On the security of a popular Web Submission and Review software (WSaR) for cryptology conferences

Swee Won Lo, Raphael C.W. Phan, Bok Min Goi

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

4 Citations (Scopus)


Most, if not all, conferences use an online system to handle paper submissions and reviews. Introduction of these systems has significantly facilitated the administration, submission and review process compared to traditional paper-based ones. However, it is crucial that these systems have strong resistance against Web attacks as they involve confidential data and privacy. Some submissions could be leading edge breakthroughs that authors do not wish to leak out and be subtly plagiarized. Also, security of the employed system will attract more submissions to conferences that use it and gives confidence of the quality that the conferences uphold. In this paper, we analyze the security of the Web-Submission-and-Review (WSaR) software - latest version 0.53 beta at the time of writing; developed by Shai Halevi from IBM Research. WSaR is currently in use by top cryptology and security-related conferences including Eurocrypt 2007 & 2008, Crypto 2007, and Asiacrypt 2007, annually sponsored by the International Association for Cryptologic Research (IACR). We present detailed analysis on WSaR's security features. In particular, we first discuss the desirable security features that are designed into WSaR and what attacks these features defend against. Then, we discuss how some untreated security issues may lead to problems, and we show how to enhance WSaR security features to take these issues into consideration. Our results are the first known careful analysis of WSaR, or any type of online submission system for that matter.

Original languageEnglish
Title of host publicationInformation Security Applications - 8th International Workshop, WISA 2007, Revised Selected Papers
Number of pages21
ISBN (Print)354077534X, 9783540775348
Publication statusPublished - 2007
Externally publishedYes
EventInternational Workshop on Information Security Applications 2007 - Jeju Island, Korea, South
Duration: 27 Aug 200729 Aug 2007
Conference number: 8th
https://link.springer.com/book/10.1007/978-3-540-77535-5 (Proceedings)

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4867 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


WorkshopInternational Workshop on Information Security Applications 2007
Abbreviated titleWISA 2007
Country/TerritoryKorea, South
CityJeju Island
Internet address


  • Email
  • Passwords
  • Privacy
  • Protocol
  • Security analysis
  • Web submission and review software

Cite this