Full Description
This book constitutes the refereed proceedings of the 30th Nordic Conference on Secure IT Systems, NordSec 2025, held in Tartu, Estonia, during November 12-13, 2025.
The 29 full papers included in this book were carefully reviewed and selected from 89 submissions. They were organized in topical sections as follows: Cryptography; Artificial Intelligence and Software Security; Network and Communication Security; System and Hardware Security; Threat Analysis; Access Control and Policy Management; Usable Security and Societal Resilience; and Obfuscation.
Contents
.- Cryptography.
.- DDH-Based Schemes for Multi-Party Function Secret Sharing.
.- Integrating PQC in OpenSSL via Shallow Providers for Cryptographic Agility.
.- Attacking an RSA-like Cryptosystem Using Continued Fractions and Lattices.
.- A Comparative Software Benchmark of Lightweight Hash Functions on 8-bit AVR Using ChipWhisperer.
.- A New Optimized Implementation of SMAUG-T for Lightweight Devices.
.- Exploiting Quantum Point-to-Point Protocol (Q3P) for Denial-of- Service (DoS) Attacks.
.- Artificial Intelligence and Software Security.
.- OHRA: Dynamic Multi-Protocol LLM-Based Cyber Deception.
.- Targeted AI-Based Password Guessing Leveraging Email-Derived User Attributes.
.- On the Security and Privacy of AI-based Mobile Health Chatbots.
.- Fairness Under Noise: How Di!erential Privacy A!ects Bias in GANs-Generated Data.
.- GadgetBuilder: An Overhaul of the Greatest Java Deserialization Exploitation Tool.
.- Software Supply Chain Security: Can We Beat the Kill-Chain? A Case Study on the XZ Backdoor.
.- Network and Communication Security.
.- MP-LFM: Breaking Subscriber Privacy (even more) by Exploiting Linkability in 5G AKA.
.- Mitigating Tra"c Analysis Attacks While Maintaining On-Path Network Observability.
.- Privacy and Security of DNS Resolvers used in the Nordics and Baltics.
.- System and Hardware Security.
.- WireTrust: A TrustZone-Based Non-Bypassable VPN Tunnel.
.- Timing Interference in Multi-Core RISC-V Systems: Security Risks and Mitigations.
.- A Walk Down Memory Lane: Timing Analysis of Load and Store Instructions on ARM Cortex-M3 Devices.
.- Threat Analysis.
.- An Empirical Evaluation of Intrusion Detection Systems Based on System Calls.
.- Dissecting Mirai: Spatio-Sequential Analysis and Restoration Strategies Using MITRE ATT&CK and D3FEND.
.- Graph Reduction to Attack Trees for (Unobservable) Target Analysis.
.- Access Control and Policy Management.
.- Threshold Trust Logic.
.- Mining Attribute-Based Access Control Policies via Categorisation.
.- Multi-entity Control-Based Risk Assessment: A European Digital Identity Wallet Use Case.
.- Usable Security and Societal Resilience.
.- From Perception to Protection: A Mental Model-Based Framework for Capturing Usable Security and Privacy Requirements.
.- Understanding APT Defense Through Expert Eyes: A Critical Exploration of Perceived Needs and Gaps.
.- Foreign Disinformation on Swedish Facebook: A Mixed-Methods Thematic Analysis of Manipulative Narratives and Societal Resilience.
.- Obfuscation.
.- Key-Gated Generative Obfuscation for Embedded Strings.
.- Bugfuscation.
