TITLE: Data Protection in the Cloud
ABSTRACT: The rapid advancements in Information and Communication Technologies (ICTs) have enabled the emerging of the "cloud" as a successful paradigm for conveniently storing, accessing, processing, and sharing information. With its significant benefits of scalability and elasticity, the cloud paradigm has appealed companies and users, which are more and more resorting to the multitude of available providers for storing and processing data. Unfortunately, such a convenience comes at a price of loss of control over these data and consequent new security threats that can limit the potential widespread adoption and acceptance of the cloud computing paradigm. In this talk I will illustrate some security and privacy issues arising in the cloud scenario, focusing in particular on the problem of guaranteeing confidentiality and integrity of data stored or processed by external providers.
BIO: Pierangela Samarati is a Professor at the Department of Computer Science of the Universita degli Studi di Milano. Her main research interests are: data security and privacy; access control policies, models and systems; information system security; and information protection in general. She has participated in several projects involving different aspects of information protection. On these topics she has published more than 230 peer-reviewed articles in international journals, conference proceedings, and book chapters. She has been Computer Scientist in the Computer Science Laboratory at SRI, CA (USA). She has been a visiting researcher at the Computer Science Department of Stanford University, CA (USA), and at the Center Center for Secure Information System of George Mason University, VA (USA). She is the chair of the IEEE Systems Council Technical Committee on Security and Privacy in Complex Information Systems (TCSPCIS), of the Steering Committees of the European Symposium on Research in Computer Security (ESORICS), and of the ACM Workshop on Privacy in the Electronic Society (WPES). She is member of several steering committees. She is ACM Distinguished Scientist (named 2009) and IEEE Fellow (named 2012). She has been awarded the IFIP TC11 Kristian Beckman award (2008) and the IFIP WG 11.3 Outstanding Research Contributions Award (2012).
ABSTRACT: TPM2.0 This talk is an introduction to the architecture and use of TPM2.0 - the new Trusted Platform Module. TPM2.0 fixes and regularizes some of the behaviors in earlier devices, as well as adding algorithm agility and simplifying device and key management. I’ll describe the capabilities of the new TPM including one or two of the novel new features. TPM2.0 is unique in specifications of this kind in that it is machine readable and executable. This feature has been used by vendors to build "real" TPM devices, but this also means that anyone can use tools to take the specification apart and build new things like TPM-simulators and testers. I’ll describe the structure of the executable specification, and how we used these techniques to develop some open-source TPM-programming libraries.
BIO: Paul England is a Software Architect at Microsoft. He has worked on many platform security technologies over the last decade or so: He co-invented sealing and attestation, and then led the incorporation of these technologies into the original TPM specification. He also designed - and then worked with hardware partners to deliver - several of the newer secure-boot and isolation technologies that are now common in CPUs. He currently runs a research and incubation group investigating security, storage and networking. On the security side, recent successes have included editing the new TPM2.0 specification, helping with the Windows-8 TPM-related security features, and working with hardware partners to incorporate TPMs at low cost into many current microprocessors. Prior to Microsoft Paul was manager of a team of researchers and technologists at Bell Communications Research (Bellcore). He worked on early web services, distributed systems, high-performance computing and multimedia servers.Paul has a Ph.D. in physics from Imperial College London, and a B.Sc. in physics from the University of Birmingham.
TITLE: Sweet Dreams and Nightmares: Security in the Internet of Things
ABSTRACT: Wireless embedded devices are predominant in the IoT: Objects tagged with RFID and NFC technology, smartphones, and other embedded tokens interact from device to device and thereby often process information that is security or privacy relevant for humans. For protecting sensitive data and preventing attacks, many embedded devices employ cryptographic algorithms and authentication schemes. In the past years, various vulnerabilities have been found in commercial products that enable to bypass the security mechanisms. Since a large number of the devices in the field are in the hands of potential adversaries, implementation attacks (such as side-channel analysis and reverse engineering) can play a critical role for the overall security of a system. At hand of several examples of assailable commercial products we demonstrate the potential impact of the found security weaknesses and illustrate "how to not do it".
BIO: Timo Kasper studied electrical engineering and information technology at the Ruhr-University Bochum and at the University of Sheffield, UK. In 2006, his Diploma thesis "Embedded Security Analysis of RFID Devices" won the first place award for IT security (CAST, Darmstadt). Timo Kasper has been research assistant at the Chair for Embedded Security of the Horst Görtz Institute for IT Security (HGI) since October 2006. He completed his studies 2011 with a PhD in Engineering. In 2012, his PhD thesis "Security Analysis of Pervasive Wireless Devices - Physical and Protocol Attacks in Practice" won the first place award for IT security (CAST, Darmstadt). Timo is co-founder of Kasper & Oswald GmbH offering innovative products and services for security engineering.
His field of research covers the security of embedded cryptographic systems such as smartcards, microcontrollers, and FPGAs, with a focus on RFID and wireless applications. Timo Kasper has experience with security analyses and penetration testing, implementation attacks (side-channel analysis, fault injection), reverse engineering, and system-level approaches such as man-in-the-middle attacks. He is skilled in implementing cryptography on embedded systems and efficiently securing them with countermeasures. His publications demonstrate various security vulnerabilites of real-world applications, e.g., by breaking an access control system (KeeLoq, Crypto 2008), a payment system (Financial Crypto 2010), and the security mechanism of widespread FPGAs (ACM CCS 2011).
TITLE: Lightweight and Secure Cryptographic Implementations for the Internet of Things
ABSTRACT: There is a growing insight that if we build Internet functionality into every object, it will be essential for broad acceptability that security and privacy features are protected from day one. The old approach of first rolling out the system and thinking about security and privacy later will no longer work. Cryptographic algorithms form an essential element to protect the Internet of Things; moreover, this environment will impose ever higher requirements for the algorithms in terms of performance, security, and cost. For many settings algorithms tradeoffs are expected that offer an improvement of one order of magnitude compared to existing standards. The talk will present an overview of the issues that need to be addressed for such an optimization to be successful.
BIO: Prof. Bart Preneel received the Electr. Eng. and Ph.D. degrees from the KU Leuven (Belgium). He is a full professor at the KU Leuven where he heads the COSIC research group. He was visiting professor at five universities in Europe. He has authored more than 400 scientific publications and is inventor of 4 patents. His main research interests are cryptography, information security and privacy. Bart Preneel has participated to more than 30 EU funded projects and has coordinated five of those including the EU NoE ECRYPT. He has served as panel member and chair for the European Research Council. Since 1997 he is serving on the Board of Directors of the IACR (International Association for Cryptologic Research), from 2002-2007 as vice president and from 2008-2013 as president. He is a member of the Permanent Stakeholders group of ENISA and of the Academia Europaea. He has served on the advisory board of several companies and EU projects. He has served as program chair of 15 international conferences and he has been invited speaker at more than 90 conferences in 40 countries. In 2014 he received the RSA Award for Excellence in the Field of Mathematics.