Srđan Čapkun (ETH Zurich, Switzerland)

On the Security of (UWB) Distance Measurement

Proximity, distance and location information is predominantly provided to devices through their radio interfaces. Many systems such as contactless payments, passive keyless entry and start systems, digital contact tracing, autonomous navigation, rely on the correctness of distance and location information. The ability of the attacker to manipulate distance or position information via relays and other physical-layer attacks can, in part or fully, violate the functioning of these systems and lead to theft of property and funds, physical damage or denial of service. A number of such attacks have been demonstrated in the last decade. In recent years, these physical-layer attacks have been integrated into attacker models and have an increasing impact on radio designs and standards, specifically UWB, WiFi and 5G. First distance measurement radios built specifically to resist physical-layer attacks have already been commercialized and are now deployed in the automotive industry. In this talk, I will provide an overview of this subject area, outlining the key challenges, proposed and deployed solutions, as well as ongoing research and standardization efforts. I will particularly focus on the security of the IEEE 802.15.4z standard and its LRP and HRP variants that are currently used in cars and smartphones.

Srdjan Capkun (Srđan Čapkun) is a Full Professor in the Department of Computer Science, ETH Zurich and Director of the Zurich Information Security and Privacy Center (ZISC). He was born in Split, Croatia. He received his Dipl.Ing. Degree in Electrical Engineering / Computer Science from the University of Split in 1998, and his Ph.D. degree in Communication Systems from EPFL in 2004. Prior to joining ETH Zurich in 2006 he was a postdoctoral researcher in the Networked & Embedded Systems Laboratory (NESL), University of California Los Angeles and an Assistant Professor in the Informatics and Mathematical Modelling Department, Technical University of Denmark (DTU). His research interests are in system and network security. His focus areas are wireless security (in particular secure positioning), and system security where he focuses on trusted computing and blockchain technologies. He is a co-​founder of 3db Access, a company focusing on secure distance measurement and proximity-​based access control, and of Futurae a spin-​off focusing on usable on-​line authentication. In 2016 he received an ERC Consolidator Grant for a project on securing positioning in wireless networks. He is a fellow of the ACM.

Marcel Keller (CSIRO, Australia)

MP-SPDZ: A Versatile Framework for Multi-Party Computation

While there is a growing number of MPC implementations, most of them are restricted in terms of protocols, security models, and applications. MP-SPDZ on the other hand offers more than 30 protocol variants in a range of security models and a programming interface that is application-independent. I will talk about the core design choices of MP-SPDZ and how they facilitate this versatility. In particular, the fact that almost all protocol feature two basic operations, some sort of addition and multiplication, provide a simple template for reusable code.
I will also present recent results in privacy-preserving machine learning. We have implemented a network for MNIST with which we achieved an accuracy close to cleartext training with a few hours of training.

About the speaker: Marcel Keller is a senior research scientist with CSIRO’s Data61, a business unit of Australia’s national science agency. After completing his PhD with Ivan Damgård at Aarhus University, he spent a few years at the University of Bristol under the supervision of Nigel Smart. There he started working on an implementation of multi-party computation that would eventually form the basis of MP-SPDZ, an open-source project used by researchers all over the world.

Douglas Stebila (University of Waterloo, Canada)

Transitioning the TLS protocol to post-quantum cryptography

The simplest approach to transition the Transport Layer Security (TLS) protocol to resist attacks by a quantum computer is to replace Diffie-Hellman key exchange with a post-quantum key encapsulation mechanism (KEM) and a traditional signature with a post-quantum signature. The various trade-offs present in post-quantum algorithms — either larger keys, slower computation, or less confidence in newer security assumptions — mean that the situation is more complicated. In this talk I’ll discuss various issues around and options for transitioning the TLS protocol to use post-quantum cryptography. I’ll discuss the progress towards standardization of  discuss “hybrid” or “composite” options, in which two algorithms — a traditional algorithm and a post-quantum one — are used simultaneously. I’ll also discuss alternative protocol designs, such as KEMTLS, which uses long-term KEM keys for TLS handshake authentication instead of digital signatures, since post-quantum KEMs generally have smaller output sizes compared to post-quantum digital signature schemes.

About the speaker: Douglas Stebila is an Associate Professor of cryptography in the Department of Combinatorics & Optimization at the University of Waterloo.  His research focuses on improving the security of Internet communications protocols and developing practical quantum-resistant cryptography. He is the leader of the Open Quantum Safe project, an open-source software project for prototyping and evaluating quantum-resistant cryptography.  He holds an MSc from the University of Oxford and a PhD from the University of Waterloo.

Gene Tsudik (University of California, US)

Mitigating TOCTOU in Hybrid Remote Attestation (RATA: Remote Attestation with TOCTOU Avoidance)

Much attention has been devoted to verifying software integrity of remote embedded (IoT) devices. Many techniques, with different assumptions and security guarantees, have been proposed under the common umbrella of so-called Remote Attestation (RA). Aside from code integrity verification, RA serves as a foundation for many security services, such as proofs of memory erasure, system reset, software update, and verification of runtime properties.

Prior RA techniques verify the remote device’s binary at the time when RA functionality is invoked, thus providing no information about the device’s binary before current RA execution or between consecutive RA executions. This implies that presence of transient malware might not be detected. In other words, if transient malware infects a device (by modifying its binary), performs its nefarious tasks, and erases itself before the next attestation, its temporary presence will not be detected. This important problem, called Time-Of-Check-Time-Of-Use (TOCTOU), is well-known in the research literature and remains unaddressed in the context of hybrid RA.

In this talk, we show the construction of RATA: Remote Attestation with TOCTOU Avoidance a provably secure approach for addressing the TOCTOU problem. With RATA, even malware that erases itself before execution of the next RA instance, can not hide its ephemeral presence. RATA is geared for hybrid RA architectures, which are aimed at low-end embedded devices. We present two alternative techniques: RATAa and RATAb, suited for devices with and without real-time clocks, respectively. Each is shown to be secure and accompanied by a publicly available and formally verified implementation. Our evaluation demonstrates low hardware overhead of both techniques. RATA also substantially reduces the timing of RA execution from linear to constant time.

About the speaker: Gene Tsudik is a Distinguished Professor of Computer Science at the University of California, Irvine (UCI). He obtained his PhD in Computer Science from USC in 1991. Before coming to UCI in 2000, he was at the IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). His research interests include many topics in security, privacy and applied cryptography. Gene Tsudik is a Fulbright Scholar, Fulbright Specialist (twice), a fellow of ACM, IEEE, AAAS, and IFIP as well as a foreign member of Academia Europaea. From 2009 to 2015 he served as Editor-in-Chief of ACM Transactions on Information and Systems Security (TISSEC, renamed TOPS in 2016). Gene was the recipient of 2017 ACM SIGSAC Outstanding Contribution Award. He is also the author of the first crypto-poem published as a refereed paper.