Can’t You Hear Me Knocking: Novel Security and Privacy Threats to Mobile Users
Prof. Mauro Conti, University of Padua
While Smartphone and IoT devices usage become more and more pervasive, people start also asking to which extent such devices can be maliciously exploited as “tracking devices”. The concern is not only related to an adversary taking physical or remote control of the device, but also to what a passive adversary without the above capabilities can observe from the device communications. Work in this latter direction aimed, for example, at inferring the apps a user has installed on his device, or identifying the presence of a specific user within a network. In this talk, we discuss threats coming from contextual information and to which extent it is feasible, for example, to identify the specific actions that a user is doing on mobile apps, by eavesdropping their encrypted network traffic. We will also discuss the possibility of building covert and side channels leveraging energy consumption and audio signals.
Mauro Conti is an Associate Professor at the University of Padua, Italy. He obtained his Ph.D. from Sapienza University of Rome, Italy, in 2009. After his Ph.D., he was a Post-Doc Researcher at Vrije Universiteit Amsterdam, The Netherlands. In 2011 he joined as Assistant Professor the University of Padua, where he became Associate Professor in 2015. In 2017, he obtained the national habilitation as Full Professor for Computer Science and Computer Engineering. He has been Visiting Researcher at GMU (2008, 2016), UCLA (2010), UCI (2012, 2013, 2014, 2017), TU Darmstadt (2013), UF (2015), and FIU (2015, 2016). He has been awarded with a Marie Curie Fellowship (2012) by the European Commission, and with a Fellowship by the German DAAD (2013). His main research interest is in the area of security and privacy. In this area, he published more than 200 papers in topmost international peer-reviewed journals and conference. He is Associate Editor for several journals, including IEEE Communications Surveys & Tutorials and IEEE Transactions on Information Forensics and Security. He was Program Chair for TRUST 2015, ICISS 2016, WiSec 2017, and General Chair for SecureComm 2012 and ACM SACMAT 2013. He is Senior Member of the IEEE.
You can download the presentation: 20170918_Covert & Side Channels rid
A Federated Architecture for Attribute-based and Behavioral Authentication as a High-Assurance Service
Prof. Michael Sirivianos, Cyprus University of Technology
Michael Sirivianos holds a PhD from Duke University since 2010. His current research interests lie in the fields of security in social networks, trust-aware design of distributed systems, device-centric authentication and federated ID, large scale data processing, and discrimination based on web personal data. He has published papers in the most influential conferences and journals of Networked Systems, including SIGCOMM, NSDI, INFOCOM, IMC and ACM Transactions on Networking. He has extensive experience in EU-funded projects. Specifically, he is the technical manager of the ReCRED project (Horizon 2020 Innovation Action – 2014) and the coordinator of the
ENCASE project (Horizon 2020 Marie Curie RISE – 2015). He is also the co-director of the Network Systems and Science Research Laboratory.
Security in Personal Genomics: Lest We Forget
Prof. Gene Tsudik, University of California, Irvine (UCI)
Genomic privacy has attracted much attention from the research community, mainly since its risks are unique and breaches can lead to terrifying leakage of most personal and sensitive information. The much less explored topic of genomic security needs to mitigate threats of the digitized genome being altered by its owner or an outside party, which can have dire consequences, especially, in medical or legal settings. At the same time, many anticipated genomic applications (with varying degrees of trust) require only small amounts of genomic data. Supporting such applications requires a careful balance between security and privacy. Furthermore, genome’s size raises performance concerns. We argue that genomic security must be taken seriously and explored as a research topic in its own right. To this end, we discuss the problem space, identify the stakeholders, discuss assumptions about them, and outline several simple approaches based on common cryptographic techniques, including signature variants and authenticated data structures. We also present some extensions and identify opportunities for future research. The main goal of this paper is to highlight the importance of genomic security as a research topic in its own right.
Gene Tsudik is a Chancellor’s Professor of Computer Science at the University of California, Irvine (UCI). He obtained his PhD in Computer Science from USC in 1991. Before coming to UCI in 2000, he was at IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). Over the years, his research interests included numerous topics in security, privacy and applied cryptography. Gene Tsudik is a Fulbright Scholar, a Fulbright Specialist, a fellow of ACM, IEEE and AAAS, as well as a member of Academia Europaea. From 2009 to 2015 he was the Editor-in-Chief of ACM Transactions on Information and Systems Security (TISSEC).
Device-centric authentication for future Internet
Prof. Christos Xenakis, University of Piraeus, Greece
With e-commerce now exceeding 1 trillion € per annum and the emergence of Internet of Things, the need for reliable and user-friendly authentication mechanisms is more pressing than ever. A European research project entitled “ReCRED: From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control”, try to address the problems of password-based access control: a) password overload, referring to the inability of users to remember different secure passwords for each one of their accounts; b) identity fragmentation, stemming from the fact that independent identity providers (email, social networks, etc.) create disjoint identity realms, making it difficult for end users to prove joint ownership of accounts, e.g., for reputation transfer or to fend off impersonation attacks; and c) lack of support for attribute-based access control (ABAC), which facilitates account-less access through verified identity attributes (e.g., age or location). ReCRED moves the burden of authentication from the user to the device itself, taking full advantage of smartphones’ inherent capabilities. Smartphones evolve into authentication proxies, where every user account can be securely kept and managed on the device, following the most contemporary technological standards that leverage the benefits of asymmetric cryptography (e.g., FIDO Alliance). Users can be authenticated by their mobile devices, locally, using fingerprint, face recognition, how they walk, type, move around the city, etc. ReCRED also offers two additional innovations: a) the consolidation and management of online user identities and accounts, and b) the issuance of anonymous credentials that verify specific attributes or properties of the users, while guaranteeing the latters’ anonymity.
Christos Xenakis received his B.Sc degree in computer science in 1993 and his M.Sc degree in telecommunication and computer networks in 1996, both from the Department of Informatics and Telecommunications, University of Athens, Greece. In 2004 he received his Ph.D. from the University of Athens (Department of Informatics and Telecommunications). From 1998 – 2001 he was with a Greek telecoms system development firm, where he was involved in the design and development of advanced telecommunications subsystems. From 1996 – 2007 he was a member of the Communication Networks Laboratory of the University of Athens. Since 2007 he is a faculty member of the Department of Digital Systems of the University of Piraeus, Greece, where currently is an Associate Professor, a member of the Systems Security Laboratory and the director of the Postgraduate Degree Programme, on “Digital Systems Security”. He has participated in numerous projects realized in the context of EU Programs (ACTS, ESPRIT, IST, AAL, DGHOME, Marie Curie, Horizon2020) as well as National Programs (Greek). He is the project manager of the ReCRED project funded by Horizon2020 and he was the technical manager of the UINFC2 project funded by DGHOME/ISEC. He is also a steering committee member of the European Cyber Security Challenge 2017. His research interests are in the field of systems, networks and applications security. He has authored more than 70 papers in peer-reviewed journals and international conferences.