The 13th International Conference on Information Security and Cryptology

November 3-5, 2017, Xi'an, China

Sponsored by

Keynote Speakers

Elisa Bertino, Purdue University, United States

Title: Security and Privacy in the IoT

The Internet of Things (IoT) paradigm refers to the network of physical objects or "things" embedded with electronics, software, sensors, and connectivity to enable objects to exchange data with servers, centralized systems,  and/or other connected devices based on a variety of communication infrastructures. IoT makes it possible to sense and control objects creating opportunities for more direct integration between the physical world and computer-based systems. IoT will usher automation in a large number of application domains, ranging from manufacturing and energy management (e.g. SmartGrid), to healthcare management and urban life (e.g. SmartCity). However, because of its fine-grained, continuous and pervasive data acquisition and control capabilities, IoT raises concerns about security and privacy. Deploying existing security solutions to IoT is not straightforward because of device heterogeneity, highly dynamic and possibly unprotected environments, and large scale. In this talk, after outlining key challenges in IoT security and privacy, we present initial approaches to securing IoT data, including firewall techniques to prevent IoT devices to be compromised and used by botnets.

Bio: Elisa Bertino is currently a Professor of Computer Science with Purdue University and serves as Research Director of the Center for Education and Research in Information Assurance and Security. Her main research interests include security, privacy, digital identity management systems, database systems, distributed systems, and multimedia systems. She is a fellow of the Association for Computing Machinery, and has been named a Golden Core Member for her service to the IEEE Computer Society.

Yang Xiang, Swinburne University of Technology, Australia

Title: AI-Driven Cyber Security

Today we have evidenced massive cyber attacks, such as WannaCry ransomware, having hit millions of people in more than 150 countries with billions of dollars lose. Cyber security has become one of the top priorities globally in the research and development agenda.

Recent years, Artificial Intelligence (AI) has been widely used in numerous fields and industries, including finance, healthcare, education, and transportation, supported by a diversity of datasets from a huge number of sources in different domains. These datasets consist of multiple modalities, each of which has a different representation, distribution, scale, and density.

People have recognized that AI technologies are some of the most effective defenses against cyber intrusions. Cyber security companies are increasingly looking to AI to improve defense systems and create the next generation of cyber protection. A few important questions have been asked, such as:

• How AI models learn and understand what is normal and what is abnormal on a system?

• How AI that uses machine learning and other technologies can differentiate benign or harmful binary or source codes?

• How can hackers bypass AI-driven security solutions?

Although AI has been talked as one of the game-changing technologies for cyber security, many doubts still persist. New methods and tools, consequently, must follow up in order to adapt to this emerging security paradigm. In this talk, we will discuss the concept of AI-Driven Cyber Security and how data analytics can be used to address the security and privacy problems in cyberspace.

Bio: Professor Yang Xiang received his PhD in Computer Science from Deakin University, Australia. He is currently the Director of Centre for Cyber Security Research at Deakin University. His research interests include network and system security, distributed systems, and data analytics. He has published more than 200 research papers in international journals and conferences, such as IEEE Transactions on Computers, IEEE Transactions on Parallel and Distributed Systems, IEEE Transactions on Information Security and Forensics, and IEEE Transactions on Dependable and Secure Computing. He serves as the Associate Editor of IEEE Transactions on Computers, Security and Communication Networks (Wiley), and the Editor of Journal of Network and Computer Applications (Elsevier). He is a Senior Member of the IEEE.

Mirosław Kutyłowski, Wroclaw University of Science and Technology, Poland

Title: On Crossroads of Privacy Protection

For a long time privacy protection have been understood as a protection of private sphere and separation between public and private life. This is about to change dramatically due to increasing role of IT systems. Expansion of Internet of Things makes the problem even harder, as attacks against these systems get easier, when "private" information about IoT artefacts becomes disclosed.

Privacy protection understood as reducing the amount of identification information to the minimal level necessary to perform a given functionality is going to become one of the fundamental good practices.

Privacy protection on one hand and necessity of strong authentication seem to be contradictory goals. Fortunately, there are cryptographic schemes that create a firm basis for solving this problem effectively. According to such a scheme a user holds cryptographic personal keys for creating pseudonymous identities. The same keys can be used to prove ownership of these identities by means of signatures corresponding to them. On the other hand, different identities and signatures of the same person are unlinkable, unless a fundamental cryptographic problem has been broken. Still, this does not enable Sybil attacks -- misusing anonymity for protecting own misbehavior.

Bio: Miroslaw Kutylowski is full professor at Wroclaw University of Technology. He is a member of Research Council of Institute of Computer Science at Polish Academy of Sciences and an elected member of Polish State Commission for Academic Titles. In his carreer hewas a Humboldt Fellowat Technical University of Darmstadt, and Hochschuldozent at Heinz Nixdorf Institute, University of Paderborn, and professor at Institute of Computer Science, Wroclaw University. He has received MISTRZ Award from Foundation for Polish Science, IBM Faculty Award and 2013 Award from Polish Chamber of Information Technology and Telecommunications He has been active in different bodies concerning egovernment issues, in particular concerning interface between ICT and legal systems. His research is focused on algorithms in distributed systems, privacy, security and cryptography.

Yunlei Zhao, Fudan University, China

Title: Generic and Efficient Lattice-Based Key Exchange from Key Consensus with Noise

In this work, we abstract some key ingredients in previous lattice-based key exchange protocols, by introducing and formalizing the building tool, referred to as key consensus (KC) and its asymmetric variant AKC. KC and AKC allow two communicating parties to reach consensus from close values obtained by some secure information exchange. We then discover upper bounds on parameters for any KC and AKC. KC and AKC are fundamental to lattice based cryptography, in the sense that a list of cryptographic primitives based on lattice (including key exchange, public-key encryption, and more) can be modularly constructed from them. As a conceptual contribution, this much simplifies the design and analysis of these cryptosystems in the future.

We then design and analyze both general and highly practical KC and AKC schemes, which are referred to as OKCN and AKCN respectively for presentation simplicity. Based on KC and AKC, we present generic constructions of key exchange (KE) from LWR, LWE, RLWE and MLWE with delicate analysis of error rates. The generic construction allows versatile instantiations with our OKCN and AKCN schemes, for which we elaborate on evaluating and choosing the concrete parameters in order to achieve a well-balanced performance among security, computational cost, bandwidth efficiency, error rate, and operation simplicity.

Bio:Yunlei Zhao received the Ph.D degree in computer science in 2004 from Fudan University, Shanghai, China. In the same year, he joined Hewlett-Packard European Research Center, Bristol, UK, as a Postdoc researcher. Since 2005, he worked at Fudan University, and is currently a professor at Software School, Fudan University. His research interests include theory and applications of cryptography, information security, and the interplay between complexity theory and cryptography.

Kui Ren, University at Buffalo, United States

Title: The Dual Role of Smartphones in IoT Security

The world is entering the era of Internet of Things (IoT) with numerous innovations under the way, including smart manufacturing and smart living. In IoT, the interconnected physical devices of various forms, embedded with electronics, software, sensors, actuators, jointly perform sophisticated tasks and support abundant unprecedented services for the world. Centering around many of these innovations is the smartphones as they are so pervasively owned by almost every individual, so usefully interleaved into almost every aspect of our daily living, and so powerfully equipped with abundant sensing, computing and networking capability. 

The role of smartphone in IoT Security, however, can be two-fold. On the one hand, it could be used as a low-cost attacking device, trying to penetrate into the scenarios that have never been considered before. On the other hand, it is also the first line of defense in the security forefront. In both cases, we need to carefully study to understand the capability of Smartphones, as well as their security implications. In this talk, I will use two examples to illustrate this observation and hopefully promote further researches along this line.

Bio: Kui Ren is SUNY Empire Innovation Professor and the director of the Ubiquitous Security and Privacy Research Laboratory (UbiSeC) in the Department of Computer Science and Engineering, University at Buffalo, State University of New York, where he joined in 2012 as an associate professor and was promoted to full professor in 2016. Previously, he has been with the Department of Electrical and Computer Engineering at Illinois Institute of Technology (IIT), where he received early tenure and promotion in five years starting 2007. He received degrees from three different majors, i.e., his Ph.D in Electrical and Computer Engineering from Worcester Polytechnic Institute, USA, in 2007, M.Eng in Materials Engineering in 2001, and B.Eng in Chemical Engineering in 1998, both from Zhejiang University, China. His current research interests include Data and Computation Outsourcing Security in the context of Cloud Computing, Wireless Systems Security in the context of Internet of Things, and Crowdsourcing-based Large-scale Data Acquisition. He has published frequently in peer-reviewed journal and conference papers. His H-index is 54, and his total citation has exceeded 19,000, according to Google Scholar (as of Aug. 2017). More than 10 of his publications have been each cited more than 600 times, with the highest exceeding 2,000. His research has also been widely covered by the media, including CBS News, Scientific American, NSF News, ACM TechNews, Science Daily, The Conversation, etc. He has delivered more than 100 keynote/invited talks at conferences and universities worldwide.

The 13th International Conference on Information Security and Cryptology (INSCRYPT 2017)
Copyright © 2016-2017 INSCRYPT 2017. All rights reserved.