1st July, 2022

"Transparent, Trustworthy and Privacy-Preserving Supply Chain " 
Prof. Salil Kanhere, UNSW Sydney, Australia.

Time: 1st July, 2022, Friday 3:00 pm - 4:00 pm IST

Abstract: Over the years, supply chains have evolved from a few regional traders to globally complex chains of trade. Consequently, supply chain management systems have become heavily dependent on digitisation for the purpose of data storage and traceability of goods. However, current approaches suffer from issues such as scattering of information across multiple silos, susceptibility of erroneous or untrustworthy data, inability to accurately capture physical events associated with the movement of goods and protection of trade secrets. Our work aims to address above mentioned challenges related to traceability, scalability, trustworthiness and privacy. To support traceability and provenance, a consortium blockchain based framework, ProductChain, is proposed which provides an immutable audit trail of product's supply chain events and its origin. The framework also presents a sharded network model to meet the scalability needs of complex supply chains. Next, we address the issue of trust associated with the qualities of the commodities and the entities logging data on the blockchain through an extensible framework, TrustChain. TrustChain tracks interactions among supply chain entities and dynamically assigns trust and reputation scores to commodities and traders using smart contracts. For protecting trade secrets, we propose a privacy-preservation framework PrivChain, which allows traders to keep trade related information private and rather return computations or proofs on data to support provenance and traceability claims. The traders are in turn incentivised for providing such proofs. A different privacy-preservation approach for decoupling the identities of traders is explored in TradeChain by managing two ledgers: one for managing decentralised identities and another for recording supply chain events. The information from two ledgers is then collated using access tokens provided by the data owners, i.e. traders themselves. We will conclude the talk with some future directions.

About speaker: Salil Kanhere is a Professor in the School of Computer Science and Engineering at UNSW Sydney, Australia. He is also affiliated with the Cybersecurity Cooperative Research Centre (CSCRC) and the UNSW Institute for Cyber Security (IFCYBER). His research interests span the Internet of Things, pervasive computing, cybersecurity, blockchain and applied machine learning. He has published over 300 peer-reviewed articles and is leading several government and industry funded research projects on these topics. He received the Friedrich Wilhelm Bessel Research Award (2020) and the Humboldt Research Fellowship (2014), both from the Alexander von Humboldt Foundation in Germany. He is the recipient of 8 Best Paper Awards. Salil has held visiting positions at I2R Singapore, Technical University Darmstadt, University of Zurich and Graz University of Technology. He is a Senior Member of the IEEE and ACM, an ACM Distinguished Speaker and an IEEE Computer Society Distinguished Visitor. He serves as the Editor in Chief of the Ad Hoc Networks journal and as an Associate Editor of IEEE Transactions On Network and Service Management, Computer Communications, and Pervasive and Mobile Computing. He has served as General Chair and TPC Chair of several IEEE/ACM international conferences such as IEEE PerCom, IEEE ICBC, IEEE Blockchain, IEEE LCN, IEEE CNSM, IEEE WoWMoM and EWSN. Salil has co-authored a book titled Blockchain for Cyberphysical Systems published by Artech House in 2020.

20th May, 2022

"Administrators are Users Too: Understanding and Catering Security
for System Operators and Administrators"
Prof. Frank Li, Georgia Institute of Technology, USA.

Recording of this talk: Click Here to view on YouTube

Slides for this talk: Click Here to download

Time: 20th May, 2022, Friday 6:30 pm - 7:30 pm IST

Abstract: Over the last two decades, the computer security research community has increasing recognized and embraced the socio-technical nature of many security issues. As a result, there has been rich and vibrant exploration of human factors in security, particularly focused on typical end users (e.g., PC/laptop and mobile device users). However, until more recently, there has been significantly less investigation into the operators and administrators managing Internet systems for various organizations. This population is a distinct but important one, whose technical expertise and unique responsibilities in maintaining their organizations’ security distinguish them from end users.

In this talk, I will highlight the importance of understanding how these operators manage the security of Internet systems. I will discuss several works that use Internet and web measurement techniques (e.g., Internet-wide scanning, web crawling) as well as traditional user studies to identify operator security behavior, and that develop socio-technical approaches to drive better security behavior. These works touch on aspects of patching vulnerabilities, correcting security misconfigurations, and managing online authentication..

About speaker: Frank Li is an Assistant Professor at the Georgia Institute of Technology, jointly appointed in the newly formed School of Cybersecurity and Privacy and the School of Electrical and Computer Engineering. His research focuses on understanding and improving Internet security in a data-driven fashion, using various approaches including Internet measurements, user studies, and software analysis.  His research has received two best paper awards (ACM IMC and USENIX SOUPS), and has been funded by the NSF, DARPA, and industry partners. He completed his Ph.D. in computer science at UC Berkeley and his B.S. in computer science from MIT.

3rd May, 2022

"Lessons From the Past, Challenges for the Future:
The Eurocrypt 2009 Evaluation Framework in the Deep Learning Era"

Prof. Francois-Xavier Standaert, Universite catholique de Louvain (UCLouvain), Louvain-la-Neuve, Belgium.

Recording of this talk: Click Here to view on YouTube

Slides for this talk: Click Here to download

Time: 3rd May, 2022, Tuesday 6:30 pm - 7:30 pm IST

Abstract: Two decades after the publication of the first Differential Power Analysis (DPA) by Kocher et al. [KJJ99], the evaluation of side-channel attacks remains a topic of intense discussion, somewhat torn between the two main different approaches that can be considered for this purpose.

On the one hand, current certification schemes emerged from the urgent need to mitigate DPA and its numerous extensions. Without good formal solutions to prevent them, the industry first reacted by combining countermeasures with a certain level of security by obscurity. As a result, certification schemes have been established in order to try characterizing the "practical security" of a product based on different rating factors.1 Yet, defining the practicality of an adversary is hard because practicality is a somewhat subjective notion which tends to change over time.

On the other hand, and in parallel, various research works promoted worst-case attacks as a natural way to limit the subjective nature of such certification schemes. By worst-case, we mean attacks where the adversary has a complete knowledge of the implementation details, and is allowed to learn its leakage behavior in an offline profiling phase with full access to the device’s internal values. The Eurocrypt 2009 evaluation framework formalized this worst-case approach by putting forward a methodology based on two types of metrics: information theoretic metrics aimed to characterize the implementation leakage independent of the adversarial strategy; security metrics aimed to compare adversarial strategies for a given implementation leakage [SMY09]. This methodological contribution outlined a broad research agenda aimed at the connection of these metrics, their efficient estimation in practice and their use in physical security proofs. To a large extent, these two approaches have so far been seen as mostly competing ones.

In this talk, we will first survey how research progresses have addressed some of the challenges raised by the Eurocrypt 2009 evaluation framework. This will lead us to recall the interest of both information theoretic and security metrics, and to discuss the need of sound profiling tools, the problem of verifying that the leakage characterization used in an evaluation is good enough and optimal information processing strategies. We will next focus on two of the main remaining open problems for side-channel security evaluators. Namely, the gap between certification schemes and worst-case attacks, and the issue of estimating complex (higher-order and multivariate) distributions. For this purpose, we will illustrate how recent machine learning algorithms have the potential to deal with complex distributions in a quite generic manner and under minimum assumptions. Doing so, we will show that they are easy to integrate in the same methodological framework as former profiled side-channel attacks and, to a large extent, share the same goals. As a result, they are also good candidates to understand the gap between current certification schemes and worst-case attacks: the quantification of which being an important scope for further investigations. We will then conclude by putting forward how worst-case security evaluations could be combined with certification in the quest for cryptographic implementations that can withstand side-channel attacks: first as part of the backwards evaluations proposed in [ABB+20]; more generally as a shortcut in order to efficiently anticipate attack paths that could appear in the long term, and by using certification to verify that the integration of well studied building blocks remains secure: the instantiation of such a constructive interaction being an important topic of discussion as well.

About speaker: Francois-Xavier Standaert was born in Brussels, Belgium in 1978. He received the Electrical Engineering degree and PhD degree from the Universite catholique de Louvain, respectively in 2001 and 2004. In 2004-2005, he was a Fulbright visiting researcher at Columbia University, Department of Computer Science, Crypto Lab (hosted by Tal G. Malkin and Moti Yung) and at the MIT Medialab, Center for Bits and Atoms (hosted by Neil Gershenfeld). In 2006, he was a founding member of IntoPix s.a. From 2005 to 2008, he was a post-doctoral researcher of the Belgian Fund for Scientific Research (FNRS-F.R.S.) at the UCL Crypto Group and a regular visitor of the two aforementioned laboratories. Since 2008 (resp. 2017), he is associate researcher (resp. senior associate researcher) of the Belgian Fund for Scientific Research (FNRS-F.R.S). Since 2013 (resp. 2018), he is associate professor (resp. professor) at the UCL Institute of Information and Communication Technologies, Electronics and Applied Mathematics (ICTEAM). In 2010, he was program co-chair of CHES (which is the flagship workshop on cryptographic hardware). In 2021, he was program co-chair of EUROCRYPT (one of the flagship IACR conferences). In 2011, he was awarded a Starting Independent Research Grant by the European Research Council. In 2016, he has been awarded a Consolidator Grant by the European Research Council. From 2017 to 2022, he will be board member (director) of the International Association for Cryptologic Research (IACR). He gave an invited talk at Eurocrypt 2019. His research interests include cryptographic hardware and embedded systems, physical security issues including side-channel & fault attacks, and the design & analysis of cryptographic primitives that can cope with physical attack vectors.

25 th March, 2022

"Threshold Signatures and Secure Multiparty Computation"
Prof. Claudio Orlandi, Aarhus University, Denmark

Recording of this talk: Click Here to view on YouTube

Slides for this talk: Click Here to download

Time: 25th March, 2022, Friday 6:30 pm - 7:30 pm IST

Abstract: Secure Multiparty Computation (MPC) MPC is a cryptographic technique which allows mutually distrusting parties to compute on joint data while protecting the confidentiality of the inputs. One relevant application domain for MPC is to protect secret keys for digital signature schemes, like ECDSA. This has become increasingly important since these secret keys can be used to control huge amount of funds in cryptocurrencies such as Bitcoin, Ethereum, etc. In this talk I will give an overview of some of my recent work on secure multiparty computation (MPC) and its application to threshold signatures.

About speaker: Claudio Orlandi is an associate professor at the Department of Computer Science at Aarhus University, Denmark. He is an expert in advanced cryptographic protocols such  as zero-knowledge protocols, secure multiparty computation, threshold cryptography and cryptocurrencies/Blockchain. He has been leading several national and international research projects, including a prestigious European ERC Starting Grant.

26 th November, 2021

"Hardware Security and Assurance: The Power of Reverse Engineering"
Prof. Domenic Forte, University of Florida, USA

Recording of this talk: Click Here to view on YouTube

Slides for this talk: Click Here to download

Time: 26th November, 2021, Friday 6:30 pm - 7:30 pm IST

Abstract: Traditional cybersecurity focuses on software and networking and relies on an inherent trust of the underlying hardware. However, the argument that hardware is inherently trustworthy is no longer accurate. The economics of the modern semiconductor industry has created a horizontal supply chain that involves more and more untrusted organizations and IPs. With lesser oversight over supply chains, state level attackers and other hackers can surreptitiously modify integrated circuits (ICs), printed circuit boards (PCBs), and firmware (FW) with hardware Trojans, kill switches, backdoors, and other malware. In addition, e-waste, obsolescence, geopolitical events, and pandemic-related disruptions are incentivizing and facilitating counterfeit electronics.

Hardware assurance refers to activities to ensure a level of confidence that electronics function as intended and are free of known vulnerabilities, either intentionally or unintentionally inserted into a system's hardware throughout its life cycle. Although reverse engineering is often presented in a negative light, it may be the only foolproof method for providing hardware assurance, especially for commercial-off-the-shelf (COTS) ICs and PCBs where little prior information is available. In this talk, we shall present the recent advances in side-channel based FW reverse engineering as well as IC/PCB reverse engineering steps: delayering, imaging, automated image analysis, and automated annotation. Further, we will delineate the scenarios where reverse engineering can support hardware security and assurance. Finally, we will describe the gaps that need to be filled before realizing the ideal hardware assurance flows.

About speaker: Domenic Forte is an Associate Professor and the Steven A. Yatauro Faculty Fellow with the Electrical and Computer Engineering Department at University of Florida. His research covers the domain of hardware security from nano devices to printed circuit boards (PCBs) where he has nearly 200 publications. Dr. Forte is a senior member of the IEEE, a member of the ACM, and serves on the organizing committees of top conferences in hardware security such as HOST and AsianHOST. He also serves and has served on the technical program committees of DAC, ICCAD, NDSS, ITC, ISTFA, BTAS, and many more. Dr. Forte is a recipient of the Presidential Early Career Award for Scientists and Engineers (PECASE), the Early Career Award for Scientists and Engineers (ECASE) by Army Research Office (ARO), the NSF Faculty Early Career Development Program (CAREER) Award, and the ARO Young Investigator Award. His research has also been recognized with best paper awards and nominations from IJCB, ISTFA, HOST, DAC, and AHS.

29 th October, 2021

"Advances in Privacy-preserving Communication: Constructions, Analyses, and a Trilemma"
Prof. Aniket Kate, Purdue University, USA

Recording of this talk: Click Here to view on YouTube

Time: 29th October, 2021, Friday 4:00 pm - 5:00 pm IST

Abstract: Privacy-preserving communication networks address a critical privacy threat arising from linking individuals to their online communication. Millions of users from all over the world employ privacy-preserving (meta-data hiding) communication networks, such as Tor, to protect their privacy over the Internet today. Their usage is bound to grow further as cryptocurrency networks become mainstream another blockchain systems proliferate. Despite this success, a comprehensive security analysis of these systems has been lacking. Over the last two decades, the academic literature has demonstrated Tor’s vulnerability to a variety of traffic correlation attacks, and in fact, it has been successfully attacked in practice. Nevertheless, frameworks for analyzing these complex systems did not exist, and we could notexamine different anonymity properties in a unified manner. In this talk, I will present our series of efforts over the last decade towards bridging this gap between practice and theory of meta-data hiding communication.

About speaker: Prof. Aniket Kate is an Associate Professor in the computer science department at Purdue University. He is an applied cryptographer and a privacy researcher. His research builds on and expands applied cryptography, distributed computing, and data-driven analysis to solve security/privacy problems in decentralized environments. His current projects focus on communication freedom and distributed ledgers (or blockchains). He is a recipient of the NSF CAREER Award for 2019 and has been advisors to three privacy-focused blockchain startups. Before joining Purdue in 2015, he was a junior faculty member at Saarland University, Germany. He completed his postdoctoral fellowship at Max Planck Institute for Software Systems (MPI-SWS), Germany, and has received his Ph.D. from the University of Waterloo, Canada.