Title: Lightweight Cryptography - Security under Challenging Conditions

Speaker: Maria Eichlseder (Graz University of Technology)

Maria Eichlseder
Date: November 15th, 2023
Abstract: Integrating cryptographic algorithms in IoT systems and other constrained environments is often difficult due to limited resources and additional security challenges. Driven by this demand, NIST has initiated a lightweight cryptography competition between 2019 and 2023. Among 57 submissions, Ascon has been selected as the new standard for authenticated encryption and hashing. In this talk, we show how Ascon was designed to address the specific challenges in the IoT, including security, performance, and footprint. Since ciphers are not used in an ideal world, we show how Ascon also improves robustness against certain implementation attacks and mistakes.

Bio: Maria Eichlseder is assistant professor of Cryptography at Graz University of Technology. Her research interests include the design and cryptanalysis of symmetric cryptographic algorithms, such as hash functions and authenticated encryption algorithms and their underlying primitives. She co-designed Ascon, a lightweight authenticated cipher that was selected by NIST as new standard for lightweight cryptography in 2023. She defended her Ph.D. sub auspiciis praesidentis in 2018 and visited Ruhr-Universität Bochum and Radboud University Nijmegen as a guest researcher.

Title: …those who can’t, teach?

Speaker: Herbert Bos (Free University of Amsterdam)

Herbert Bos
Date: November 16th, 2023
Abstract : There is a surprising disconnect between academic security researchers and non-academic security researchers, sometimes known as the hacking community at large, often with mutual contempt for each other’s accomplishments. “Those who can, do”, hackers quote Bernard Shaw, and “those who can’t, teach.” At the same time, one of the worst things you can say about academic work is that it is “just a hack”, or “just engineering”. Is it true that university professors have been mostly useless in moving security forward? And is non-academic security research “just engineering”? That sounds unlikely. In this presentation, I will elaborate on the gulf separating the two worlds, highlight the accomplishments of both sides, and discuss with the audience how we may bridge this gap.

Bio: Herbert Bos is full professor at Vrije Universiteit Amsterdam where he co-leads the VUSec Systems Security group. His research interests include OS design, microarchitectural attacks and defenses, fuzzing, exploitation, networking, and dependable systems. He is very proud of his current and former students whose research results have led to five PWNIE Awards as well as changes in all major operating systems, all major browsers and all Intel CPUs. He is a member of the Electoral Council and the Dutch Cyber Security Council (as of November 2023). He is no fan of climate skeptics and xenophobes, but he loves the Beatles.

Title: Attacking Machine Learning Models

Speaker: Yang Zhang (CISPA Helmholtz Center for Information Security)

Yang Zhang
Date: November 17th, 2023
Abstract : Machine learning has made tremendous progress during the past decade. While improving our daily lives, recent research shows that machine learning models are vulnerable to various security and privacy attacks. In this talk, I will cover our three recent works in this field. First, I will talk about some recent development in membership inference. Second, I will present link stealing attacks against graph neural networks. In the end, I will introduce model hijacking attacks.

Bio: Yang Zhang is a tenured faculty (equivalent to full professor) at CISPA Helmholtz Center for Information Security, Germany. His research concentrates on trustworthy machine learning. Moreover, he works on measuring and understanding misinformation and unsafe content like hateful memes on the Internet. Over the years, he has published multiple papers at top venues in information security, including CCS, NDSS, Oakland, and USENIX Security. His work has received the NDSS 2019 distinguished paper award and the CCS 2022 best paper award runner-up.