TITLE: A Next-generation Secure Internet Architecture for the 21st Century
ABSTRACT: The Internet has been successful beyond even the most optimistic expectations. It permeates and intertwines with almost all aspects of our society and economy. The success of the Internet has created a dependency on communication as many of the processes underpinning the foundations of modern society would grind to a halt should communication become unavailable. However, much to our dismay, the current state of safety and availability of the Internet is far from commensurate given its importance.
Although we cannot conclusively determine what the impact of a 1-day, or 1-week outage of Internet connectivity on our society would be, anecdotal evidence indicates that even short outages have a profound negative impact on society, businesses, and government. Unfortunately, the Internet has not been designed for high availability in the face of malicious actions by adversaries. Recent patches to improve Internet security and availability have been constrained by the current Internet architecture, business models, and legal aspects. Moreover, there are fundamental design decisions of the current Internet that inherently complicate secure operation Given the diverse nature of constituents in today's Internet, another important challenge is how to scale authentication of entities (e.g., AS ownership for routing, name servers for DNS, or domains for TLS) to a global environment. Currently prevalent PKI models (monopoly and oligarchy) do not scale globally because mutually distrusting entities cannot agree on a single trust root, and because everyday users cannot evaluate the trustworthiness of each of the many root CAs in their browsers.
To address these issues, we propose SCION, a next-generation Internet architecture that is secure, available, and offers privacy by design; that provides incentives for a transition to the new architecture; and that considers economic and policy issues at the design stage. We have implemented SCION and deployed it in the production networks of 2 ISPs.
BIO: Adrian Perrig is a Professor at the Department of Computer Science at ETH Zürich, Switzerland, where he leads the network security group. He is also a Distinguished Fellow at CyLab, and an Adjunct Professor of Electrical and Computer Engineering, and Engineering and Public Policy at Carnegie Mellon University. From 2002 to 2012, he was a Professor of Electrical and Computer Engineering, Engineering and Public Policy, and Computer Science (courtesy) at Carnegie Mellon University; From 2007 to 2012, he also served as the technical director for Carnegie Mellon's Cybersecurity Laboratory (CyLab). He earned his Ph.D. degree in Computer Science from Carnegie Mellon University under the guidance of J.D. Tygar, and spent three years during his Ph.D. degree at the University of California at Berkeley. He received his B.Sc. degree in Computer Engineering from EPFL. Adrian's research revolves around building secure systems -- in particular his group is working on the SCION secure future Internet architecture.
TITLE: Securing wireless networks: bridging theory and practice
ABSTRACT: Devices with wireless capabilities, appearing at an accelerated pace, are expected to be essentially everywhere. Simply put, a wireless revolution in the making. Public safety networks, sensor networks, industrial control networks, vehicular networks, they can all offer new services. Such networks, often based on communication across multiple wireless hops, can be ephemeral, volatile, and dense, as well as necessitate self-organization. Moreover, wireless protocols can be strongly dependent on physical properties that should be properly understood. Last but not least, solutions should remain efficient as the network size grows. These issues are fundamental from a security point of view too; with a large body of work, systems or theoretical, on securing wireless networks available already. The challenge is two-fold: to treat rigorously and reason about security properties that emerge in wireless networks; and to identify fundamental limits on what is achievable in terms of network security. The overarching challenge is to build on useful theoretical results towards deploying (even more) secure wireless networks.
In this talk, we consider secure and fault tolerant communication in wireless networks, concerned exactly with the need to bridge theory and practice. We look at fundamental secure networking building blocks (secure neighborhood discovery, as part of secure route discovery, and secure data communication). We first discuss why capturing salient features of wireless systems is paramount towards designing proven secure protocols; we dwell on the practicality of such secure protocols. We then transition to efficient secure and reliable communication in multi-hop settings. Even with powerful, scalable protocols available, the best achievable secure rate has been largely elusive. We discuss how practical investigations can lead to novel models that capture such fundamental limits. Making one step further into this information-theoretic system view, we discuss how secure (confidential) communication could be achieved at zero-cost without cryptographic primitives. The caveats of such enticing results highlight, again, the need to bridge theory and practice. If time permits, we close, along the same lines, with a brief outline of key establishment protocols, practical yet on solid theoretical foundations.
BIO: Panagiotis (Panos) Papadimitratos earned his Ph.D. degree from Cornell University, Ithaca, NY, in 2005. He then held positions at Virginia Tech, EPFL and Politecnico of Torino. Panos is currently a tenured Associate Professor at KTH, Stockholm, Sweden, where he leads the Networked Systems Security group. His research agenda includes a gamut of security and privacy problems, with emphasis on wireless networks. At KTH, he is affiliated with the ACCESS center, leading its Security, Privacy, and Trust thematic area, as well as the ICES center, leading its Industrial Competence Group on Security. Panos is a Knut and Alice Wallenberg Academy Fellow and he received a Swedish Science Foundation Young Researcher Award. He has delivered numerous invited talks, keynotes, and panel addresses, as well as tutorials in flagship conferences. Panos currently serves as an Associate Editor of the IEEE Transactions on Mobile Computing and the ACM/IEEE Transactions on Networking. He has served in numerous program committees, with leading roles in numerous occasions; notably, in 2016, as the program co-chair for the ACM WiSec and the TRUST conferences.
TITLE: Controlling Leakage and Disclosure Risk in Big Data applications
ABSTRACT: In Big Data environments, information is made available as huge data sets or streams, collected and analyzed at different locations, asynchronously and under the responsibility of different authorities. It has become common for such data to be de-normalized, replicated and shuffled in other to boost performance of Big Data applications.
Intuition suggests that such Big Data techniques may also boost security risks; for example they may:
- increase leakage risk by increasing the value for the attacker per unit of information leaked
- increase intrusion risk, making injection attacks (i.e. attacks aimed at poisoning data for subverting the outcome of analytics) more effective per unit of poisoned information injected.
However, no clear methodology is currently available for quantifying the impact of these boosters. This talk will discuss a (semi-)quantitative technique for computing Big Data leakage risk estimates, in order to meaningfully compare them with the quantifiable benefits of semantic enrichment. Also, it will discuss a model and a toolkit for protecting data streams based on the idea of dynamic filters, incrementally built based on the applicable Access Control policy and on the analytics to be performed.
BIO: Ernesto Damiani is the Director of the Information Security Research Center at Khalifa University, Abu Dhabi, and the leader of the Big Data Initiative at the Etisalat British Telecom Innovation Center (EBTIC). Ernesto is on extended leave from the Department of Computer Science, Università degli Studi di Milano, Italy, where he leads the SESAR research lab and coordinates several large scale research projects funded by the European Commission, the Italian Ministry of Research and by private companies such as British Telecom, Cisco Systems, SAP, Telecom Italia and many others. Ernesto’s research interests include business process analysis and privacy-preserving Big Data analytics. Ernesto is the Principal Investigator of the TOREADOR H2020 project on models and tools for Big data-as-a-service. He is a recipient of the Chester-Sall Award from IEEE IES and of the 2016 Stephen S. Yau Award from IEEE ICWS/Services Society.