Click here. Join for Online Workshop
Meeting number: 170 521 3618
Password: CPgYWZes659
Secure Society in Future
26th July, 2021
Online Workshop
[icon name=”tag” class=”” unprefixed_class=””]Program [icon name=”tag” class=”” unprefixed_class=””]Keynotes [icon name=”tag” class=”” unprefixed_class=””]Abstracts [icon name=”tag” class=”” unprefixed_class=””]Sponsors
The program below is in JST timezone.
STARTING |
ENDING |
TITLE |
PRESENTER |
13:30
10:00 IST
14:30 AEST
5:30 BST |
|
Workshop Opening |
Sanjiva Prasad (Workshop Chair.)
Indian Institute Technology Delhi, |
13:30
|
15:00
|
Session |
Chair: Alaa Allakany, Sandeep Kumar |
10:00 IST
14:30 AEST
5:30 BST |
11:30 IST
16:00 AEST
7:00 BST |
Design of Volunteer Computing-based Neural Network on Ethereum Platform |
Zikun Han
Kyushu University, |
|
|
Compilation for a Secure Reactive Language for IoT Systems |
R. Madhukar Yerraguntla
Indian Institute Technology Delhi, |
|
|
Software Clone Detection from Security Perspective |
Haibo Zhang
Kyushu University, |
|
|
SecureFS: A Secure File System for Intel SGX |
Sandeep Kumar
Indian Institute Technology Delhi, |
|
|
Run-time System Call Mapping Randomization |
Takeshi Masumoto
Kyushu University, |
|
|
Creation and Evaluation of Specialist Training Course based on Penetration Testing Framework |
Alaa Allakany
Kyushu University, |
|
|
Airmed: Efficient Self-Healing Network of Low-End Devices. |
Samuel Wedaj
Indian Institute Technology Delhi, |
|
|
Web-Based 3D and 360° VR Materials for IoT Security Education and Test Supporting Learning Analytics |
Wei SHI
Kyushu University, |
|
|
An online program identification technology for a secure processor |
Takatsugu Ono
Kyushu University, |
|
|
– – Break – – |
|
15:30
12:00 IST
16:30 AEST
7:30 BST |
16:30
13:00 IST
17:30 AEST
8:30 BST
|
Keynote I
Who Are You? New Approaches for Authentication in Smart Spaces |
[Chair: Kolin Paul]
Salil Kanhere
Professor, The University of New South Wales, Sydney, AU
Abstract
|
|
|
– – Break – – |
|
17:00
13:30 IST
18:00 AEST
9:00 BST |
18:00
14:30 IST
19:00 AEST
10:00 BST
|
Keynote II
The educational games for cybersecurity based on customisable learning contents |
[Chair: Yoshihiro Okada]
Jingyun Wang
Assistant Professor, Durham University, UK
Abstract
|
18:30
15:00 IST
19:30 AEST
10:30 BST |
|
Workshop Closing |
Koji Okamura (Workshop Chair.)
Kyushu University, |
Keynote I
Salil Kanhere received the M.S. and Ph.D. degrees from Drexel University, Philadelphia, USA. He is a Professor in the School of Computer Science and Engineering at UNSW Sydney, Australia. His research interests include the Internet of Things, cyber physical systems, blockchain, pervasive computing, cybersecurity, and applied machine learning. Salil is also affiliated with CISRO’s Data61 and the Cybersecurity Cooperative Research Centre. He is a Senior Member of the IEEE and ACM, an ACM Distinguished Speaker and an IEEE Computer Society Distinguished Visitor. He has received the Friedrich Wilhelm Bessel Research Award (2020) and the Humboldt Research Fellowship (2014), both from the Alexander von Humboldt Foundation in Germany. He has held visiting positions at I2R Singapore, Technical University Darmstadt, University of Zurich and Graz University of Technology. He serves as the Editor in Chief of the Ad Hoc Networks journal and as an Associate Editor of IEEE Transactions On Network and Service Management, Computer Communications, and Pervasive and Mobile Computing. He has been involved in the organisation of many IEEE/ACM international conferences and is the General Co-Chair for IEEE Blockchain 2021 and Program Chair for IEEE PerCom 2022. He co-authored a book titled Blockchain for Cyberphysical Systems which was published by Artech House in 2020. (Detail [icon name=”external-link” class=”” unprefixed_class=””])
(The University of New South Wales, Sydney, AU)
Abstract Smart environments are increasingly offering a range of personalised services which require knowing the identity of the person currently using the space. Widely used authentication methods including fingerprint and face recognition have been shown to be vulnerable. In the first part of this talk, we present a human identification mechanism called Vein‐ID, that uses the vein pattern of an individual’s hand dorsum recorded using an off‐the‐shelf depth camera. Vein-ID extracts vein patterns using the depth information and infrared images. Two deep learning models are presented for precisely identifying a target individual from a set of enrolled users. We demonstrate using a comprehensive data set of approximately 17,500 images from 35 subjects that Vein-ID can identify an individual with an average accuracy of over 99%. In the second part of this talk, we show that WiFi signals can be used to uniquely identify people. There is strong evidence that suggests that all humans have a unique gait. An individual’s gait will thus create unique perturbations in the WiFi spectrum. We propose a system called Gate-ID that analyses the channel state information from ambient WiFi signals to extract unique features that are representative of that individual’s gait. Gate-ID uses a novel attention-based deep learning model that fuses various weighted features and ignores ineffective noise to uniquely identify individuals. We implement Gate-ID on commercial off-the-shelf devices and demonstrate that it can uniquely identify individuals with average accuracy of 90.7% to 75.7% from a group of 6 to 20 people, respectively. Both systems are resilient to attacks. Unlike other physical biometric identifiers, surreptitiously capturing an individual’s vein pattern is difficult. Furthermore, mimicking an individual’s walking style is equally hard.
Keynote II
Jingyun Wang is currently an assistant professor at Department of Computer Science in Durham University. Before joining Durham University, Jingyun Wang was an Assistant Professor (2014-2020) at the Research Institute for Information Technology, Kyushu University, Japan. Her current research focuses on ontology, visualization learning support systems, meaningful learning environments, personalized language learning support systems, game-based learning, computational thinking education, data science, and educational big data and learning analytics. She is one of the member of Artificial Intelligence and Human Systems Group in Durham university. (Detail [icon name=”external-link” class=”” unprefixed_class=””])
(Durham University, UK)
Abstract A physical card game called “cyber security defender” to support the acquirement of Japanese law related to cybersecurity was designed for the cybersecurity lecture in Kyushu university. By expanding this card game, we further designed and implemented two prototype digital games based on customisable learning contents. These two games allow meaningful learning contents to be placed on game elements and encourages multiple players to take an active role while playing against each other. The demonstration of these two games will be given together with the introduction of existing popular serious games addressing cyber-security learning.
Session
Design of Volunteer Computing-based Neural Network on Ethereum Platform
Speaker: Zikun Han
Abstract: In recent years, the application of distributed computing has become more and more widespread. Volunteer Computing defined as a kind of distributed computing infrastructure has gained people’s favor in terms of only requiring low cost to exchange for a large amount of computing power. However, for volunteer computing, security issues are paramount importance due to the computing source provided by the volunteers. Blockchain is a chain storage structure that has been widely used in recent years, and non-tamperability is one of its most important characteristics. Therefore, this research aims to improve the security and credibility of volunteer computing by using blockchain technology. A novel volunteer network is established on the Ethereum test network named Ropsten, and its feasibility is verified with a neural network used for computing.
Compilation for a Secure Reactive Language for IoT Systems
Speaker: R. Madhukar Yerraguntla
Abstract: Security in IoT systems is severly compromised due to ill-defined interfaces, lack of secure information flow and low-level programming. Lustre is a high-level reactive dataflow language that can provide a programming model for synchronous IoT systems. In this presentation we describe in brief our framework, based on Denning’s security lattices, to derive correct and secure-by-construction implementations of Lustre programs. We also present our ongoing work on Vélus-Lustre compiler to transform secure Lustre programs into secure C programs.
Software Clone Detection from Security Perspective
Speaker: Haibo Zhang
Abstract: In software engineering, if two code fragments are closely similar with minor modifications, or even identical as a result of copy-paste behavior, they are called software/code clones. Code clones can cause trouble in software maintenance and the debugging process because identifying all copied compromised code fragments in other locations is time-consuming. Researchers have been studying code clone detection issues for a long time, and the discussion mainly focuses on software engineering management and system maintenance. Another considerable issue is that code cloning provides an easy way for attackers to maliciously inject code. A thorough survey of code clone identification/detection from the security perspective is indispensable for providing a comprehensive review of previous related studies and proposing potential research directions. We review and introduce previous security-related studies following three classifications and various comparison criteria. We then discuss three further research directions: (i) deep learning-based code clone vulnerability detection, (ii) vulnerable code clone detection for 5G-Internet of Things devices, and (iii) real-time detection methods for more efficiently detecting clone attacks. These methods are more advanced and adaptive to technological development and still have sufficient research space for future studies.
SecureFS: A Secure File System for Intel SGX
Speaker: Sandeep Kumar
Abstract: A trusted execution environment or a TEE facilitates the secure execution of an application on a remote untrusted server. In a TEE, the confidentiality, integrity, and freshness properties for the code and data hold throughout the execution. In a TEE setting, specifically Intel SGX, even the operating system (OS) is not trusted. This results in certain limitations of a secure application’s functionality, such as no access to the file system and network – as it requires OS support.
Prior works have focused on alleviating this problem by allowing an application to access the file system securely. However, we show that they are susceptible to replay attacks, where replaying an old encrypted version of a file may remain undetected. Furthermore, they do not consider the impact of Intel SGX operations on the design of the file system.
To this end, we present SecureFS, a secure, efficient, and scalable file system for Intel SGX that ensures confidentiality, integrity, and freshness of the data stored in it. SecureFS can work with unmodified binaries. SecureFS also considers the impact of Intel SGX to ensure optimal performance. We implement a prototype of SecureFS on a real Intel SGX machine. We incur a minimal overhead (≈1.8%) over the current state-of-the-art techniques while adding freshness to the list of security guarantees.
Run-time System Call Mapping Randomization
Speaker: Takeshi Masumoto
Abstract: The purpose of our research is to provide defense against code injection attacks on the system. Code injection attack is one of the most dangerous attacks to a system, which can even give an attacker a chance to fully compromise the system by executing arbitrary code. Moving Target Defense (MTD) can protect the system from attacks by dynamically changing the target area of attacks including vulnerability as well as reduce the reachability of attacks.
System call randomization is an MTD technique that disables code injection attacks by randomizing the mapping between system call numbers and the functions called by them. The purpose of system call randomization is to limit the processing and resources that the injected program can perform and access. As system calls are the only way for user applications to access system resources, randomizing system calls can give attackers more difficulty to achieve their goals, even if they can inject the program. Existing system call randomization techniques once performed randomization before loading the program, however, such methods only once in advance have no effect when information about randomization is disclosed to attackers. In this paper, we propose a method of re-randomizing multiple times at run-time to solve this problem. We implemented a script that directly edits the ELF executable format. In fact, as a result of running the script on a small program, we succeeded in generating a new executable file to which the method is applied. Our experiments show that run-time system call randomization is effective against code injection attacks, and this technique may also be applied to existing compiled programs.
Creation and Evaluation of Specialist Training Course based on Penetration Testing Framework
Speaker: Alaa Allakany
Abstract: Cyber security education and training is very efficient element for security namely for securing IoT space, by training and increasing cybersecurity knowledge of the organizations’s users we can help organizations and institutes to avoid many attacks. Traditional training such as attending courses at universities, is not enough for training personnel in industry, and they are required to develop their skills in real or simulation scenarios. So, after the college student graduated they are forced to enroll in numerous certification programs in order to develop their skills that are not taught in college. However, the faculties are good at teaching and training, but, they have less resource and facing difficulties when they deploy an education courses by themselves especially for advance training such us education on penetration testing. Thus, in this research we use our pervious penetration testing framework for creating an effective cybersecurity E-learning courses. Our framework will work as a tool that can reflect the most updates threats and attacks scenarios and collects data and introduce it in an easy way for instructors to help them to create the course without any difficulties. We will show and example of a course that created based on our tool and the evolution.
Airmed: Efficient Self-Healing Network of Low-End Devices.
Speaker: Samuel Wedaj
Abstract: The proliferation of application specific cyber-physical systems coupled with the emergence of a variety of attacks on such systems (malware such as Mirai and Hajime) underlines the need to secure such networks. Most existing security efforts have focused on only detection of the presence of malware. However given the ability of most attacks to spread through the network once they infect a few devices, it is important to contain the spread of a virus and at the same time systematically cleanse the impacted nodes using the communication capabilities of the network. Toward this end, we introduce a method and system to detect the application software’s corruption on an IoT node, and self corrects itself using its neighbors. This decentralized mechanism prevents the spread of self-propagating malware and can also be used as a technique for updating application code on IoT devices. We assess the performance of Airmed using the embedded systems security architecture of TrustLite in the OMNeT++simulator. The results show that our approach scales up to thousands of devices, ensures guaranteedupdate of the entire network, and can recover 95% of the nodes in 10 minutes in both internal and external propagation models. Moreover, we evaluate memory and communication costs and show that this approachis efficient and incurs very low overhead.
Web-Based 3D and 360° VR Materials for IoT Security Education and Test Supporting Learning Analytics
Speaker: Wei SHI
Abstract: Our WP aims to discuss the development of e-learning materials of IoT Security. In the past years, we have already proposed a new framework which supports the automatic generation of e-learning materials and quizzes based on the Linked Data. Our framework supports to include the 3D contents and 360-degree VR contents in the e-learning materials, which can simulate the real situations for obtaining better educational effects. Furthermore, we will discuss how to collect learners’ log data when they are using our e-learning materials for further analyzation. We apply two visually analyzing tools, Time Tunnel and Cubic Gantt Chart, to perform the visual data analyzation. By using these two tools, we hope to obtain the activity patterns of the learners in different score ranges. Based on the analyzation result, we can improve the created e-learning materials, or provide advice to help learners to effectively use our e-learning materials.
An online program identification technology for a secure processor
Speaker: Takatsugu Ono
Abstract: In this talk, we present an online program identification technique for a secure processor. Increasing the number of IoT devices, the demand for secure processing is growing. To improve the security of IoT devices, we employ an allowed-list approach. The allowed-list approach identifies the executing program is registered on the list or not.
We propose a new identification methodology consisting of two parts: a classifier and an identifier. We divide the program execution into small chunks and extract the behavior during execution. Then, we develop a classifier that compares the extracted behavior and the allowed list program’s behavior. Also, we propose an identification algorithm that can predict the program is registered on the allowed list or not based on the classification results. In our evaluation, we confirmed that our approach achieves about 80% accuracy executing only 30% of the programs.
Sponsors