Prof. N. Asokan (Aalto University, Finland)

---

N. Asokan is a professor of Computer Science at Aalto University, Finland. His research interests are broadly in systems security. He is the lead academic PI of Intel Collaborative Research Center for autonomous systems security (http://www.icri-cars.org) in Finland and is the director of Helsinki-Aalto Center for Information Security (https://haic.aalto.fi). Asokan is an IEEE Fellow and an ACM Distinguished Scientist. For more information about Asokan and his research, see his website (https://asokan.org/asokan/) or Twitter profile (@nasokan).

Seminar title: Securing cloud-assisted services
All kinds of previously local services are being moved to a cloud setting. While this is justified by the scalability and efficiency benefits of cloud-based services, it also raises new security and privacy challenges. Solving them by naive application of standard security/privacy techniques can conflict with other functional requirements. In this talk, I will outline some cloud-assisted services and the apparent conflicts that arise while trying to secure these services. Taking the case of cloud-assisted malware scanning as an example scenario, I will discuss the privacy concerns that arise and how we can address them effectively. I will then discuss a more general setting of using cloud-hosted machine learning models in a privacy-preserving manner.

Visit Homepage

Prof. John S. Baras (University of Maryland College Park, MD, USA)

---

John Baras is with the University of Maryland College Park, where he holds he endowed Lockheed Martin Chair in Systems Engineering. He received the Diploma in Electrical and Mechanical Engineering from the National Technical University of Athens, Greece, 1970; the M.S. and Ph.D. degrees in Applied Mathematics from Harvard University 1971, 1973. Since 1973, he has been a faculty member in the Electrical and Computer Engineering Department, and in the Applied Mathematics, Statistics and Scientific Computation Program, at the University of Maryland College Park. Since 2000, faculty member in the Fischell Department of Bioengineering. Since 2014, faculty member in the Mechanical Engineering Department. Founding Director of the Institute for Systems Research (ISR), 1985 to 1991. Since 1991, Founding Director of the Maryland Center for Hybrid Networks (HYNET).

Since 2013, Guest Professor at the Royal Institute of Technology (KTH), Sweden. IEEE Life Fellow, SIAM Fellow, AAAS Fellow, NAI Fellow, IFAC Fellow, AIAA Associate Fellow, and a Foreign Member of the Royal Swedish Academy of Engineering Sciences (IVA). Received the 1980 George Axelby Prize from the IEEE Control Systems Society, the 2006 Leonard Abraham Prize from the IEEE Communications Society, the 2014 Tage Erlander Guest Professorship from the Swedish Research Council, and a three year (2014-2017) Senior Hans Fischer Fellowship from the Institute for Advanced Study of the Technical University of Munich, Germany. He was inducted in the A. J. Clark School of Engineering Innovation Hall of Fame (2016) of the University of Maryland and was awarded the 2017 IEEE Simon Ramo Medal, and the 2017 AACC Richard E. Bellman Control Heritage Award. Dr. Baras has coauthored more than 850 technical papers in prestigious refereed journals and conferences, one book (Path Problems in Networks, 2010)), and co-edited three others. He has educated 85 doctoral students, 112 MS students and has mentored 50 postdoctoral fellows. His research interests include systems and control, optimization, communication networks, signal processing and understanding, robotics, computing systems, network security and trust, systems biology, healthcare management systems, model-based systems engineering. He has been awarded eighteen patents and has been honored with many awards as innovator and leader of economic development.

Seminar title: Physical Layer Security Schemes for Wireless Devices and Cyber-Physical Systems
Wireless devices and networks continue to evolve rapidly. Their heterogeneity is also rapidly increasing. Current and future systems that depend on mobile wireless devices include communication and sensor networks, autonomous vehicles, autonomous drones, smart factories, smart grids, e-payment systems, traffic control infrastructures, healthcare, industry 4.0 systems, industrial Internet, human-robot collaboration, and many others. Our main position is that appropriate levels of security, privacy, trust, for wireless devices and networks can be achieved only if these functions exploit physical layer characteristics and schemes. The inclusion of physical layer techniques is even more needed for Cyber-Physical Systems (CPS), where the physics of the physical layer, being immutable, provide a basis for security, privacy, trust. We describe several physical layer schemes we have developed, implemented and evaluated for mobile wireless devices including low power watermarking of modulation, trusted platform module, secure biometrics and their integration. We discuss various performance characteristics of these schemes and their applications to provide secure wireless routing, defense against wormhole attacks, location privacy in LTE, secure authentication of wireless devices. We next discuss the need for analyzing jointly the security, reliability and safety of CPS. We describe a framework for this joint analysis and performance evaluation that utilizes formal models. Finally we provide examples demonstrating that such “physical layer hardened” devices facilitate securing control systems, filtering systems, and provide a foundation for composable security, privacy, trust. We close by discussing future research challenges and directions.

Visit Homepage

Prof. Ivan Bjerre Damgård (Aarhus University, Denmark)

---

Ivan Damgård is professor in computer science at Aarhus University, specializing in cryptography and related mathematics and algorithmics. He got his PhD from Aarhus University in 1988. He is especially known for his research in secure multiparty computation, cryptographic hash functions and public key cryptography. He is a fellow of the IACR (International Association for Cryptologic Research), holds an advanced ERC grant and received the RSA Conference Award for Excellence in Mathematics in 2015. He has supervised more than 30 PhD students and has published more than 150 scientific papers.

Seminar title: Multiparty Computation, past, present and future

This talk will contain first a general introduction to Multiparty Computation (MPC), what it is and what problems it can solve. We also give a very brief overview of the most important feasibility and impossibility results in the area. Then we take a closer look at one example of a recent MPC protocol that is illustrative and also has practical relevance: the so-called SPDZ protocol. Finally, we give an outlook for the future and mention some open problems.

Visit Homepage

Prof. Yvo G. Desmedt (University of Texas at Dallas, TX, USA)

---

Yvo Desmedt is the Jonsson Distinguished Professor at the University of Texas at Dallas, a Honorary Professor at University College London, a Fellow of the International Association of Cryptologic Research (IACR) and a Member of the Belgium Academy of Science. He received his Ph.D. (1984, Summa cum Laude) from the University of Leuven, Belgium. He held positions at: Université de Montréal, University of Wisconsin - Milwaukee (founding director of the Center for Cryptography, Computer and Network Security), and Florida State University (Director of the Laboratory of Security and Assurance in Information Technology, one of the first 14 NSA Centers of Excellence). He was BT Chair and Chair of Information Communication Technology at University College London. He has held numerous visiting appointments. He is the Editor-in-Chief of IET Information Security and Chair of the Steering Committees of CANS and ICITS. He was Program Chair of e.g., Crypto 1994, the ACM Workshop on Scientific Aspects of Cyber Terrorism 2002, and ISC 2013. He has authored over 200 refereed papers, primarily on cryptography, computer security, and network security. He has made important predictions, such as his 1983 technical description how cyber could be used to attack control systems (realized by Stuxnet), and his 1996 prediction hackers will target Certifying Authorities (DigiNotar was targeted in 2011).

Seminar title: The fundamental reasons information technological systems are insecure

To achieve cyber security, we need besides research and education, implementations, but even more important are deployment and proper regulations. The lecture surveys the state of the art in these five aspects of real life cyber security. Although we see a lot of research in the field, its impact might be smaller than ever before. For example, we see a lot of research on privacy, but the population at large is indifferent to the almost total loss of privacy. Regulations that have been put in place are often ineffective (such as the one of the EU regarding cookies). Worse, deregulation has made the West so vulnerable that hackers from a Chinese IP address stole information about all US federal employees. The lecture concludes with some positive notes and surveys positive applications of cyber security technology and the impact of education.

Visit Homepage

Prof. Michalis Faloutsos (University of California Riverside, CA, USA)

---

Michalis Faloutsos is a faculty member at the Computer Science Department and Director of Entrepreneurship in the University of California Riverside. He got his bachelor's degree at the National Technical University of Athens and his M.Sc. and Ph.D. at the University of Toronto. His interests include, network and systems security, online social networks analytics, and network measurements. With his two brothers, he co-authored the paper "On powerlaws of the Internet topology" (SIGCOMM'99), which received the "Test of Time" award from ACM SIGCOMM. His research has resulted in more than 18K citations, an h-index greater than 56, and an i10-index greater than 120. His work has been supported by many NSF, DHS, ARL, and DAPRA grants, for a cumulative amount of more than $12M. He is the co-founder of stopthehacker.com, a web-security start-up, which got acquired by Cloudflare in November 2013. In Aug 2014, he co-founded programize.com, which provides product development as a service and grew to 55 people by its third year.

Seminar title: Can we reduce the first-mover-advantage of cyber-hackers?

Can we do better than just waiting for the next attack to happen? We argue that security should become more proactive in order to minimize the damage that an attack, such as a DDoS or a virus, can have. This is a very ambitious goal, but we believe that we are making significant first steps towards it. Specifically, our work focuses on the following questions:
        a. Can we improve network security by mining social media?
        b. Can we analyze malware to detect artifacts that can help us block or even eliminate them?

We present our efforts that attempt to address the above questions. First, we develop a systematic approach to extract actionable information from social media, focusing on security forums. Specifically, we develop RIPEx, a hands-free method to extract IP addresses, that are reported as malicious in the forums. The results are very encouraging: a handful of such forums can provide 4 times more malicious IP addresses compared to the well-known VirusTotal repository. Second, we present the value of the information that we can extract by analyzing malware binaries that target routers and IoT devices. To automate the study of such malware, we develop, RARE, a systematic and comprehensive system to extract patterns and communication artifacts that can help detect and contain malware, and also point us to the communication and control points of botnets.

Visit Homepage

Prof. Susan Landau (Tufts University, MA, USA)

---

Susan Landau is Bridge Professor in the Fletcher School of Law and Diplomacy and the School of Engineering, Department of Computer Science, Tufts University. Landau works at the intersection of cybersecurity, national security, law, and policy. Her new book, "Listening In: Cybersecurity in an Insecure Age," was published by Yale University Press. Landau has testified before Congress and frequently briefed US and European policymakers on encryption, surveillance, and cybersecurity issues. Landau has been a Senior Staff Privacy Analyst at Google, a Distinguished Engineer at Sun Microsystems, and a faculty member at Worcester Polytechnic Institute, the University of Massachusetts Amherst and Wesleyan University. She is a member of the Cybersecurity Hall of Fame, a fellow of the American Association for the Advancement of Science and of the Association for Computing Machinery.

Seminar title: Listening In: Cybersecurity in an Insecure Age
What makes us most secure? Is it enabling the police and intelligence agencies to unlock digital devices and listen to communications? Or is it securely protecting devices and communications against intrusions? Two events in 2016 painted this issue in sharp contrast. In February 2016, the FBI tried to compel Apple to open the locked iPhone of a San Bernardino terrorist. Apple refused, citing threats to iPhone security. Eventually the phone was unlocked without Apple's help; the battle over encryption continued. Then, in October 2016, the US government announced that Russia had interfered with the 2016 presidential campaign, attacking not only the Democratic National Committee and the Clinton campaign, but also research institutions and civil society organizations. Nor was the US the only target of Russian government attacks; the 2016 French presidential election was similarly targeted. What makes us most secure? In this talk, I will discuss our most serious threats and what's needed to protect against them.

Visit Homepage

Prof. Salvatore J Stolfo (Columbia University, NY, USA)

---

Salvatore Stolfo is a Professor of Computer Science at Columbia University. He is regarded as creating the area of machine learning applied to computer security in the mid-1990’s and was recently elevated to IEEE Fellow for his contributions. He has created several anomaly detection algorithms and systems addressing some of the hardest problems in securing computer systems. Of particular note is his recent interest in the practical application of deception security in scale. Stolfo is also co-inventor of the Symbiote technology that automatically injects intrusion detection functionality into arbitrary embedded devices. Stolfo has had numerous best papers and awards, most recently the RAID Most Influential Paper and Usenix Security Distinguished Paper awards. He has published well over 230 papers and has been granted over 75 patents and has been an advisor and consultant to government agencies, including DARPA, the National Academies and others, for well over 2 decades. Two security companies were recently spun out of his IDS lab, Allure Security Technology, where Stolfo serves as CTO, and Red Balloon Security.

Seminar title: Deception in Depth: How to Protect Your Data for Real
Market watchers estimate the Cybersecurity marketplace is now valued at over $600 Billion and expected to reach $1 Trillion worldwide by 2020. A great deal of hardcore science in academia has studied security for decades. Why after all this investment is data still lost? Encryption, Data Loss Prevention, Endpoint Detection and Response, User Behavior Analytics technologies all lead the markets in prevention of data loss, but fail to deliver. It is clear new methods and techniques are needed to do a far better job at protecting data. The goal of our early work was to defend against data loss by a principled approach to integrating several security methodologies including deception and user de-authentication. In this talk we will provide a brief history of our work on the Deception Security and Active Authentication technology we developed, and the transition from academic research to practical use in commercial products.

Visit Homepage

Dr. Moti Yung (Columbia University, NY, USA)

---

Moti Yung is a Security and Privacy Scientist with a main interest in Cryptography: its Theory and its Real life Applications. He graduated from Columbia University in 1988 and is an adjunct senior research faculty at Columbia till today. In parallel he has had an industrial research career working at places like IBM, RSA Labs. (EMC), Google, and Snap. Yung is a fellow of ACM, of IEEE, of the International Association for Cryptologic Research (IACR) and the European Association for Theoretical Computer Science (EATCS). Among his awards are ACM's SIGSAC Outstanding Innovation Award in 2014, and 2018 IEEE Computer Society W. Wallace McDowell Award. His research covers broad areas: from the theory and foundations, to applied systems, and actual engineering efforts of cryptography and secure systems.

Seminar title: Why and How to Deploy "Secure Computation Protocols" for Industrial Use
Modern Cryptography can be characterized as having three major technologies: (1) Symmetric Cryptography (started with DES in 1973) for secure communication among entities sharing a key; (2) Public Key Cryptography in 1976-77 (DH and RSA), allowing secure authentic communication among parties that do not share a key: by means of digital signature and key exchange; and (3) Cryptographic protocols (which go beyond communication and actually are computations on data that must remain private (started with the Mental Poker protocol of 1978). The first two technologies are heavily used while the third one has been in the domain of theory for about 40 years. I will discuss when deployment of this technology of secure computing is possible, and when to pursue its deployment I will describe an actual application that has been deployed and is used daily to achieve business needs.

Visit Homepage