WiSec 2017

Keynotes

Tuesday, 9-10am

ALGORAND A Truly Distributed Ledger

Abstract. A distributed ledger is a tamperproof sequence of data that can be read and augmented by everyone. Distributed ledgers stand to revolutionize the way a democratic society operates. They secure all kinds of traditional transactions –such as payments, asset transfers, titling– in the exact order in which they occur; and enable totally new transactions ---such as cryptocurrencies and smart contracts. They can remove intermediaries and usher in a new paradigm for trust. As currently implemented, however, distributed ledgers cannot achieve their enormous potential.

Algorand is a quite alternative, truly democratic, and very efficient way to implement a distributed ledger. Unlike prior implementations based on proof of work, it requires a negligible amount of computation, and generates a transaction history that will not “fork” with overwhelmingly high probability.

Biography. Silvio Micali has received his Laurea in Mathematics from the University of Rome, and his PhD in Computer Science from the University of California at Berkeley. Since 1983 he has been on the faculty of the Electrical Engineering and Computer Science Department at MIT.

Silvio’s research interests are cryptography, zero knowledge, pseudo-random generation, secure protocols, mechanism design, and distributed ledgers.

Silvio is the recipient of the Turing Award (in computer science), the Gödel Prize (in theoretical computer science), and the RSA prize (in cryptography). He is a member of the National Academy of Sciences, the National Academy of Engineering, and the American Academy of Arts and Sciences.

Tuesday, 1:30-2:30pm

Secure Hardware Platforms for the Internet of Things (IoT)

Abstract. The Internet is expanding into the physical world, connecting billions of devices. In this Internet of Things, two contradictory trends are appearing. On the one hand, the cost of security breaches is increasing as we place more responsibilities on the devices that surround us. On the other hand, wireless computing elements are becoming small, unsupervised, and physically exposed. Unfortunately, existing systems do not address many new attacks, such as resource sharing and physical attacks.

Hardware to the rescue! This talk will describe how secure systems can be built from the ground up. Physical Unclonable Functions (PUFs) are a tamper resistant way of establishing shared secrets with a physical device. They rely on the inevitable manufacturing variations between devices to produce private keys that can be used as a hardware root of trust in a secure processor. Architectural isolation can be used to secure computation on a remote secure processor with a private key where the privileged software is potentially malicious as recently deployed by Intel's Software Guard Extensions (SGX). The Sanctum secure processor architecture offers the same promise as SGX, namely strong provable isolation of software modules running concurrently and sharing resources, but is much more lightweight and protects against an important class of additional software attacks that infer private information by exploiting resource sharing.

Biography. Srini Devadas is the Webster Professor of Electrical Engineering and Computer Science at the Massachusetts Institute of Technology (MIT) where he has been on the faculty since 1988. Devadas's research interests span Computer-Aided Design (CAD), computer security and computer architecture. He is a Fellow of the IEEE and ACM. He has received the 2014 IEEE Computer Society Technical Achievement award, the 2015 ACM/IEEE Richard Newton technical impact award, and the 2017 IEEE Wallace McDowell award for his research. Devadas is a MacVicar Faculty Fellow and an Everett Moore Baker teaching award recipient, considered MIT's two highest undergraduate teaching honors.

Wednesday, 9 - 10am

A Tale of 2 Emerging Paradigms – IoT & 5G: Security Research Challenges & Opportunities

Abstract. This talk will explore security for a couple of emerging paradigms (IoT & 5G). (1) IoT Security: In the past couple of years, there has been an increasing trend of security issues in the IoT context. With the projected exponential growth of connected devices, an IoT attack has significant security implications for device-owner as well as enterprise targets. Due to cost and energy constraints, security is often left out or becomes an afterthought, creating serious vulnerabilities in IoT systems. The consequences of IoT system compromise can be catastrophic, since life and physical property is usually at stake. Thus it is important to establish a foundation for Trustworthy, Safe, and Reliable IoT systems. We will present an overview of the research challenges and opportunities in building such a secure IoT foundation. (2) 5G Security: While previous generations of cellular technology (including LTE) were designed to connect every human being with ever faster connectivity, 5G has the additional ambition to connect not just all the people but also all Things on this planet. Operators are looking for cheaper and quicker ways to deploy new IoT services on the same physical network, which would require network optimizations and innovations for these new applications. 5G must meet aggressive performance targets without compromising security and privacy requirements. A set of concepts are being embraced by the operators including SW Defined Networking (SDN), Network Function Virtualization (NFV), Network Slicing, Cloud-Radio Access Network (CRAN), Mobile Edge Computing (MEC). These concepts are likely to introduce new threat surfaces and deserve careful consideration and co-design with security.

Biography. Anand Rajan is the Senior Director of the Emerging Security Lab at Intel Labs. He leads a team of researchers whose mission is to investigate novel security features that raise the assurance of platforms across the compute continuum (Cloud to Wearables). The topics covered by his team span Trustworthy Execution Environments (TEE), IoT & Mobile Security, Cryptography, and Security for Emerging Paradigms (e.g. Autonomous Systems, 5G). Anand is a Principal Investigator for Intel’s research collaboration with academia, government, and commercial labs on Trustworthy Platforms. He is the mentor for the Security Research Sector of Intel’s Corporate Research Council. Anand was an active member of the IEEE WG that crafted the P1363 (public-key crypto) standard. Anand and team developed the Common Data Security Architecture specification that was adopted as a worldwide standard by The Open Group. His team was also instrumental on several security standardization efforts (e.g. PKCS#11, BioAPI, UPnP-Security, & EPID). Prior to joining Intel in 1994, Anand was technical lead for the Trusted-UNIX team at Sequent Computer Systems and worked on development and certification of a TCSEC B1-level Operating System

Thursday, 12:15-1:15pm

Scattered Trust and Computing

Abstract. The explosion of connected devices, enabled by small wireless devices in conjunction with cloud services, offers an opportunity and a challenge for what, in a more cosily comfortable time might have been called Trusted Distributed Computing. "Distributed computing" suggests a more controlled and planned deployment with a steady state of computing inventory and selected users but in the "Scattered trust" model is a much more dynamic environment with sensors, programs, back-ends, networks and end point computing devices whose identity and variety is not specifically anticipated. Yet it will be even more important to have an adequate, well understood trust model, for our digital lives underpinned by better resilience and vastly more data. I'll talk about the "Scattered Trust" model and how it might evolve as well as the underlying research and deployment issues.

Biography. John Manferdelli is Professor of the Practice and Executive Director of the Cybersecurity and Privacy Institute at Northeastern University. Immediately prior to that he was Engineering Director for Production Security Development at Google.

Prior to Google, John was a Senior Principal Engineer at Intel Corporation and co-PI (with David Wagner) for the Intel Science and Technology Center for Secure Computing at the University of California at Berkeley. He was also a member of the Information Science and Technology advisory group at DARPA and is a member of the Defense Science Board

Prior to Intel, John Manferdelli was a distinguished engineer at Microsoft and was an affiliate faculty member in computer science at the University of Washington. He was responsible for computer security, cryptography and systems research, as well as research in quantum computing. At Microsoft, John also worked as a senior researcher, software architect, product unit manager, general manager at Microsoft and was responsible the development of the next-generation secure computing base technologies and the rights management capabilities currently integrated into Windows, for which he was the original architect. He joined Microsoft in February 1995 when it acquired his company, Natural Language Inc., based in Berkeley, Calif.

At Natural Language, Manferdelli was the founder and, at various times, vice president of research and development and CEO. Other positions he has held include staff engineer at TRW Inc., computer scientist and mathematician at Lawrence Livermore National Laboratory, and principal investigator at Bell Labs. He was also an adjunct associate professor at Stevens Institute of Technology.

Manferdelli’s professional interests include cryptography and cryptographic mathematics, combinatorial mathematics, operating systems, and computer security. He is author of many papers of computer security, high performance computing, cryptography, has given invited talks on high performance computing quantum computing and computer security and signal processing and has been awarded many patents. He is also a licensed Radio Amateur (AI6IT).

Manferdelli has a bachelor’s degree in physics from Cooper Union for the Advancement of Science and Art and a PhD in mathematics from the University of California, Berkeley.