The 12th annual meeting of the Australasian Information Security Conference (ACSW-AISC 2014) was held in Auckland, at the city campus of Auckland University of Technology (AUT), New Zealand, as part of the Australasian Computer Science Week, January 20-23, 2014. Originally, our conference was called the Australasian Information Security Workshop. In 2008, it was renamed the Australasian Information Security Conference. The main aim of the ACSW-AISC is to provide a venue for researchers to present their work on all aspects of information security, and to promote collaboration between academic and industrial researchers working in this area
Proceeding Downloads
Bugs in the wetware: the psychology of computer insecurity
A fairly standard response with computer security failures is to blame the user. The real culprit though is the way in which the human mind works. Millennia of evolutionary conditioning and the environment in which users operate cause them to act, and ...
YALIH, yet another low interaction honeyclient
Low-interaction honeyclients employ static detection techniques such as signatures, heuristic or anomaly detection in the identification of malicious websites. They are associated with low detection rate and failure to identify zero-day and obfuscated ...
Poisoned GOOSE: exploiting the GOOSE protocol
This paper presents a vulnerability within the generic object oriented substation event (GOOSE) communication protocol. It describes an exploit of the vulnerability and proposes a number of attack variants. The attacks sends GOOSE frames containing ...
Weak key-IV pairs in the A5/1 stream cipher
A5/1 is a shift register based stream cipher which provides privacy for the GSM system. In this paper, we analyse the loading of the secret key and IV during the initialisation process of A5/1. We demonstrate the existence of weak key-IV pairs in the A5/...
Formalising human recognition: a fundamental building block for security proofs
A fundamental part of many authentication protocols which authenticate a party to a human involves the human recognizing or otherwise processing a message received from the party. Examples include typical implementations of Verified by Visa in which a ...
An authorised pseudonym system for privacy preserving location proof architectures
An emerging class of Location Based Services (LBSs) needs verified mobile device locations for service provision. For example, an automated car park billing system requires verified locations of cars to confirm the place and the duration of parked cars. ...
Practical modbus flooding attack and detection
The Modicon Communication Bus (Modbus) protocol is one of the most commonly used protocols in industrial control systems. Modbus was not designed to provide security. This paper confirms that the Modbus protocol is vulnerable to flooding attacks. These ...
A case study of user-level spam filtering
There are number of Anti-Spam filters that have reduced the amount of email spam in the inbox but the problem still continues as the spammers circumvent these techniques. The problems need to be addressed from different aspects. Major problem for ...
Algebraic analysis of Trivium-like ciphers (poster)
Trivium is a bit-based stream cipher in the final portfolio of the eSTREAM project. In this paper, we apply the algebraic attack approach of Berbain et al. to Trivium-like ciphers and perform new analyses on them. We demonstrate a new algebraic attack ...
Hypervisor-based security architecture for validating DNS services (poster)
Domain Name System (DNS) is one of the critical services in the current Internet infrastructure. However DNS is vulnerable to a range of attacks. One of the fundamental weaknesses with the existing DNS protocols is that the request and response messages ...
Index Terms
- Proceedings of the Twelfth Australasian Information Security Conference - Volume 149