Seminars

Prof. Dennis Akos (University of Colorado Boulder, USA)

Seminar title: Detecting GNSS Jamming and Spoofing on Android Devices

Abstract: Global navigation satellite system (GNSS) location engines on Android devices provide location and navigation utility to billions of people worldwide. However, these location engines currently have very limited protection from threats to their position, navigation, and time (PNT) solutions. External sources of radio frequency interference (RFI) can render PNT information unusable. Even worse, false signals or spoofing can provide a false PNT solution to Android devices. To mitigate this, detection methods were developed and evaluated using native location parameters within Android. These methods provide a powerful means to significantly increase the robustness of the Android GNSS-based PNT solution and are implemented in the GNSSAlarm Android application to test/demonstrate real-time jamming and spoofing detection.

Mr. Robin Blokker (FRA, Sweden)

Seminar title: Vulnerability to Attack - With N-day stops along the way

Abstract: Hands-on technical presentation that describes the sometimes crooked path from vulnerability to attack to protection. Focus on how to go about this and how the general ecosystem around vulnerability management seems to work. Including a technical demo of a vulnerability that exemplifies how fleeting the division between 0-day and N-day has become. Demonstrates how much or little is required to join the action on the red side. Bonus arguments about where response could be meaningful and what parameters can actually be influenced.

Dr. Luc Bläser (Dfinity, Switzerland)

Seminar title: Motoko: A Programming Language Designed for Secure Smart Contract Programming

Abstract: The Internet Computer blockchain offers an efficient operating system for running smart contract and Web3 applications with uncompromising security. To achieve such, the entire software stack of the blockchain has been designed from the ground up with this focus. A weak element in software security often is the programming language, offering risk for bugs and security attacks due to manyfold concepts that are often too low-level or prone to pitfalls. For this reason, the Internet Computer has its bespoke programming language, called Motoko, that is optimized for the Internet Computer, incorporating safety and security, while still aiming at flexibility and expressiveness: Memory safety with a powerful incremental garbage collector, static type safety, language-inbuilt data persistence with checked migration safety, arithmetic safety, inbuilt language abstractions for the Internet Computer runtime model and application security aspects.

In this workshop, we analyze how programming language concepts influence software security and learn how Motoko differentiates itself in this regard to other languages. The session is organized in two parts. First, a tutorial provides an overview of programming language design for security and safety on the blockchain. Second, a workshop offers participants the opportunity to implement and test a smart contract application on the Internet Computer, by having a choice of comparing Motoko to other languages (such as TypeScript and Rust).

Dr. Jan Camenisch (Dfinity, Switzerland)

Seminar title: The Internet Computer - Compute on the Network

Abstract: Compute is the lifeblood of society, there is hardly anything we do that does not involve software in one form or another. Our current IT stack is complicated, sometimes fragile and can no longer be reliably protected from cyber attacks. The reason for this is that it has grown organically from standalone systems built decades ago into highly interconnected ones, trying to meet very different requirements. Managing and maintaining today’s IT infrastructure has become incredibly hard and that’s why almost everyone has moved their software into the cloud, entrusting the cloud provider with that task.

This is problematic for two reasons:
• Handing over operations also means handing over control of one’s software and data to third parties.
• Worse, it is not even working: the cost spent on IT is ever growing as is the damage caused by cyber crime.

Clearly, a radically different approach is needed. In fact, we all know a computer that is built very differently from the current IT stack and that does not suffer from these problems: Bitcoin. It has never been hacked despite the large amount of money at stake. This may sound crazy: Bitcoin wastes a ton of energy, is very slow, and is not a computer but only a ledger that keeps track of who owns how much bitcoin. How could one possibly run all of the world’s software like this!

The reason that bitcoin is secure is twofold:
• It is a computer, well maybe more like a pocket calculator, that is created by a mathematical protocol. So it is pure math, it cannot be hacked. 2+2 will always be 4.
• But that is not enough. You don’t want to trust a single entity - it could be hacked, bribed or be outright malicious. You want to have many parties running the protocol, assuming that the majority is honest. So if all of them, or at least the majority, tells you the same result, you are good.

At DFINITY we have taken these principles of building a computer from a protocol, all the latest research in cryptography and distributed systems, and spent over 1000 person years to design and build the internet computer protocol. This protocol has been running in production since May 2021 without ever missing a beat nor ever being hacked. Currently, the protocol hosts close to 900 thousand smart contracts. The smart contracts realize all kinds of software from social networks, dexes, on-chain wallets, document storage and collaboration applications, to AI models. In other words, the internet computer protocol allows anyone to just run their software on the internet. The protocol provides smart contracts with lots of storage, computational power, and communication bandwidth - just like any ordinary computer would.

In this talk I will explain the basic architecture of the Internet Computer and explore some of the technical details that are essential to the protocol to work.

Prof. Liqun Chen (Surrey University, UK)

Seminar title: Trust in Cybersecurity

Abstract: Trust is a fundamental pillar of cybersecurity, alongside security and privacy. It involves believing that an entity, such as a user, device, service, transaction, or system, will behave as expected. However, trust is not granted by default; it is based on a zero-trust model, which uses the principle "never trust, always verify." In a cybersecurity context, this model ensures that every entity is validated at every critical stage, including before accessing resources, during its participation in a transaction, and after fulfilling its role.

Building trust in cybersecurity relies on technical mechanisms such as authorisation, authentication, and attestation. Typically, these mechanisms are conceptualised as a chain of trust that begins with a root of trust, which is the first trusted element in the chain. Each element in the chain is responsible for establishing the trustworthiness of the next element. In cases where a system has a complex structure with various interconnected elements, the chain of trust may be represented as a tree or a graph. Verifying these intricate structures could require aggregating multiple individual verification results.

Cryptography plays a crucial role in establishing the root of trust and in various levels of trust verification. However, for cryptography to be effective, it must be trustworthy in itself. Additionally, some cybersecurity systems, like time-stamping services, need to be trustworthy in the long term. With the emergence of large, scalable quantum computers in the future, long-term trust in the currently prevalent cryptographic methods will no longer be feasible. Therefore, a transition to post-quantum cryptography is necessary.

In this presentation, we will explore these aspects to develop a strong understanding of the importance of establishing trust in cybersecurity and how to accomplish this.

Prof. Mauro Conti (University of Padua, Italy)

Seminar title: Brave New Threat: The Rise of Covert and Side Channels

Abstract: Information and Communication Technologies are deeply integrated into our lives and manage an increasing amount of our confidential data. We use these technologies in a variety of ways—sometimes even unconsciously—for our work, to interact with other people, or just for entertainment through games and music. Protecting the data these technologies handle involves more than just preventing adversaries from gaining physical or remote control of a device through traditional attacks, such as exploiting software or protocol vulnerabilities. It also includes addressing how adversaries might steal information through side and covert channels.

In this talk, we take a journey through representative research results we published in the domain of side and covert channels, ranging from work published in TIFS 2016 to more recent ones published in Usenix Security 2022, INFOCOM 2023, CCS 2023, DIMVA 2024, WWW 2024, some of which also demonstrated at Black Hat Hacking Conferences. We discuss threats arising from contextual information and to which extent it is feasible to infer very specific details. In particular, we discuss attacks such as inferring actions that a user is performing on a smartphone, by eavesdropping on its encrypted network traffic, identifying the presence of a specific user within a network through analysis of energy consumption, inferring information (also key details like passwords and PINs) through timing, acoustic, video or battery status information, or just the way users play games and listen to the music.

Prof. Alexandra Dmitrienko (Würzburg University, Germany)

Seminar title: Can We Trust AI? Understanding the Security Challenges of Modern ML Systems

Abstract: Machine learning (ML) is transforming the way complex problems are solved, from enhancing threat detection and automating vulnerability assessments to securing sensitive systems. AI-driven methods have become an essential part of modern security engineering. Meanwhile, techniques such as federated learning (FL) enable collaborative model training across different organizations without sharing raw data, supporting applications in healthcare, finance, and autonomous systems.

However, these advances also introduce new security risks. Machine learning models can be manipulated, attacked, or exploited, sometimes with serious consequences. Threats such as poisoning attacks, adversarial examples, and inference attacks challenge the integrity, confidentiality, and trustworthiness of AI systems. Building resilient and secure ML frameworks requires both proactive defense mechanisms and security-by-design approaches, as well as a deep understanding of the vulnerabilities inherent in AI technologies.

This lecture examines the full lifecycle of ML model development and deployment from a security perspective. It covers typical attack vectors and corresponding defense strategies, highlights recent research efforts to improve adversarial robustness, and discusses key challenges in creating trustworthy, attack-resistant ML systems.

Prof. Sokratis Katsikas (Norwegian University of Science and Technology, Norway)

Seminar title: Cyber Ranges and Cyber-Physical Ranges: Progress, Potential, and Future Directions

Abstract: A Cyber Range (CR) serves as a specialized environment designed to provide dedicated testbeds and infrastructures for executing immersive training scenarios. Its primary goal is to enhance cybersecurity knowledge among security practitioners and awareness among non-security professionals and the public, while offering a hands-on learning experience for trainees. Over time, CRs have become an indispensable tool, offering a multifaceted approach to strengthening cybersecurity postures. On the other hand, Cyber-Physical Systems (CPSs) are advanced, intelligent systems that integrate physical processes with computational elements. These encompass diverse applications such as smart grids, autonomous vehicles, medical devices, process control systems, and autopilot avionics. As a fundamental pillar of Industry 4.0, CPSs drive the convergence of formerly distinct operational technology and modern information systems. Within this evolving technological landscape, Cyber-Physical Ranges (C-PRs) have emerged as an innovative and cost-effective solution that enable researchers and practitioners to explore vulnerabilities and devise robust defense mechanisms—without compromising real-world systems. This talk will first introduce a comprehensive taxonomy of CR systems, followed by an analysis of existing literature focusing on architecture, scenario development, capabilities, roles, tools, and evaluation criteria. Subsequently, we will present a fine-grained reference architecture for CRs, built upon a rigorous three-step methodology. Additionally, we will propose an evaluation framework that quantifies the alignment of a CR with state-of-the-art practices, offering a standardized method to identify optimal components for implementing the structural, functional, and informational facets of a CR. Finally, we will explore the latest advancements in C-PRs through real-world case studies, uncovering the challenges associated with designing, deploying, and managing these environments. We will also discuss their seamless integration with emerging technologies, illustrating their pivotal role in the future of cybersecurity research and innovation.

Prof. Wenjing Lou (Virginia Tech, USA)

Seminar title: Federated Learning, Model Inversion Attacks, and Privacy Enhancing Technologies in Machine Learning

Abstract: Privacy remains a critical challenge in the era of machine learning. The current success of machine learning largely depends on centralized learning, where data from multiple sources is pooled to a central location. This approach raises significant concerns in privacy-sensitive domains such as healthcare, where data is heavily regulated and often siloed across institutions. Federated learning offers a compelling alternative: it enables institutions to collaboratively train models without moving patient data across institutional boundaries, thereby preserving data locality and addressing legal and ethical barriers to data sharing.

However, despite its promise as a privacy-preserving learning paradigm, federated learning has been shown to be vulnerable to various privacy attacks. Recent studies have demonstrated that adversaries can exploit model updates to infer sensitive information through attacks such as data reconstruction and membership inference. In this talk, we will examine those privacy attacks in federated learning, with a particular focus on model inversion attacks. We will trace the evolution of model inversion attacks, from the early optimization-based methods, to linear leakage technique, and finally to the recent scale-MIA attack (Shi, NDSS 2025). This latest attack significantly improves attack efficiency, enabling adversaries to reconstruct clients’ training data from aggregated model updates without needing access to individual clients’ model updates.

We will also explore the limitations of current defense mechanisms, such as secure aggregation and differential privacy, which have shown limited effectiveness against model inversion attacks. Finally, we will discuss the broader implications of such attacks and explore emerging strategies to protect user data privacy in federated learning systems.

Mrs. Allison Mankin (PCH, IRTF, USA)

Seminar title: TBA

Abstract: TBA

Prof. Adrian Perrig (ETH Zürich , Switzerland)

Seminar title: Building a High-Availability and Path-Aware Internet with SCION

Abstract: With the increase of safety-critical traffic on the Internet, a challenge is to provide high availability in the presence of adversarial components. The SCION next-generation network architecture has been explicitly designed for security and scalability, applying novel approaches for achieving resilient control-plane operation and inter-domain end-to-end communication in the presence of active attacks. SCION has been in production use for critical infrastructure communication since 2017, with expanding deployments and use cases since then. Operating side-by-side with today’s Internet, SCION offers a communication fabric that is largely fault-independent from today’s BGP-based infrastructure.

In this talk, we highlight use cases, technical and business aspects of SCION that provide security properties such as geo-fencing and path validation, and enable new business models for ISPs. We will also discuss interoperability, how the fault-independence with today’s infrastructure is achieved, and how the deployment and co-existence with today’s infrastructure is accomplished.

With the rapidly expanding SCION deployment, exciting research opportunities arise. For instance, how can we harness native multipath with dozens (and sometimes hundreds) of path options for enhancing the communication quality with respect to diverse metrics? How can we best provide feedback about network conditions that further facilitates path selection? How can we drive deployment to provide benefits to any application? The availability of SCION connectivity brings up these and many new questions -- opening up exciting paths for new explorations.

Prof. Radha Poovendran (University of Washington, USA)

Seminar title: Alignment of LLMs through the lens of data and algorithms

Abstract: As large language models become increasingly integrated into real-world applications (e.g., code generation and chatbot assistants), it is crucial to align these models with human values. This talk will focus on the alignment of LLMs, particularly emphasizing the safety and robustness of LLMs, identifying new vulnerabilities, and scalable synthetic alignment data generation. We will describe our attack-agnostic defenses, named SafeDecoding and CleanGen, new decoding strategies to enhance the safety of LLMs at the inference time. We will also demonstrate that rich information beyond semantics embedded in texts unveil new vulnerabilities which make LLMs susceptible to jailbreak attacks. We further investigate the vulnerabilities of emerging large reasoning models such as DeepSeek-R1. We will finally present our method, named Magpie, to generate large-scale synthetic data to improve LLM alignment. A highlight of all these efforts is that they do not require re-training or modifying LLM parameters, making them easily deployable with minimal overhead. Our research will help ensure that LLMs are better aligned with human values, thereby providing enhanced quality-of-service to users.

RoyalRoppers (KTH Royal Institute of Technology, Sweden)

Seminar title: CTFs: How to compete in cybersecurity and hacking?

Abstract: CTF stands for Capture The Flag and is a cybersecurity competition where the goal is to solve various challenges to score points and compete against other teams. These challenges can range from hacking websites, cracking cryptographic systems, exploiting binaries, and much much more. In this talk, you will receive an overview of how and why to participate in CTFs, along with an introduction to some common challenges and techniques you might encounter.

Prof. Ahmad Reza Sadeghi (TU Darmstadt, Germany)

Seminar title: Turing's Echo on Deceptive Machines: The Challenge of Distinguishing Human and AI Creations

Abstract: With the rapid rise of generative AI, synthetic text, audio, and images are becoming increasingly indistinguishable from authentic content, posing serious risks to misinformation resilience, fraud prevention, and digital trust. However, existing detection tools often struggle to generalize across modalities or adapt to the outputs of novel models.

This talk continues a series of investigations into cross-modal detection of AI-generated content, updated with emerging techniques and tools. We explore physics-augmented methods, ranging from Doppler-inspired features in text or speech to inconsistencies in light reflection within images that reveal subtle artifacts often overlooked by deep learning-based detectors. Our findings indicate that embedding physical priors into lightweight detection frameworks significantly enhances robustness and cross-domain generalization.

We conclude with reflections on broader implications for scientific integrity, media forensics, and the evolving challenge of preserving authenticity in an age of generative AI. And perhaps, as boundaries blur further, we may soon face an even deeper question: when will we no longer want to tell the difference between real and fake?

Prof. Gene Tsudik (UC Irvine, USA)

Seminar title: Secure Awareness of Nearby IoT Devices

Abstract: Internet of Things (IoT) devices are becoming increasingly commonplace in numerous settings. Currently, most such devices lack mechanisms to facilitate their discovery by casual or incidental (nearby) users who are neither owners nor operators. However, these users are potentially being sensed, and/or actuated upon, by these devices, without their knowledge or consent. This naturally triggers privacy, security, and safety issues. To address this problem, some recent work explored device transparency in the IoT ecosystem. There are some low-tech approaches that offer various trade-offs as far as owner burden and security.

One intuitive technical means of discovering unfamiliar nearby IoT devices is exemplified by PAISA (CCS'23). In it, each device periodically, reliably, and securely broadcasts (announces) its presence and capabilities to all nearby users. While effective, when no new users are present, this push-based approach generates a substantial amount of unnecessary network traffic and interferes with normal device operation. An alternative, called DB-PAISA (PETS'25), addresses these issues via a pull-based method, whereby devices reveal their presence and capabilities only upon explicit user request. Each device guarantees a secure timely response (even if it is fully compromised), based on a small active Root-of-Trust (RoT). Neither PAISA nor DB-PAISA requires any hardware modifications and both are suitable for a range of current IoT devices.

Both are available via fully functional and publicly available prototypes. However, PAISA and DB-PAISA do not truly localize devices and are susceptible to wormhole and cuckoo attacks. Some very recent work demonstrates that these challenges can be indeed overcome.

This talk will overview aforementioned techniques and discuss some open research issues.