February 2021

Publications

• Bouguettaya Athman, Sheng Quan, Ghari-Neiat Azadeh, Mistry Sajib, Ghose Aditya, Nepal Surya, Yao Lina, An Internet of Things Service Roadmap, has been accepted at ACM, Communications of the ACM is a highly prestigious venue. The paper presents a roadmap for novel IoT services for the next decade.
• Fei Zhu, Xun Yi, Alsharif Abuadbba,  Ibrahim Khalil, Surya Nepal,  Xinyi Huang “Cost-Effective Authenticated Data Redaction with Privacy Protection in IoT”, IEEE Internet of Things Journal (IF 9.9), https://ieeexplore.ieee.org/document/9354855

Highlights: we introduce a novel authentication for Redacted Signature Schemes with privacy protection suitable for IoT. We also prove the security of the scheme in the random oracle model under  practical assumptions.

• Sharif Abuadbba, Hyoungshick Kim, and Surya Nepal. “DeepiSign: Invisible Fragile Watermark to Protect the Integrity and Authenticity of CNN.” arXiv preprint arXiv:2101.04319 (2021). Accepted at ACM SAC 2021.

Highlights: DeepiSign introduces an idea of protecting deployed Neural network models by invisible watermarking signature that tells us anytime the model has been tampered with.

• Two papers accepted in the A* ranked security conference NDSS.

OblivSketch: Oblivious Network Measurement as a Cloud Service, Shangqi Lai, Xingliang YUAN, and Joseph Liu; Xun Yi; Qi Li; Dongxi Liu; Nepal Surya.

Practical Non-Interactive Searchable Encryption with Forward and Backward Privacy, Shi-Feng Sun, Ron Steinfeld, and Shangqi Lai ; Xingliang YUAN; Amin Sakzad and Joseph Liu; ‪Surya Nepal; Dawu Gu

• Two Papers accepted in A* ranked Software engineering conference ICSE:

Fine with “1234”? An Analysis of SMS One-Time Password Randomness in Android Apps, Siqi Ma, Juanru Li, hyoungshick kim, Elisa Bertino, Surya Nepal, Diet Ostry, Cong Sun

An Empirical Assessment of Global COVID-19 Contact Tracing Applications, Ruoxi Sun, Zach Wei Wang, Minhui (Jason) Xue, Gareth Tyson, Seyit Camtepe, Damith C. Ranasinghe

• Muhammed Esgin, Veronika Kuchta, Amin Sakzad, Ron Steinfeld, Zhenfei Zhang, Shifeng Sun and Shumo Chu, “Practical Post-Quantum Few-Time Verifiable Random Function with Applications to Algorand”, Financial Cryptography and Data Security 2021 (accepted). This paper introduces the first practical post-quantum verifiable random function (VRF), which is an important primitive used in Proof-of-Stake based blockchain protocols. VRFs are used by popular blockchain companies such as Algorand and Dfinity. The paper is a result of a collaboration involving people from overseas, particularly from Algorand, a well-known blockchain company in the US, and University of California, Santa Barbara.
• Jongkil Kim, Seyit Camtepe ,Joonsang Baek, Willy Susilo, Josef Pieprzyk, Surya Nepal, Practical and Privacy-Preserving Deep Packet Inspection, ACM ASIA Conference on Computer and Communications Security (accepted). This is one of the highly respected security conferences. The paper investigates cryptographic methods to inspect encrypted network traffic in privacy preserving manner.

Projects

• Cyber Security pilot with CSCRC to boost small and medium business against cyber attacks in South Australia.

The Cyber Security Cooperative Research Centre (CSCRC) will lead a ‘hands on’ pilot project focused on uplifting cyber security across Australia’s small to medium business sector (SMEs). The pilot, launched in Adelaide on the 23/2/21 will involve six South Australian SMEs across a broad range of critical sectors measuring their baseline cyber security and providing practical, cost effective uplift solutions over six months. A collaboration between the CSCRC, CyberCX, CSIRO’s Data61 and the Australian Cyber Security Centre (ACSC), and supported by the Government of South Australia, the pilot will provide a blueprint for SME cyber uplift that can be rolled out across the nation.

https://cybersecuritycrc.org.au/cyber-security-pilot-bolster-small-medium-business-against-hack-attacks

https://ia.acs.org.au/article/2021/aussie-smes-getting-a-cyber-upgrade.html

• Deepisign: ‘convolutional Neural Networks (CNNs) deployed in real-life applications such as autonomous vehicles, have shown to be vulnerable to manipulation attacks, such as poisoning attacks and fine-tuning. Hence, it is essential to ensure the integrity and authenticity of CNN’s because compromised models can produce incorrect outputs and behave maliciously. In this paper, we propose a self-contained tamper-proofing method, called DeepiSign, to ensure the integrity and authenticity of CNN models against such manipulation attacks. The idea is very simple: How can we tell the 5 dollars note is real or fake? Of course, we look at the watermark manually or using devices. We borrowed the same concept to protect neural networks after deployment and distinguish them from backdoored ones. The challenge was how to embed an invisible watermark randomly within the neural networks in a way that does not degrade their utility after deployment. Only, the owner of the network can verify its correctness but others can only see a normal neural network. We demo that we are able to embed a random invisible watermark that can tell us if the neural network has been tampered with (real vs fake) while maintaining the utility. Our theoretical analysis shows that DeepiSign can hide up to 1KB secret in each layer with minimal loss of the model’s accuracy.’ Sharif Abuadbba.
• Interesting collaboration: The Human Centric Security team is collaborating with the Visual Analytics team in Data61, securing an Round 2 Interchange project ‘Digital Twinning for Cyber Resilient Infrastructures’. This project will use cyber security, AI and virtualisation expertise, combined with industry specific inputs, to create a simulation environment for CI.

Students:

DSS hosted 22 vacation scholars this summer, over 4 sites. Let’s hear from some of them.

Connor ‘I really enjoyed working on a project that had real-world impact in industry. I found it really interesting and engaging working alongside research scientists and learning about how they address and solve complex problems.’

Adam ‘ I could say something wonderful about each person I met on this internship, you’re all just good people. It was challenging and enjoyable to see behind the curtain of the fabled research sector, I loved that I could work with my friend Will and build something in consultation with my supervisors. We can look at something at the end of this and say we built that simulator, but at the same time we have written a paper and started an academic study which could have real wide spread positive impact on the management profession. I felt supported the whole time, whether it was flexible hours so that I could deal with life things, or getting through difficult parts of the project. Thank you, I feel all the stronger for this experience.’

Andrew ‘Aside from working at CSIRO’s Data61, which in and of itself is a huge accomplishment, I accomplished several of my goals for 2020-21. Firstly, I learnt first hand how industry professionals approach problem solving. Moreover, I was exposed to how academic researchers publish their findings. Something else I am incredibly proud of is how much practical experience I learnt from my time with CSIRO. In my cover letter I explained how I desperately wanted to know more about how the computer engineering and research field operated first hand. I went on to describe how I had several years experience from tirelessly working at my Advanced Computing degree at The Australian National University but I wanted to put them to use on a meaningful project – CSIRO gave me that opportunity, and for that I am forever grateful. In my experience I find nothing more satisfying to me than learning something new, or sharpening a skill to a point. I entered CSIRO on my first day with very little knowledge of how cloud computing systems or microservices worked; I now confidently build complex cloud architecture and have been using it at CSIRO to detect phishing urls. My supervisor Raj Gaire, proved to be an incredible mentor and his patience, technical skils and overall personability made me strive to do better every day. The vacation scholar program introduced me to many new and innovative concepts that I will continue to work on until I hopefully work with CSIRO again soon.’

Veronika ‘During these three months, I have gained a lot of knowledge in my research area and other valuable domains. In this project, I got the chance to learn fundamental concepts in research such as research problem formulation, methodology construction, and model evaluation. In initiating the project, I was provided with guidance, including the first step to start reading several research papers and state the art in the corresponding research domain.  From this process, I have learned basic concepts in Natural Language Generation (NGL), which includes deep neural network for text generation, text sentiment analysis, and word embedding techniques. The learning process emphasized the theoretical part and the practical part, where possible implementations of the prior studies to solve the defined problem are encouraged. This helped me to be able to analyze each model’s performance as a possible solution to be enhanced and further analyzed. Throughout the project, I was able to explore several well-known techniques in natural language processing, namely, Global Vector as a technique to analyze text semantic similarity, Long Short-Term Memory (LSTM) and GPT-2 model as email content generation tools, and Genetic algorithm as a possible synonym generation tool. Consequently, by combining the concept that I have learned, I built a framework to generate phishing email variation to help current phishing classifier anticipate this type of automated attack. In addition to that, this framework is proposed to help the future study infer some critical insight from evaluating the email variation that may be able to deceive them to a certain extent. Besides the research area, working in this project has helped me learn flexible time management as we need to anticipate any unexpected events that may require us to change our plan frequently. In addition to that, this internship has given me a chance to utilize some functionalities and resources provided by Pawsey, such as running my project on the docker file that I built while using Pawsey resources and defining my job description to be run on Pawsey. Finally, this program has helped me to develop my confidence and communication skills by providing a platform to share and communicate my ideas.’

 

New starters:

• welcome to Yanjun Zhang who is joining the Human Centric Team as a post doc from University of Queensland.
• welcome to Zhi Zhang who joined the IoT team as a post doc

‘I received the prestigious UNSW postgraduate research scholarship and Data61 Ph.D. scholarship to conduct my Ph.D. study under the supervision of Surya Nepal. I have completed my Ph.D. at UNSW and became a postdoctoral fellow in cyber security at Data61 under the supervision of Dongxi Liu. As we are in the virtualization and cloud era, numerous security concerns have arisen about a virtualised computing system. In such a system, OS kernel is one of the most complicated and privileged software stacks, thus becoming the most appealing attack target. From the software side, I focused on leveraging hardware-assisted virtualization techniques to enhance OS kernel security. From the hardware side, rowhammer is a hardware vulnerability in DRAM memory, where repeated access to memory can induce bit flips in neighboring memory locations. I devoted many efforts to analyzing security impacts that rowhammer has on OS kernel and system.

With the huge support from Surya, Dongxi and other group members, I have developed and demonstrated my research capability in the fields of system and hardware security. To be specific, I have published several papers in the world’s top-quality academic venues such as IEEE/ACM International Symposium on Microarchitecture (MICRO), IEEE Transactions on Information Forensics and Security (TIFS), IEEE Transactions on Dependable and Secure Computing (TDSC), International Symposium on Research in Attacks, Intrusions and Defenses (RAID), and Design Automation Conference (DAC). Besides, I was also invited to present advanced attack techniques in industry venues such as Blackhat and Cansecwest. Both are the world’s top hacking conferences. During my Ph.D. period, I spent most of time at Marsfield site of Distributed System Security (DSS) Group. I really enjoyed working here, since this site has a comfortable and healthy workplace environment and our group people are very approachable and diligent. I am also very proud that our group has significantly broaden its impact in both academic and industry within the past years.  Last but not the least, I want to thank Surya for his academic guidance and training. My research achievements would not be possible without his constant support. ‘

Media:

Since March 2020, the NSW Government has been using an early version of the Personal Information Factor (PIF) tool to analyse a dataset’s risk of reidentification and cyber-attacks and apply appropriate levels of protection before the data is released as open data. Developed as a collaboration between CSIRO’s Data61, the NSW Government, the Australian Computer Society (ACS) and several other groups, the PIF privacy tool assesses the risks to an individual’s data within any dataset, allowing targeted and effective protection mechanisms to be put in place. For more info https://algorithm.data61.csiro.au/this-new-data-privacy-tool-is-ensuring-anonymous-covid-19-data-stays-secure-and-private/?utm_source=Snapshot-February-2021&utm_medium=newsletter&utm_campaign=Snapshot

Achievements:

• Josef Pieprzyk has accepted the Editor-in-Chief role for Cryptography, which is an open access journal published by MDPI (https://www.mdpi.com/journal/cryptography). The nomination is by invitation and for two years.
• Best Paper Award in AusPDC workshop for our paper: “Serverless Edge Computing: Vision and Challenges ”, Mohammad Sadegh Aslanpour, Adel N. Toosi, Claudio Cicconetti , Bahman Javadi, Peter Sbarski, Davide Taibi, Marcos Assuncao , Sukhpal Singh Gill, Raj Gaire and Schahram Dustdar

Events:

• Join us for our next SAO seminar in collaboration with Cyber Security CRC: https://research.csiro.au/cybersecurity-quantum-systems/our-sao-seminars/
• Surya Nepal (general co-chair) and Sushmita Ruj (technical co-chair) will co chair the ACISP Conference in July in Perth, with Raj Gaire as a Web Chair, with several DSS members as PC members, for more information https://data61dsslab.github.io/acisp2021/
• join our Human Centric AI seminars Serie https://research.csiro.au/cybersecurity-quantum-systems/the-human-centric-ai-seminars-series/

The Human Centric Security team are running a new monthly series “The Human Centric AI Seminars” that will focus on various research topics in human centered AI.
For more info contact: Kristen Moore and Tina Wu

Free access to anyone interested in Humans and AI