Ph.D. Guevara Noubir
College of Computer and Information Science, Northeastern University, Boston, EUA
Dr. Prabhat Mishra
University of Florida, Gainesville, EUA
Ph.D. Jintai Ding
University of Cincinnati, Cincinnati/Ohio, EUA
Cel. Paulo Sérgio Reis Filho
Dra. Cristine Hoepers
Ph.D. Guevara Noubir - College of Computer and Information Science, Northeastern University, Boston, USA
Resumo: The wireless revolution delivered beyond the pioneers dreams, forever changing how we access information, interact with each other, and our physical world. Yet, a confluence of factors indicates that a security and privacy storm is brewing. Limited resources and lack of strong security models, led to a variety of weaknesses in wireless and mobile systems. These risks are amplified by the accelerated pervasiveness and ad hoc integration of wireless communications in a variety of systems, from cyber-physical systems, to IoT and Industrial IoT. At the same time hardware and in particular wireless softwarization is removing natural barriers such as attacks physical co-location, or cost. In this talk we reflect on some of the wireless and mobile security and privacy challenges and trends, from side-channel attacks to cross-layer attacks, as well as defense approaches and their limitations. In particular, the need and path to systematic modeling of security threats and defenses, as well as security by design approaches considering software-enabled attacks.
Sobre o palestrante: Guevara Noubir holds a PhD in Computer Science from the Swiss Federal Institute of Technology in Lausanne (EPFL). His research covers both theoretical and practical aspects of privacy, security, and robustness in networked systems. Prior to joining Northeastern University, he was a senior researcher at CSEM SA where he led the design and development of the data protocol-stack of the third generation Universal Mobile Telecommunication System (UMTS) and its world first 3G prototype. His research led to a wide range of mechanisms and algorithms for scalable, secure, private, and robust wireless and mobile communications. He led the winning team of the 2013 DARPA Spectrum Cooperative Challenge against 90 academic and industry teams. He is a recipient of the National Science Foundation CAREER Award (2005), Google Faculty Research Award (2016), the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) best paper award in 2011 and 2018, and IEEE Conference on Communications and Network Security (CNS) best paper award in 2017. His research was featured in the NSF CISE/CNS Highlights in 2009 and 2012. Professor Noubir has held visiting research positions at Eurecom, MIT, and University of Edinburgh. He served as program co-chair of many conferences in his areas of expertise, including the ACM Conference on Security and Privacy in Wireless and Mobile Networks, IEEE Conference on Communications and Network Security, and IEEE WoWMoM. He also co-chaired two NSF Workshops on bio-computation and communications. He serve(d) on the editorial board of the IEEE Transaction on Mobile Computing, the Elsevier Journal on Computer Networks, the ACM Transactions on Information and System Security, and the ACM Transactions on Privacy.
Dr. Prabhat Mishra - University of Florida, Gainesville, USA
Resumo: Secure cyberspace relies on the trustworthiness of the underlying hardware. System-on-Chip (SoC) is the brain behind computing and communication in a wide variety of systems, starting from simple electronic devices in smart homes to complex navigation systems in airplanes. Reusable hardware Intellectual Property (IP) based SoC design has emerged as a pervasive design practice in the industry to dramatically reduce SoC design and verification cost while meeting aggressive time-to-market constraints. Growing reliance on these pre-verified hardware IPs, often gathered from untrusted third-party vendors, severely affects the security and trustworthiness of computing platforms. These IPs may come with deliberate malicious implants to incorporate undesired functionality, undocumented test/debug interface working as hidden backdoor, or other integrity issues. It is crucial to evaluate the integrity and trustworthiness of third-party IPs for designing trustworthy systems. In this talk, I will introduce a wide variety of hardware security vulnerabilities, design-for-security solutions, and possible attacks and countermeasures. I will briefly describe how the complementary abilities of simulation-based validation, formal verification as well as side channel analysis can be effectively utilized for comprehensive SoC security and trust validation. I will conclude with a discussion on application-specific security solutions as well as future hardware security challenges.
Sobre o palestrante: Prabhat Mishra is a Professor in the Department of Computer and Information Science and Engineering at the University of Florida. He is a UF Preeminence Term Professor, the Research Director of Nelms Institute for the Connected World, and a member of the Florida Institute of Cybersecurity. His research interests include hardware security and trust, embedded and cyber-physical systems, energy-aware computing, formal verification, system-on-chip validation, and post-silicon debug. He received his Ph.D. in Computer Science and Engineering from the University of California, Irvine in 2004. He has published 7 books, 25 book chapters, and more than 150 research articles in premier international journals and conferences. His research has been recognized by several awards including the NSF CAREER Award, IBM Faculty Award, ten best paper awards and nominations, and EDAA Outstanding Dissertation Award. Prof. Mishra currently serves as an Associate Editor of ACM Transactions on Design Automation of Electronic Systems, IEEE Transactions on VLSI Systems, and Journal of Electronic Testing. He is an ACM Distinguished Scientist and a Senior Member of IEEE, and served as an ACM Distinguished Speaker during 2016-2019.
Ph.D. Jintai Ding - University of Cincinnati, Ohio, USA
Resumo: Public key cryptosystems (PKC) are critical part of the foundation of modern communication systems, in particular, Internet. However, Shor's algorithm shows that the existing PKC like Diffie-Hellmann key exchange, RSA and ECC can be broken by a quantum computer. To prepare for the coming age of quantum computing, we need to build new public key cryptosystems that could resist quantum computer attacks. In this lecture, we present a practical and provably secure (authenticated) key exchange protocol based on the learning with errors problems, which is conceptually simple and has strong provable security properties. This new construction was established in 2011-2012. These protocols are indeed practical. We will explain that all the existing LWE based key exchanges are variants of this fundamental design. In addition, we will explain how to use the signal function invented for KE for authentication schemes.
Sobre o palestrante: Professor Jintai Ding is a Professor of Mathematics at the University of Cincinnati, and a world expert at post-quantum cryptography. He holds multiple patents for his cryptographic algorithms, a PhD from Yale and has guest lectured extensively throughout the world at universities such as the University of Oxford, University of Tokyo and Technical University of Darmstadt. He is the inventor of Rainbow signature scheme and the LWE-based key exchange scheme, and a co-inventor of the Ding-Iohara algebra. He is the Co-chairman of the ABCmint foundation at Zug. The ABCmint foundation is devoted to building quantumproof blockchain technology that can resist quantum computer attacks.
Cel. Paulo Sérgio Reis Filho - ENaDCiber/ComDCiber/Exército Brasileiro, Brasília
Resumo: A formação de recursos humanos na área de defesa cibernética é um grande desafio mundial. A Escola Nacional de Defesa Cibernética (ENaDCiber) visa disseminar as capacitações necessárias à Defesa Cibernética, no âmbito da Defesa Nacional, bem como contribuir com as áreas de pesquisa, desenvolvimento, operação e gestão de Defesa Cibernética no Brasil. Esta palestra apresentará o modelo de capacitação do Exército Brasileiro trabalhado via ENaDCiber para capacitação dos recursos humanos que atuam em Defesa Cibernética. A palestra também apresentará áreas de pesquisa de interesse do Setor Estratégico Cibernético da Defesa e que podem auxiliar a alavancar a formação profissional especializada para que a segurança cibernética possa se fortalecer no Brasil.
Sobre o palestrante: Oficial da Arma de Comunicações, o Coronel Paulo Sérgio é Graduado em Ciências Militares pela Academia Militar das Agulhas Negras (1991); Mestre em Operações Militares pela Escola de Aperfeiçoamento de Oficiais (1998); Especialista em Ciências Militares (2010), em Comando e Estado Maior (2012) e em Redes de Computadores e Internet (1998). Com larga experiência profissional em Guerra Eletrônica, tendo atuado inclusive como Chefe do Estado-Maior do Comando de Comunicações e de Guerra Eletrônica do Exército, atualmente é Comandante da Escola Nacional de Defesa Cibernética (ENaDCiber), vinculada ao Comando de Defesa Cibernética (ComDCiber) do Exército Brasileiro.
Dra. Cristine Hoepers - CERT.br | NIC.br
Resumo: A última década marcou uma mudança grande no cenário de segurança na Internet, com a exposição cada vez maior de dados sensíveis e de infraestruturas críticas e com as crescentes motivações financeiras e políticas dos ataques. Em paralelo, novas técnicas para descoberta de vulnerabilidades foram desenvolvidas e um mercado de negociação de 0-days floresceu, com governos como principais clientes. Este cenário tem gerado reações em vários níveis, incluindo novas leis e códigos de ética para pesquisa sobre vulnerabilidades. No cenário global o assunto é discutido de fóruns técnicos à Comissão de Desarmamento da ONU. Esta palestra vai discutir estes e outros tópicos e como eles podem impactar o cenário de ameaças e o dia-a-dia de quem faz pesquisas de segurança.
Sobre a palestrante: Dra. Cristina Hoepers, Gerente Geral do CERT.br/NIC.br, é formada em Ciências da Computação pela UFSC e Doutora em Computação Aplicada pelo INPE. Trabalha com Gestão de Incidentes de Segurança no CERT.br desde 1999, onde atua no apoio para a criação de novos Grupos de Resposta a Incidentes de Segurança (CSIRTs) no Brasil, no treinamento de profissionais de segurança e no desenvolvimento e disseminação de boas práticas de operação de redes Internet. É também instrutora dos cursos do CERT/CC, da Carnegie Mellon University, e da Escola de Governança da Internet no Brasil, do CGI.br. Participou do Comitê Gestor do FIRST e da Coordenação dos Fóruns de Boas Práticas sobre Spam e CSIRTs do Internet Governance Forum (IGF), das Nações Unidas. Foi moderadora e palestrante em eventos nacionais e internacionais, incluindo fóruns da OEA, ITU, FIRST, IGF, LACNIC e London Action Plan.
Coordenação das Palestras e Tutoriais do SBSeg 2019:
Priscila Solís (Departamento de Ciência da Computação, Universidade de Brasília)
Raul Ceretta Nunes (UFSM)
Coordenação Geral do SBSeg 2019:
Routo Terada (IME-USP)
Daniel Macêdo Batista (IME-USP)
O SBSeg 2019 é uma iniciativa da Sociedade Brasileira de Computação (SBC).