Information Security Group
Royal Holloway - UK
University of London
Sept 3rd 9:00-10:00
Vertex Building Auditorium
Analysing Leakage from Encrypted Database Systems
Support for range queries on numerical data is fundamental to database systems. This explains why many recent proposals for encrypted database systems attempt to maintain this functionality "in the encrypted domain". In this talk, I will discuss the security of such systems in two distinct attack settings. In the first setting, the adversary learns the access patterns, that is, which sets of records are returned in response to different range queries; this corresponds to an honest-but-curious database server. In the second setting, the adversary learns only the volumes of the responses, that is, the numbers of records returned in response to range queries. This corresponds to a network adversary who sees only encrypted communications between a client making queries and the database server. I will describe various attack strategies and their performance for the two different settings, and explain what they tell us about the current state-of-the-art in designing encrypted database systems. If time permits, I will also point out new and intriguing connections with the mathematics underlying machine learning.
Kenny Paterson is a professor of the Information Security Group at Royal Holloway. B.Sc. in from the University of Glasgow and a Ph.D. from the University of London, both in Mathematics. He was a Royal Society Fellow at Institute for Signal and Information Processing at the Swiss Federal Institute of Technology, Zurich, and after that, he was a Lloyd's of London Tercentenary Foundation Research Fellow at Royal Holloway, University of London. After 3 years in Hewlett-Packard Laboratories Bristol, he joined the Information Security Group at Royal Holloway.
His research over the last decade has mostly been in the area of Cryptography, with a strong emphasis being on the analysis of deployed cryptographic systems and the development of provably secure solutions to real-world cryptographic problems. He co-founded the Real World Cryptography series of workshops to support the development of this broad area and to strengthen the links between academia and industry.
School of Information Systems
Singapore Management University (SMU)
Sept 4th 9:00-10:00
Vertex Building Auditorium
End-to-End Secure Mobile Computing in the Internet of Things
With the introduction of 5G systems in the near future, the landscape of mobile computing will change dramatically. The mobile ecosystem will not only consist of mobile devices in human hands but also embedded devices and the cloud. This talk will provide an overview of the research projects at the Secure Mobile Centre, Singapore Management University. Our goal is to achieve end-to-end security in the MGC (eMbedded-Gateway-Cloud) architecture in which embedded and mobile devices send data via a gateway to the cloud for outsourced data storage and analytics. We study techniques on fortifying mobile/embedded platforms, mobile malware analysis and detection, secure and usable user authentication in portable devices, and efficient sharing and computation of encrypted data in the cloud. A common feature of all our projects is that we build prototypes to assess the efficiency and practicality of the proposed techniques and systems.
Robert Deng is AXA Chair Professor of Cybersecurity and Director of the Secure Mobile Centre, School of Information Systems, Singapore Management University (SMU). His research interests are in the areas of data security and privacy, cloud security and Internet of Things security. He received the Outstanding University Researcher Award from National University of Singapore, Lee Kuan Yew Fellowship for Research Excellence from SMU, and Asia-Pacific Information Security Leadership Achievements Community Service Star from International Information Systems Security Certification Consortium. He serves/served on many editorial boards and conference committees. Including the editorial boards of IEEE Security & Privacy Magazine, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Information Forensics and Security, Journal of Computer Science and Technology, and Steering Committee Chair of the ACM Asia Conference on Computer and Communications Security. He is an IEEE Fellow.
University of California
Irvine - US
Sept 5th 9:00-10:00
Vertex Building Auditorium
Mitigating Tension between Security and Safety in Low-End Embedded Devices.
Remote attestation (RA) is a means of malware detection, typically realized as an interaction between a trusted verifier and a potentially compromised remote device (prover). RA is especially relevant for low-end embedded devices that are incapable of protecting themselves against malware infection. Most current RA techniques require on-demand and uninterruptible (atomic) operation. The former fails to detect transient malware that enters and leaves between successive RA instances; the latter involves performing potentially time-consuming computation over prover's memory and/or storage, which can be harmful to the device's safety-critical functionality and general availability. However, relaxing either on-demand or atomic RA operation is tricky and prone to vulnerabilities. This paper identifies some issues that arise in reconciling requirements of safety-critical operation with those of secure remote attestation, including detection of transient and self-relocating malware. It also investigates mitigation techniques, including periodic self-measurements as well as interruptible attestation modality that involves shuffled memory traversals and various memory locking mechanisms.
This talk is based, in part, on joint work with N. Rattanavipanon, I. Oliveira Nunes, K. Eldefrawy, X. Carpent and A. Sadeghi.
An earlier version of this talk was presented at DAC '18 -- 55th Annual Design Automation Conference.
Gene Tsudik is a Chancellor's Professor of Computer Science at the University of California, Irvine (UCI). He obtained his PhD in Computer Science from USC in 1991. Before coming to UCI in 2000, he was at IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). His research interests include many topics in security, privacy and applied cryptography. Gene Tsudik is a Fulbright Scholar, Fulbright Specialist (twice), a fellow of ACM, a fellow of IEEE, a fellow of AAAS, and a foreign member of Academia Europaea. From 2009 to 2015 he served as Editor-in-Chief of ACM Transactions on Information and Systems Security (TISSEC, renamed to TOPS in 2016). Gene was the recipient of 2017 ACM SIGSAC Outstanding Contribution Award.