Fall 2013

Abstract:

In this talk, we develop a new cryptographic scheme called Efficient and Tiny Authentication (ETA), which is especially suit- able for resource-constrained devices. That is, ETA does not require any expensive operation at the signer side and therefore is more computationally efficient than traditional signatures. Moreover, ETA has much smaller private key, signature and public key sizes than that of its counterparts (e.g., multiple-time and online/offline signatures, pre-computed tokens). ETA is also fully tolerant to packet loss and does not require time synchronization. All these properties make ETA an ideal choice to provide authentication and integrity for heterogeneous systems, in which resource-constrained devices produce publicly verifiable signatures that are verified by resourceful devices (e.g., gateways, laptops, high-end sensors).

Biography:

Dr. Attila A. Yavuz is a member of security and privacy research group within Robert Bosch Research and Technology Center North America. He joined Bosch in 2011, after he graduated from North Carolina State University (NCSU) with a PhD degree in Computer Science. He received a BS degree in Computer Engineering from Yildiz Technical University in 2004 and a MS degree in Computer Science from Bogazici University in 2006, both in Istanbul, Turkey.

Abstract:

Vehicles are facing increasing security vulnerabilities as they become connected to the Internet and with each other. Researchers and hackers were able to modify the software on electronic control units (ECUs). They have placed unauthorized devices and software on vehicles to control a wide range of vehicle functions. More worrisome are attacks over wireless communications. Key fob signals have been hijacked to open vehicle doors and start vehicle engines even when the drivers' key fobs are far away from the car. Security keys used to protect messages from key fobs have been broken. Wireless tire pressure monitoring systems have been hacked to set bogus time pressure status. Malware can propagate onto vehicle electronic systems through multiple venues. Vehicle-to-vehicle (V2V) communications will introduce another new domain of security challenges. These vulnerabilities, unfortunately, represent only the beginning of the many more challenges that must be addressed as more communication applications are brought into vehicles.

Addressing these and future vehicle security challenges requires the solutions to meet many vehicle-specific requirements. For example, many devices on vehicles have significantly limited abilities due to cost constraints. Security operations should be highly automated and should not require driver intervention. Vehicle security threat detections must be performed with extremely low error rates to reduce the probabilities of wrongfully blaming innocent vehicles and drivers. Any security capability placed onboard vehicles must be kept up to date over the vehicles' long life cycles without causing inconvenience to vehicle owners and in ways that does not consume excessive wireless bandwidth. A solution must be highly scalable to support, for each automaker, millions of new vehicles each year, tens of millions of vehicles in operation, tens to over a hundred devices on each vehicle, and many more spare parts. This list goes on.

This paper will highlight these security challenges and discuss selected solutions.

Biography:

Dr. Tao Zhang is the Chief Scientist for Cisco Connected cars at Cisco Systems. He is a Fellow of the IEEE. For over 25 years, he has been directing research and product development in mobile and vehicular networks. He has co-authored two books "Vehicle Safety Communications: Protocols, Security, and Privacy" and "IP-Based Next Generation Wireless Networks" published in 2012 and 2004 respectively by John Wiley & Sons. He holds 33 US patents covering areas such as security, mobility management, information dissemination, and energy-conversing protocols for wireless, mobile ad-hoc, sensor, and vehicular networks. Dr. Zhang was a founding member of the Board of Directors of the Connected Vehicle Trade Association (CVTA) in the US. He is the Chair of the IEEE Communications Society Technical Committee on Vehicular Networks and Telematics Applications. He has been serving on editorial boards or as a guest editor for a number of leading technical journals. He has been serving on the industry advisory boards for several research organizations and has been an adjunct professor at multiple universities.

Abstract:

Tremendous amounts of personal data about individuals are being collected and mined in statistical databases by industry (e.g., Web, medical) and government agencies (e.g. Census). Legal requirements and an increase in public awareness due to egregious breaches of individual privacy have made privacy in statistical databases an important field of research. Privacy definitions provide rigorous ways for trading off the privacy of individuals for the utility of the results of data analysis in such databases. Differential privacy is an important standard for privacy, and it exposes one knob 'epsilon' for tuning this tradeoff.

In this talk, I will show that differential privacy does not sufficiently capture the diversity in the privacy-utility trade-off space -- it provides insufficient utility in some applications and insufficient privacy when data are correlated. I will then describe Blowfish, a class of privacy definitions that provides a richer interface for trading-off privacy for utility. In particular, we allow data publishers to extend differential privacy using a policy, which specifies which information must be kept secret, and what constraints maybe known about the data. While the former allows increased utility by not protecting certain properties about individuals, the latter provides added protection against adversary who know correlations in the data (arising from constraints). I will formalize privacy policies, present novel algorithms that explore new points in the privacy-utility trade-off space, and briefly mention how this work is being adopted in the US Census.

Biography:

Ashwin Machanavajjhala is an Assistant Professor in the Department of Computer Science, Duke University. Previously, he was a Senior Research Scientist in the Knowledge Management group at Yahoo! Research. His primary research interests lie in data privacy, systems for massive data analytics, and statistical methods for information extraction and entity resolution. He is a recipient of the NSF CAREER award in 2013. Ashwin graduated with a Ph.D. from the Department of Computer Science, Cornell University. His thesis work on defining and enforcing privacy was awarded the 2008 ACM SIGMOD Jim Gray Dissertation Award Honorable Mention. He has also received an M.S. from Cornell University and a B.Tech in Computer Science and Engineering from the Indian Institute of Technology, Madras.