Seminars
Prof. Dennis Akos (University of Colorado Boulder, USA)
Seminar title: Detecting and Localization of GNSS Radio Frequency Interference (RFI) - Jamming and Spoofing
Prof. John Baras (University of Maryland, USA)
Seminar title: ML and AI methods for Networked Systems Security and Trust
Abstract: The explosive growth of ML and AI methods, algorithms and software, and the associated dramatic successes in several domains, have created the need to investigate their impact and consequences on security and trust. We present results on three specific domains.
(i) Self-supervised time-series-anomaly detection with temporal logic explanations. The growing complexity of Cyber-Physical Systems (CPS) has heightened the need for robust, real-time anomaly detection to ensure safety and reliability in time-critical applications such as autonomous vehicles, industrial automation, etc. We present a novel framework for deep learning-based anomaly detection in CPS, specifically designed to operate on unlabeled multivariate time-series data. We integrate Signal Temporal Logic (STL) inference to provide meaningful, human understandable explanations for the decisions made.
(ii) An End-to-End Encrypted Control Pipeline for Multi-Agent Coordination via CKKS Homomorphic Encryption. Cloud-based coordination of multi-agent systems requires sharing state with a central server, creating a conflict between coordination and privacy. Fully homomorphic encryption (FHE) resolves this in principle, but has severe arithmetic constraints. To ameliorate this problem we present an end-to-end encrypted control pipeline and open-source Julia implementation where sensing, state estimation, state propagation, and consensus control all operate on CKKS-encrypted data using only addition, multiplication, and cyclic rotation. The pipeline is validated on a multi-agent formation control scenario.
(iii) ML and AI methods for Networked Systems Security and Trust. We first present results on the security of routing protocols for mobile adhoc networks (MANETs). We next introduce a rigorous foundation of AI emphasizing need to integrate ML with Knowledge Representation and Reasoning (KRR). We describe integration of LLMs and KGs towards efficient KRR systems. We describe results and open problems on the integration of ML, RL and KRR towards AI assistants, Agentic AI. We describe how these novel and emerging approaches hold promise towards efficient and high-performance AI assistants in security and trust.
Prof. Elisa Bertino (Purdue University, USA)
Seminar title: TBA
Abstract: TBA
Prof. Jean Camp (University of North Carolina at Charlotte, USA)
Seminar title: TBA
Abstract: TBA
Prof. Alexandra Dmitrienko (University of Duisburg-Essen, Germany)
Seminar title: Can We Trust AI? Understanding the Security Challenges of Modern Deep Learning Systems
Abstract: Recent advances in Deep Learning (DL) are transforming the way complex problems are addressed, enabling applications such as autonomous driving, medical and legal decision support, financial forecasting, and cybersecurity. At the same time, the increasing reliance on AI creates new opportunities for adversarial manipulation. Attackers may exploit vulnerabilities in DL systems to influence critical outcomes —for example, by causing self-driving cars to misinterpret traffic signs, manipulating financial predictions, or inducing incorrect medical or legal recommendations. Threats such as data poisoning, adversarial examples, and inference attacks challenge the integrity, confidentiality, and trustworthiness of AI systems. This lecture examines the security of DL systemsthroughout the model development and deployment lifecycle, covering common attack vectors, defense strategies, andhighlighting key challenges in designing resilient, trustworthy, and attack-resilient DL systems.
Prof. Amir Herzberg (University of Connecticut, USA)
Seminar1 title: It's time to upgrade the Public Key Infrastructure: Better Efficiency and Provable Security
Abstract: The PKI provides an essential foundation enabling public key cryptography, specified ~40 years ago and widely deployed, e.g., for web security, for ~30 years. It's time for a major upgrade; one reason is to ensure acceptable performance with PQC. It is also needed to improve security and privacy. We will present the challenges and solutions based on recent papers and ongoing standardization efforts. Based on joint works with: Jie Kong, Sara Wrótniak, Hemi Leibowitz and Ewa Syta and ongoing work in the IETF.
Seminar2 title: Deployable security for Internet routing security: State-of-the-Art
Dr. Beatrice Motella (European Commission, Joint Research Center, Italy)
Seminar title: GNSS Signal Authentication
Abstract: Global Navigation Satellite System (GNSS) spoofing and interference pose serious threats to any critical service that relies on accurate positioning, navigation and timing (PNT). In a spoofing attack, an adversary transmits counterfeit signals that mimic authentic GNSS broadcasts, causing receivers to compute false positions and potentially leading to hazardous outcomes. Interference, whether intentional or accidental, can weaken or block GNSS signals, resulting in loss of service or anomalous system behaviour.
Prof. Catuscia Palamidessi (INRIA Saclay and LIX, France)
Seminar title: The EM Method for Private Frequency Estimation
Abstract: Differential privacy (DP) has become the gold standard for protecting sensitive information in individual-level data, spanning key variants like local DP and metric privacy. In this talk, we review standard privacy mechanisms, such as the Laplace and Gaussian mechanisms for DP and Randomized Response for Local DP, as well as the more sophisticated Blahut-Arimoto algorithm for metric privacy.
A fundamental challenge remains: how to extract accurate aggregate information from data privatized via these mechanisms. This talk focuses on maximizing the utility of frequency estimates, a core primitive for downstream data analytics. Because Matrix Inversion (MI) is the most natural and direct approach for this task, it has been the first and most investigated method in the privacy literature. However, we champion a powerful but underutilized alternative from classic statistics: the Expectation-Maximization (EM) algorithm. We demonstrate that, while MI excels in computational speed, EM consistently provides superior accuracy when paired with metric privacy or deployed within federated learning environments. After contrasting the trade-offs between these two paradigms, we conclude with open questions and potential directions for future research.
Prof. Ahmad-Reza Sadeghi (TU Darmstadt, Germany)
Seminar title: Neuron Surgery for Machine Safety and Security
Prof. Serge Vaudenay (EPFL, Switzerland)
Seminar title: Fair Exchange and Smart Contracts
Abstract: The fair exchange problem is to allow participants to exchange some assets in such a way that, under adversarial context, either all honest participants receive what they expect or no honest participant reveal their assets. This problem has been studied for 50 years. It is well known to be impossible to solve without any trusted third party. A natural idea is to use smart contracts over blockchains to solve some instances. In the case of an exchange of some crypto-currency against some algorithmically verifiable digital asset, several protocols exist. In this presentation, we survey some based on verifiable encryption and some based on interactive dispute resolution.
Prof. Ingrid Verbauwhede (KU Leuven, Belgium)
Seminar title: TBA
Abstract: TBA