990’s and early 2000’s John was instrumental in driving adoption of Cisco Unified Communications within Public Sector and other sectors in the UK, advising customers how to migrate from their proprietary silo based PBX environments to open IP based environments.

John holds an Electronics and Electrical Engineering from Loughborough University in the UK and has worked for Cisco 16 years. He lives with his family in Buckinghamshire and enjoys sports, outdoor activities and travelling.

ACM WiSec 2014 Invited Talk:
On Mobile Malware Infections
Prof. N. Asokan, Aalto University
Concerns about mobile malware are not new. There is a steady stream of news stories about the exponential growth of malware targeted at specific smartphone operating systems. Yet, anecdotal evidence seems to suggest that malware infection of smartphones in the wild is not at the same scale as malware infection of personal computers. Recently, we set out to accurately measure malware infection rates on Android devices ( In this talk, I will describe our experiences, some lessons learnt, and our attempts at using inexpensive risk indicators to predict susceptibility of a device for infection.
N. Asokan is a professor of computer science at University of Helsinki and professor of computer science and engineering at Aalto University. Prior to joining academia, he spent over fifteen years in industrial research at IBM Zurich Research Laboratory and Nokia Research Center. Asokan serves on the steering group of ACM WiSec. For more information about his work, see


Tutorial 1:
Side-Channel Attacks 101: Theory and Practice
David Oswald/Timo Kaspe/Falk Schellenberg, Ruhr-Universität Bochum

Implementation attacks and side-channel analysis are techniques to break analytically secure ciphers. Instead of focusing on the mathematical properties, side-channel attacks target the physical implementation of cryptography, e.g., on a microcontroller or an FPGA.

This tutorial starts with an in-depth introduction into the topic, covering methods like timing attacks and simple/differential power analysis (SPA/DPA). With these techniques, unprotected implementations of standard ciphers like RSA, ECC, or AES can often be broken within minutes. Besides, the tutorial also presents typical measurement setups for the acquisition of side-channel signals and other implementation attcks, for instance fault injection.

The second part of the tutorial deals with the practical application of side-channel analysis, focusing on several real-world case studies. In particular, for RFID systems, our 2011 side-channel attacks on the DESFire MF3ICD40 smartcard are presented.

Based on the case studies, the impact of attacks on real systems is evaluated and compared. Finally, possible countermeasures on different levels (hardware, software, backend) are discussed.

Tutorial 2:
Trusted Execution Environments on Mobile Devices
Kari Kostiainen, ETH Zurich

A trusted execution environment (TEE) is a secure processing environment that is isolated from the “normal” processing environment where the device operating system and applications run. The first mobile phones with hardware-based TEEs appeared almost a decade ago, and today almost every smartphone and tablet contains a TEE like ARM TrustZone. Despite such a large-scale deployment, the use of TEE functionality has been limited for developers. With emerging standardization this situation is about to change. In this tutorial, we explain the security features provided by mobile TEEs and describe On-board Credentials (ObC) system that enables third-party TEE development. We discuss ongoing TEE standardization activities, including the recent Global Platform standards and the Trusted Platform Module (TPM) 2.0 specification, and identify open problems for the near future of mobile hardware security.


ACM WiSec 2014 Technical Sessions

Session 1: Smart Phone 1
  • David Barrera, Daniel McCarney, Jeremy Clark and Paul C. van Oorschot. Baton: Certificate Agility for Android's Decentralized Signing Infrastructure
  • Adwait Nadkarni, Vasant Tendulkar and William Enck. NativeWrap: Ad Hoc Smartphone Application Creation for End Users
  • Fangfang Zhang, Heqing Huang, Sencun Zhu, Dinghao Wu and Peng Liu. ViewDroid: Towards Obfuscation-Resilient Mobile Application Repackaging Detection
Session 2: Sensing and Embedded Systems
  • Stylianos Gisdakis, Thanassis Gianetsos and Panos Papadimitratos. SPPEAR: Security & Privacy-Preserving Architecture for Mobile Crowd-Sensing Applications
  • Jun Han, Yue-Hsun Lin, Adrian Perrig and Fan Bai. MVSec: Secure and Easy-to-Use Pairing of Mobile Devices with Vehicles (short)
  • Andrei Costin and Aurélien Francillon. A dangerous “pyrotechnic composition”: fireworks, embedded wireless and insecurity-by-design (short)
  • Ira Ray Jenkins, Rebecca Shapiro, Sergey Bratus, Ryan Speers, Travis Goodspeed and David Dowd. Speaking the Local Dialect: Exploiting differences between IEEE 802.15.4 Receivers with Commodity Radios for fingerprinting, targeted attacks, and WIDS evasion (short)
Session 3: Location Privacy
  • Arijit Banerjee, Dustin Maas, Maurizio Bocca, Neal Patwari and Sneha Kasera. Violating Location Privacy Through Walls by Passive Monitoring of Radio Windows
  • Luke Hutton, Tristan Henderson and Apu Kapadia. "Here I am, now pay me!'': privacy concerns in incentivised location-sharing systems (short)
  • Michael Herrmann, Alfredo Rial, Claudia Diaz and Bart Preneel. Practical Privacy-Preserving Location-Sharing Based Services with Aggregate Statistics
  • Der-Yeuan Yu, Aanjhan Ranganathan, Thomas Locher, Srdjan Capkun and David Basin. Detection of GPS Spoofing Attacks in Power Grids (short)
Session 4: Jamming and Anti-Jamming
  • Daniel S. Berger, Francesco Gringoli, Nicolò Facchi, Ivan Martinovic and Jens Schmitt. Gaining Insight on Friendly Jamming in a Real-World IEEE 802.11 Network
  • Bruce Debruhl, Christian Kroer, Anupam Datta, Tuomas Sandholm and Patrick Tague. Power Napping with Loud Neighbors: Optimal Energy-Constrained Jamming and Anti-Jamming
  • Hanif Rahbari and Marwan Krunz. Friendly CryptoJam: A Mechanism for Securing Physical-Layer Attributes
Session 5: Smart Phone 2
  • Wenhui Hu, Damien Octeau, Patrick McDaniel and Peng Liu. Duet: Library Integrity Verification for Android Applications
  • Zhen Xie and Sencun Zhu. GroupTie: Toward Hidden Collusion Group Discovery in App Stores
  • Mengtao Sun and Gang Tan. NativeGuard: Protecting Android Applications from Third-Party Native Libraries
Session 6: Wireless and PHY
  • Nicholas Kolokotronis, Alexandros Katsiotis and Nicholas Kalouptsidis. Attacking and Defending Lightweight PHY Security Schemes for Wireless Communications (short)
  • Ibrahim Ethem Bagci, Utz Roedig, Matthias Schulz and Matthias Hollick. Gathering Tamper-Evidence in Wi-Fi Networks Based on Channel State Information (short)
  • Pieter Robyns, Bram Bonné, Peter Quax and Wim Lamotte. Exploiting WPA2-Enterprise Vendor Implementation Weaknesses through Challenge Response Oracles (short)
  • Frederik Möllers, Sebastian Seitz, Andreas Hellmann and Christoph Sorge. Extrapolation and Prediction of User Behaviour from Wireless Home Automation Communication (short)
Session 7: Smart Phone 3
  • Sashank Narain, Amirali Sanatinia and Guevara Noubir. Single-stroke Language-Agnostic Keylogging using Stereo-Microphones and Domain Specific Machine Learning
  • Jiaqi Tan, Utsav Drolia, Rolando Martins, Rajeev Gandhi and Priya Narasimhan. CHIPS: Content-based Heuristics for Improving Photo Privacy for Smartphones (short)
  • Alessandro Armando, Gabriele Costa, Alessio Merlo and Luca Verderame. Enabling BYOD through Secure Meta-Market
  • Jagdish Prasad Achara, Mathieu Cunche, Vincent Roca and Aurelien Francillon. WifiLeaks: Underestimated Privacy Implications of the ACCESS_WIFI_STATE Android Permission (short)

Calendar URLs

(All in iCalendar format.)