Once again, IAIK will hold the Graz Security Week. This summer school targets graduate students interested in security and correctness aspects of computing devices.
Click here to check out the details of the programme and speakers, and to register!
We are looking forward to seeing you there!
The Austrian Computer Science Day (ACSD) is an annual assembly that brings together computer scientists across Austria and beyond to improve visibility of the field and foster collaboration in research and teaching.
This year’s focus is on trusted computing, raising crucial questions: Can we trust artificial intelligence? Can we prove that our implementations are correct? How secure is our data?
Click HERE to register for your free participation!
Daniel Gruss of IAIK received the prestigious EU Starting Grant for research on energy-efficient IT security from the European Research Council in 2022.
With his ERC Starting Grant, he is researching how energy efficiency in IT can be increased in the future without causing security gaps.
Abstract:
This presentation will first introduce the FragAttacks vulnerabilities (USENIX 2021). The FragAttacks findings consist of three cryptographic design flaws in the fragmentation and aggregation features of Wi-Fi. Additionally, the FragAttacks research discovered multiple widespread implementation flaws related to fragmentation and aggregation. We give a brief overview of these design and implementation vulnerabilities.
An open question is how many Wi-Fi networks in the meantime have been updated to fix these vulnerabilities. In the second part of the presentation, we will show how some of the FragAttacks vulnerabilities can be reliably detected during a Wi-Fi survey (also known as a Wi-Fi wardrive). This would enable researchers to measure how many access points have been updated, and how much of a risk the vulnerabilities still present. Most importantly, we examine the ethical aspects of possibly doing such a Wi-Fi survey, and hope to discuss the ethical aspects of this with the audience.
Short Bio:
Mathy Vanhoef is an Assistant Professor at KU Leuven University in Belgium. He’s interested in network and software security, where he studies the security of the full network stack, with a focus on Wi-Fi security and applied cryptography. In this area, he tries to bridge the gap between real-world code and theory. He previously discovered the KRACK attack against WPA2 and the Dragonblood attack against WPA3. He also collaborated with the industry to design and standardize two new Wi-Fi defenses. One of these defenses, called beacon protection, will become mandatory in Wi-Fi 7.
In recent years research in symmetric cryptography has focused on lightweight ciphers, leading even to an open NIST competition dedicated to it. In this talk we take a step back and look at lightweight cryptography from a more historical perspective.
Short bio:
Since March 2015, he is a full professor symmetric cryptography at Radboud University Nijmegen in the Digital Security (DiS) Group and since September 2018 this has become his full-time job. Currently he is head of the DiS group. Until that date, he worked near Brussels, Belgium as a security architect and cryptographer for STMicroelectronics (2003-2018), previously Proton World (1998-2003), previously Banksys (1996-1998), all that time in the security engineering group led by Yves Moulart. Before that he worked shortly at Bacob Bank (1996) in Brussels as a security architect and he spent one year in IT support at J&J (1995-1996) on the Janssen site in Beerse, Belgium. He did a PhD on the design of symmetric cryptography at COSIC in Leuven from 1988 until 1995.
Bugs in software and hardware can often to catastrophic consequences. There are various ways to improve software quality, formal verification being the most rigorous of all. In formal verification, the goal is to translate programs into formulas, and then automatically prove the correctness of these formulas. Formal methods offer a vast collection of techniques to analyze and verify these systems mathematically to ensure the correctness, robustness, and safety of software and hardware systems against a specification. Despite the significant success of formal method techniques, privacy requirements are not considered in their design.
In the last two decades, we have witnessed fascinating progress in the area of automated reasoning. Modern automated reasoning tools are now applied daily to tasks in program analysis, software engineering, hardware verification, and various other domains. The efficacy of such tools allows their application to even large-scale industrial codebases.
In this talk, we will present our work on adding a privacy-aware perspective to automated reasoning. When using automated reasoning tools, the implicit requirement is that the formula to be proved is public. We propose the concept of privacy-preserving formal reasoning. In our recent work on a zero-knowledge protocol for proving the unsatisfiability of Boolean formulas in propositional logic, we developed a highly efficient protocol for knowledge of a resolution proof of unsatisfiability. We encoded verification of the resolution proof using polynomial equivalence checking, which enabled us to use fast ZKP protocols for polynomial satisfiability.
BIO:
Ruzica Piskac is an associate professor of computer science at Yale University. Her research interests span the areas of programming languages, software verification, automated reasoning, and code synthesis. A common thread in Ruzica’s research is improving software reliability and trustworthiness using formal techniques. Ruzica joined Yale in 2013 as an assistant professor and professor, and prior to that, she was an independent research group leader at the Max Planck Institute for Software Systems in Germany. In July 2019, she was named the Donna L. Dubinsky Associate Professor of Computer Science, one of the highest recognitions that an untenured faculty member at Yale can receive. Ruzica has received various recognitions for research and teaching, including the Patrick Denantes Prize for her PhD thesis, a CACM Research Highlight paper, an NSF CAREER award, the Facebook Communications and Networking award, the Microsoft Research Award for the Software Engineering Innovation Foundation (SEIF), the Amazon Research Award, and the 2019 Ackerman Award for Teaching and Mentoring.
We present our new open bachelor’s thesis topics and award prizes to excellent students who contributed to scientific publications this past year.
If you’re interested in joining us for your bachelor’s thesis in security, this is the best way to get an impression of our topics as well as how a bachelor’s thesis at IAIK works: You’ll hear about our research areas and current hot topics, our Bachelor@IAIK program where you can work on your thesis together with your fellow students in one of our offices if you like, and maybe you’ll get to know your supervisor while chatting along.
The event will also be the kick-off lecture in Introduction to Scientific Working (ISW) where you will be able to choose your preferred topic!
We are looking forward to meeting you!
Once again, IAIK will hold the Graz Security Week. The summer school targets graduate students interested in security and correctness aspects of computing devices.
Click here to check out the programme, speakers, and all the details!
We are looking forward to seeing you there!
Meeting ID (access code): 2733 968 8841 Meeting password: imNugMMt623
Daniele Venturi introduced a new form of encryption that we name matchmaking encryption (ME). Using ME, sender S and receiver R (each with its own attributes) can both specify policies the other party must satisfy in order for the message to be revealed. The main security guarantee is that of privacy-preserving policy matching: During decryption nothing is leaked beyond the fact that a match occurred/did not occur. ME opens up new ways of secretly communicating, and enables several new applications where both participants can specify fine-grained access policies to encrypted data. For instance, in social matchmaking, S can encrypt a file containing his/her personal details and specify a policy so that the file can be decrypted only by his/her ideal partner. On the other end, a receiver R will be able to decrypt the file only if S corresponds to his/her ideal partner defined through a policy. On the theoretical side, we define security for ME, as well as provide generic frameworks for constructing ME from functional encryption. These constructions need to face the technical challenge of simultaneously checking the policies chosen by S and R, to avoid any leakage. On the practical side, we construct an efficient identity-based scheme for equality policies, with provable security in the random oracle model under the standard BDH assumption. We implement and evaluate our scheme and provide experimental evidence that our construction is practical. We also apply identity-based ME to a concrete use case, in particular for creating an anonymous bulletin board over a Tor network.
We present our new open bachelor’s thesis topics and award prizes to excellent students who contributed to scientific publications this past year.
If you’re interested in joining us for your bachelor’s thesis in security, this is the best way to get an impression of our topics as well as how a bachelor’s thesis at IAIK works: You’ll hear about our research areas and current hot topics, our Bachelor@IAIK program where you can work on your thesis together with your fellow students in one of our offices if you like, and maybe you’ll get to know your supervisor while chatting along.
The event will also be the kick-off lecture in Introduction to Scientific Working (ISW) where you will be able to choose your preferred topic!
We are looking forward to meeting you!
