Abstract

As the world moves to 4G and 5G cellular networks, security and privacy are paramount importance and new tools are needed to ensure them. For example, LTE Inspector is a model-based testing approach that combines a symbolic model checker and a cryptographic protocol verifier in the symbolic attacker model. Using it, researchers have uncovered 10 new attacks along with 9 prior attacks, categorized into three abstract classes (i.e., security, user privacy, and disruption of service), in three procedures of 4G LTE. Notable among the findings is the authentication relay attack that enables an adversary to spoof the location of a legitimate user to the core network without possessing appropriate credentials. To ensure that the exposed attacks pose real threats and are indeed realizable in practice, 8 of the 10 new attacks have been validated and their accompanying adversarial assumptions have been put through a real testbed. On-going work in addressing some of those vulnerabilities points the way toward an agenda of further research.

Biography: Professor Elisa Bertino joined Purdue in January 2004 as professor in Computer Science and research director at CERIAS. Her research interests cover many areas in the fields of information security and database systems. Her research combines both theoretical and practical aspects, addressing applications on a number of domains, such as medicine and humanities. Current research includes: access control systems, secure publishing techniques and secure broadcast for XML data; advanced RBAC models and foundations of access control models; trust negotiation languages and privacy; data mining and security; multi-strategy filtering systems for Web pages and sites; security for grid computing systems; integration of virtual reality techniques and databases; and geographical information systems and spatial databases.

Professor Bertino serves or has served on the editorial boards of several journals - many of which are related to security, such as the ACM Transactions on Information and System Security, the IEEE Security & Privacy Magazine, and IEEE Transactions on Dependable and Secure Computing. She is currently serving as program chair of the 36th International Conference on Very Large Data Bases (VLDB 2010). Professor Bertino is a Fellow of the Institute of Electrical and Electronics Engineers and a Fellow of ACM. She received the IEEE Computer Society Technical Achievement award in 2002 for outstanding contributions to database systems and database security and advanced data management systems, and received the 2005 Tsutomu Kanai Award by the IEEE Computer Society for pioneering and innovative research contributions to secure distributed systems.

She is recently served in the IEEE Computer Society Board of Governors and as Chair of ACM SIGSAC.

Abstract

Transport Layer Security Inspection (TLSI) enables enterprises to decrypt, inspect and then re-encrypt users' traffic before it is routed to the destination. This however breaks the end-to-end security guarantee of TLS, raises privacy concerns since users' traffic is now known by the enterprises, and third-party middlebox providers providing the inspection services may additionally learn the inspection or attack rules, policies of the enterprises. To alleviate the above concerns on maintaining end-to-end security of TLS traffic, a number of proposals on privacy-preserving inspection of TLS encrypted traffic have been proposed recently. In this talk, we provide an overview of these techniques, including BlindBox (SIGCOMM 2015), PrivDPI (CCS 2019) and Pine (ESORICS 2020). We discuss their system architectures, design principles, advantageous features, and limitations. We also point out possible future research directions.

Biography: Robert H. Deng (Fellow, IEEE) is AXA Chair Professor of cybersecurity, the Director of the Secure Mobile Centre, and the Deputy Dean for Faculty and Research, School of Information Systems, Singapore Management University (SMU). His research interests are in the areas of data security and privacy, network security, and system security. He received the Outstanding University Researcher Award from the National University of Singapore, the Lee Kuan Yew Fellowship for Research Excellence from SMU, and the Asia–Pacific Information Security Leadership Achievements Community Service Star from the International Information Systems Security Certification Consortium. He serves/served on many editorial boards and conference committees, including the Editorial Boards of ACM Transactions on Privacy and Security, the IEEE Security and Privacy, the IEEE Transactions on Dependable and Secure Computing, the IEEE Transactions on Information Forensics and Security, the Journal of Computer Science and Technology, and the Steering Committee Chair of the ACM Asia Conference on Computer and Communications Security. He is a Fellow of the Academy of Engineering Singapore.

Abstract

In this talk, we give a location privacy-preserving solution for the mobile crowd sensing (MCS) system. The solution makes use of the blind signature technique for anonymous authentication and allows a mobile user to participate in the MCS for certain times set in the registration. Furthermore, we introduce a concept of anonymous reputation for mobile users on the basis of the blind signature technique as well. An anonymous reputation can be referred by the MCS platform when assigning tasks to a mobile user and can be upgraded or downgraded by the MCS platform, depending on the quality of reports submitted by the mobile user. For the security analysis, we provide security proofs for our solution on the basis of our formal definitions for anonymity, unlinkability and unforgeability for MCS. The performance analysis and experiments have shown that our solution is more efficient than existing solutions for MCS based on the blind signature technique.

Biography: Xun Yi is currently a Professor in Cyber Security with School of Computing Technologies, RMIT University, Australia. His research interests include Cloud and IoT Security and Privacy, Distributed System Security, Blockchain Applications, and Applied Cryptography. So far, he has published 2 books and more than 200 journal and conference papers (more than 80 first authored papers), 30 of them are on IEEE Transactions. He has undertaken an Associate Editor for IEEE Transactions on Dependable and Secure Computing from 2014 to 2018 and a PC Co-Chair for 2017 ACM Asia Conference on Computer and Communications Security (ASIACCS). He has been an ARC College Expert from 2017 to 2019.

Abstract

The rampage of incessant cyber attacks have caused the disclosure of billions of users’ private data, shaking the Internet to its core. In response, various data privacy laws and regulations have emerged, forcing the industry to change their practice and bringing the demand for large-scale secure computing to the spotlight. Such a demand, however, cannot be met by the state-of-the-art cryptographic techniques, even with decades of effort, due to the the overheads (speed, bandwidth consumption) they incur. To narrow the gap, recent years have seen rapid progress in hardware based trusted execution environments (TEE), such as Intel SGX, AMD SEV and ARM TrustZone, which enable efficient computation on encrypted data within a secure enclave established by a trusted processor. In this talk, I will present our research on understanding and addressing the security challenges in this new secure computing paradigm and enhancing its design to achieve scalability, for the purpose of supporting accelerated machine learning. Further I will discuss big questions that need to be answered in the area and introduce our genome privacy competition as a synergic activity that helps move the science in this area forward.

Biography: Dr. XiaoFeng Wang is a James H. Rudy Professor at Indiana University, Co-director of IU’s Center for Security and Privacy in Informatics, Computing and Engineering, and the Vice Chair of ACM SIGSAC (special interest group on security, audit and control). He is also a PC Co-Chair of the ACM Conference on Computer and Communications Security (CCS), the ACM’s flagship security and privacy conference during 2018 and 2019. Dr. Wang received his Ph.D. in Electrical and Computer Engineering from Carnegie Mellon University. He is considered to one of the most prominent system security researchers, a top author according to online statistics such as CSRankings and System Security Circus (ranked #5 among 7,600 authors during the past 18 years). Dr. Wang is known for his high-impact research on security analysis of real-world systems and biomedical data privacy. Particularly, the projects he led on payment and single-sign-on API integrations, Android and iOS security and IoT protection have changed the way the industry built these systems. Also he is a pioneer researcher on human genome privacy and a co-founder of the iDASH Genome Privacy Competition that contributes to reducing the gap between security and cryptography research and real-world demands for biomedical data sharing and computing protection. More recently, he is actively working on hardware-assisted secure computing, intelligent security, cybercrimes, and IoT security. Dr. Wang has received numerous awards, including Award for Outstanding Research in Privacy Enhancing Technologies (the PET Award), Best Practical Paper Award at the 32nd IEEE Symposium on Security and Privacy, and IEEE Fellow (for contributions to system security and genomic privacy). His work has been extensively reported by public media, including CNN, MSNBC, Forbes, Slashdot, Nature News, etc. Dr. Wang’s research has been supported by National Science Foundation (NSF), National Institutes of Health (NIH), Army Research Office (ARO) and industry. Since joining IU in 2004, Dr. Wang has been involved in research grants totaling $10.8 million, serving as PI on over $9 million (before end of 2018).

Abstract

In the current digital age, data is continually being collected by organizations and governments alike. While the goal is to use this data to derive insight and improve services, the ubiquitous collection and analysis of data creates a threat to privacy. Furthermore, the digitization and centralization of data creates attractive targets for cyber criminals, with security breaches harming both individuals and organizations. In this talk, we present a vision for how privacy-preserving analytics can be done in the big data environment which will require a combination of technological advances to ensure both process and output privacy as well as socio-cognitive approaches to ensure the widespread use and deployment of such work.

Biography: Dr. Jaideep Vaidya is a Full Professor in the MSIS Department at Rutgers University. He received the B.E. degree in Computer Engineering from the University of Mumbai, the M.S. and Ph.D. degree in Computer Science from Purdue University. His general area of research is in data mining, data management, security, and privacy. He has published over 130 technical papers in peer-reviewed journals and conference proceedings, and has received several best paper awards from the premier conferences in data mining, databases, digital government, security, and informatics. He has also received the NSF Career Award, the Rutgers Board of Trustees Research Fellowship for Scholarly Excellence, and the Junior Faculty Research Award from Rutgers Business School. He is a senior member of the IEEE and ACM and has been recognized as an ACM Distinguished Scientist.