ISEA-ISAP 2020

Keynote Speakers

Pre-Conference Talk: 27.02.2020, Thursday, 05.00 PM

Speaker: Shuangqing Wei
Louisiana State University, USA.
Title: Tradeoff between Disclosable and Private Latent Information Revealed via Compressed One: an ADMM-Based Approach

Abstract: In this talk, we will present results attained recently about seeking the optimal tradeoff between disclosable and private information revealed through compressed messages. To do so, we opt to adopt mutual information as a measure of information leakage and compression rate. We note how the original information bottleneck (IB) method could be considered as a possible approach solving the problem. We then discuss how the non-convex nature of our problem makes the IB approach problematic. To address such issues, we propose to introduce a set of auxiliary variables in order to exploit the resulting structure in the transformed objective function, which makes our problem amenable to the Alternating Direction Method of Multipliers (ADMM) framework. Further justification is provided as to the improved local convergence of our proposed randomized ADMM algorithm. Our proposed two different ADMM-based algorithms are then compared with the approach inspired by the original IB setting. Numerical results have provided strong evidence as to the advantages of using our algorithms.

Speaker Bio: Dr. Shuangqing Wei received the B.E. and M.E. degrees in electrical engineering from Tsinghua University in China in 1995 and 1998, respectively. He started his academic career at Louisiana State University (LSU) after receiving Ph.D. from the University of Massachusetts, Amherst in 2003. He is currently a Tenured Professor at the School of Electrical Engineering and Computer Science at LSU and holds Michel B. Voorhies Distinguished Professorship. He is a Senior Member of IEEE and an Editor for the journal IEEE Access. He has served as a Technical Program Committee (TPC) Member for numerous IEEE Flagship communication conferences, such as ICC, Globecom, and MILCOM. His research has been funded by the NSF, AFRL, DOE, and the Board of Regents of Louisiana. His current research interests are mainly about developing fundamental limits of statistical inferences and practical algorithms attaining such limits. He is particularly interested in applying such theoretical studies to complex systems and networks under constraints imposed due to privacy and security concerns.

Personal Website: https://www.lsu.edu/eng/ece/people/Faculty/wei.php#

Keynote-1: 28.02.2020, Friday, 2:00 PM

Speaker: Yong Guan
Iowa State University, USA.
Title of the Talk: A New Quality-Time-As-An-Advantage Paradigm for Zero-Pre-Configuration Pairing Schemes for IoT Devices/Networks.

Abstract: The essence of information assurance resides in the ability to establish secret keys between the legitimate communicating parties. Common approaches to key establishment include public-key infrastructure, key-distribution centers, physical-layer security, or key extraction from common randomness. Of these, the latter two are based on specific natural advantages that the legitimate parties hold over their adversaries – most often, such advantages rely on superior or privileged communication channels. Our efforts in this work tackle a key-establishment protocol that relies on a completely different type of advantage: time. The protocol builds on the idea that when two devices are able to spend a pre-determined, mostly uninterrupted, interval of time in the company of each other, and when such a feat is outside the capability of any realistic attacker, then the legitimate parties should be able to establish a secret key without any prior common information. In this talk, we will present a basic efficient time-based key establishment protocol, and demonstrate how it can be extended to follow customized information transfer functions and deal with predictable fluctuations of wireless interference. This line of research starting from our Adopted-Pet protocol to several most recent developed techniques, has created an exciting set of research opportunities and new paradigm in securing the next-generation wireless networks such as IoT and 5G systems.

Speaker Bio: Dr. Yong Guan is a professor of Electrical and Computer Engineering, the Associate Director for Research of Information Assurance Center at Iowa State University, and Cyber Forensics Coordinator of the NIST Center of Excellence in Forensic Sciences – CSAFE. He received his Ph.D. degree in Computer Science from Texas A&M University in 2002, MS and BS degrees in Computer Science from Peking University in 1996 and 1990, respectively. With the support of NSF, IARPA, NIST, and ARO, his research focuses on security and privacy issues, including digital forensics, network security, and privacy-enhancing technologies for the Internet. The resulted solutions have addressed issues in attack attribution, secure network coding, key management, localization, computer forensics, anonymity, and online frauds detection. He served as the general chair of 2008 IEEE Symposium on Security and Privacy (Oakland 2008, the top conference in security), co-organizer for ARO Workshop on Digital Forensics, and the co-coordinator of Digital Forensics Working Group at NSA/DHS CAE Principals Meetings. Dr. Guan has been recognized by awards including NSF Career Award, ISU Award for Early Achievement in Research, the Litton Industries Professorship, and the Outstanding Community Service Award of IEEE Technical Committee on Security and Privacy.

Personal Website: http://home.engineering.iastate.edu/~guan/

Keynote-2: 29.02.2020, Saturday, 9:30 AM

Speaker: Prabhat Mishra
University of Florida, USA.
Title of the Talk: Securing Hardware for Designing Trustworthy Systems.

Abstract: System-on-Chip (SoC) is the brain behind computing and communication in a wide variety of systems, starting from simple electronic devices in smart homes to complex navigation systems in airplanes. Reusable hardware Intellectual Property (IP) based SoC design has emerged as a pervasive design practice in the industry to dramatically reduce SoC design and verification cost while meeting aggressive time-to-market constraints. Growing reliance on these pre-verified hardware IPs, often gathered from untrusted third-party vendors, severely affects the security and trustworthiness of computing platforms. These IPs may come with deliberate malicious implants to incorporate undesired functionality, undocumented test/debug interface working as hidden backdoor, or other integrity issues. It is crucial to evaluate the integrity and trustworthiness of third-party IPs for designing trustworthy systems. In this talk, I will introduce a wide variety of hardware security vulnerabilities, design-for-security solutions, and possible attacks and countermeasures. I will briefly describe how the complementary abilities of simulation-based validation, formal verification as well as side channel analysis can be effectively utilized for comprehensive SoC security and trust validation. The talk will conclude with a discussion on application-specific security solutions as well as future hardware security challenges.

Speaker Bio: Prabhat Mishra is a Professor in the Department of Computer and Information Science and Engineering at the University of Florida. He is a UF Preeminence Term Professor, the Research Director of the Nelms Institute for the Connected World, and a member of the Florida Institute of Cybersecurity. He received his Ph.D. in Computer Science and Engineering from the University of California at Irvine in 2004. His research interests include embedded and cyber-physical systems, hardware security and trust, energy-aware computing, formal verification, system-on-chip validation, and quantum computing. He has published 7 books, 25 book chapters, 12 patents/copyrights, and more than 150 research articles in premier international journals and conferences. His research has been recognized by several awards including the NSF CAREER Award, IBM Faculty Award, ten best paper awards and nominations, and EDAA Outstanding Dissertation Award. Prof. Mishra currently serves as an Associate Editor of ACM Transactions on Design Automation of Electronic Systems and IEEE Transactions on VLSI Systems. He is an ACM Distinguished Scientist and a Senior Member of IEEE.

Personal Website: https://www.cise.ufl.edu/~prabhat/

Keynote-3: 29.02.2020, Saturday, 2:00 PM

Speaker: Rami Puzis
Ben Gurion University, Israel
Title of the Talk: Mastering the Social Networks.

Abstract: Online social networks are abundant sources of information and are ubiquitous interaction mediums. Low communication barriers make them a treasure mine of personal information. The many tools for social network analysis and mining are used by both adversaries and law enforcement in a constant cat and mouse game. For example, link prediction algorithms can be used to identify acquaintances that a person would rather not expose and the same algorithms can be used to pinpoint intruders. Fake profiles are used by terrorists and criminal organizations and by those who hunt them down. It is important to identify influencers for planning an appropriate brand managing campaign and for efficient disinformation spreading. And the list continues. This talk will discuss various problems, tools, and algorithms for social network analysis, framing them in set of pre-attack activities performed by a hacker trying to infiltrate a target organization.

Speaker Bio: Rami Puzis received the BSc (honors) degree in software engineering, and the MSc (honors) and PhD (honors) degrees in information systems engineering, all from Ben-Gurion University. He is a senior lecturer (assistant prof.) with the Department of Software and Information Systems Engineering, Ben-Gurion University. He was a post-doctoral research associate with the Lab for Computational Cultural Dynamics, University of Maryland. His main research interests include network analysis and network mining with applications to security, social networks, biological networks, and computer communication. Over the past years, he has managed multiple research projects funded by Deutsche Telekom AG, Dell-EMC, Verint, IBM, Amdocs, Israeli Ministry of Defense, Israeli Ministry of Trade and Commerce, and leading cybersecurity industries in Israel. His recent research projects focused on web intelligence, cyber threat intelligence, security awareness, metabolic pathway prediction, and disinformation in social networks.

Personal Website: https://faramirp.wixsite.com/puzis

Keynote-4: 01.03.2020, Sunday, 11:45 AM

Speaker: Rajeev Barua
University of Maryland, USA.
Title of the Talk: Malware Analysis: Beating the Bad Guys.

Abstract: The battle between malware writers and malware detection teams is an arms race that is not letting up. Malware writers constantly devise new ways of exploiting system vulnerabilities, and new methods to hide from detection. In response malware detection teams have responded with new technologies to detect malware. This talk will overview the latest industry trends in malware detection, and discuss some of the latest research in the author's research group and company. We will discuss how malware hides from detection, and how to turn the tables on malware.

Speaker Bio: Dr. Rajeev Barua is a Professor of Electrical and Computer Engineering at the University of Maryland. He is also the Founder and CEO of Second Write LLC, which commercializes binary rewriting technology his research group developed at the university. He received his Ph.D in Computer Science and Electrical Engineering from the Massachusetts Institute of Technology in 2000. Dr. Barua is a recipient of the NSF CAREER award in 2002, and of the UMD George Corcoran Award for teaching excellence in 2003, and the UMD Jimmy Lin Award for innovation in 2014. He was a finalist for the Inventor of the Year Award in 2005 given by the Office of Technology Commercialization at the University of Maryland. He received the President of India Gold Medal for graduating from the Indian Institute of Technology during his B.Tech graduation in 1992 with the highest GPA in the university that year. Over the years, he has served on several NSF panels and on the program committees of several leading academic conferences. Dr. Barua's research interests are in the areas of program analysis, cyber security, binary rewriters, embedded systems, and computer architecture.

Personal Website: https://ece.umd.edu/clark/faculty/361/Rajeev-Barua

Keynote-5:

Speaker: Colonel Inderjeet Singh
Chief Cyber Security officer, Vara Technology Pvt Ltd.
Title of the Talk: AI in Cyber Defence

Abstract: Artificial intelligence (AI) is a transformative dual-use technology that can provide organizations with better cyber defense tools and help adversaries improve methods of attack.Understand the fundamentals of AI, the differences between various techniques used to process data and the drawbacks to each approach .Artificial Intelligence (AI), in particular, is expected to become significant in many fields. Some forms of AI enable machine learning like deep learning can be used to perform predictive analytics. Their potential for the defence domain is huge as AI solutions are expected to emerge in critical fields such as cyber defence, decision-support systems, risk management, pattern recognition, cyber situation awareness, projection, malware detection and data correlation to name but a few.

Speaker Bio: Colonel Inderjeet Singh is the Chief Cyber Security Officer and Head of the Cyber Security Center of Excellence at Vara Technology. In this role, he is instrumental in building the Cyber Security Business Unit for the Group. He is working on the disruptive technologies in the Cyber Security Space for securing IT networks, Smart cities and Critical Information Infrastructure. He served in the Indian Defence Forces, is Alumnus of IIT Kharagpur and Symbiosis Institute of Management, Pune. He is an experienced Information Systems professional with experience of more than 27+ year across wide spectrum of areas spanning Information Security ,Risk Management, Cyber Security, Cyber Forensics, Cyber Warfare, Cyber Terrorism, Expertise in SOC and CERT, Internet of Things (IoT) including IoT Security, Blockchain and Cryptonomics, Machine Learning and artificial Intelligence and Smart Cities. He has held prestigious appointments while in Indian Army and has been CIO of E-Commerce Company. He has also served in United Nation Mission in Democratic Republic of Congo. He is visionary for Start-Up Incubation, Entrepreneurship Development, Strategic Consulting and New Technology Evaluation for commercial viability. He is a Subject Matter Expert on latest innovative Technological domains and effectively managed mission critical projects.

He has consistently delivered mission-critical results in the field of in Information Security Management, Cyber Security, Cyber Warfare and Cyber Risk Management. He is a Council Member of CET (I) and fellow of IETE, IE, Member CSI and Executive Council Member Society for Data Science, Member Information Systems Audit and Control Association (ISACA), IEE, ISOC, IOT for Smart Cities Task Force (IoT4SCTF), Cloud Computing Innovation Council of India (CCICI), Internet Engineering Task Force (IETF), USI and many other professional bodies.

He has been consistently been awarded while in Army and was awarded "Magnificent CIO of the Year "Award in year 2016 and “Excellence Award” by International Police Commission (IPC) in the year 2019

Industry Talk: 29.02.2020, Saturday, 4:45 PM

Speaker: Bedanta Choudhury
NXP Semiconductors, Noida
Title of the Talk: Secure Connectivity for a Smarter World.

Abstract: Our pursuit as humanity to make the world increasingly smarter is causing an unprecedented wave of creation of devices that can increasingly imitate humans. Just like humans, the smart devices of today are increasingly being able to sense its environment, think i.e. process vast amount of information, connect i.e. communicate with other devices, and eventually act i.e. take intelligent decisions. The smart device could be as simple as a classical IoT node or as complex as a modern automobile robot on wheels. The vast ocean of interconnected devices, sensing, thinking, intercommunicating and acting collectively to make the world smarter, comes along with its own unique challenges. One key challenge is that of security – any vulnerability to cyber-attacks or potential breach of trust can not only bring a smart system to a standstill but also make it act in a counterproductive and even dangerous way. Therefore modern day intelligent systems including automobiles that provide advanced ADAS features, smart in-vehicle experiences and cutting edge V2X connectivity, must be architected and designed with Security as a fundamental prerequisite and not an after-thought. This talk will touch upon the contours of security-by-construct architecture and design approach for modern day electronic systems and embedded devices, crucial for the sustainability of the mammoth matrix of intelligence spun by billions of smart devices.

Speaker Bio: Bedanta is a global leader in semiconductor design engineering and management with 18 plus years of proven expertise in VLSI & SoC design, steering global cross functional projects, innovation programs, and in building and nurturing global semiconductor teams. He served as the Organizing Chair of the 32nd International Conference on VLSI Design, New Delhi. He is currently working with NXP Semiconductors, as SoC RTL Front End Integration Manager and global Requirements Manager for NXP Automotive Microcontrollers, and leading CTO Innovation Boards and Strategy Task Forces on Tools, Flows & Methodology. Before joining NXP, he served in various roles at STMicroelectronics. He was responsible for Technology and Design Platform Marketing at ST with focus on FD-SOI, CMOS and derivative technology nodes, and associated design platforms (Foundation Libraries, Analog IPs, PDK, Design Flow). Earlier he served as a Technical expert on Full Custom Design Methodologies & Design for Manufacturing (DFM) at STMicroelectronics. He pioneered the DFM ecosystem in ST as a part of the Crolles2Alliance program among ST, NXP & Freescale. He authored several technical papers (winning multiple best paper awards) in global EDA/CAD conferences. Bedanta did his B.E (Hons.) Electrical & Electronics from BITS Pilani in 2001, and was the MBA Gold Medalist from IIFT New Delhi, in 2007. He was also the State Topper in the Higher Secondary School Leaving Certificate Examination under Assam Higher Secondary Education Council in 1997.

Industry Talk: 29.02.2020, Saturday, 5:30 PM

Speaker: Prabhu Kumar
Cisco, Bangalore
Title of the Talk: Secure your Organizations Network

Abstract: Organizations frequently have simple business goals that they want their security architecture to facilitate; for example, they may want only traders to access trading systems, or only doctors to access patient records. However, when these policies are implemented, they traditionally need to be translated into network security rules that define users and servers by their IP addresses, subnet, or site. The resulting rules are no longer simple to understand and may not clearly correlate with the original business goals. They also do not account for user, device, or server roles, leading to some complexity in how protected assets are classified, and are at risk of misconfiguration. Network security is a leading concern for every business owner, CIO and network administrator. Considering its importance, it’s surprising that most Enterprise security models still rely so heavily on manual intervention when things do go wrong. It is widely accepted that the weakest link in network security is the human user, usually through inadvertent bad practice. Attackers use social engineering techniques to take advantage of this, defeating even the most secure networks by tricking users into disclosing sensitive information. In 2017, the University of Illinois ran a “baiting” experiment where USB drives were left near building entrances. Forty-five percent of those USB drives were inserted into network-connected devices. Therein lies the proof—users can inadvertently attack at any time. In addition to user behavior, security can be compromised via the unmanaged devices connected to a network, such as IoT sensors, printers or machine-programmable controllers.

Network segmentation is essential for protecting critical business assets. But traditional segmentation approaches are operationally complex. You need to scale the network and still restrict access to critical applications in the data center while improve situational awareness on the network. As the number of roles and endpoints increase within an organization, the cost for managing virtual LANs (VLANs) can be significant. Balancing the demands for agility and security requires a new approach. Threat Response should leverage an integrated security architecture that automates integrations across security products. It can help you accelerate key security operations functions such as detection, investigation, and remediation. With Cisco TrustSec technology, organizations can control access to network segments and resources by context and user, device, and location, according to their security policy and have an effective threat response strategy.

Speaker Bio: Prabhu S is an Innovator, Coder, Networking & Platform Infrastructure Software Architect. He is a networking specialist with expert level knowledge on how networks are designed, built and operated. His areas of expertise include Security, Networking protocols, Linux and Network Analytics. He is currently the lead architect for Security & Manageability aspects of the Intent Based Networking Stack at Cisco.

Industry Talk: 29.02.2020, Saturday, 6:15 PM

Speaker: Aditi Bhatnagar
Microsoft IDC, Hyderabad
Title of the Talk: Android Threat Landscape- An industrial perspective.

Abstract: Mobile endpoints have drastically drifted the security landscape. In a world where every person owns a personal device, several privacy and security concerns have evolved. The talk brings forward the state of Android Threat Landscape from an industrial perspective. We will walk through the different threats that prevail and will dive deep into their platform-specific operational details. The talk will also focus on what kind of challenges are there when we try to defend Android platforms from such threats.

Speaker Bio: Aditi Bhatnagar is a security enthusiast, has been with Microsoft for last four years. She has previously worked as Data Scientist in Bing and presently working as a Software Engineer in End Point Security team at Microsoft. A graduate from DAIICT, she has previously interned with Electronic Frontier Foundation and has been active in conducting academic accelerator programs by Google and Microsoft. She is an advocate of digital privacy, security and digital wellbeing and has a keen interest in researching the several aspects of evolving relationship between humans and technology which she oftenwrites about in her blogs. She has conducted several talks and workshops and also started an initiative named Digitised to spread awareness regarding the same.