Our SAO seminars

Events organised in collaboration with Cyber Security CRC, supported by the Commonwealth. In those seminars we both showcase External Speakers latest research and Internal CSCRC related research activities. You can find recordings of all our past events down below.

Next monthly events:

JUNE JULY August
EXTERNAL STREAM

Wednesday 20th July 2022. 1-2pm AEST  

Speaker: Prof. Tansu Alpcan, The University of Melbourne, Australia. http://www.tansu.alpcan.org 

Friday, 29 July, at 10:00 am AEST (5pm on Thursday, July 28 PDT)

Speaker: Dr Herbert Lin, Stanford University, US

Thursday, 11 Aug, at 3:00pm to 4:00pm AEST

Prof. Robert Deng, Singapore Management University

INTERNAL STREAM Thursday, 9th June 2022. 3-4pm AEST Sydney time

Meisam Mohammady

Our External Speakers Stream

  • Seminar date/time: Thursday, 11 Aug, at 3:00pm to 4:00pm AEST

Speaker: Prof. Robert Deng, Singapore Management University. http://www.mysmu.edu/faculty/robertdeng/

Title: Achieving Cloud Data Security and Privacy in Zero Trust Environments

Webcast link: https://webcast.csiro.au/#/webcasts/achievingclouddatasecurity

Abstract: This talk will provide an overview on the design and implementation of a system for secure access control, search, and computation of encrypted data in the cloud for enterprise users. The system is designed following the “zero trust” paradigm to protect data security and privacy even if cloud storage servers or user accounts are compromised. This is achieved using end-to-end (E2E) encryption in which encryption and decryption operations only take place at client devices. However, encryption must not hinder access, search and even computation of data by authorized users. There are numerous academic publications in this area and the choice of which cryptographic techniques to use could have significant impact on the system’s scalability, efficiency and usability. We will share our experience in the design of the system architecture and selection of cryptographic techniques with a consideration to balance security, performance, and usability.

Bio: Robert Deng is AXA Chair Professor of Cybersecurity, Director of the Secure Mobile Centre, and Deputy Dean for Faculty & Research, School of Computing and Information Systems, Singapore Management University (SMU). His research interests are in the areas of data security and privacy, network security, and applied cryptography.  He received the Outstanding University Researcher Award from National University of Singapore, Lee Kuan Yew Fellowship for Research Excellence from SMU, and Asia-Pacific Information Security Leadership Achievements Community Service Star from International Information Systems Security Certification Consortium. He serves/served on the editorial boards of ACM Transactions on Privacy and Security, IEEE Security & Privacy, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Information Forensics and Security, Journal of Computer Science and Technology, and Steering Committee Chair of the ACM Asia Conference on Computer and Communications Security. He is a Fellow of IEEE and Fellow of Academy of Engineering Singapore.

Our Internal CSCRC related Research Stream

More seminars to come soon

If you have missed our latest events:

  • Seminar date/time: Friday, 29 July, at 10:00 am AEST (5pm on Thursday, July 28 PDT)

Speaker: Dr Herbert Lin, Stanford University, US. https://cisac.fsi.stanford.edu/people/herbert_lin

Title: Innovation as the Driver of Long-Term Cyber Insecurity

Recording: https://webcast.csiro.au/#/videos/524c5fcd-2312-4d2c-97e1-17678237c976

Slides:Herb-slides

Abstract: The appetite in modern society for increased functionality afforded by information technology is unlimited.  Increased functionality of information technology necessarily entails increased complexity of design and implementation.  But complexity is a fundamental driver of insecurity and unreliability in digital systems.  Thus, over the long term, a boundless demand for greater functionality leads to increasingly insecure systems—which is why it is impossible to get ahead of the cybersecurity threat.  Some ways to mitigate the tradeoff between innovation and security will be discussed.

Bio: Herbert Lin is senior research scholar and Hank J. Holland Fellow at Stanford University.  His research interests focus on the policy-related dimensions of offensive operations in cyberspace as instruments of national policy and the security dimensions of information warfare and influence operations.  He is also Chief Scientist, Emeritus for the Computer Science and Telecommunications Board, National Research Council (NRC) of the National Academies and a member of the Science and Security Board of the Bulletin of Atomic Scientists. In 2016, he served on President Obama’s Commission on Enhancing National Cybersecurity.  In 2019, he was elected a fellow of the American Association for the Advancement of Science.  In 2020, he was a commissioner on the Aspen Commission on Information Disorder.  Prior to his NRC service, he was a professional staff member and staff scientist for the House Armed Services Committee (1986-1990).  He received his doctorate in physics from MIT.

  • Seminar date/time: Wednesday 20th July 2022. 1-2pm AEST  

Speaker: Prof. Tansu Alpcan, The University of Melbourne, Australia. http://www.tansu.alpcan.org 

Recording: https://webcast.csiro.au/#/videos/398b3fcb-2733-49f9-a81c-bf687a5dd5fb

Slides: Alpcan-slides

Title: Cyber-Physical System Security and Adversarial Machine Learning 

Abstract: As cyber-physical systems become prevalent in safety-critical areas, such as autonomous vehicles, there is an increasing need for protecting them against malicious adversaries. Deep learning methods are expected to play an important role in detecting and countering malicious attacks. However, these powerful algorithms themselves can be targeted by advanced adversaries, which has led to the emergence of “adversarial machine learning” as a research field. This talk will present an overview of our group’s latest research results on the cyber-physical system (CPS) security and adversarial machine learning. The first part will focus on how physics-enhanced adversarial learning can help secure networked autonomous car platoons. The second part will present how coding (information) theory can improve the robustness of deep learning in general with a principled, multi-dimensional approach. The talk will conclude with a brief discussion on our ongoing game-theoretic work and future research directions. 

Bio: Tansu Alpcan received a PhD degree in Electrical and Computer Engineering from the University of Illinois at Urbana-Champaign (UIUC) in 2006. His research interests include the game, optimisation, control theories, and machine learning applications to security and resource allocation problems in communications, smart grids, and the Internet of Things. He chaired or was an Associate Editor, TPC chair, or TPC member of several prestigious IEEE workshops, conferences, and journals. Tansu Alpcan is the (co-)author of more than 150 journal and conference articles as well as the book “Network Security: A Decision and Game-Theoretic Approach” published by Cambridge University Press (CUP) in 2011. He co-edited the book “Mechanisms and Games for Dynamic Spectrum Allocation” published by CUP in 2014. He has worked as a senior research scientist in Deutsche Telekom Laboratories, Berlin, Germany (2006-2009), and as Assistant Professor (Juniorprofessur) at Technical University Berlin (2009-2011). Tansu is currently with the Dept. of Electrical and Electronic Engineering at The University of Melbourne as a Professor and Reader. 

  • Seminar date/time: Friday  27th May 2022. 10-11am AEST

Speaker: Prof.  David L. Sloss, Professor of Law at Santa Clara University, US

Title: Tyrants on Twitter: Protecting Democracies from Information Warfare.

SlidesDavid

Recording:https://webcast.csiro.au/#/videos/4af60f5d-c2ef-43b0-807c-a8c4231256cc

Abstract: Tyrants on Twitter explores new ways to mitigate online disinformation and to regulate content on social media platforms to improve the flow of information and strengthen democratic principles.

Sloss calls for cooperation among democratic governments to create a new transnational system for regulating social media to protect Western democracies from information warfare. Drawing on his professional experience as an arms control negotiator, he outlines a novel system of transnational governance that Western democracies can enforce by harmonizing their domestic regulations. And drawing on his academic expertise in constitutional law, he explains why that system—if implemented by legislation in the United States—would be constitutionally defensible, despite likely First Amendment objections. This book is essential reading in a time when disinformation campaigns threaten to undermine democracy.

Bio: David L. Sloss is the John A. and Elizabeth H. Sutro Professor of Law at Santa Clara University. He is the author of The Death of Treaty Supremacy: An Invisible Constitutional Change (Oxford Univ. Press, 2016) and Tyrants on Twitter: Protecting Democracies from Information Warfare (Stanford Univ. Press, forthcoming 2022). He is the co-editor of International Law in the U.S. Supreme Court: Continuity and Change (Cambridge Univ. Press, 2011) and sole editor of The Role of Domestic Courts in Treaty Enforcement: A Comparative Study (Cambridge Univ. Press, 2009). He has also published several dozen book chapters and law review articles. His book on the death of treaty supremacy and his edited volume on international law in the U.S. Supreme Court both won prestigious book awards from the American Society of International Law. Professor Sloss is a member of the American Law Institute and a Counsellor to the American Society of International Law. His scholarship is informed by extensive government experience. Before entering academia, he spent nine years in the federal government, where he worked on U.S.-Soviet arms control negotiations and nuclear proliferation issues.

  • Seminar date and time: Thursday, 9th June 2022. 3-4pm AEST Sydney time

Speaker: Dr Meisam Mohammady

Title: Novel approaches to preserving utility in privacy enhancing technologies

Slides: CSCRCPPT

Recording:https://webcast.csiro.au/#/webcasts/innovationasthedriver

Abstract: Significant amount of individual information is being collected and analysed through a wide variety of applications across different industries. While pursuing better utility by discovering knowledge from the data, individuals’ privacy may be compromised during an analysis: corporate networks monitor their online behaviour, advertising companies collect and share their private information, and cybercriminals cause financial damages through security breaches. To address this issue, the data typically goes under certain anonymization techniques, e.g., Property Preserving Encryption (PPE) or Differential Privacy (DP). Unfortunately, most such techniques either are vulnerable to adversaries with prior knowledge, e.g., adversaries who fingerprint the network of a data owner, or require heavy data sanitization or perturbation, both of which may result in a significant loss of data utility. Therefore, the fundamental trade-off between privacy and utility (i.e., analysis accuracy) has attracted significant attention in various settings and scenarios. In line with this track of research, we aim to build utility-maximized and privacy-preserving tools for Internet communications. Such tools can be employed not only by dissidents and whistleblowers, but also by ordinary Internet users on a daily basis. To this end, we combine the development of practical systems with rigorous theoretical analysis, and incorporate techniques from various disciplines such as computer networking, cryptography, and statistical analysis. This presentation covers two different frameworks in some well-known settings. First, I will present the Multi-view approach which preserves both privacy and utility of data in network trace anonymization. Second, I will present the DPOAD (Differentially Private Outsourcing of Anomaly Detection) approach which is a framework enabling privacy preserving anomaly detection in an outsourcing setting.

Bio: Meisam is an active Research Scientist in CSIRO Data61. Meisam’s research focuses on ethical and secure machine learning (private, fair and certifiably robust to adversaries), differential privacy, privacy preserving cloud security auditing and security issues pertaining to Internet of Things (IoT). He earned his PhD from the Concordia Institute for Information Systems Engineering (CIISE) at Concordia University, his MSc from the Department of Electrical Engineering at Ecole Polytechnique Montreal, and his BS from the Department of Electrical Engineering at Sharif University of Technology. He has had several collaborations in terms of research and supervision with both academia and industry such as the Department of Computer Science at the Illinois Institute of Technology (IIT), the University of New South Wales (UNSW), the University of Sydney and Ericsson Research Canada. Meisam has co-authored several papers in top-tier security journals and conferences, and his PhD dissertation has won the Distinguished PhD Dissertation Awards in the category of Engineering and Natural Science PhD dissertations and selected as Concordia University’s nominee for both Canada-wide CAGS and ADESAQ competitions.

  • Seminar date and time: 12th May 2022. 3-4pm AEST Sydney time.

Recording: https://webcast.csiro.au/#/videos/0b3094e5-66b1-4660-a4b2-5d3502db3e32

Slides: CREST_CSCRC_POKAPS_seminar-2022_2

Title: Patching and updating impact estimation

Abstract: Due to ever-changing user demands modern dynamic software systems are in constant need to be updated and tailored accordingly. At the same time, the service interruptions commonly caused by traditional software patching and updating processes may not be acceptable in critical environments. Thus, the interest towards runtime (live) patching is growing, specifically in the security context in an attempt to quickly mitigate potential vulnerabilities. This seminar outlines the existing challenges and solutions in the area of live software patching. In addition, novel current work on update-induced impact calculation technique aiding in failed update recovery is presented and discussed.

Bio: Victor Prokhorenko is a researcher with the Centre for Research on Engineering Software Technologies (CREST) at the University of Adelaide. Victor has more than 17 years of experience in software engineering with main areas of expertise including investigation of technologies related to software resilience, trust management and big data solutions hosted within OpenStack private cloud platform. Victor has obtained a PhD in Computer Science from the University of South Australia.

  • Thursday 28th April 2022. 3-4pm AEST  

Speaker: Assoc Prof. Olya Ohrimenko from University of Melbourne, Australia

Title: Security and Privacy for Machine Learning: Why? Where? and How? 

Recording: Not available

Slides: Not available

Abstract: Machine learning on personal and sensitive data raises privacy concerns and creates potential for inadvertent information leakage. However, incorporating analysis of such data in decision making can benefit individuals and society at large (e.g., in healthcare and transportation). In order to strike a balance between these two conflicting objectives, one has to ensure that data analysis with strong privacy guarantees is deployed and securely implemented. My talk will discuss challenges and opportunities in achieving this goal. I will first describe attacks against not only machine learning algorithms but also naïve implementations of algorithms with rigorous theoretical guarantees such as differential privacy. I will then discuss approaches to mitigate these attack vectors including property-preserving data analysis and data-oblivious algorithms. 

Bio: Olya Ohrimenko is an Associate Professor at The University of Melbourne that she joined in 2020. Prior to that she was a Principal Researcher at Microsoft Research in Cambridge, UK, where she started as a Postdoctoral Researcher in 2014. Her research interests include data privacy, integrity and security issues that emerge in the cloud computing environment and machine learning applications. She is often involved in the organization of workshops on privacy-preserving machine learning at leading security and machine learning venues. Olya has received solo and joint research grants from Facebook and Oracle and is currently a PI on a joint MURI-AUSMURI grant. She holds a Ph.D. degree from Brown University and a B.CS. (Hons) degree from the University of Melbourne. See https://people.eng.unimelb.edu.au/oohrimenko/ for more information. 

  • Thursday, 7th April, 3-4PM AEDT

Title: Weak-Key Analysis for BIKE Post-Quantum Key Encapsulation Mechanism

Speaker: Dr Syed W. Shah

Recording: https://webcast.csiro.au/#/videos/19139412-7cbd-4dce-bae1-909ac73b885b

Slides:

Abstract: The evolution of quantum computers poses a serious threat to contemporary public-key encryption (PKE) schemes. To address this impending issue, the National Institute of Standards and Technology (NIST) is currently undertaking the Post-Quantum Cryptography (PQC) standardization project intending to evaluate and subsequently standardize the suitable PQC scheme(s). One such attractive approach, called Bit Flipping Key Encapsulation (BIKE), has made to the final round of the competition. Despite having some attractive features, the IND-CCA security of the BIKE depends on the average decoder failure rate (DFR), a higher value of which can facilitate a particular type of side-channel attack. Although the BIKE adopts a Black-Grey-Flip (BGF) decoder that offers a negligible DFR, the effect of weak-keys on the average DFR has not been fully investigated. Therefore, in this paper, we first perform an implementation of the BIKE scheme, and then through extensive experiments show that the weak-keys can be a potential threat to IND-CCA security of the BIKE scheme and thus need attention from the research community prior to standardization. We also propose a key-check algorithm that can potentially supplement the BIKE mechanism and prevent users from generating and adopting weak keys to address this issue. 

Bio: Syed W. Shah received his Ph.D. degree in Computer Science and Engineering from the University of New South Wales (UNSW Sydney), Australia, and an M.S. degree in Electrical and Electronics Engineering from the University of Bradford, U.K. He is currently a Research Fellow at Deakin University, Australia. His research interests include pervasive/ubiquitous computing, user authentication/identification, Internet of Things, signal processing, data analytics, privacy, and security.  

Speaker: Professor Yongdae Kim from KAIST, South Korea 

Recording: https://webcast.csiro.au/#/videos/521d1743-771b-41ef-a547-faef3221cd15

Slides:Cellular Testing CSIRO

Title: (Almost) Automatic Testing of Cellular Security 

Abstract: The number of mobile devices communicating through cellular networks is expected to reach 17.72 billion by 2024. Despite this, 3GPP standards only provide positive testing specifications (through conformance test suites) that mostly check if valid messages are correctly handled. This talk summarizes our dynamic and static approach to test the security of both cellular modems and networks automatically. I first introduce LTEFuzz (S&P’19), the first systematic framework to dynamically test if cellular modems and networks  can correctly handle packets that should be dropped according to the standard. Dynamic analysis is then extended with DoLTEst (Usenix Sec’22), which is a downlink fuzzer for cellular baseband. I then introduce BaseSpec (NDSS’21), which performs a comparative static analysis of baseband binary and cellular specification. I will  conclude my talk with future directions for automatic testing.

Bio: Yongdae Kim is a Professor in the Department of Electrical Engineering, and the Graduate School of Information Security at KAIST. He received a PhD degree from the computer science department at the University of Southern California under the guidance of Gene Tsudik in 2002. Before joining KAIST in 2012, he was a professor in the Department of Computer Science and Engineering at the University of Minnesota – Twin Cities for 10 years. He served as a KAIST Chair Professor between 2013 and 2016, and a director of Cyber Security Research Center between 2018 and 2020. He is a program committee chair for ACM WISEC 2022, was a general chair for ACM CCS 2021, and served as an associate editor for ACM TOPS, and a steering committee member of NDSS. His main research interests include novel attacks for emerging technologies, such as drone/self-driving cars, cellular networks and Blockchain. 

  • Time: Thursday March 10th   3-4pm Sydney time AEDT 

Speaker: Dr. Mir Ali Rezazadeh Baee mirali.rezazadeh@qut.edu.au  

Slides: CSCRC_DATA61_2022_Theme1.1

Recording:https://webcast.csiro.au/#/videos/a324f4dd-5676-437a-a4d4-f56db69334b7

Title: Anomaly Detection in Key-Management Activities Using Metadata: Case Study and Framework 

Abstract: Over the last ten years, the use of cryptography to protect enterprise data has grown, with an associated increase in  Enterprise Key-Management System (EKMS) deployment. Such systems are described in the existing literature, including standards (See NIST SP800-57, OASIS KMIP). Metadata analysis techniques have been widely applied in network security to build profiles of normal and anomalous (possibly malicious) behaviour to assist in intrusion detection. However, this approach had not previously been applied to EKMS metadata. Additionally, enterprise encryption tools have been used by attackers to evade detection when performing data exfiltration. This CSCRC research project investigated the use of EKMS metadata as a basis for detection of anomalous behaviour in enterprise networks. We produced datasets containing EKMS metadata, identified relevant metadata elements and developed a framework for anomaly detection based on EKMS metadata analysis. We explored the effectiveness of this approach using a simulated enterprise environment with EKMS deployed. Results show that our framework can accurately detect all anomalous enterprise network activities. 

Bio: Dr. Mir Ali Rezazadeh Baee is a Postdoctoral Researcher in the Cyber Security CRC. Ali has a Ph.D. from Queensland University of Technology (QUT), Brisbane, QLD, Australia. He has a strong focus on applied cryptography and information security, with his doctoral thesis examining authentication and key-management protocols for securing safety critical vehicular communications in a privacy-preserving manner. Ali is a member of the International Association for Cryptologic Research (IACR) and Senior Member of the Institute of Electrical and Electronics Engineers (IEEE), associated with societies including: Computer, Vehicular Technology, Intelligent Transportation Systems and Signal Processing. He has actively served as a reviewer for flagship journals such as IEEE Transactions on Vehicular Technology, IEEE Transactions on Dependable and Secure Computing, and conferences including the IACR’s EUROCRYPT and ASIACRYPT.

  • Time: Thursday March 10th   3-4pm Sydney time AEDT 

Date/time:  February  10th 3-4pm Sydney time AEDT

Speaker: Dr Yinhao Jiang

Title: Privacy Concerns Raised by Pervasive User Data Collection From Cyberspace and Their Countermeasures

Recording https://webcast.csiro.au/#/videos/28d64065-f1e5-46a7-b4ce-56a91ca29bec

Slides

Abstract: The virtual dimension called `Cyberspace’ built on internet technologies has served people’s daily lives for decades. Now it offers advanced services and connected experiences with the developing pervasive computing technologies that digitise, collect, and analyse users’ activity data. This changes how user information gets collected and impacts user privacy at traditional cyberspace gateways, including the devices carried by users for daily use. This work investigates the impacts and surveys privacy concerns caused by this data collection, namely identity tracking from browsing activities, user input data disclosure, data accessibility in mobile devices, security of delicate data transmission, privacy in participating sensing, and identity privacy in opportunistic networks. Each of the surveyed privacy concerns is discussed in a well-defined scope according to the impacts mentioned above. Existing countermeasures are also surveyed and discussed, which identifies corresponding research gaps. To complete the perspectives, three complex open problems, namely trajectory privacy, privacy in smart metering, and involuntary privacy leakage with ambient intelligence, are briefly discussed for future research directions before a succinct conclusion to our survey at the end.

Bio: Yinhao Jiang is a Postdoctoral Research Fellow in Cyber Security CRC at the Charles Sturt University. He received the PhD degree on the functional encryption from the University of Wollongong, in 2018. He is currently focusing on functional encryption for privacy-enhancing technologies. His research interests also include IoT anonymity and privacy quantification. Please contact him at yjiang@csu.edu.au.

To register to our mailing list please send an email to sao@csiro.au

For more information contact Co-leaders Shuo Wang (External Speakers) and Sharif Abuadbba (Internal CSCRC Research)

Past Events