Table of Contents

Finacial Cryptography and Data Security (FC 2011)

Collective Exposure: Peer Effects in Voluntary Disclosure of Personal Data Rainer Böhme Stefanie Pötzsch 1

It's All about the Benjamins: An Empirical Study on Incentivizing Users to Ignore Security Advice Nicolas Christin Serge Egelman Timothy Vidas Jens Grossklags 16

Evaluating the Privacy Risk of Location-Based Services Julien Freudiger Reza Shokri Jean-Pierre Hubaux 31

Selections: Internet Voting with Over-the-Shoulder Coercion-Resistance Jeremy Clark Urs Hengartner 47

Malice versus AN.ON: Possible Risks of Missing Replay and Integrity Protection Benedikt Westermann Dogan Kesdogan 62

Absolute Pwnage: A Short Paper about the Security Risks of Remote Administration Tools Jay Novak Jonathan Stribley Kenneth Meagher J. Alex Halderman 77

A Protocol for Anonymously Establishing Digital Provenance in Reseller Chains (Short Paper) Ben Palmer Kris Bubendorfer Ian Welch 85

Impeding Individual User Profiling in Shopper Loyalty Programs Philip Marquardt David Dagon Patrick Traynor 93

Beyond Risk-Based Access Control: Towards Incentive-Based Access Control Debin Liu Ninghui Li XiaoFeng Wang L. Jean Camp 102

Authenticated Key Exchange under Bad Randomness Guomin Yang Shanshan Duan Duncan S. Wong Chik How Tan Huaxiong Wang 113

Oblivious Outsourced Storage with Delegation Martin Franz Peter Williams Bogdan Carbunar Stefan Katzenbeisser Andreas Peter Radu Sion Miroslava Sotakova 127

Homomorphic Signatures for Digital Photographs Rob Johnson Leif Walsh Michael Lamb 141

Revisiting the Computational Practicality of Private Information Retrieval Femi Olumofin Ian Goldberg 158

Optimal One Round Almost Perfectly Secure Message Transmission (Short Paper) Mohammed Ashraful Alam Tuhin Reihaneh Safavi-Naini 173

A New Approach towards Coercion-Resistant Remote E-Voting in Linear Time Oliver Spycher Reto Koenig Rolf Haenni Michael Schläpfer 182

An Attack on PUF-Based Session Key Exchange and a Hardware-Based Countermeasure: Erasable PUFs Ulrich Rührmair Christian Jaeger Michael Algasinger 190

Peeling Away Layers of an RFID Security System Henryk Plötz Karsten Nohl 205

Might Financial Cryptography Kill Financial Innovation? ? The Curious Case of EMV Ross Anderson Mike Bond Omar Choudary Steven J. Murdoch Frank Stajano 220

hPIN/hTAN: A Lightweight and Low-Cost E-Banking Solution against Untrusted Computers Shujun Li Ahmad-Reza Sadeghi Sören Heisrath Roland Schmitz Junaid Jameel Ahmad 235

Certified Lies: Detecting and Defeating Government Interception Attacks against SSL (Short Paper) Christopher Soghoian Sid Stamm 250

Proximax: Measurement-Driven Proxy Dissemination (Short Paper) Damon McCoy Jose Andre Morales Kirill Levchenko 260

BNymble: More Anonymous Blacklisting at Almost No Cost (A Short Paper) Peter Lofgren Nicholas Hopper 268

Towards Secure Bioinformatics Services (Short Paper) Martin Franz Bjorn Deiseroth Kay Hamacher Somesh Jha Stefen Katzenbeisser Heike Schröder 276

Quo Vadis? A Study of the Evolution of Input Validation Vulnerabilities in Web Applications Theodoor Scholte Davide Balzarotti Engin Kirda 284

Re-evaluating the Wisdom of Crowds in Assessing Web Security Pern Hui Chia Svein Johan Knapskog 299

Mercury: Recovering Forgotten Passwords Using Personal Devices Mohammad Mannan David Barrera Carson D. Brown David Lie Paul C. van Oorschot 315

Author Index 331