What is the targeted deanonymization side-channel attack? Why hasn’t it been fixed yet? Will somebody volunteer for the live demo? 

Abstract
They are remotely programmable, they are installed on every computer and every phone, and they process a huge amount of extremely sensitive information. This combination makes web browsers a permanent target for attackers in general, and for side-channel analysts in particular.

This talk will survey one such attack, targeted deanonymization. I will explain the attack, talk about its evolution from desktop to mobile to classroom, discuss defenses against the attack, and try to understand, together with the audience, why it still exists four years after it was disclosed to Google. If a suitable volunteer is found, the talk will also include a live demo on one of the attendees’ personal devices.

Joint work with Tapan Basak, Robert Blacha, Mojtaba Zaheri, Reza Curtmola and Hai Phan.

Bio
Prof. Yossi Oren is an Associate Professor in the Institute for Software, Systems and Security (S³) at the Stein Faculty of Computer and Information Science at Ben Gurion University of the Negev, and a member of BGU’s Cyber Security Research Center. Prior to joining BGU, Yossi was a Post-Doctoral Research Scientist in the Network Security Lab at Columbia University in the City of New York and a member of the security lab at Samsung Research Israel. He holds a Ph.D. in Electrical Engineering from Tel-Aviv University (thesis), and an M.Sc. in Computer Science from the Weizmann Institute of Science (thesis).

His research interests include implementation security (side-channel attacks, micro-architectural attacks, power analysis and other hardware attacks and countermeasures; low-resource cryptographic constructions for lightweight computers) and cryptography in the real world (consumer and voter privacy in the digital era; web application security). He has been recognized by The Register as a Top Boffin.

Photo provided by speaker

Is standardization fast enough to cope with modern attack vectors? 🤨

Mobile Networks have security built in starting with 2G. This lecture gives an introduction to mobile networks and which security measures are in place. It’s your opportunity to ask anything you’ve ever wanted to know about mobile networks!

Bio

Georg Löffelmann is the Head of Department Mobile at A1 Telekom and has 25+ years of experience in the telecoms industry, of which 15+ years are in leading large teams with both strategic and operational focus.

As a member of A1 Group, he successfully delivered on large international projects and trusts in a large network of both national and international colleagues and industry partners. He has a deep technical know-how regarding mobile network technologies 2G-6G as well as NFV, SDN,(XG)PON, HFC, DSL, SDH, WDM, IP and MPLS.

Photo © Sabine Hauswirth  

Abstract

As cloud computing adoption grows, so do concerns about trust and data privacy. Confidential computing, powered by innovative hardware technologies like Intel SGX and AMD SEV, promises strong isolation and transparent memory encryption to protect against privileged attackers and physical threats such as bus snooping and cold boot attacks.

This talk overviews our recent work on BadRAM and BatteringRAM, showing that state-of-the-art memory encryption can be reliably bypassed with limited physical access and ~$50 of custom hardware. By introducing a novel form of runtime memory aliasing, we defeat even the firmware defenses deployed in response to our earlier findings; ultimately exposing fundamental limitations in today’s scalable confidential computing designs.

Bio

Jo Van Bulck is a professor in the DistriNet lab at the Department of Computer Science of KU Leuven, Belgium. His research explores attacks and defenses at the hardware-software boundary, with particular attention to privileged side channels in trusted execution environments.

Jo’s research has uncovered several innovative attack vectors in commodity Intel x86 processors that have led to microcode and silicon mitigations in hardware, as well as software patches in major operating systems and compilers.

Photo provided by speaker

Abstract

For languages over finite words, automata types that permit polynomial-time minimization are well-known. For languages over infinite words, as used when specifying the behavior of reactive systems, finding an automaton class that has a polynomial-time minimization algorithm proved to be substantially more difficult.
While some such representations for so-called lasso languages exists, their use in applications is limited and tends to be restricted to language learning.

In this talk, we present recent progress towards solving this problem. We start by showing how arbitrary omega-regular languages can be canonically decomposed into a series of co-Büchi languages, each of which can in turn be made canonical and minimized by representing them as history-deterministic co-Büchi automata with transition-based acceptance. We show how to translate such a chain of co-Büchi automata (COCOA) representation into a fixpoint formula for performing reactive synthesis over a game graph.

Afterwards, we consider the question if the main ideas of the COCOA representation can be lifted to an automaton model in which the language to be represented is only encoded as a single automaton, as usual in automata theory. We show that a reinterpretation of how history-deterministic co-Büchi automata accept words can be combined with parity acceptance to obtain a polynomial-time minimizable automaton model for arbitrary omega-regular languages. Finally, we show that this new automaton model is useful both for reactive synthesis and probabilistic verification.

Bio

Rüdiger Ehlers received his doctorate from Saarland University in 2012 and held researcher positions at UC Berkeley and Cornell University before becoming a junior research group leader at the University of Bremen. Since 2019, he is professor for embedded systems at Clausthal University of Technology.

Photo provided by speaker

We’ll give an overview of the Major Information Security and all you need to know about it (including our new Master@ISEC network and its benefits ), introduce the new updated curriculum with several exciting new courses, and provide an opportunity to meet fellow students and lecturers while enjoying some pizza. No matter if you just started or are heading to the end of your studies–anyone interested is welcome!