On the security of a popular Web Submission and Review software (WSaR) for cryptology conferences

Swee Won Lo; Raphael C.W. Phan; Bok Min Goi

doi:10.1007/978-3-540-77535-5_18

On the security of a popular Web Submission and Review software (WSaR) for cryptology conferences

Swee Won Lo, Raphael C.W. Phan, Bok Min Goi

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

4 Citations (Scopus)

Abstract

Most, if not all, conferences use an online system to handle paper submissions and reviews. Introduction of these systems has significantly facilitated the administration, submission and review process compared to traditional paper-based ones. However, it is crucial that these systems have strong resistance against Web attacks as they involve confidential data and privacy. Some submissions could be leading edge breakthroughs that authors do not wish to leak out and be subtly plagiarized. Also, security of the employed system will attract more submissions to conferences that use it and gives confidence of the quality that the conferences uphold. In this paper, we analyze the security of the Web-Submission-and-Review (WSaR) software - latest version 0.53 beta at the time of writing; developed by Shai Halevi from IBM Research. WSaR is currently in use by top cryptology and security-related conferences including Eurocrypt 2007 & 2008, Crypto 2007, and Asiacrypt 2007, annually sponsored by the International Association for Cryptologic Research (IACR). We present detailed analysis on WSaR's security features. In particular, we first discuss the desirable security features that are designed into WSaR and what attacks these features defend against. Then, we discuss how some untreated security issues may lead to problems, and we show how to enhance WSaR security features to take these issues into consideration. Our results are the first known careful analysis of WSaR, or any type of online submission system for that matter.

Original language	English
Title of host publication	Information Security Applications - 8th International Workshop, WISA 2007, Revised Selected Papers
Publisher	Springer
Pages	245-265
Number of pages	21
ISBN (Print)	354077534X, 9783540775348
DOIs	https://doi.org/10.1007/978-3-540-77535-5_18
Publication status	Published - 2007
Externally published	Yes
Event	International Workshop on Information Security Applications 2007 - Jeju Island, Korea, South Duration: 27 Aug 2007 → 29 Aug 2007 Conference number: 8th https://link.springer.com/book/10.1007/978-3-540-77535-5 (Proceedings)

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4867 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Workshop

Workshop	International Workshop on Information Security Applications 2007
Abbreviated title	WISA 2007
Country/Territory	Korea, South
City	Jeju Island
Period	27/08/07 → 29/08/07
Internet address	https://link.springer.com/book/10.1007/978-3-540-77535-5 (Proceedings)

Keywords

Email
Passwords
Privacy
Protocol
Security analysis
Web submission and review software

Access to Document

10.1007/978-3-540-77535-5_18

Cite this

Lo, S. W., Phan, R. C. W., & Goi, B. M. (2007). On the security of a popular Web Submission and Review software (WSaR) for cryptology conferences. In Information Security Applications - 8th International Workshop, WISA 2007, Revised Selected Papers (pp. 245-265). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4867 LNCS). Springer. https://doi.org/10.1007/978-3-540-77535-5_18

Lo, Swee Won ; Phan, Raphael C.W. ; Goi, Bok Min. / On the security of a popular Web Submission and Review software (WSaR) for cryptology conferences. Information Security Applications - 8th International Workshop, WISA 2007, Revised Selected Papers. Springer, 2007. pp. 245-265 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{8ad8c7deb5f140619c3bcb6b703d70b9,

title = "On the security of a popular Web Submission and Review software (WSaR) for cryptology conferences",

abstract = "Most, if not all, conferences use an online system to handle paper submissions and reviews. Introduction of these systems has significantly facilitated the administration, submission and review process compared to traditional paper-based ones. However, it is crucial that these systems have strong resistance against Web attacks as they involve confidential data and privacy. Some submissions could be leading edge breakthroughs that authors do not wish to leak out and be subtly plagiarized. Also, security of the employed system will attract more submissions to conferences that use it and gives confidence of the quality that the conferences uphold. In this paper, we analyze the security of the Web-Submission-and-Review (WSaR) software - latest version 0.53 beta at the time of writing; developed by Shai Halevi from IBM Research. WSaR is currently in use by top cryptology and security-related conferences including Eurocrypt 2007 & 2008, Crypto 2007, and Asiacrypt 2007, annually sponsored by the International Association for Cryptologic Research (IACR). We present detailed analysis on WSaR's security features. In particular, we first discuss the desirable security features that are designed into WSaR and what attacks these features defend against. Then, we discuss how some untreated security issues may lead to problems, and we show how to enhance WSaR security features to take these issues into consideration. Our results are the first known careful analysis of WSaR, or any type of online submission system for that matter.",

keywords = "Email, Passwords, Privacy, Protocol, Security analysis, Web submission and review software",

author = "Lo, {Swee Won} and Phan, {Raphael C.W.} and Goi, {Bok Min}",

year = "2007",

doi = "10.1007/978-3-540-77535-5_18",

language = "English",

isbn = "354077534X",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "245--265",

booktitle = "Information Security Applications - 8th International Workshop, WISA 2007, Revised Selected Papers",

url = "https://link.springer.com/book/10.1007/978-3-540-77535-5",

}

Lo, SW, Phan, RCW & Goi, BM 2007, On the security of a popular Web Submission and Review software (WSaR) for cryptology conferences. in Information Security Applications - 8th International Workshop, WISA 2007, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4867 LNCS, Springer, pp. 245-265, International Workshop on Information Security Applications 2007, Jeju Island, Korea, South, 27/08/07. https://doi.org/10.1007/978-3-540-77535-5_18

On the security of a popular Web Submission and Review software (WSaR) for cryptology conferences. / Lo, Swee Won; Phan, Raphael C.W.; Goi, Bok Min.
Information Security Applications - 8th International Workshop, WISA 2007, Revised Selected Papers. Springer, 2007. p. 245-265 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4867 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - On the security of a popular Web Submission and Review software (WSaR) for cryptology conferences

AU - Lo, Swee Won

AU - Phan, Raphael C.W.

AU - Goi, Bok Min

N1 - Conference code: 8th

PY - 2007

Y1 - 2007

N2 - Most, if not all, conferences use an online system to handle paper submissions and reviews. Introduction of these systems has significantly facilitated the administration, submission and review process compared to traditional paper-based ones. However, it is crucial that these systems have strong resistance against Web attacks as they involve confidential data and privacy. Some submissions could be leading edge breakthroughs that authors do not wish to leak out and be subtly plagiarized. Also, security of the employed system will attract more submissions to conferences that use it and gives confidence of the quality that the conferences uphold. In this paper, we analyze the security of the Web-Submission-and-Review (WSaR) software - latest version 0.53 beta at the time of writing; developed by Shai Halevi from IBM Research. WSaR is currently in use by top cryptology and security-related conferences including Eurocrypt 2007 & 2008, Crypto 2007, and Asiacrypt 2007, annually sponsored by the International Association for Cryptologic Research (IACR). We present detailed analysis on WSaR's security features. In particular, we first discuss the desirable security features that are designed into WSaR and what attacks these features defend against. Then, we discuss how some untreated security issues may lead to problems, and we show how to enhance WSaR security features to take these issues into consideration. Our results are the first known careful analysis of WSaR, or any type of online submission system for that matter.

AB - Most, if not all, conferences use an online system to handle paper submissions and reviews. Introduction of these systems has significantly facilitated the administration, submission and review process compared to traditional paper-based ones. However, it is crucial that these systems have strong resistance against Web attacks as they involve confidential data and privacy. Some submissions could be leading edge breakthroughs that authors do not wish to leak out and be subtly plagiarized. Also, security of the employed system will attract more submissions to conferences that use it and gives confidence of the quality that the conferences uphold. In this paper, we analyze the security of the Web-Submission-and-Review (WSaR) software - latest version 0.53 beta at the time of writing; developed by Shai Halevi from IBM Research. WSaR is currently in use by top cryptology and security-related conferences including Eurocrypt 2007 & 2008, Crypto 2007, and Asiacrypt 2007, annually sponsored by the International Association for Cryptologic Research (IACR). We present detailed analysis on WSaR's security features. In particular, we first discuss the desirable security features that are designed into WSaR and what attacks these features defend against. Then, we discuss how some untreated security issues may lead to problems, and we show how to enhance WSaR security features to take these issues into consideration. Our results are the first known careful analysis of WSaR, or any type of online submission system for that matter.

KW - Email

KW - Passwords

KW - Privacy

KW - Protocol

KW - Security analysis

KW - Web submission and review software

UR - http://www.scopus.com/inward/record.url?scp=38549099144&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-77535-5_18

DO - 10.1007/978-3-540-77535-5_18

M3 - Conference Paper

AN - SCOPUS:38549099144

SN - 354077534X

SN - 9783540775348

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 245

EP - 265

BT - Information Security Applications - 8th International Workshop, WISA 2007, Revised Selected Papers

PB - Springer

T2 - International Workshop on Information Security Applications 2007

Y2 - 27 August 2007 through 29 August 2007

ER -

Lo SW, Phan RCW, Goi BM. On the security of a popular Web Submission and Review software (WSaR) for cryptology conferences. In Information Security Applications - 8th International Workshop, WISA 2007, Revised Selected Papers. Springer. 2007. p. 245-265. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-77535-5_18

On the security of a popular Web Submission and Review software (WSaR) for cryptology conferences

Abstract

Publication series

Workshop

Keywords

Access to Document

Other files and links

Cite this