Prof. Rei Safavi-Naini (University of Calgary)
Professor of Computer Science
Title: Smart contracts in refereed secure computation
Smart contracts are trusted programs that run on a blockchain based decentralized computing environment. A smart contract can serve as a trusted referee in secure multiparty computation.
In this talk we look at two multiparty computation protocols that use a referee, and show security and privacy challenges of implementing the referee by a smart contract. We also suggest approaches to address these challenges.
About Rei Safavi-Naini
Rei Safavi-Naini is the AITF Strategic Chair in Information Security and a founding Director of Institute for Security, Privacy and Information Assurance at the University of Calgary. Before joining the University of Calgary in 2007 as the iCORE Chair in Information Security, she was a Professor of Computer Science and the Director of Telecommunication and Information Technology Research Institute (now ICT Research Institute) at the University of Wollongong Australia.
She has over 300 refereed publications, has served as an Associate Editor of IEEE Transactions on Information Theory, ACM Transactions on Information and System Security (TISSEC), and is currently an Associate Editor of IEEE Transactions on Dependable and Secure Computing, IET Information Security and Journal of Mathematical Cryptology.
She has served as Program Chair/co-Chair of numerous conferences, most recently, ACM CCSW 2014, Financial Cryptography 2014, ACNS 2013 and Crypto 2012. She is a member of the Steering Committee of International Conference in Information Theoretic Security and ACM CCS Cloud Computing Security Workshop.
She has a PhD in Electrical Engineering from University of Waterloo, Canada.
Her current research interests are cryptography, information theoretic security, quantum-safe cryptography, network and communication security and privacy, and Cloud security and privacy.
Melissa Chase (Microsoft Research Redmond)
Researcher in the Cryptography group at Microsoft Research Redmond
Title: Identity in E2E encrypted messaging: “My messages are encrypted, but who am I talking to?”
In end-to-end (E2E) encrypted messaging, a user’s messages are encrypted on their device with a key not known to the service provider and not decrypted until the arrive at the recipient’s device. This is considered to provide strong privacy guarantees, even against a corrupt or compromised service provider. There has been a successful line of work looking at how best to allow the two users to derive the keys used to encrypt these messages. However, most works assume that the parties begin with one another’s public key and omit the question of how the users obtain and verify these keys. Note that this is crucially important – if a corrupt service provider can replace each user’s public key with one for which it knows the secret key, it can undetectably man-in-the middle all of the communication between the two parties. In this talk I will first survey the current state of identity in these messaging services and then present two recent results. The first result shows how the service provider can host a privacy preserving and transparent public key directory which allows the user (or more accurately their device) to verify that correct keys are given out on their behalf. The second result considers the group setting and shows how groups of users can view and manage the list of group members without the service provider learning which (if any) groups any user belongs to.
About Melissa Chase
Melissa Chase is a principal researcher in the cryptography group at Microsoft Research Redmond. Her research focuses on defining and constructing cryptographic protocols and primitives, with an emphasis on provable security and privacy-motivated applications. She has been at Microsoft for 12 years; before that she received a B.S. in Computer Science and Mathematics from Harvey Mudd College, and an M.S. and Ph.D. in Computer Science from Brown University. She has worked in a variety of areas within cryptography, including anonymous credentials, attribute based encryption, design of signature schemes and zero knowledge proofs, and more recently efficient PSI and systems for end-to-end encryption
Prof. Dr.-Ing. Tibor Jager (Bergische Universität Wuppertal)
Professor in the School of Electrical, Information and Media Engineering
Title: Real-World Cryptography from an Academic Perspective: TLS 1.3 and its Security
The TLS protocol family is the most widely-used cryptographic security mechanism in practice, used not only in https:// connections, but also to protect e-mail, VoIP, and many other applications. This talk will give an overview of the most recent protocol version TLS 1.3 and its security from an academic perspective.
About Tibor Jager
Tibor's research addresses fundamental open research questions on the theoretical foundations of real-world cryptography.
He finished his PhD in 2011 at the Horst Görtz Institute of Ruhr-University Bochum, under the supervision of Prof. Jörg Schwenk. After Postdoc positions at the Karlsruhe Institute of Technology and Ruhr-University Bochum, he was appointed associate professor for IT security at Paderborn University in 2016 and is a full professor of IT security and cryptography at Bergische Universität Wuppertal since 2019.
He has published 50+ research papers in cryptography and IT security, received an ERC Grant in 2018 and the IETF Best Contribution Award to TLS 1.3 in 2016.
Prof. Yingjiu Li (University of Oregon)
Ripple Professor in the Department of Computer and Information Science
Title: Robust Android Malware Detection
Despite intensive research over 10 years, Android malware detection still faces substantial challenges including frequent changes in the Android framework, the existence of noisy labels in large-scale up-to-date datasets, and the continuous evolution of Android malware. The consequences of ignoring these challenges are multifold. One is the fast decline of malware detection accuracy over time due to the use of out-of-date malware detection feature sets, the ignorance of new APIs and changed APIs, and the failure of capturing emerging malware patterns. On the other hand, the use of noisy datasets leads to distorted training of malware detection models, unfair evaluation of malware detection performance, and unidentified false positives and false negatives.
To address these challenges, this talk summarizes three robust malware detection approaches, including DroidEvolver, SDAC, and a noise detection framework. Adapting to the frequent changes in the Android framework and the continuous evolution of Android malware, DroidEvolver automatically and continually updates itself during malware detection without any human involvement. While most existing malware detection systems can be updated by retraining on new applications with true labels, DroidEvolver requires neither retraining nor true labels to update itself, mainly due to the insight that DroidEvolver makes necessary and lightweight update using online learning techniques with evolving feature set and pseudo labels. The detection performance of DroidEvolver is evaluated on a dataset of 33,294 benign applications and 34,722 malicious applications developed over a period of six years. Using 6,286 applications dated in 2011 as the initial training set, DroidEvolver achieves high detection F-measure (95.27%), which only declines by 1.06% on average per year over the next five years for classifying 57,539 newly appeared applications. This performance of DroidEvolver is significantly better than what was reported in the literature.
SDAC addresses the same model aging problem using a different approach. SDAC evolves effectively by evaluating new APIs’ contributions to malware detection according to existing APIs’ contributions. In SDAC, the contributions of APIs are evaluated by their contexts in the API call sequences extracted from Android apps. A neural network is applied on the sequences to assign APIs to vectors, among which the differences of API vectors are regarded as their semantic distances. SDAC then clusters all APIs based on their semantic distances to create a feature set in the training phase, and extends the feature set to include all new APIs in the detecting phase. Without being trained, SDAC can adapt to the use of new APIs in the detection phase. In extensive experiments with datasets dated from 2011 to 2016, SDAC achieves a significantly higher detection accuracy and slower aging speed than DroidEvolver with certain overhead.
Another challenge is that training data may contain noisy labels and it is challenging to make the training data noise-free at a large scale. To address this problem, we propose a generic framework to reduce the noise level of training data for the training of any machine learning-based Android malware detection. Our framework makes use of all intermediate states of two identical deep learning classification models during their training with a given noisy training dataset to generate a noise-detection feature vector for each input sample. The framework then applies a set of unsupervised outlier detection algorithms on all noise-detection feature vectors to reduce the noise level of the given training data before feeding it to any machine learning-based Android malware detection approach. In our experiments with three different Android malware detection approaches, the framework can detect significant portions of wrong labels in different training datasets at different noise ratios and thus improve the performance of Android malware detection significantly.
About Yingjiu Li
Yingjiu Li is currently a Ripple Professor in the Department of Computer and Information Science at the University of Oregon. He obtained his PhD degree in Information Technology with a focus on Cybersecurity from at the George Mason University in 2003.
His research interests include IoT Security and Privacy, Mobile and System Security, Applied Cryptography and Cloud Security, and Data Application Security and Privacy. He has published over 140 technical papers in international conferences and journals, and served in the program committees for over 130 international conferences and workshops, including top-tier cybersecurity conferences.
Dr. Tieyan Li (Head of Digital Trust, Shield Lab. Huawei)
Title: Digital Identity: A Long Journey from Centralization to Decentralization
In digitalized world, a major portion of our daily activities are online, especially in the pandemic from early 2020. How you present yourself online has serious security and privacy implications. The tuple of Identity, Data and Algorithm are the three key elements for any online transaction, in which identity is the interactive subject defining a digital entity, e.g., a person, an IoT device, or a legal entity. For different online businesses, a person might present herself/himself with different identities, while nowadays a majority of these identities are administered by centralized authorities, like ID card, email, web or social network accounts. On one hand, the centralized model gives users less hassle on managing their identities by themselves; on the other hand, it suffers single point of failure in terms of security. More seriously, users’ online activities are fully exposed to those authorities, who tend to directly or indirectly sell these behavioral data to any third party as their typical business models, thus putting users’ privacy in danger. A promising approach, called self-sovereign identity, is to let users hold their identities by themselves, hoping that they could have full control over their identities and activities, thus disabling all illegitimate usages out of their control. While the decentralized model sounds ideal on preserving users’ security and privacy, the active endeavors in this community encounter non-trivial problems, such as oracle, infrastructure, performance, and governance issues. In this talk, we highlight the pros and cons of these models, and explore future research directions.
About Tieyan Li
Dr. Tieyan Li is an expert on security and applied cryptography, and a technology generalist on applications, systems and networks. He is currently leading research on Digital Trust-building the trust layer for future digital world, and previously on mobile platform, IoT security, and AI security at Shield Lab., Singapore Research Center, Huawei Technologies.
Dr. Li received his Ph.D. Degree in Computer Science from National University of Singapore. From that on, he was a security scientist at Institute for Infocomm Research, I2R Singapore.
Dr. Li has more than 20 years experiences and is proficient in security design, architect, innovation and practical development. He was also active in academic security fields with tens of publications and many patents. Dr. Li has served as the PC members for many security conferences, and is an influential speaker in industrial security forums. His current research topics include: Trustworthy AI (e.g., adv. robustness, transparency, fairness), Trustworthy Computing (e.g., exploit mitigation, secure enclave), Trustworthy Identity (e.g., DID, SSI), and Trust Infrastructure (e.g., Blockchain).