Joe C. L. Chan, Advanced Security Technology and Research Laboratory Company Limited (AdvSTAR Lab)
Dr. Joe C.L. Chan is the Chief Executive Officer of Advanced Security Technology and Research Laboratory Company Limited (AdvSTAR Lab) and Adjunct Professor in the Hong Kong Polytechnic University. Prior to the establishment of AdvSTAR Lab, he was the Director, Information Security of the Hong Kong Applied Science and Technology Research Institute founded by the Hong Kong Government.
In the last 15 years, he led the R&D of various advanced information security technologies include patented hardware security token, email and cloud encryption systems, and multi-factor authentication technologies.
Dr. Chan obtained his PhD degree in Electronic Engineering from City University London. He is also the holder of CISSP and CISA. Currently, he is the Vice-Chairman of Research in Cloud Security Alliance HK Chapter.
Presentation: Threat Intelligence for IoT Security
The opportunity of IoT is huge because of its economic impact and scale. Billions of smart devices from different vendors, working together on the Internet and exchange information closely related to us, opens up new potentials for hackers.
To keep IoT devices secure, it is important to maintain an up-to-date understanding of their vulnerabilities. This is difficult for both vendors and end users as there are many technologies being used in IoT devices, such as OS, web servers, wireless communication, data storage, authentication to name a few. Threat intelligence in one way provides the technical data such as malicious IP addresses and malware identifier for IoT infrastructure security, it also enforces better transparency between vendors and end users, ultimately lead to higher standards. In this presentation, we explore threat intelligence for IoT security and its benefits to both vendors and end users.
Jason Cooper, DarkMatter Group’s Cryptographic Research & Development Division
Jason Cooper is the Principal Systems Architect at DarkMatter Group’s Cryptographic Research & Development Division. He was previously the Vice President, Special Technical Projects at Silent Circle, LLC. Prior to that, he was the Lead Systems Security Engineer at Blackbird Technologies, Inc.
Mr. Cooper has extensive experience as an author, contributor and maintainer of Open Source software. He is predominantly focused on the security posture of “Infrastructure” code upon which we all rely. A majority of Jason’s work involves embedded, constrained systems: securing them, and maintaining strong cryptographic state throughout their life cycle.
Presentation: Enforcing Dynamic Trust: Mimicking the Natural World
Human instinct guides each of us. Do I know this person? Does someone I trust vouch for them? Should I continue to trust someone who betrayed me? These trust models arise naturally and change over time in response to stimuli. Our trust takes on different levels over a variety of contexts. I might trust an app with my work emails, but I don’t necessarily trust it with photos of my family. We trust an online store with our banking details, until it gets hacked. We’d like to still do business with them, but without entrusting our bank information to them.
The world of machines is similar. The sensors, actuators, interfaces and servers that make up a system today are configured with static trust relationships. When the server gets hacked, our systems need to adapt to the changed behavior and alter trust on the fly. The systems we design and build must be a dynamic ecosystem tolerant of failures and changing environment. Compromise of one or a few components shouldn’t lead to catastrophic failure of the system.
The process of creating resilient systems evolves its own tools and techniques. In the development of Darkmatter’s DMLedger SDK, we’ve formulated many of our own. Crypto-algorithm Agility, Off-chain Asynchronous Authentication and Transaction Expiration are just a few. We’ll also discuss (and, time permitting, demo) open-source tools for stress-testing and fuzzing your code, as well as how to integrate such open-ended tests into your regression test cycle.
Drew Van Duren, OnBoard Security, Inc.
Drew Van Duren is Technical Director of IoT Security at OnBoard Security, Inc., a cybersecurity company dedicated to the safe and secure deployment of transportation systems, advanced cryptography and hardware-enhanced trusted computing. A seasoned DoD and transportation industry security professional, Drew highlights 15 years of support to commercial and government organizations in their efforts to secure vital systems through threat modeling, cryptographic key management, PKI engineering, secure software development and secure interoperable network protocol design. Originally an aerospace engineer, his experience evolved into cyber-physical risk management and communications security. He has provided extensive security expertise to the U.S. FAA Unmanned Air System (UAS) integration office and in conjunction with the RTCA developed cryptographic security requirements for unmanned aircraft that will operate in the US National Airspace System (NAS). Drew has also managed as Technical Director the two largest FIPS 140-2 (cryptographic module) testing laboratories, and has led security architecture design of multiple high assurance systems for the DoD. Drew co-authored the book, ‘Practical Internet of Things Security’ and today provides security consulting for the New York City Connected Vehicle Pilot Deployment, the world’s largest planned deployment of 10,000 connected vehicles and hundreds of smart infrastructure devices.
Presentation: Locking Down and Re-Using V2X Security: Lessons for Smart Cities
V2X, a technology years in the making and on the verge of massive deployment, is bringing to the forefront deployment security issues related to application definition, message dictionary clarity, message security authorization, as well as security lifecycle interactions between standards bodies, manufacturers, system operators, and transportation PKIs. In this session, we explore some of the lessons-learned in the U.S. Connected Vehicle pilots as they refine, implement and field new capabilities developed by standards organizations such as IEEE and SAE. We also evaluate the V2X security stack and how its security primitives can be applied in smart city agendas looking to satisfy broader IoT security goals for unmanned aerial systems and other automation paradigms.
Tim Hahn, IBM
Tim Hahn is a IBM Distinguished Engineer and has been with IBM since 1990. He is the Chief Architect for Internet of Things Security within the IBM Watson Internet of Things division. He is responsible for strategy, architecture, and design for IBM Watson Internet of Things offerings. These offerings, coupled with others from across IBM, enable customers to design, build, experiment, run, manage, and operate solutions involving diverse sensor data coming from connected devices. These solutions leverage IBM’s strengths in cloud, cognitive, analytics, mobile, social, and security.
Presentation: IoT Security: Impending Doom or Rainbows and Unicorns?
As the Internet of Things is deployed across a wide range of industrial, consumer, and business environments, of special interest and concern is the need to implement IoT solutions with careful attention to security. While many of the challenges in IoT security are similar to the challenges of securing information technology (IT) computing environments, there are special considerations due to the scale, operating conditions, system capabilities, and wide range of device types which are used in IoT solutions. Further, these systems, by connecting the electronic and physical worlds, must address both operations technology (OT) security and information technology (IT) security.
Tan Guan Hong, Rekanext Capital Partners
Dr. Tan Guan Hong is a Technology Partner in Rekanext Capital Partners and an Engineering Consultant to various technology companies. He was the Senior Director, Smart Nation Systems & Solutions (GovTech 2016-2017) overseeing the Smart Nation Platform, Sensor Network and Video Analytics. He has over 36 years of working experiences as various roles in MNC (Philips Electronics 1980-1993), a Technology Start-up Company (SysEng 1994-2009), a Listed Company (Tritech Group 2009-2012), Current Vice President of Singapore Industrial Automation Association and Director for Technology in A*STAR I2R (2012-2016). He has cross domain experiences in Electrical, Electronics, Civil, Water and Business Management throughout his Engineering career.
He founded SysEng (S) in 1994 as a Test & Measurement Engineering Company. In 2002, he developed Real Time Monitoring systems for Construction Industry in Deep Excavations, Tunnels, Bridges and High Rise Buildings. In 2008, he expanded into Real Time Water Quality & Quantity monitoring business. SysEng was acquired by the Tritech Group in 2009 to expand into China and India. He was the conference chair for IoTAsia 2016 and active in the IoT applications. In I2R, he was responsible for Technology Development and Productivity Programme to help SMEs improve Productivity using ICT. He was also the Cluster head for Robotics and Autonomous Vehicle Programmes.
He graduated from University of Sheffield with B.Eng. (1976) and Ph.D. (1980) in Electrical Machines
Presentation: In the Digital Economy using IoT systems, Data Classification must be designed in
For the Digital Economy to grow, IoT sensor data sharing will innovate new applications and businesses. Many IoT systems were historically designed as silo information systems for specific use. The sharing of data faces many challenges as the data needs to have classification for its intended use in the system design.
Data classification determines the IoT Sensor security implementation with the subsequent CAPEX and OPEX. There are other considerations for IoT Sensor data such as Data Accuracy, Data Reliability and Speed of Sensor Data.
Joe Jarzombek, Synopsys
Joe Jarzombek is Director for Government, Aerospace & Defense Programs in Synopsys, Inc., the Silicon to Software™ partner for innovative companies developing the electronic products and software applications. He guides efforts to focus Synopsys’ global leadership in electronic design automation (EDA), semiconductor IP, and software security and quality solutions in addressing technology challenges of the public sector and aerospace and defense communities. He participates in relevant consortia, public-private collaboration groups, standards groups, and academic R&D projects to assist in accelerating technology adoption.
Previously, Joe served as Global Manager for Software Supply Chain Solutions in the Software Integrity Group at Synopsys. In that role he led efforts to enhance capabilities to mitigate software supply chain risks via testing technologies and services that integrate within acquisition and development processes; enabling detection, reporting, and remediation of defects and security vulnerabilities to gain assurance and visibility within the software supply chain.
Jarzombek has more than 30 years focused on software security, safety and quality in embedded and networked systems. He has participated in industry consortia such as ITI, SAFECode and CISQ; test and certification organizations such as Underwriters Labs’ Cybersecurity Assurance Program, standards bodies, and government agencies to address software assurance and supply chain challenges.
Prior to joining Synopsys, Jarzombek served in the government public sector; collaborating with industry, federal agencies, and international allies in addressing cybersecurity challenges. He served as the Director for Software & Supply Chain Assurance in the US Department of Homeland Security Office of Cybersecurity and Communications, and he served in the US Department of Defense as the Deputy Director for Information Assurance in the Office of the CIO and the Director for Software Intensive Systems in the Office of Acquisition, Technology and Logistics.
Jarzombek is a retired Lt Colonel in US Air Force and a Certified Secure Software Lifecycle Professional (CSSLP). He received an MS in Computer Information Systems from the Air Force Institute of Technology, and a BA in Computer Science and BBA in Data Processing and Analysis from the University of Texas – Austin.
Presentation: IoT Supply Chain Management: Reducing Attack Vectors & Enabling Cybersecurity Assurance
As the cyber threat landscape evolves and external dependencies grow more complex, managing risk in the IoT supply chain must focus on the entire lifecycle. IoT is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure sectors. With IoT increasingly dependent upon third-party software of unknown provenance and pedigree, software composition analysis and other forms of testing are needed to determine ‘fitness for use’ and trustworthiness. Application vulnerability management should leverage automated means for detecting weaknesses, vulnerabilities, and exploits. Addressing supply chain dependencies enables enterprises to harden their attack surface by: comprehensively identifying exploit targets; understanding how assets are attacked, and providing more responsive mitigations. Security automation tools and services, and testing and certification programs now provide means upon which organizations can use to reduce risk exposures attributable to exploitable software in IoT devices.
Thomas P. Keenan, University of Calgary
THOMAS P. KEENAN is a popular professor at the University of Calgary as well as a best-selling author and frequent media commentator. He helped write Canada’s first computer crime laws in 1984, has testified before a Canadian House of Commons Committee and recently participated in the writing of a whitepaper for the Canadian government on blockchain applications. He combines a deep technical background (having worked as mainframe systems programmer in the 1970s) with a keen awareness of the social and privacy implications of building and implementing new technologies. He is a Fellow of the Canadian Information Processing Society, and a Research Fellow of the Canadian Global Affairs Institute. His 2014 book, Technocreep: The Surrender of Privacy and the Capitalization of Intimacy, investigated some of the increasingly creepy ways data is being collected and monetized. He believes that IoT applications along with biological manipulations like Crispr/Cas9 will soon bring entirely new privacy and security challenges.
Presentation: AVOIDING THE CREEP FACTOR IN THE INTERNET OF THINGS
If we could design the Internet again, from scratch, we’d do lots of things differently. There is a real risk that, in the race to bring products to market, IoT devices and applications will drag us into some very creepy uncharted waters. We’ve already seen IP cameras and baby monitors conscripted to form a botnet (the 2016 Dyn hack) and data leakage from an Internet connected sex toy (We-Vibe) resulted in a successful class action claim. Starting from a framework developed by the author for the 2014 best-seller Technocreep, we’ll explore some of the ways in which IoT devices can be creepy. We’ll also look at techniques, from data minimization to blockchain logging that can be used to ensure that the right data, and only the right data, goes to the right people.
Soon Chia Lim, Cyber Security Agency
Mr. Soon Chia Lim is the Director (Technology) of Cyber Security Agency. In his current role, he is responsible for capability development, evaluation and certification, and technology management for cyber security.
Mr. Lim started his career with the Ministry of Defence and the Republic of Singapore Airforce (RSAF) where he held several senior leadership appointments. He was the Deputy Chief Research and Technology for Operations, and C4 (Command, Control, Communications and Computer) of Defence Research and Technology Office (DRTECH), from 2004-2013. Before retiring from the Airforce, he was Deputy Head Air Operations, responsible for driving Command, Control, Communications and Cyber (C4) ops developments in the RSAF.
Mr. Lim is a SAF Overseas Training Award (OTA) and SAF Postgraduate Award (SPA) holder. He holds a Bachelor of Engineering (1st Class Honours) in Electrical and Electronic Engineering, and a Master of Science (with Distinction) in Information Technology Management. He also attended General Management Program (GMP) at Harvard Business School in 2007.
Mr Lim was awarded the Defence Technology Prize (Team) in 2005 and the Public Administration Medal (Bronze)(Military) in 2007.
Presentation: IoT Security – Enabling Trust and Digital Future
There have been widespread cyber attacks and pervasive data breaches lately. As our society becomes more connected with the proliferation of IoT, the security challenges would likely gather momentum in terms of scale, frequency and criticality. If this continues, it will erode trust and hamper our pursuit of digital transformation. We need to galvanise efforts in building a next generation of inherently secure IoT ecosystem, so as to create a more secure and safer cyberspace of things.
Hsiao-Ying Lin, Shield Lab
Hsiao-Ying Lin, a senior researcher in Shield Lab, conducts connected car security research in Huawei International, a firm aiming at building a better-connected world. Her research interests include embedded system security, applied cryptography and security issues in automotive areas. Before devoting her work fulltime to Huawei International, Hsiao-Ying served as a senior engineer focusing on smartphone platform security in MediaTek Inc. (a fabless semiconductor company), and an assistant research fellow in Intelligent Information and Communications Research Center in National Chiao Tung University. She received the MS and PhD degrees in computer science from National Chiao Tung University, Taiwan, in 2005 and 2010, respectively.
Presentation: Connected Car Security
Vehicles become intelligent and connected for enhancing driving safety and comfort in the latest decade. Modern vehicles are significantly different from conventional vehicles which are well-contained in an isolated network environment. As more communication technologies are deployed in vehicles to provide new applications, more external interfaces, such as DSRC (dedicated short-range communications), Bluetooth, 3/4G and OBD (on-board diagnostics) interfaces, expose vehicles in publicly accessible networks. As a result, there are multiple potential ways for attackers remotely getting access into vehicles to take control over them. Designing and deploying security mechanisms for connected vehicles is important for not only security but also safety reasons. This talk introduces the attack surface of connected vehicles and mitigation.
Ulf Lindqvist, SRI International
Ulf Lindqvist, is a program director in the Computer Science Laboratory at SRI International. He manages research and development programs regarding infrastructure security for government and commercial clients. His areas of expertise include cyber security, infrastructure systems, intrusion detection in computer systems, and security for systems that interact with the physical world.
Dr. Lindqvist leads SRI’s support for the Cyber Security Division at the U.S. Department of Homeland Security’s Science and Technology Directorate. He also leads SRI’s Internet of Things Security and Privacy Center. In 2015, he was named vice chair of the IEEE Cybersecurity Initiative. He is also the 2016-2017 chair of the IEEE Computer Society’s Technical Committee on Security and Privacy. Previously, he served three years on the Executive Committee of the Institute for Information Infrastructure Protection, a consortium of leading national cyber security institutions, including academic research centers, government laboratories, and nonprofit organizations. In addition to serving as reviewer and program committee member for many scientific workshops and conferences in the field, he was the general chair for the 2010 IEEE Symposium on Security and Privacy.
Dr. Lindqvist holds a Ph.D. in computer engineering and a M.S. degree in computer science and engineering, both from Chalmers University of Technology in Sweden. He was named an SRI Fellow in 2016.
Presentation: Security and Privacy Challenges and Opportunities for IoT in Smart Cities
The concept of Smart Cities illustrates many of the most difficult security and privacy challenges for IoT: large numbers of devices; secure composition of heterogeneous IoT systems whose interaction is context-dependent; user and device mobility; collection, storage, and analysis of sensitive data; long system lifetimes; critical real-time and safety requirements; emergent future functionality and system interaction unforeseen at design time; and so forth. There are great opportunities to address these challenges and create security and privacy methods and solutions that will benefit not only Smart Cities, but also other IoT applications that face some of the same challenges. This talk describes such challenges and opportunities, based on recent findings from workshops organized by the IEEE Cybersecurity Initiative, and results from research conducted in the IoT Security and Privacy Center at SRI International.
Rainer Matischek, Infineon Technologies Austria AG
Dr. Rainer Matischek is Senior Staff Research Engineer at Infineon Technologies Austria AG in Graz. He holds a PhD in electrical engineering from Vienna University of Technology, and a Master degree in information and computer engineering from Graz University of Technology. He joined Infineon 2004 where he first developed embedded and RFID applications. During his Master Thesis he started his research activities within Infineon in the area of Wireless Sensor Networks (WSN) and Internet of Things (IoT). Subsequently, he was partly involved in various EU-funded and national research projects, such as EYES, eCUBES, SNOPS, CHOSeN, SmartCoDe, IoE, SeCoS. In the course of these projects, he focused his PhD research in the area of wireless communication and real-time protocols.
In parallel to his research activities, he also joined the firmware product development department for a few years, where he first was involved in the area of automotive chip applications, and finally became firmware lead engineer for a novel 3D-Imaging chip project. After finishing his PhD in 2011, he finally changed to the research department, responsible for various research projects in the area of embedded wireless and security systems. Currently Dr. Matischek is internal project leader of the European ECSEL-JU funded research projects IoSense and SemI40, both focused on IoT-Security and Industrial IoT.
Presentation: Hardware-Based IoT Security: From Research to Practical Applications
Abstract: The Internet of Things (IoT) offers countless new opportunities by interconnecting all sorts of physical devices from machines through cars to smart sensors and smart home appliances. However, the more data we share and devices connected, the greater the risk of theft and manipulation. This has recently been shown by the early rollout of insufficiently secured first-generation IoT devices. The subsequent attacks and negative headlines could have been prevented by using adequate security design.
Therefore, this talk raises the awareness of future IoT system designers and device manufacturers for the following fact: The success of smart homes, connected cars and smart factories hinges on user confidence in robust, easy-to-use, fail-safe security capabilities. Furthermore, solution providers need to envision a lifecycle management of IoT devices, including secured commissioning, re-configuration and updates. To address these challenges, this talk proposes the integration and proper use of hardware-based security in future IoT devices. To finally increase and combine IoT system security and usability, proper IoT application design is necessary. Therefore, this presentation discusses useful approaches derived from state of the art research and findings of our ongoing feasibility studies.
Jorge Guajardo Merchan, Robert Bosch Research and Technology Center North America
Dr. Jorge Guajardo Merchan is a principal scientist and the manager of the security and privacy group at the Robert Bosch Research and Technology Center in Pittsburgh, USA. Dr. Guajardo Merchan is responsible for defining and directing all security and privacy research and advanced development activities at Bosch Research North America. Prior, to joining Bosch, he was with Philips Research,The Netherlands, where he performed fundamental work in the development of SRAM Physical Unclonable Functions, leading to the creation of the company Intrinsic-ID. Prior to joining Philips Research, he worked for GTE Government Systems, RSA Laboratories, cv cryptovision GmbH, and Infineon Technologies AG. Dr. Guajardo has co-authored over 40 scientific publications in refereed conferences and journals, 14 issued patents and several patent applications, has served in the program committees for the workshop on Cryptographic Hardware and Embedded Systems (CHES), the Design Automation and Test in Europe (DATE) Conference and the IEEE HOST Symposium. He was program co-chair for the TrustED 2014 and TrustED 2015 workshops and he is currently serving on the editorial board of the SAE International Journal on Transportation Cybersecurity and Privacy. Dr. Guajardo’s research interests include applied cryptography, embedded security, and noisy crypto including Physically Unclonable Functions.
Jorge received a B.Sc. degree in Physics and Electrical Engineering with high honors from Worcester Polytechnic Institute (WPI) in 1995, an M.Sc. in electrical engineering from WPI in 1997 and the Ph.D. degree in electrical engineering and information sciences from the Ruhr-University Bochum in 2004.
Presentation: Towards a More Secure Internet of Everything
The Internet of Things promises to create environments in which sensors, actuators, and people will interact seamlessly to the benefit of society. Such smart environments are also expected to create very attractive business opportunities. Yet, it is widely acknowledge that the incredible promise of the IoT will only become reality if we are able to solve the security and privacy challenges implied by the unprecedented scale of IoT systems. In this talk, I will discuss three particular technologies that my team is developing and that tackle the security and privacy challenges of the IoT in three different areas: hardware security at the sensor level, key agreement in automotive networks, and security and privacy for data outsourcing to the cloud.
Biplab Sikdar, National University of Singapore
Biplab Sikdar is an Associate Professor in the Department of Electrical and Computer Engineering at the National University of Singapore. He received the B. Tech. degree in electronics and communication engineering from North Eastern Hill University, Shillong, India, in 1996, the M.Tech. degree in electrical engineering from the Indian Institute of Technology, Kanpur, India, in 1998, and the Ph.D. degree in electrical engineering from the Rensselaer Polytechnic Institute, Troy, NY, USA, in 2001. His research interests include communication and network protocols, cyber-security, and network performance evaluation. At the National University of Singapore, Biplab leads the Communications and Networks research group and leads the research theme on cyber-security for the Internet-of-Things and cyber-physical systems in the NUS-Singtel corporate research laboratory. He is a recipient of the NSF CAREER award, the Tan Chin Tuan fellowship from NTU Singapore, the Japan Society for Promotion of Science fellowship, and the Leiv Eiriksson fellowship from the Research Council of Norway. Dr. Sikdar is a member of Eta Kappa Nu and Tau Beta Pi.
Presentation: : Security Solutions for the Internet of Things
The Internet of Things (IoT) represents a great opportunity to connect people, information, and things, which will in turn cause a paradigm shift in the way we work, interact, and think. The IoT is envisioned as the enabling technology for smart cities, power grids, health care, and control systems for critical installments and public infrastructure. This diversity, increased control and interaction of devices, and the fact that IoT systems use public networks to transfer large amounts of data make them a prime target for cyber attacks. In addition, IoT devices are usually small, low cost and have limited resources. Therefore, any protocol designed for IoT systems should not only be secure but also efficient in terms of usage of chip area, energy, storage, and processing. This presentation will start by highlighting the unique security requirements of IoT devices and the inadequacy of existing security protocols and techniques of the Internet in the context to IoT systems. Next, we will focus on security solutions for the IoT, with special focus on protection against physical and side channel attacks. In particular, we will focus on mutual authentication protocols for IoT devices based on security primitives that exploit hardware level characteristics of IoT devices.
Sean Smith, Dartmouth College and Dartmouth’s Institute for Security, Technology and Society
Sean W. Smith is a Professor in the Department of Computer Science at Dartmouth College and is the Director of Dartmouth’s Institute for Security, Technology and Society. He has been working in real-world information security—attacks and defenses, for industry and government—since before there was a Web. At IBM T.J. Watson Research Center, he designed the security architecture for (and helped code and test) the IBM 4758 secure coprocessor, and then led the formal modeling and verification work that earned it the world’s first FIPS 140-1 Level 4 security validation. His recent book “The Internet of Risky Things” (O’Reilly, 2017) explores the IoT security space.
Presentation: Securing the IoT: Critical Research Challenges
In the current Internet of Computers (IoC), paradigms and techniques have emerged to manage security risks, at least somewhat. However, the Internet of Things is different from the IoC, and these differences cause many of these paradigms to stop working. With the deep embedding of the IoT in the physical world, the consequences may have significant physical impact.
This talk surveys some areas—zero days, authentication, lifetime mismatches, and connectivity complexity—where we need new research driven by academic and industrial partnerships. Vulnerabilities seem to be inevitable in software; in the IoT, how do we reduce and manage the risk of zero days? How do we manage good software hygiene when physical devices can outlive the “use-safely-by” date of software, and maybe even the software vendors themselves? (How do we keep zero-days from turning into forever-days?) As communication channels become more open, how do we secure them—and how do we establish a key infrastructure that captures operational requirements?
Angelos Stavrou, George Mason University and Center for Assurance Research and Engineering (CARE) at GMU
Dr. Angelos Stavrou is a Professor at George Mason University and the Director of the Center for Assurance Research and Engineering (CARE) at GMU. Stavrou has served as principal investigator on research awards from NSF, DARPA, IARPA, DHS, AFOSR, ARO, ONR, he is an active member of NIST’s Mobile Security team and has written more than 90 peer-reviewed conference and journal articles. Stavrou received his M.Sc. in Electrical Engineering, M.Phil. and Ph.D. (with distinction) in Computer Science all from Columbia University. He also holds an M.Sc. in theoretical Computer Science from University of Athens, and a B.Sc. in Physics with distinction from University of Patras, Greece. Stavrou is an Associate Editor of IEEE Transactions on Reliability and IET Journal on Information Security. His current research interests include security and reliability for distributed systems, security principles for virtualization, and anonymity with a focus on building and deploying large-scale systems. Stavrou received the GMU Department of Computer Science Outstanding Research Award in 2010 and 2016 and was awarded with the 2012 George Mason Emerging Researcher, Scholar, Creator Award, a university-wide award. In 2013, he received the IEEE Reliability Society Engineer of the Year award. He is a NIST guest researcher, a member of the ACM and USENIX, and a senior IEEE member. Under DHS funding, he designed next generation analysis and defenses for mobile devices for both Android and iOS systems and was awarded the DHS Cyber Security Division’s “Significant Government Impact Award” in 2017.
Presentation: Leveraging Blockchain-based protocols in IoT systems
The Internet of Things (IoT) encompasses a wide range of processes: sensing, computation, communication, time, context, and data, to name only a few. How does all of these function as a system when using commercially available components that can be purchased from anywhere and at a low cost, and with little or no component pedigree available? To provide some practical answers to the these questions, we purchased components and created a set of small use cases to see how it all interoperated.
In this talk, we will focus on use cases where the application of cryptography is not done properly or the cryptographic libraries employed exhibit security flaws. To that end, we demonstrate the need for mechanisms that will allow low-resource sensors to authenticate and exchange data in a way that does not rely on heavy cryptographic operations. We believe the need for group authentication and message integrity can be adequately satisfied using modified blockchain protocols that rely on proof-of-storage for some of the sensor operations creating groups of networked sensors that prove their membership not only using key material but also historical transactional data. Our work shows how blockchain protocols can be applied in IoT systems in a meaningful manner solving an actual need without the burden of complex operations that usually accompany the blockchain concept.
Vrizlynn Thing, Institute for Infocomm Research (I2R), Agency for Science, Technology and Research (A*STAR)
Dr. Vrizlynn Thing leads the Cyber Security Cluster, which comprises the Data Security Department, the Network Security Department, and the Systems Security Department at the Institute for Infocomm Research (I2R), Agency for Science, Technology and Research (A*STAR). She is also an Adjunct Associate Professor at the National University of Singapore (School of Computing), and holds the appointment of Honorary Assistant Superintendent of Police (Specialist V) at the Singapore Police Force, Ministry of Home Affairs. Her research draws on her multidisciplinary background in computer science (Ph.D. from Imperial College London, United Kingdom), and electrical, electronics, computer and communications engineering (M.Eng. by Research and B.Eng (Hons) from Nanyang Technological University, Singapore, and Diploma from Singapore Polytechnic). During her career, she has taken on various roles with the key focus to lead and conduct cyber security R&D that brings a positive impact to our economy and society. She also participates actively as the Lead Scientist of collaborative projects with industry partners and government agencies, and is the Co-Director of the ST-InfoSec – A*STAR Cyber Security Joint Lab, the Sopra Steria – A*STAR Cyber Security Joint Lab, and the Custodio – A*STAR Cyber Security Joint Lab.
Presentation: Security in IoT
With the growing trend of IoT device deployment and the accompanied huge market size, there is an increasing observation and occurrence of cyber-attacks by exploiting security vulnerabilities across the various highly connected devices. Security has now become the top concern for such deployment in both the consumer segment, enterprise environment and industrial settings. In this talk, I will share the key focus areas in the emerging IoT domain, highlight the security challenges, and suggest future research directions. I will also highlight some of the current and planned future IoT security works at Institute for Infocomm Research, A*STAR.
Jeffrey Voas, NIST
Jeffrey Voas is an innovator. He is currently a computer scientist at the US National Institute of Standards and Technology (NIST). Before joining NIST, Voas was an entrepreneur and co-founded Cigital that is now part of Synopsys (Nasdaq: SNPS). He has served as the IEEE Reliability Society President (2003-2005, 2009-2010, 2017-2018), and served as an IEEE Director (2011-2012). Voas co-authored two John Wiley books (Software Assessment: Reliability, Safety, and Testability [1995] and Software Fault Injection: Inoculating Software Against Errors [1998]. Voas received his undergraduate degree in computer engineering from Tulane University (1985), and received his M.S. and Ph.D. in computer science from the College of William and Mary (1986, 1990 respectively). Voas is a Fellow of the IEEE, member of Eta Kappa Nu, Fellow of the Institution of Engineering and Technology (IET), Fellow of the American Association for the Advancement of Science (AAAS), and member of the Washington Academy of Sciences (WAS).
Presentation: IoT and Trust
This talk discusses the underlying and foundational science of IoT and gives the audience a general understanding of what IoT is. In this work, five core primitives belonging to most distributed systems are presented. These primitives form the basic building blocks for a Network of ‘Things’ (NoT) [NIST SP 800-183], including the Internet of Things (IoT). System primitives allow formalisms, reasoning, simulations, and reliability and security risk-tradeoffs to be formulated and argued. These primitives apply well to systems with large amounts of data, scalability concerns, heterogeneity concerns, temporal concerns, and elements of unknown pedigree with possible nefarious intent. The talk ends by suggesting 25 trust issues, that involve everything from 3rd party certification of 3rd party black-box services and products, to defective ‘things’, and to deliberate intentions to slow the flow of data in a IoT-based system.
Haojie Zhuang, Cloud Security Alliance
Haojie is Director of Research at the Cloud Security Alliance (CSA) APAC, where his portfolio includes delivering initiatives from CSA Working Groups, CSA Corporate Members, SDO’s, governments, and other strategic partners. He plays a large and important role in identifying unique research and influencing the impact of CSA research throughout the industry. His main responsibilities include enhancing overall knowledge of CSA research, CSA members, and affiliates, and technology and trends impacting cloud computing and next-generation IT; participating in goals and accomplishments of CSA and emerging technologies; evaluating research tools, emerging technologies, and strategic relations; aligning research with CSA Chapters, CSA Corporate Members, CSA Working Groups globally; and implementing global research processes with APAC.
Prior to joining CSA, Haojie was at the Intelligent Computing Lab of the Infocomm Media Development Authority (IMDA) of Singapore, where he worked with industry and research community partners to co-develop machine-learning solutions that tackle productivity and sectoral challenges. When he was with the National Cloud Computing Office under the former Infocomm Development Authority (IDA) of Singapore, he managed data-related initiatives, and led awareness creation efforts of cloud computing in Singapore. Haojie obtained his B.Eng (Hons) in Computer Engineering from the National University of Singapore, beginning his career with a brief stint as an events photographer, before getting involved in designing underwater networking protocols at the Infocomm Institute for Research (I2R). Whenever possible, Haojie prefers inline skating to walking.
Presentation: Top Challenges to Secure IOT Deployments
There are many challenges to deploying a secure IOT implementation. Many of the security technologies on the market will play a role in mitigation IOT risks with an enterprise. However, the IOT also introduces new challenges to secure engineering. Many of these would benefit from a targeted research or industry collaboration to determine the optimal Long-term approaches to resolution. The talk will share the CSA’s view of the top challenges facing early adopters of the IOT with a mapping to recommended CSA IOT security controls.
Kang Wei Woo, QuantumCIEL
Dr Kang Wei Woo is Executive Director of QuantumCIEL and Chairman of IoT Security for Smart Nation Working Group, ITSC, Singapore.
Dr Woo has 20 years of experience, contributing to Fortune 100 companies as well as ICT start-ups. He was formerly the Director at the Singapore Engineering Design Centre of Compaq Computer, and the Head of Architecture Board at NEC Global Safety Division where he promoted sustainable technology architecture roadmaps. He was also Principal Investigator with a R&D grant from the Economic Development Board of Singapore for the development of cryptographic technology. Dr Woo specializes in theoretical physics and mathematics, cryptographic algorithms, cyber- physical security, blockchain and fintech security, and the related areas. He received his B.A. degrees in Physics and Mathematics from Cornell University and his M.Sc. and Ph.D. degrees in Theoretical High Energy Physics from Rutgers University.
Presentation: IOT Security for Smart Nation – Challenges & Solutions
With increasing connectivity through digitalization and IoT, security cannot be an afterthought; Singapore Smart Nation IoT Technical Committee has a new Technical Reference (TR) on IoT security which will be published in 2018 and highlights of this TR will be shared as part of the presentation.