We are proud to announce the confirmed keynote speakers:
When humans and security or privacy technology interact
Sonia Chiasson, Canada Research Chair in User Centric Cybersecurity, Carleton University, Canada
Wednesday, August 18, 2021, 15:00 – 16:30, Room A
Abstract: Early influential research in usable security and privacy highlighted why Johnny can’t encrypt, how users are not the enemy, and why users should rationally reject security advice. However, many novice and expert users alike still find themselves with too many passwords, at risk of being tricked by social engineering, unwittingly engaging in privacy-compromising behaviours, and with an ever-growing list of advice to follow. Why is designing and deploying practical security and privacy so challenging? In this retrospective talk, we will look back on two decades of research on the usable cybersecurity and privacy. Through examples and reflection, we will consider areas where we have made progress, discuss open challenges, and explore practical principles for designing security and privacy technology that works for humans.
Sonia Chiasson is the Canada Research Chair in User Centric Cybersecurity and an Associate Professor in the School of Computer Science at Carleton University in Ottawa, where she leads the CHORUS research lab. She is the Deputy Scientific Director of SERENE-RISC, a national Canadian network created to help protect individuals and organizations from online security and privacy threats, and the General Chair of the Symposium on Usable Privacy and Security (SOUPS). With a background in human-computer interaction and computer science, she has been conducting research in the field of usable security and privacy for over 15 years. Her main research interests relate to understanding what happens when humans and cybersecurity and privacy technology interact, and to developing security and privacy mechanisms that better meet users’ needs.
Secure and Privacy-Conscious Federated Analytics
Jean-Pierre Hubaux, Head of Laboratory for Data Security (LDS), EPFL – Station 14, Switzerland
Thursday, August 19, 2021, 13:00 – 14:30, Room A
Abstract: In this talk, we address the problem of privacy-preserving training and evaluation of neural networks in an N-party, federated learning setting. We propose a novel system, POSEIDON, the first of its kind in the regime of privacy-preserving neural network training. It employs multiparty lattice-based cryptography to preserve the confidentiality of the training data, the model, and the evaluation data, under a passive-adversary model and collusions between up to N−1 parties. To efficiently execute the secure backpropagation algorithm for training neural networks, we provide a generic packing approach that enables Single Instruction, Multiple Data (SIMD) operations on encrypted data. We also introduce arbitrary linear transformations within the cryptographic bootstrapping operation, optimizing the costly cryptographic computations over the parties, and we define a constrained optimization problem for choosing the cryptographic parameters. We will also mention Lattigo, our open-source cryptographic library on which POSEIDON is based. Our experimental results show that POSEIDON achieves accuracy similar to centralized or decentralized non-private approaches and that its computation and communication overhead scales linearly with the number of parties. We will then explain how we are using this technique for the federated analysis of medical data, in particular for genome-wide association studies.
Jean-Pierre Hubaux is a full professor at EPFL and head of the Laboratory for Data Security. Through his research, he contributes to laying the foundations and developing the tools for protecting privacy in today’s hyper-connected world. He has pioneered the areas of privacy and security in mobile/wireless networks and in personalized health.
He is the academic director of the Center for Digital Trust (C4DT). He leads the Data Protection in Personalized Health (DPPH) project funded by the ETH Council. He is a Fellow of both IEEE (2008) and ACM (2010). Recent awards: three of his papers obtained distinctions at the IEEE Symposium on Security and Privacy in 2015, 2018 and 2021. He is among the most cited researchers in privacy protection and in information security. More about him here.
Almost Matching Exactly
Cynthia Rudin, Professor of Computer Science, Electrical and Computer Engineering and Statistical Science at Duke University, US
Abstract:I will present a matching framework for causal inference in the potential outcomes setting called Almost Matching Exactly. This framework has several important elements: (1) Its algorithms create matched groups that are interpretable. The goal is to match treatment and control units on as many covariates as possible, or “almost exactly.” (2) Its algorithms create accurate estimates of individual treatment effects. This is because we use machine learning on a separate training set to learn which features are important for matching. The key constraint is that units are always matched on a set of covariates that together can predict the outcome well. (3) Our methods are fast and scalable. In summary, these methods rival black box machine learning methods in their estimation accuracy but have the benefit of being interpretable and easier to troubleshoot. Our lab website is here: https://almost-matching-exactly.github.io
Cynthia Rudin is a professor of computer science, electrical and computer engineering, and statistical science at Duke University, and directs the Prediction Analysis Lab, whose main focus is in interpretable machine learning. She is also an associate director of the Statistical and Applied Mathematical Sciences Institute (SAMSI). Previously, Prof. Rudin held positions at MIT, Columbia, and NYU. She holds an undergraduate degree from the University at Buffalo, and a PhD from Princeton University. She is a three-time winner of the INFORMS Innovative Applications in Analytics Award, was named as one of the “Top 40 Under 40” by Poets and Quants in 2015, and was named by Businessinsider.com as one of the 12 most impressive professors at MIT in 2015. She is a fellow of the American Statistical Association and a fellow of the Institute of Mathematical Statistics.
Some of Cynthia (collaborative) projects are: (1) she has developed practical code for optimal decision trees and sparse scoring systems, used for creating models for high stakes decisions. Some of these models are used to manage treatment and monitoring for patients in intensive care units of hospitals. (2) She led the first major effort to maintain a power distribution network with machine learning (in NYC). (3) She developed algorithms for crime series detection, which allow police detectives to find patterns of housebreaks. Her code was developed with detectives in Cambridge MA, and later adopted by the NYPD. (4) She solved several well-known previously open theoretical problems about the convergence of AdaBoost and related boosting methods. (5) She is a co-lead of the Almost-Matching-Exactly lab, which develops matching methods for use in interpretable causal inference.
Learning, reasoning, optimisation: Connections, complementarity and chances
Prof. Holger H. Hoos, Professor of Machine Learning at Universiteit Leiden (the Netherlands) and Adjunct Professor of Computer Science at the University of British Columbia (Canada).
Abstract: Machine learning, logical inference and mathematical optimisation are pillars of artificial intelligence. As individual areas within AI (and beyond), they have had profound impact in a broad range of applications; jointly, they will shape our future. In this talk, I will explore connections between these areas, illustrate how they can complement each other, and sketch out some of the chances arising from bringing them more closely together. I will use examples from my own research in automated reasoning, automated machine learning and stochastic local search to explain how building bridges between these areas can facilitate major progress in key areas of AI and its applications, covering foundational problems, including propositional satisfiability, mixed integer programming, the travelling salesperson problem, and, most recently, neural network verification. I will also introduce the concept of automated AI (AutoAI), which further facilitates fruitful combinations of learning, reasoning and optimisation techniques, and promises to make cutting edge AI techniques more accessible, more effective and more broadly applicable.
Holger H. Hoos is Professor of Machine Learning at Universiteit Leiden (the Netherlands) and Adjunct Professor of Computer Science at the University of British Columbia (Canada). He is a Fellow of the Association for Computing Machinery (ACM), Fellow of the Association for the Advancement of Artificial Intelligence (AAAI), Fellow of the European AI Association (EurAI), past president of the Canadian Association for Artificial Intelligence and one of the initiators as well as chair of the board of CLAIRE, an organisation that seeks to strengthen European excellence in AI research and innovation (claire-ai.org). He also leads the ICT-48 VISION coordination mandate for the newly created European networks of centres of excellence in AI. Holger is well known for his work across a broad range of topics in artificial intelligence, notably on the automated design of high-performance algorithms; he is one of the originators of the concept of automated machine learning (AutoML).
Security Challenges in 5G Network Slicing
Amitabh Mishra, University of Delaware, USA
Abstract: To provide service differentiation for Massive Inter-of-Things, Mission-Critical Control, and Enhanced Mobile Broadband 5G applications which have very diverse performance and reliability requirements in term of metrics for ultra-low latency, ultra-low complexity, extreme data rates, and the ultra-high availability parameters, 3GPP has standardized a new technology – “Network Slicing” which is currently being developed and is planned to be deployed across the globe. This talk will cover security vulnerabilities of network slicing and proposed solutions.
Amitabh Mishra studies mobile wireless computer-communication networks in two distinct areas. The performance and architectures of mmW (5G & Beyond) cellular, ad hoc, sensor, dynamic spectrum access (DSA), and mobile cloud is the first area in which he has worked on the cross-layer optimization of sensor networking protocols, fluid flow modeling of multipath TCP, and MAC for cellular-ad hoc interworking for DSA as examples. Network security and computer forensics is the second area in which he currently investigating approaches to secure 5G/6G networks by analyzing the vulnerabilities in the open-source software and COTS hardware products which are part of 5G RAN, Mobile Edge Computing platforms, and Mobile Core architectures using traditional and machine learning approaches e.g., adversarial machine learning. He received MS in Computer Science from the University of Illinois, M. Eng., and Ph. D. both from McGill University. He is affiliated with 5G-NextG program of Under Secretary of Defense (Research & Engineering) and an affiliated professor of cyber-security at the University of Delaware.
Dr. Luca Caviglione, IMATI CNR, Italy
Abstract: Information hiding and steganographic techniques are increasingly used by attackers to create a new-wave of threats (often called stegomalware) able to covertly exfiltrate data, obfuscate their presence, retrieve malicious payloads or bypass security mechanisms. Despite the increasing volume of attacks, the degree of sophistication, and the growing attention from security-oriented firms, stegomalware is often neglected for a twofold reason. First, its emerging nature still requires precise investigation methodologies and conceptual devices. Second, each hiding technique is tightly coupled with the digital entity exploited to conceal the information. In this talk, we will review some real-world threats exploiting information hiding with emphasis on the used techniques and attack models. Then, we will discuss possible countermeasures, focusing on the challenges arising by the need of inspecting many heterogenous digital contents (e.g., images, network traces or execution flows) without endangering the quality perceived by users. Lastly, we will also present some ideas developed within the H2020 Project SIMARGL – Secure Intelligent Methods for Advanced RecoGnition of malware, which aims at mitigating risks of information-hiding-capable attacks.
Luca Caviglione is a Senior Research Scientist with the Institute for Applied Mathematics and Information Technologies (IMATI), National Research Council of Italy. From 2020 he is the Head of the IMATI Research Unit of the National Inter-University Consortium for Telecommunications. He is a Contract Professor for the University of Genova, where he regularly teaches “Information Hiding” to Ph.D. students and he is a board member of the Ph.D. Course in Security, Reliability and Vulnerability. He is a Work Group Leader of the Italian IPv6 Task Force, a Professional Engineer, and a member of the Steering Committee of the Criminal Use of Information Hiding initiative supported by the European Cybercrime Centre. He regularly serves as a project evaluator and he organizes special issues in several top-ranked journal and magazines. In 2020, he was the chair for the European Interdisciplinary Cybersecurity Conference. Currently, he is the principal investigator for IMATI of the EU Project SIMARGL – Secure Intelligent Methods for Advanced RecoGnition of malware, Grant Agreement No. 833042. His research interests include network security and information hiding, cloud architectures, and optimization of large-scale computing systems. He holds several patents in the field of peer-to-peer networking and energy efficiency of datacenters.
Cybersecurity in Healthcare 4.0: Trends, Challenges and Opportunities
Sandeep Pirbhulal, Norwegian University of Science and Technology, Norway
Abstract: In recent times, healthcare infrastructure is considered as one of the crucial assets for several nations and governments. e-healthcare has received much attention concerning their cybersecurity and resilience. Due to the applicability of the broad spectrum of digital information and communication technologies, healthcare 4.0 aims to offer more efficient medical services. In the e-healthcare domain, it is significant to demonstrate medical information storage components and services, to identify cybersecurity challenges and requirements, and to examine the impact of availability and security of healthcare data and services in society.
This talk includes a) to explore the security issues, potential threats, and resilience trends, and security requirements in healthcare systems, b) to address healthcare standards, regulations, and governing bodies involved and their responsibilities, c) to illustrate the potential threats and risks for healthcare, and to get an overview of the performance metric for health care security, and d) to discuss future directions and opportunities of cybersecurity and resilience in healthcare 4.0.
Dr. Sandeep Pirbhulal received his Ph.D. degree in Pattern Recognition and Intelligent Systems from the University of Chinese Academy of Sciences in 2017. He is currently working as Senior Research Scientist at the Norwegian Computing Center, Norway. He was a postdoctoral researcher at the Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Norway (March 2020- July 2021). Dr. Pirbhulal has vast experience of 7-8 years in Academia & Research. His current research focuses on critical infrastructure security, tele-healthcare, network security, information security, privacy and security for WSNs, wireless body sensor networks (WSNs), and Internet of Things. He has published more than 80 scientific articles (including peer-reviewed journals and international conferences) with 1990 citations on Google scholar, an H-index of 25, and an i-index of 41 comprising IEEE Transactions, Elsevier’s JCR Q1 other high impact factor venues. He has reviewed more than 100 papers in the reputed peer-reviewed journal such as IEEE Access, IEEE JBHI, IEEE transactions etc. He is an editorial board member of MDPI Signals Journal (since 2020). Since, three years (2019-2021), he is the Organizing Chair of the Workshop on Decentralized Technologies and Applications for IoT (D’IoT) in conjunction with the IEEE Vehicular Technology Conference (VTC). He also serves as a TPC member of several conferences, seminars, and workshops at the national and international levels.
Future Crimes and Hybrid Warfare – technological challenges for law-enforcement and intelligence agencies
Kacper Gradon, University College London, UK
Abstract: “Do Criminals Dream of Electric Sheep?” Such issue is no longer a domain of futurologists and science-fiction writers, but a serious question asked by the EUROPOL alarmed by how emerging Information Technologies shape the future of crime and law-enforcement. Apart from its obviously positive effects, the technology also impacts and affects the way criminal offenders, terrorists and rogue governments operate at the stages of know-how gathering, planning, preparation and execution of their attacks. The progress in the development of IT and its accessibility is so unprecedentedly high, that – in order not to lag behind – the law-enforcement and intelligence communities need to research and analyze the further and potential advances (and design the potential preventive measures) promptly. The presentation addresses the problem of a lack of forecasting/analytical approach to the study of an impact of emerging and disruptive technologies on the criminal, terrorist and information warfare landscape. The author aims to deliver the most up-to-date analysis of the threats to come, together with a set of plausible solutions on how to deter and mitigate the risk. The presentation will characterize the dangers posed by the potential abuse of Information Technologies by the criminal/terrorist/state actors. The author will deliver an analysis articulating the key factors implicated in events related to the technology abuse, across all stages of the event. A special focus will be put on Information Warfare (hybrid and asymmetric threats), where disinformation, misinformation and propaganda are used by nation states in a general scheme of malign foreign influence to disrupt the situation abroad.
Kacper Gradon is the Visiting Fulbright Professor at University of Colorado Boulder and the University College London Honorary Senior Research Associate at UCL Department of Security and Crime Science. His research expertise includes Future Crimes, cyber crime, criminal analysis and counter-terrorism. His current research is focused on designing the methods for preventing and combating disinformation, misinformation and malign foreign influence. He’s a member of the World Health Organization (WHO) working group on infodemiology. His research interests include the application of Open Source Intelligence and digital & Internet forensics and analysis to forecasting and combating criminal and terrorist acts. He has 20 years of experience of consultancy and cooperation with Police and Intelligence services in Poland, UK, US and Canada. Graduate of the London Metropolitan Police Specialist Operations Training of Hostage Negotiations, the NCFTA/FBI Dark Web Investigations and the IALEIA Open Source Intelligence courses. Lectured and held visiting professorship positions in the UK, USA, Canada, India, Australia and New Zealand. Participated in over 200 academic and Police conferences and events worldwide. He was the UoW Primary Investigator in the 2014-2017 European Commission FP7 project PRIME (Preventing, Interdicting and Mitigating Extremist Events) dealing with lone-actor extremism and terrorism.
Internet-of-Forensics: A Decentralized Evidence Management System
Rahul Saha, SPRITZ research group, University of Padova, Italy
Abstract: The proliferation of Internet-of-Things (IoTs) and its extensions in industries, healthcare, supply chain, vehicular networks and energy sector have increased the possibility of the cyber-attacks with various threat vectors. Digital forensics, as a part of forensics science, is complementary to cyber security as it helps to identify the source of the malicious act. Phishing, spoofed identities, vulnerable mobile applications, falsified remote attestation and IPR breaches are some of the examples digital crimes. Digital forensic process solves such problems and provides justification to the verdict of the crime with required evidences. In the process of investigation, these evidences are important point of concern. The investigators collect the evidences such as mobile devices, digital photos, and network connections. These evidences also possess different concerns in terms of data manipulation, device resource exhaustion, evidence management, accuracy etc. Multiple investigators use chain-of-custody for the evidence handling which is an important part of any digital forensic concerns. Moreover, in cross-country platform, for example: cloud forensics, the responsibility of the evidences become critical as the resources are stable with cloud owner. Therefore, digital forensics has a number of concerns of in terms security such as confidentiality, integrity, authenticity, and admissibility of the evidences. To hold the evidences justified till the last point of decision making process in the court room, we need to handle the digital forensics appropriately.
In the presentation, we shall discuss about the digital forensics enablers and connect to the decentralization orientation of it. We shall explore the status of the blockchain-based digital forensic scenario and its future aspects denoting some important research problems. Our discussion will be evolving around the following point (not limited to): digital forensic enabler, decentralization factors of digital forensics, Internet-of-Forensics and open research problems.
Dr. Rahul Saha is a Postdoc researcher in SPRITZ research group, University of Padova under the supervision of Prof. Mauro Conti. Rahul has completed his PhD in Computer Science and Engineering from Lovely Professional University, India in 2018 followed by his present Postdoctoral position. His particular specialization is security dimensions and his publications are noteworthy to prove its significance. Rahul believes on multi-dimensional security in the present increasing network dimensions where a clear focus on changing network applications is underpinned by building various updated security technologies.
Rahul is extensively engaged with various funded projects execution including a funded project from Indian Government as Co-PI, EU-Horizon 2020 project, and industrial projects such as IOTA, and ONTOCHAIN. He is always up to spread his knowledge and to learn from fellow members of the group through brainstorming sessions, project management calls and technical talks.
Rahul is author and co-author of more than 35 indexed publications till date in various domains such as wireless sensor network applications, Internet of Things and its allied domains, network security and cryptography, blockchains where his security sense has been proved significantly. Previously, he also put his knowledge base design some courses for undergraduate students in Lovely Professional University, India. He also served as instructor of Cyberops course from CISCO with his strong passion for networks. Apart from the mentioned topics of the publications, Rahul also possess intense interest in soft computing, cloud computing, and algorithm analysis. His research excellence has been awarded consecutively three times by Lovely Professional University, India. His research expertise makes him a valuable contributor in the revision process of IEEE TDSC, IEEE TFS, IEEE COMST, IEEE Access and IEEE TVT. Rahul is a professional member of IEEE and IACR.
Towards the use of AI in digital investigation
Hans Henseler, Netherlands Forensic Institute, Netherlands
Abstract: The field of digital forensics is constantly changing due to the rapid evolution of computers, mobile devices, the internet (of things) and social media. Both commercial tool vendors as well as the professional, scientific and open source community are doing their best to keep up with new technical challenges. The importance of digital evidence is rapidly increasing which is reflected by analysts who expect that the global digital forensics market will have a growth rate of nearly 60% over the next 5 years. Despite this growth and innovation, most organizations still operate under the traditional paradigm by which experts in the digital forensic lab examine digital evidence and report results to investigators outside the lab. Organizations are finding that keeping up with new technical challenges in the digital forensic lab is not enough to let investigators benefit from the full potential of digital evidence. This has resulted in the introduction of a new paradigm called Digital Forensics as a Service (DFaaS) in which digital forensic examiners, investigators, innovators and other stakeholders in the investigation and judicial process can collaborate using a single digital forensic data platform. One example of such a DFaaS platform is Hansken, a solution that has been built by the Netherlands Forensic Institute. Today Hansken has been adopted and is being maintained as a closed-source solution by a growing international community of law enforcement and investigating agencies. Using Hansken as an example, I will illustrate why organisations should make the transition to this new paradigm right now and why DFaaS will become essential in the future in order to provide users with intelligent assistance through the use of AI techniques in the extraction, examination, analysis and disclosure of digital evidence.
Professor Hans Henseler has served part-time as the professor of Digital Forensics & E-Discovery at University of Applied Sciences Leiden (The Netherlands) since August 2016. He is also a senior adviser in the Digital and Biometrical Traces division at the Netherlands Forensic Institute, a board member at the Netherlands Register of Court Experts and chair of the board of directors at DFRWS. Hans studied Informatics at Delft University of Technology and obtained his doctorate from Maastricht University, specialising in Artificial Neural Networks. In 1992, he pioneered the field of forensic ICT at the Forensic Laboratory, the forerunner of the Netherlands Forensic Institute, after which he entered the business sector. Since that time, he has worked for a variety of organisations, including the Netherlands Organisation for Applied Scientific Research (TNO), ZyLAB, PwC, Fox-IT, Tracks Inspector and Magnet Forensics, gaining a wealth of experience working in software development, leading digital forensic laboratories, managing domestic and international E-Discovery projects and providing consultancy services concerning digital evidence for fraud investigations.
Prof. Stephen B. Wicker, Cornell University, USA
Stephen B. Wicker is a Professor of Electrical and Computer Engineering at Cornell University, and a member of the graduate fields of Computer Science and Applied Mathematics. Professor Wicker is the author of Cellular Convergence and the Death of Privacy (Oxford University Press, 2013), Codes, Graphs, and Iterative Decoding (Kluwer, 2002), Turbo Coding (Kluwer, 1999), Error Control Systems for Digital Communication and Storage (Prentice Hall, 1995) and Reed-Solomon Codes and Their Applications (IEEE Press, 1994). He has served as Associate Editor for Coding Theory and Techniques for the IEEE Transactions on Communications, and Associate Editor for the ACM Transactions on Sensor Networks.
From 2005 – 2018 Professor Wicker was the Cornell Principal Investigator for the TRUST Science and Technology Center – a National Science Foundation center dedicated to the development of technologies for securing the nation’s critical infrastructure. In 2010 Professor Wicker briefed the staff of the Congressional Committee on Science and Technology. In 2014 he briefed the National Economic Council at the White House on the subject of privacy-aware designs for cellular and the smart grid. His current research focuses on privacy and security in information systems, with an emphasis on the legal, social, and ethical impact of design decisions in wireless networks.
In 2011 Professor Wicker was made a Fellow of the IEEE for “contributions to wireless information systems.”
Lotfi ben Othmane, Iowa State University, USA
Cyber-physical systems seamlessly integrate computational and physical resources to form intelligent systems. Such systems could be associated with safety-critical operations, such as autonomous driving. The continuous evolution and adaptive nature of these systems challenge the practices of secure software developments, including the practices of threat modeling. We discuss in this talk, first, about the practices of changing secure-software in the industry. Then, we report about the interviews that we conducted on the practices of threat modeling of Cyber-physical systems. Next, we propose a semi-automated approach for threats modeling of Cyber-physical systems and discuss the challenges that we faced in our application of the approach on a real-word case-study.
Dr. Lotfi ben Othmane is Assistant Teaching Professor at Iowa State University, USA. Previously, he was Head of the Secure Software Engineering department at Fraunhofer SIT, Germany. Lotfi received his Ph.D. from Western Michigan University (WMU), USA, in 2010; the M.S. in computer science from University of Sherbrooke, Canada, in 2000; and the B.S in information systems from University of Economics and Management of Sfax, Tunisia, in 1995. He works currently on engineering secure cyber-physical systems.
ARES EU Symposium Workshop Keynotes
Cyber education and skills at EU level
Fabio Di Franco, ENISA (European Union Agency for Cybersecurity)
Abstract: Fabio will provide a holistic view on the nature and characteristics of the skills gap in Europe and the results of the joint effort done with other EU players (eg. the pilots of the EU Competence Network). He will provide insights from the cyber education database: How many students graduate each year in cybersecurity as well as gender balance and skills acquired. He will also report on a new EU Skills Framework which aims to close the cybersecurity skills’ gap on the European labour market, building comprehensive bridges between European workplace context and learning environment through an EU skills framework.
Fabio Di Franco is currently leading the activities in ENISA on cyber skills and cyber education. He is also responsible for developing and delivering trainings to EU member states and EU institutions on information security management and IT security. He also adve the European Union and the Member States on research needs in cybersecurity with a view to enabling effective responses to the current and emerging threats. Fabio has a PhD in telecommunication engineering and is a Certified Information Systems Security Professional (CISSP).
Another Look at Privacy-Preserving Automated Contact Tracing
Dr. Qiang Tang Senior Researcher, Luxembourg Institute of Science and Technology (LIST)
Abstract: In the current COVID-19 pandemic, manual contact tracing has been proven very helpful to reach close contacts of infected users and slow down virus spreading. To improve its scalability, a number of automated contact tracing (ACT) solutions have proposed and some of them have been deployed. Despite the dedicated efforts, security and privacy issues of these solutions are still open and under intensive debate. In this talk, we examine the ACT concept from a broader perspective, by focusing on not only security and privacy issues but also functional issues such as interface, usability and coverage. Considering the inevitable privacy leakages in existing BLE-based ACT solutions, we describe a venue-based ACT concept, which only monitors users’ contacting history in virus-spreading-prone venues and is able to incorporate different location tracking technologies such as BLE and WIFI.
Dr. Qiang Tang is currently a senior research scientist from Luxembourg Institute of Science and Technology (LIST). His research interests lie in applied cryptography, DLT/blockchain-enabled security design, and the privacy issues in machine learning. Dr. Tang received his Ph.D. degree from Royal Holloway, University of London, UK. Qiang is affiliated with ILNAS (Institut Luxembourgeois de la Normalisation, de l’Accrditation, de la S\’ecurit\’e et qualit\’e des produits et services) by serving in the subcommittee ISO/IEC JTC 1/SC 27 (security and privacy) and SC 38 (cloud computing and distributed platforms), SC42 (artificial intelligence), as well as TC307 (Blockchain). He is a member of the DLT/Blockchain working group of the Luxembourg financial regulator Commission de Surveillance du Secteur Financier (CSSF).
Cyber-Secure Building Blocks for Low-power IoT Devices: the RIOT-fp Project
Prof. Emmanuel Baccelli, Freie Universität Berlin, Germany
Abstract: Humans increasingly depend on the hundreds of billions of microcontrollers, used daily on Earth. The Internet of Things (IoT) aims both to enable and harness en masse the interconnection of low-power devices, based on such microcontrollers. In this context, increased cybersecurity requirements challenge both embedded system software and low-power network stacks embarked on such devices. Taking a global and practical approach and the embedded operating system RIOT as case-study, the RIOT-fp project combines research activities on cybersecurity for low-power IoT, which we will overview in this talk. RIOT-fp tackles topics which include developing high-speed, high-security, low-memory IoT crypto primitives, providing guarantees for critical software execution on microcontroller-based devices, and enabling secure IoT software updates and supply-chain, over low-power networks.
Prof. Emmanuel Baccelli holds a researcher position at Inria, working on decentralized, cooperative concepts for wireless Internet and for low-power Internet of Things (IoT). After working in the Silicon Valley as software engineer, Emmanuel Baccelli joined Hitachi Europe as research engineer, and eventually received his Ph.D. from Ecole Polytechnique, Paris, France in 2006. He received his habilitation from Université Pierre et Marie Curie, Paris, France in 2012. Since 2019, Emmanuel Baccelli is also professor affiliated with Freie Universität Berlin (Einstein Center Digital Future chair). Emmanuel Bac celli’s main research interests include spontaneous wireless networks, mobility, design and analysis of network protocols and algorithms, Internet of Things embedded software.
Scaling or Failing Cybersecurity?
Frode Hommedal, Chief Technology Officer and head of Cyber Threat Operations (Defendable, Norway)
Frode Hommedal is an incident response veteran, having worked with security monitoring and incident response for well over a decade, mostly chacing spies and more recently combatting criminals. Currently the CTO and main strategist of the Norwegian security start-up Defendable, Frode has experience from the government and national CSIRT of Norway, from the global telecom provider Telenor and from the international consulting firm PwC. No matter the company and position, he has always worked on establishing, building and maturing teams and capabilities, and always with the aim of advancing the field of operational cybersecurity
Dr Brian Lee, PROTECTIVE project coordinator
Abstract: In this talk we will review experiences from the PROTECTIVE project with regard to CTI sharing and the mechanics of running a project pilot as well as lessons learned. In the second part of the talk, we will consider recent trends and developments in CTI sharing.
Dr. Brian Lee is the Director of the Software Research Institute in Athlone Institute of Technology in Ireland. He is an experienced researcher and manager having worked in industry and academia in network management and security for many years. His research interests are in data driven security, adaptive security, with particular application to enterprise and edge security.