Affiliation : TU Darmstadt, Germany
Title : AI: A Goldmine for Security Research
Abstract : It took almost 20 years for Artificial Intelligent (AI) hype to strike back. AI systems are becoming reality and deployed in various application domains, ranging from social networks and ad targeting to autonomous vehicles and precision medicine. Consulting companies investigate or make up new AI growth prognoses and statistics (as they do for every other hype) driving the decision makers blindly towards AI deployment everywhere. Much has been said and written in the recent past about benefits and hazards of AI: On one hand, AI and its prominent tools such as Machine Learning confront us with a variety of security, privacy and safety challenges, such as opaque and biased decision-making, vulnerability to (input- or model-oriented) attacks, violating privacy, sophisticated surveillance, trapping users into echo chambers in social networks, and cyber deception, to name some. Indeed, these issues and concerns have re-initiated the public debate as well as a number of initiatives on AI Ethics. Moreover, it is not clear or verifiable how organizations and enterprises, other than the giant data collectors, could really benefit from AI/ML. On the other hand, AI can potentially also benefit cybersecurity and privacy as well as cybersafety, such as identifying attack patterns, filtering spam, hate speech and cyberbullying in online social networks, or highlighting fake news, etc. As a result, these topics and directions have become areas of active research. In this talk, we will briefly discuss selected aspects and challenges of security for Machine Learning as well as Machine Learning for security, and present our recent work in the context of Federated Learning.
Biography : Ahmad-Reza Sadeghi is a professor of Computer Science and the head of the System Security Lab at Technical University of Darmstadt, Germany. He has been leading several Collaborative Research Labs with Intel since 2012, and with Huawei since 2019. He has studied both Mechanical and Electrical Engineering and holds a Ph.D. in Computer Science from the University of Saarland, Germany. Prior to academia, he worked in R&D of IT-enterprises, including Ericsson Telecommunications. He has been continuously contributing to security and privacy research field. He was Editor-In-Chief of IEEE Security and Privacy Magazine, and currently serves on the editorial board of ACM TODAES, ACM TIOT, and ACM DTRAP.For his influential research on Trusted and Trustworthy Computing he received the renowned German “Karl Heinz Beckurts” award. This award honors excellent scientific achievements with high impact on industrial innovations in Germany. In 2018, he received the ACM SIGSAC Outstanding Contributions Award for dedicated research, education, and management leadership in the security community and for pioneering contributions in content protection, mobile security and hardware-assisted security. In 2021, he was honored with Intel Academic Leadership Award at USENIX Security conference for his influential research on cybersecurity and in particular on hardware-assisted security.
Affiliation : MPI SP, Germany / UMASS Amherst, US
Title : Politicial and Technological Issues of Hardware Security
Abstract : Over the last few years, hardware security has increasingly become a topic within the “mainstream” security community. Not surprisingly, hardware security has mainly been considered a technical problem. However, some aspects, in particular low-level Trojans and other forms of backdoors, have also a fascinating societal and political component. This talk will start with an introduction to hardware Trojans and some reported cases of cryptographic backdoors and their political context. We will then discuss some recent research results in the broader area of hardware security.
Biography : Christof Paar is, together with Gilles Barthe, founding director of the Max Planck Institute for Security and Privacy in Bochum, Germany, and research professor at the University of Massachusetts Amherst. He co-founded, with Cetin Koc, the CHES Conference. Christof received an ERC Advanced Grant for research in hardware security and is co-spokesperson of the DFG Cluster of Excellence “Cyber Security in the Age of Large-Scale Adversaries”. His research interests include hardware security, applied cryptography and physical-layer security. He is Fellow of the IEEE and the IACR (Intern. Association for Cryptological Research), and has given invited talks at Harvard, MIT, Oxford, Stanford and Yale. He is co-author of the textbook Understanding Cryptography (Springer) and has widely-viewed introductory course in cryptography on YouTube.
Affiliation : MPI SP, Germany / Radboud University, The Netherlands
Title : Introduction to hash-based signatures
Abstract : In my talk I will introduce hash-based signatures, starting from very simple one-time signatures all the way to the SPHINCS+ signature framework, the state of the art in stateless hash-based signatures and an alternate scheme in round 3 of the NIST PQC standardization effort. The tutorial lecture is complemented with a programming exercise; the goal of this exercise is to implement a fully functional stateful hash-based signature scheme.
Biography : Peter Schwabe is research group leader at MPI-SP and professor at Radboud University. He graduated from RWTH Aachen University in computer science in 2006 and received a Ph.D. from the Faculty of Mathematics and Computer Science of Eindhoven University of Technology in 2011. He then worked as a postdoctoral researcher at the Institute for Information Science and the Research Center for Information Technology Innovation of Academia Sinica, Taiwan and at National Taiwan University. His research area is cryptographic engineering; in particular the security and performance of cryptographic software. He published more than 50 articles in journals and at international conferences presenting, for example, fast software for a variety of cryptographic primitives including AES, hash functions, elliptic-curve cryptography, and cryptographic pairings. He has also published articles on fast cryptanalysis, in particular attacks on the discrete-logarithm problem. In recent years he has focused in particular on post-quantum cryptography. He co-authored the 'NewHope' and 'NTRU-HRSS' lattice-based key-encapsulation schemes which were used in post-quantum TLS experiments by Google and is co-submitter of seven proposals to the NIST post-quantum crypto project, all of which made it to the second round and five of which made it to the third round.
Affiliation : University of Chicago, US
Title : Introduction to Authentication Research and Practice
Abstract : Authentication is a key act in computer security. While passwords have been the dominant authentication method for decades, compelling alternatives are emerging, including hardware tokens, biometric authentication, and more. How do we, as researchers and practitioners, evaluate any authentication system holistically? We will discuss how researchers study key aspects of the security, usability, and deployability of two authentication approaches as case studies: passwords and the FIDO2 standard. We will thus give an overview of key research methods in both systems security and user-centered security. Additionally, we will engage in hands-on exercises evaluating a prospective new authentication system and learning how attackers crack passwords.
Biography : Blase Ur is Neubauer Family Assistant Professor of Computer Science at the University of Chicago, where he researches security, privacy, human-computer interaction, and ethical AI. He directs the UChicago SUPERgroup, which uses data-driven methods to help users make better security and privacy decisions, as well as to improve the usability of complex computer systems. He has received an NSF CAREER Award (2021), three best paper awards (CHI 2017, USENIX Security 2016, UbiComp 2014) and five honorable mention paper awards (CHI 2021, CHI 2021, CHI 2020, CHI 2016, CHI 2012). He received the 2020 Allen Newell Award for Research Excellence, the 2018 SIGCHI Outstanding Dissertation Award, the 2018 IEEE Cybersecurity Award for Practice, the 2016 John Karat Usable Privacy and Security Student Research Award, an NDSEG fellowship, and a Fulbright scholarship. He holds degrees from Carnegie Mellon University (PhD and MS) and Harvard University (AB).
Affiliation : Leiden University, The Netherlands /KU Leuven, Belgium
Title : Hands-on Introductory Tutorial on Network Intrusion Detection
Abstract : This tutorial gives an introduction to Network Intrusion Detection Systems (NIDS). It starts with explaining three popular approaches, namely pattern matching, flow measurement and machine learning. In the hands-on part of the tutorial, the participants will experiment with the three approaches in a Python simulation framework. This is a joint talk with Laurens Le Jeune, Arish Sateesan and Jo Vliegen.
Biography : Nele Mentens is a professor at Leiden University and KU Leuven. She was a visiting researcher at Ruhr University Bochum in 2013 and at EPFL in 2017. Her research interests are in the field of configurable computing and hardware security. She was/is the PI in around 20 finished and ongoing research projects with national and international funding. She serves as a program committee member of renowned international conferences on security and hardware design, such as NDSS, USENIX Security Symposium, ACM CCS, Asiacrypt, CHES, ESORICS, DAC, DATE, FPL and ESSCIRC. She was the general co-chair of FPL'17 and the program chair of EWME'18, PROOFS'18, FPL'20, CARDIS'20, RAW'21 and VLSID'22. She is (co-)author in over 100 publications in international journals, conferences and books. She received best paper awards and nominations at CHES'19, AsianHOST'17 and DATE'16. Nele serves as an associate editor for IEEE Transactions on Information Forensics and Security, IEEE Circuits and Systems Magazine, and IEEE Security and Privacy.