Sep 2021 - Workshop
Workshop on Security, Privacy and Trust for Wearable Devices

location_on Heraklion
WST1 - 'Security of 4G and 5G cellular networks' by Elisa Bertino
Speaker | Affiliation | Talk | Mode | |
---|---|---|---|---|
Elisa Bertino | Purdue Universityn | Security of 4G and 5G cellular networks | bertino@cs.purdue.edu | Remote |
Abstract |
---|
As the world moves to 4G and 5G cellular networks, security and privacy are paramount importance and new tools are needed to ensure them. For example, LTEInspector is a model-based testing approach that combines a symbolic model checker and a cryptographic protocol verifier in the symbolic attacker model. Using it, researchers have uncovered 10 new attacks along with 9 prior attacks, categorized into three abstract classes (i.e., security, user privacy, and disruption of service), in three procedures of 4G LTE. Notable among the findings is the authentication relay attack that enables an adversary to spoof the location of a legitimate user to the core network without possessing appropriate credentials. To ensure that the exposed attacks pose real threats and are indeed realizable in practice, 8 of the 10 new attacks have been validated and their accompanying adversarial assumptions have been put through a real testbed. On-going work in addressing some of those vulnerabilities points the way toward an agenda of further research. |
Bio |
---|
Elisa Bertino is professor of Computer Science at Purdue University. She serves as Director of the Purdue Cyberspace Security Lab (Cyber2Slab). Prior to joining Purdue, she was a professor and department head at the Department of Computer Science and Communication of the University of Milan. She has been a visiting researcher at the IBM Research Laboratory in San Jose (now Almaden), at the Microelectronics and Computer Technology Corporation, at Rutgers University, at Telcordia Technologies. She has also held visiting professor positions at the Singapore National University and the Singapore Management University. Her main research interests include security, privacy, database systems, distributed systems, and sensor networks. Her recent research focuses on cybersecurity and privacy of cellular networks and IoT systems, and on edge analytics for cybersecurity. Elisa Bertino is a Fellow member of IEEE, ACM, and AAAS. She received the 2002 IEEE Computer Society Technical Achievement Award for “For outstanding contributions to database systems and database security and advanced data management systems”, the 2005 IEEE Computer Society Tsutomu Kanai Award for “Pioneering and innovative research contributions to secure distributed systems”, and the 2019-2020 ACM Athena Lecturer Award. |
WST2 - 'Safeguarding against Information Exposure From Consumer IoT Devices' by Hamed Haddadi
Speaker | Affiliation | Talk | Mode | |
---|---|---|---|---|
Hamed Haddadi | Imperial College, London | Safeguarding against Information Exposure From Consumer IoT Devices | h.haddadi@imperial.ac.uk | In presence |
Abstract |
---|
Consumer Internet of Things devices often come with a range of sensors and actuators, require access to a variety of personal data sources and continuous internet connectivity, and are equipped with a variety of embedded pre-trained Machine Learning (ML) models. In this talk, I will present our recent findings on privacy threats from these devices and potential mitigation strategies using selective blocking of device activities and destinations. I will then discuss the ways in which we can leverage novel architectures to provide private, trusted, personalised, and dynamically-configurable models on consumer devices to cater for heterogeneous environments and user requirements. |
Bio |
---|
Hamed is a Reader in Human-Centred Systems and the Director of Postgraduate Studies at the Dyson School of Design Engineering at Imperial College London. He leads the Systems and Algorithms Laboratory and serves as a Security Science Fellow of the Institute for Security Science and Technology. He is also a Visiting Professor at Brave Software where he works on developing privacy-preserving analytics protocols. |
WST3 - 'Characterizing abhorrent misinformative and mistargeted content on YouTube' by Michael Sirivianos
Speaker | Affiliation | Talk | Mode | |
---|---|---|---|---|
Michael Sirivianos | University of Cyprus | Characterizing abhorrent misinformative and mistargeted content on YouTube | michael.sirivianos@cut.ac.cy | In presence |
Abstract |
---|
YouTube has revolutionized the way people discover and consume video content. Although YouTube facilitates easy access to hundreds of well-produced educational, entertaining, and trustworthy news videos, mistargeted, misinformative, and abhorrent content is also common. The platform is plagued by various types of inappropriate content including: 1) disturbing videos targeting young children; 2) hateful and misogynistic content; and 3) pseudoscientific and conspiratorial content. While YouTube’s recommendation algorithm plays a vital role in increasing user engagement and YouTube’s monetization, its role in unwittingly promoting problematic content is not entirely understood. In this presentation, I will shed some light on the degree of abhorrent, misinformative, and mistargeted content on YouTube and the role of the recommendation algorithm in the discovery and dissemination of such content. Following a data-driven quantitative approach, we analyze thousands of videos posted on YouTube. Specifically, we devise various methodologies to detect problematic content, and we use them to simulate the behavior of users casually browsing YouTube to uncover: 1) the risks of YouTube media consumption by young children; 2) the role of YouTube’s recommendation algorithm in the dissemination of hateful and misogynistic content, by focusing on the Involuntary Celibates (Incels) community; and 3) user exposure to pseudoscientific misinformation on various parts of the platform and how this exposure changes based on the user’s watch history. In a nutshell, our analysis reveals that young children are likely to encounter disturbing content when they randomly browse the platform starting from benign videos relevant to their interests and that YouTube’s currently deployed counter-measures are ineffective in terms of detecting them in a timely manner. By analyzing the Incel community on YouTube, we find that not only Incel activity is increasing over time, but platforms may also play an active role in steering users towards extreme content. Finally, when studying pseudoscientific misinformation, we find among other things that YouTube suggests more pseudoscientific content regarding traditional pseudoscientific topics (e.g., flat earth) than for emerging ones (like COVID-19), and that these recommendations are more common on the search results page than on a user’s homepage or the video recommendations (up-next) section. |
Bio |
---|
Michael is an Assistant Professor of Computer Engineering and Informatics. He holds a PhD from Duke University since 2010. His research interests include trust-aware design of distributed systems, device-centric authentication, federated identity management, discrimination based on personal data, cybersafety (cyberbullying detection, cybergrooming detection, characterization and detection of hate speech, detection of inappropriate videos targeting young children, and characterization and suppression of false information), transactional workload scalability, measurement of blockchain systems.He has published articles in the most influential conferences and journals of Networked Systems, including ACM SIGCOMM, USENIX NSDI, ACM IMC, USENIX ATC, AAAI ICWSM, IEEE INFOCOM, IEEE ICDCS, IEEE/ACM Transactions on Networking, and ACM Transactions on the Web. He has extensive experience leading EU-funded projects. Specifically, he was the technical manager of the ReCRED project (Horizon 2020 Innovation Action - 2014) and the coordinator of the ENCASE project (Horizon 2020 Marie Curie RISE - 2015). He is also a member of the Board of Directors of the Research Centre of Excellence on Interactive media, Smart systems, and Emerging Technologies (RISE). His work on fringe web communities, hate speech, disinformation, and disturbing content on YouTube had extensive coverage in major news outlets, including The New York Times, Washington Post, The Atlantic, New Scientist, Business Insider, Quartz, Wired, and El Pais. |
WST4 - 'Side and Covert Channels: the Dr. Jekyll and Mr Hyde of Modern Technologies' by Mauro Conti
Speaker | Affiliation | Talk | Mode | |
---|---|---|---|---|
Mauro Conti | University of Padova | Side and Covert Channels: the Dr. Jekyll and Mr Hyde of Modern Technologies | mauro.conti@unipd.it | Remote |
Abstract |
---|
While Smartphone and IoT devices usage become more and more pervasive, people start also asking to which extent such devices can be maliciously exploited as “tracking devices”. The concern is not only related to an adversary taking physical or remote control of the device, but also to what a passive adversary without the above capabilities can observe from the device communications. Work in this latter direction aimed, for example, at inferring the apps a user has installed on his device, or identifying the presence of a specific user within a network. In this talk, we discuss threats coming from contextual information and to which extent it is feasible, for example, to identify the specific actions that a user is doing on mobile apps, by eavesdropping their encrypted network traffic. We will also discuss the possibility of building covert and side channels leveraging timing, heat, energy consumption, and audio signals, to steal information from mobile devices, as well as inferring keypresses, password & PINs. |
Bio |
---|
Mauro Conti is Full Professor at the University of Padua, Italy. He is also affiliated with TU Delft and University of Washington, Seattle. He obtained his Ph.D. from Sapienza University of Rome, Italy, in 2009. After his Ph.D., he was a Post-Doc Researcher at Vrije Universiteit Amsterdam, The Netherlands. In 2011 he joined as Assistant Professor the University of Padua, where he became Associate Professor in 2015, and Full Professor in 2018. He has been Visiting Researcher at GMU, UCLA, UCI, TU Darmstadt, UF, and FIU. He has been awarded with a Marie Curie Fellowship (2012) by the European Commission, and with a Fellowship by the German DAAD (2013). His research is also funded by companies, including Cisco, Intel, and Huawei. His main research interest is in the area of Security and Privacy. In this area, he published more than 400 papers in topmost international peer-reviewed journals and conferences. He is Area Editor-in-Chief for IEEE Communications Surveys & Tutorials, and has been Associate Editor for several journals, including IEEE Communications Surveys & Tutorials, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Information Forensics and Security, and IEEE Transactions on Network and Service Management. He was Program Chair for TRUST 2015, ICISS 2016, WiSec 2017, ACNS 2020, and General Chair for SecureComm 2012, SACMAT 2013, CANS 2021, and ACNS 2022. He is a member of the Blockchain Expert Panel of the Italian Government. He is Senior Member of the IEEE and ACM. He is Fellow of the Young Academy of Europe. |
WST5 - 'Automated cybersecurity for Internet-connected Things' by Shahid Raza
Speaker | Affiliation | Talk | Mode | |
---|---|---|---|---|
Shahid Raza | RISE, Stockholm | Automated cybersecurity for Internet-connected Things | shahid.raza@ri.se | In presence |
Abstract |
---|
Asymmetric cryptography has long been considered infeasible for resource-constrained devices. However, since the new IoT devices are equipped with sufficient RAM, flash, a standard 32-bit CPU and crypto hardware it is possible to bring internet-grade security to IoT. Also, the lack of a user interface and unattended deployments hinder relying on traditional methods of initial authentication using a username and a password (which also becomes the weakest link in security). Therefore, an automated security with strong digital identities that also supports Public Key Infrastructure (PKI) is inevitable for IoT. A number of PKI providers offer or claim PKI solutions for IoT. However, none of them covers long-life battery-powered or energy-harvesting devices, without breaking end-to-end security. This talk will present PKI building blocks for resource-constrained IoT devices, and highlight current standardization efforts around this. It will also touch how our work facilities the implementation of the new EU Cybersecurity Act: the cybersecurity certification for IoT. |
Bio |
---|
Shahid Raza is the Director of Cybersecurity at RISE where he leads a team of 20 technical security experts. He is also the founder and leader of RISE Cyber Range, a unique cybersecurity test and demo arena in Kista, Stockholm. Shahid’s primary research interest is all aspects of IoT security; only in the last two years he has received over 1500 citations on his research work on IoT security, published in prestigious journals and conferences of the area. Shahid holds a Master of Science in cybersecurity from KTH (2009) and an industrial PhD degree from Mälardalen University for this work on IoT security at RISE (2013). Shahid is also an Associate Professor in Uppsala University where he has five PhD students as the main supervisor. Shahid is also active on EU cybersecurity activities, where he represents RISE in (i) the EU Stakeholder Cybersecurity Certification Group (SCCG), (ii) the EU Cyber Security Organisation (ECSO), (iii) the EARTO Defense and Security working group, and (iv) the Management Board of H2020 CONCORDIA pilot project. He has also been a part of over 15 FP7/Horizon 2020 projects at different roles; the latest is the H2020 ARCADIAN-IoT (May 2021) where he is the technical project leader (the project review has received 15/15 scores). [www.shahidraza.net] |
WST6 - 'Sense & Sensibility in Sports: Personal & Interdependent Wearables that Work' by Arthur van der Wees
Speaker | Affiliation | Talk | Mode | |
---|---|---|---|---|
Arthur van der Wees | Arthur's Legal B.V., Amsterdam | Sense & Sensibility in Sports: Personal & Interdependent Wearables that Work | vanderwees@arthurslegal.com | Remote |
Abstract |
---|
Finding the right symbiosis between sporter, devices and algorithms while going for Gold is not an easy feat. Making sure those are not only functioning but also can be trusted, preserve integrity and can demonstrate accountability is an even more complex one. Acknowledging that sports, sporters, devices, systems and data have many multiple interdepencencies, in (near)real-time, makes playing sport and going for Gold more challenging and full of exciting new opportunities, while raising the bar of fair play. Wearables, data and smart applications may be main enablers, as an asset, means and friend. It can however also be ones foe. Hence, we need to understand each of them, as well as the combination and interdepencies. Therefore, during this session we will start with categorizing the many wearables and other human-to-x-ables that are – or may become – available. Transparency leads to trust. To make it work, combining and balancing out both functionals and non-functionals is an essential success factor. |
Bio |
---|
Arthur van der Wees is senior attorney at law, standardization and policy expert worldwide with in-depth experience of technology, consumer and other human-centric cyber-physical systems, data, trust, trustworthiness & accountability. He is managing director of Arthur's Legal, Strategies & Systems, an international strategic law firm, which for once has been supporting the Dutch olympic and sport federation at large as well as for instance the volleyball federation with data strategies, privacy and related topics. He is founding member of the Alliance for IoT Innovation (AIOTI), where he is leading the Security & Privacy in IoT Taskforces. He is (co-)author of various publications about innovation, digital transformation, data, Edge, IoT, robotics, AI, autonomous systems, security, safety and privacy and trust. He has contributed to several EU and other regulations, standards and policy instruments for the Digital Age. Furthermore he is advisory board member respectively partner in more than 14 European projects where IoT, wearables (and other Human2x-ables) and human values are generally part of, and board member of several institutes including the Institute for Accountability the Digital Age, and the New Trust Foundation. He studied and obtained his degree in computer, privacy, intellectual property rights, business law, and human rights at Leiden University. |