Title: Ephemeral Identifiers: Privacy in IoT --- the BLE beacons ecosystem
Abstract: Bluetooth Smart (also known as Bluetooth Low Energy) beacons broadcast their presence in order to enable proximity-based applications by observer devices. This results in a privacy and security exposure: broadcast devices are typically susceptible to tracking and spoofing based on the IDs used by the beacons. It seems, therefore, that we lost all privacy given these device modus operandi (and similar broadcasting “things”) due to the global exposure of mobile units to many possible tracking readers. To resolve this situation we introduce a scheme consisting of cloud-based Ephemeral Identifiers (EID) which allows only authorized parties to properly identify the beacons broadcast. The scheme mitigates the basic tracking and security threats while keeping high utility and utilize a global reach of a trusted agent as a resource over the cloud (applying the principle of “fighting fire (global exposure) with fire (global agent)”). We outline a formal model of privacy which is obtained with our scheme, present its implementation, and discuss possible extensions. The proposal is the basis for Google’s Eddystone standard, supported by about thirty industry partners for privacy critical applications.
Bio: Moti Yung is a Research Scientist with Snapchat. From 2007 till early 2016 he was with Google Inc. He received his Ph.D degree in department of Computer Science in Columbia University. He is also an Adjunct Senior Research Faculty in the computer science department of Columbia University. Before that, he was a technology consultant to leading companies and governments, a member of RSA Labs, a Chief Scientist of CertCo Inc. (originally, Bankers Trust Electronic Commerce), and a member of IBM Research. His main research interests are in the areas of security, cryptography, and privacy, as well as in distributed computing algorithms, and related areas in computer science. He has been widely recognized for his extensive contributions to the foundations of basic cryptographic systems and protocols, as well as to constructions leading to practical use and implementations in systems and networks. In the last 30 years he has been working on, both, central issues in the scientific foundations and theory, as well as on crucial industrial solutions, and he has published over 400 works. He holds over 50 patents. Many of his publications appeared in refereed journals and conferences in the areas of cryptography, theory of computing, and information and system security. Those venues include IEEE FOCS, IEEE S&P, IEEE TIT, TON, TIFS, TC, J. ACM, ACM TISSEC, IJIS, JCS, J. Cryptology, STOC, SODA, CCS, CRYPTO, EUROCRYPT, ASIACRYPT, TCC, STACS, ICALP, INFOCOM, ESORICS, ACNS, PKC, CHES, CT-RSA, PODC, etc. In 2010 Moti delivered the annual IACR's Distinguished Lecture in Cryptography. He was on the steering committee of ACM CCS and is a board member of IACR (Int. Association for Cryptologic Research), and has served as general chair, program committee chair, steering committee member, and program committee member of numerous international conferences. He has also been an invited/ keynote speaker at many international academic conferences and industrial venues.
Title: Detecting Malicious Cyber Infrastructures for Fun and Profit
Abstract: Nowadays, cybercriminals usually build dynamic malicious cyber infrastructures rather than a single server to conduct their malicious activities. In their malicious cyber infrastructures, multiple servers are usually used to be efficient and anonymous in (i) malware distribution (using redirectors and exploit servers), (ii) control (using C&C servers) and (iii) monetization (using payment servers), and (iv) being robust against server takedowns (using multiple backups for each type of servers).
In order to understand and detect those malicious cyber infrastructures, In this talk, I will present a set of automatic systems to model these malicious cyber infrastructures and to find more servers involved in them from new perspectives. We have tested our systems with large-scale real network traffic. Our results show that we can find new malicious servers involved in malicious cyber infrastructures with low false positives.
Bio: Dr. Guofei Gu is an associate professor in the Department of Computer Science & Engineering at Texas A&M University (TAMU). He received his Ph.D. degree in Computer Science from the College of Computing, Georgia Institute of Technology. His research interests are in network and system security, such as malware and APT (Advanced Persistent Threat) defense, software-defined networking (SDN) and cloud security, and mobile/smartphone security. Dr. Gu is a recipient of 2010 NSF CAREER Award, 2013 AFOSR Young Investigator Award, IEEE S&P'10 (a.k.a. Oakland'10) Best Student Paper Award, and ICDCS'15 Best Paper Award. He is an active member of the security research community and has pioneered several new research directions such as botnet detection/defense and SDN security. Dr. Gu has served on the program committees of top-tier security conferences such as IEEE S&P, ACM CCS, USENIX Security, and NDSS, among many others. He is an Associate Editor for IEEE Transactions on Information Forensics and Security (TIFS) and a Steering Committee co-chair for International Conference on Security and Privacy in Communication Networks (SecureComm). He is currently directing the SUCCESS (Secure Communication and Computer Systems) Lab at TAMU.