AISC Program
29th January 2024
29th January 2024
We are glad to introduce to you our cybersecurity experts/speakers for the Australasian Information Security Conference (AISC 2024). They are selected as being some of the best and most active researchers in Australasia and we included both senior as well as junior researchers in the cybersecurity area.
SCHEDULE OF THE PRESENTATIONS
8:20-8:30 Welcome and Opening Remarks
Prof Willy Susilo (Wollongong University) and Dr Nasrin Sohrabi (Deakin University) [recording]
MORNING SESSION:
Session Chair: Abdullah Alsaedi
8:30-9:10 Enhancing Security in Software.
Prof Yang Xiang (Swinburne University) [recording]
9:10-9:50 The good, the bad, and the ugly: When PPG authentication meets AI
Dr Lei Pan (Deakin University) [recording]
9:50-10:30 Security Challenges on Graph Neural Networks in MLaaS
A/Prof Xingliang Yuan (Melbourne University) [recording not available available]
10:30-11:10 Public-Key Cryptography: What Have Been Done In the Past 50 Years?
Dr Fuchun Guo (Wollongong University) [recording]
11:10-11:50 Trusted Execution Environments Basics and Its Adoption in Machine Learning
Dr Shujie Cui (Monash University) [recording]
11:50-12:30 Growing Security's Big Tent
Dr Shaanan Cohney (Melbourne University) [recording]
12:30-1:10 Zero-Knowledge Proofs and Quantum-Safe Constructions
Dr Muhammed Esgin (Monash University) [recording]
1:10-1:50 LUNCH BREAK
AFTERNOON SESSION
Session Chair: Fitrio Panaka
1:50-2:30 Secure Runtime Auditing & Guaranteed Device Healing in Low-end IoT Devices
Dr Norrathep Rattanavipanon (Prince of Songkla University) [recording]
2:30-3:10 Ultra-Resilient Blockchain Consensus and Beyond: Damysus and Fault Independence Challenges
A/Prof Jiangshan Yu (University of Sydney) [recording not available]
3:10-3:50 Enhancing Privacy and Security in Smart Cities: A Perspective from Intelligent Energy Management
Dr Wei Li (Univerity of Sydney) [recording not available]
3:50-4:30 Anonymous Blocklisting from Theory to Practice
Dr Zuoxia Yu (University of Wollongong) [recording]
4:30-5:10 Securing Industrial Systems in a Changing World: The Critical Role of Adaptive Intrusion Detection
Dr Abdullah Alsaedi (RMIT) [recording]
5:10-5:50 NativeVRF: A Simplified Decentralized Random Number Generator on EVM Blockchains
Dr Jakapan Suaboot (Prince of Songkla University) [recording]
5:50-6:30 Complexity and Simulation for Cybersecurity
Benjamin Turnbull (UNSW/ADFA) [recording]
CLOSING SESSION by Dr Nasrin Sohrabi [recording]
_________________________________________________________________________________________________________
DETAILS OF THE TALKS
Yang Xiang (Swinburne University)
Title: Enhancing Security in Software
Abstract: Cybersecurity has emerged as one of the foremost priorities on the global research and development agenda today. The urgent need for new and innovative cybersecurity technologies capable of effectively addressing this pressing danger cannot be overstated. Software security is paramount to maintaining the integrity of modern applications in different sectors because software is the driving force for almost every productivity.
In this presentation, we will dissect a variety of security issues that have arisen in diverse applications, examining both the associated challenges and effective strategies in software security. We will delve into the technique of fuzzing, an efficient and effective automated process vital for software testing. Additionally, we will explore strategies for detecting security vulnerabilities in software. We will also scrutinize security considerations in applications, including those in source codes, binary codes, and communication channels in the forms of software, firmware, and network traffic.
Bio: Professor Yang Xiang received his PhD in Computer Science from Deakin University, Australia. He is currently a full professor and the Dean of Digital Research, Swinburne University of Technology, Australia. In the past 20 years, he has been working in the broad area of Cybersecurity, which covers software, system, network, and application security. He has published more than 300 research papers in many international conferences and journals in Cybersecurity, such as ACM CCS, IEEE S&P, Usenix Security, NDSS, IEEE TDSC, and IEEE TIFS. He is the Editor-in-Chief of the SpringerBriefs on Cyber Security Systems and Networks. He serves as the Associate Editor of the ACM Computing Surveys. He served as the Associate Editor of IEEE Transactions on Dependable and Secure Computing, IEEE Internet of Things Journal, IEEE Transactions on Computers, and IEEE Transactions on Parallel and Distributed Systems. He is a current member of College of Experts (CoE) of the Australian Research Council (ARC). He is a Fellow of the IEEE.
Lei Pan (Deakin University)
Title: The good, the bad, and the ugly: When PPG authentication meets AI
Abstract: The realm of unobservable physiological signals has garnered significant interest among researchers, emerging as distinctive identifiers for user biometrics. One such signal of particular interest is the Photoplethysmogram (PPG), which, while offering numerous advantages, presents many security challenges. This talk delves into the intricate landscape of PPG authentication, shedding light on the benefits it brings alongside the security hurdles it poses. Specifically, the discussion centers around the vulnerability of AI-based models employed in PPG authentication systems, which can be susceptible to manipulation and targeted attacks. It covers recent technical endeavors aimed at probing and exploiting these vulnerabilities through the integration of AI methods. The presentation will showcase select findings from cutting-edge research, some of which have been disseminated through publications at esteemed international conferences such as IJCNN (International Joint Conference on Neural Networks), AISec (ACM Workshop on Artificial Intelligence and Security), and RAID (International Symposium on Research in Attacks, Intrusions, and Defenses). By dissecting the intricate interplay between PPG signals and AI authentication, this talk aims to contribute valuable insights to the ongoing discourse on securing biometric systems.
Shujie Cui (Monash University)
Title: Trusted Execution Environments Basics and Its Adoption in Machine Learning
Abstract: A trusted execution environment (TEE) is a secure and isolated environment within a computer system or a microprocessor that provides confidentiality and integrity for executing sensitive code and protecting sensitive data. It is designed to protect against various threats, such as malware and unauthorised access. This talk will take Intel SGX as an example to show the basics of TEEs, including the hardware design, side-channel attacks, and the way to use Intel SGX. In the end, we will go through a TEE-assisted privacy-preserving decision tree training and inference to show how TEEs are adopted in general.
Bio: Dr. Shujie Cui is a Lecturer at Monash University in the Faculty of Information Technology. She obtained her PhD degree from the University of Auckland in 2019. Before joining Monash University, she was a Post-Doc researcher in the Large-Scale Data & Systems (LSDS) group in the Department of Computing at Imperial College London, UK. Her main research interests include applied cryptography, information security in cloud computing and distributed systems, trusted execution environments, side-channel attacks, and privacy-preserving machine learning.
Xingliang Yuan (Uni of Melbourne)
Title: Security Challenges on Graph Neural Networks in MLaaS
Abstract: Graph Neural Networks (GNNs) extend the benefits of deep learning to graph data. In practice, their applications span from common utilities such as recommendation systems and fraud detection, to advanced domains such as drug discovery and physics simulation. Due to the increasing popularity of GNNs, commercial Machine Learning as a Service (MLaaS) platforms have integrated graph learning development tools for launching GNN services on the cloud, e.g., AWS integrated DGL, Microsoft Azure incorporated Spektral. Despite the convenience and low cost of model deployment, such graph-based MLaaS is also facing critical security challenges. In this talk, I will first overview the architecture of GNNs in MLaaS and elaborate on some practical threats that could compromise the privacy and integrity of GNNs. Then I will present our recent efforts in investigating and tackling those challenges. Along the line, I will also pinpoint open problems and future directions in this area.
Bio: Xingliang Yuan is a Senior Lecturer in the Faculty of Information Technology, Monash University, and also the Program Director for Master of Cybersecurity at Monash. His research focuses on designing secure systems to address privacy and security challenges in various contexts and applications. His research has been supported by ARC, CSIRO, MRFF, DHA, and OCSC. His work has appeared in major venues in computer security and distributed systems, such as CCS, S&P, NDSS, INFOCOM, ICDCS, TDSC, TPDS, etc. He is a recipient of the Dean's Award for Excellence in Research by an Early Career Researcher (2020), and the Faculty Teaching Excellence Award (2021). He is a co-recipient of the best paper award in the European Symposium on Research in Computer Security (ESORICS) 2021. He is an Associate Editor of IEEE Transactions on Dependable and Secure Computing (TDSC), Track co-chair (Security, Privacy, and Trust) of ICDCS'24, and Program co-chair of SecTL'23 and NSS'22. He is a Senior Member of IEEE.
Fuchun Guo (Uni of Wollongong)
Title: Public-Key Cryptography: What Have Been Done In the Past 50 Years?
Abstract: Public key cryptography has been invented for about 50 years. Numerous innovative ideas and outcomes have been introduced by the collective efforts of researchers and experts. In this presentation, I aim to provide a concise yet comprehensive overview of PKC, offering insights that may serve as a foundation for anticipating and understanding future research developments in this dynamic field.
Bio: Dr. Fuchun Guo received his PhD degree from the University of Wollongong, Australia in 2013. He is an Associate Professor at the School of Computing and Information Technology, University of Wollongong. His research interest includes public-key cryptography, security proof, and research philosophy. He has published two monographs “Introduction to Security Reduction” and "Cryptologic Research History of Digital Signatures: From 1976 to 2020".
Shaanan Cohney (U. of Melbourne)
Title: Growing Security's Big Tent
Abstract: The security research community is a big tent. After all, security spans multiple layers, from hardware to user behaviour. However, the disciplinary integration of other fields' views and tools (such as those from philosophy, law, economics, and sociology) is only now beginning to bloom. In this talk, I'll present both a framework for reframing our understanding of security, writ large, as well as a set of case studies that illustrate how we can identify and address new issues by stepping back to look at security from broader disciplinary perspectives.
Bio: Shaanan Cohney is a Lecturer at the University of Melbourne where he focuses on security research that addresses emerging public policy issues. Shaanan's awards Best Paper at ACM CCS, an Pwnie Award for best Cryptographic Attack, and the Kelvin Medal for Excellence in Teaching and Learning. Before joining the University of Melbourne, Shaanan was a Postdoctoral Fellow at Princeton University, and a cybersecurity advisor to U.S. Senator Ron Wyden. Shaanan holds a PhD and a Master in Law from the University of Pennsylvania.
Muhammed Esgin (Monash University)
Title: Zero-Knowledge Proofs and Quantum-Safe Constructions
Abstract: Zero-knowledge proofs are a family of powerful cryptographic tools as part of privacy-enhancing technologies that enable information processing while respecting user privacy. In recent years, they have gained significant attention from both the research community as well as the industry. In the face of approaching quantum threats and world-wide efforts to standardise quantum-safe cryptographic algorithms, developing practically efficient quantum-safe zero-knowledge proofs has become an important topic of research. This talk will cover some recent advances in constructing quantum-safe zero-knowledge proofs. The goal of this talk is to provide evidence of how much improvement has been made in recent years and to point out some challenges ahead without going into much technical detail.
Bio: Dr Muhammed Esgin is a lecturer at Faculty of Information Technology, Monash University. Before that, he was a post-doctoral research fellow at Monash and CSIRO's Data61 jointly and also worked at IBM Research, Zurich. He was awarded the prestigious Vice-Chancellor’s Commendation for Thesis Excellence Award for his PhD dissertation at Monash. His research interests are centred around the mathematical aspect of cybersecurity, particularly cryptography and its applications. In recent years, his research has focused on quantum-safe cryptography, privacy-enhancing technologies and their applications to solve real-life problems, for example, in the blockchain setting.
Norrathep Rattanavipanon (Prince of Songla University)
Title: Secure Runtime Auditing & Guaranteed Device Healing in Low-end IoT Devices
Abstract: Lower-end IoT microcontroller units (MCUs) typically lack security features found in general-purpose processors. To secure low-end devices, Remote Attestation (RA) was proposed to allow a verifier to remotely detect unauthorized modifications to the software on a prover MCU. However, RA falls short in identifying control flow attacks. To address this, Control Flow Attestation (CFA) extends RA by adding information about the executed instruction order, but current CFA architectures have common limitations in ensuring timely control flow reports during attacks. This talk will discuss ACFA, an inexpensive hybrid active CFA architecture. ACFA continuously monitors control flow transfers and utilizes active roots-of-trust for secure auditing and guaranteed remediation. ACFA implementation is formally verified by systematically de-constructing it into sub-modules that jointly enforce the required properties. Based on this set of properties, we argue ACFA’s security. ACFA public prototype was implemented and synthesized on top of the low-end openMSP430 MCU.
Bio: Norrathep Rattanavipanon received a Ph.D. from the University of California, Irvine. He is an Assistant Professor with the College of Computing, Prince of Songkla University, Phuket Campus. His research interests include IoT security as well as software and binary analysis
Jiangshan Yu (University of Sydney)
Title: Ultra-Resilient Blockchain Consensus and Beyond: Damysus and Fault Independence Challenges
Abstract: Over the last decade, we have witnessed a rapid growth of blockchain technologies and their importance in the digital economy. This talk presents two of our recent efforts in blockchain resilience. First, I will introduce Damysus (EuroSys’22), a streamlined BFT consensus leveraging trusted components. Damysus can tolerate a minority of faulty nodes and has shown its superiority compared to the performance of previous deterministic consensus protocols. Second, I will elucidate our identified open challenges surrounding fault independence in blockchains (DSN-Disrupt'23). In particular, this shows that while significant progress has been made to scale consensus algorithms to a multitude of replicas, a core constraint in fault independence hampers the practicality and meaningful resilience of these endeavors. These discoveries urge us to rethink our approach in making blockchains scalable and more resilient.
Bio: Dr. Jiangshan Yu is a 2021 ARC DECRA Fellow and Associate Professor at the University of Sydney. He is a member of the Scientific Advisory Board for the Austrian Blockchain Center (Austria) and an elected member of the privileged IFIP 10.4 Working Group on Dependable Computing and Fault Tolerance. His research interests are in the broad area of trust, reliability, and security, with a current focus on blockchain systems. His research outcomes have been widely published in top tier venues in the field of blockchain and dependable computing, such as S&P, EuroSys, ICDE, DSN, ICDCS, FC, TDSC, TPDS, etc. The impact of his research includes identified critical vulnerabilities and recommended (and adopted) fixes in several deployed blockchains and their applications (with a total market cap of over $30 billion). His research also has attracted public attention, as indicated by widespread media coverage that spans hundreds of news reports.
He has received several competitive awards, including Monash Research Talent Accelerator (RTA) Award (2023), ARC DECRA (2021), IBM Academic Award (2020), and the Dean’s Research Impact Award at Monash (2019). He has been a PC member for several leading and flagship dependability and blockchain conferences, such as CCS, VLDB, DSN, ICDCS, FC, AFT, ICBC, and Blockchain.
Wei Li (University of Sydney)
Title: Enhancing Privacy and Security in Smart Cities: A Perspective from Intelligent Energy Management
Abstract: In the era of smart cities, Non-Intrusive Load Monitoring (NILM) emerges as a pivotal technology for energy efficiency. NILM, by disaggregating total energy consumption into appliance-level data, holds immense potential for optimizing energy usage. However, this granular data, often processed via cloud computing due to smart meter limitations, raises significant privacy concerns. Detailed consumption patterns, inferable from NILM data, can reveal intimate user behaviours such as daily routines. This presentation discusses the key privacy challenges associated with NILM data in smart cities, advocating for a balanced approach that prioritizes robust privacy safeguards in tandem with technological advancements.
Bio: Wei Li received a Ph.D. degree from the University of Sydney. He is an ARC DECRA fellow in the Centre for Distributed and High-Performance Computing at the University of Sydney. His research interests include edge computing, task scheduling, and the Internet of Things. He is the recipient of five IEEE or ACM conference best paper awards. He received the IEEE TCSC Award for Excellence in Scalable Computing for Early Career Researchers (2018) and the IEEE Outstanding Leadership Award (2018). He is a senior member of the IEEE Computer Society and a member of the ACM.
Zuoxia Yu (Uni of Wollongong)
Title: Anonymous Blocklisting from Theory to Practice
Abstract: Anonymous blocklisting systems allow a service provider to block misbehaved users without knowing their real identities. It enhances an anonymous credential system with the ability to punish malicious users, while preserving strong protections for all users’ privacy. Although anonymous blocklisting systems have been extensively studied for many years, existing constructions are not sufficient to support a privacy-preserving digital credential system for the real-world applications. In this talk, I will recall the development of an anonymous blocklisting system and introduce the new techniques for constructing anonymous blocklisting system with advanced functionalities.
Bio: Zuoxia Yu is currently a lecturer at the School of Computing and Information Technology at the University of Wollongong. Before that, she was a postdoctoral fellow at the University of Hong Kong. She earned her PhD degree in 2020 from the Hong Kong Polytechnic University. Her main research interests include privacy-preserving cryptography and lattice-based cryptography. As an early career researcher, she is awarded as the ARC 2024 DECRA Fellow.
Abdullah Alsaedi (RMIT)
Title: Securing Industrial Systems in a Changing World: The Critical Role of Adaptive Intrusion Detection
Abstract: As industrial systems have evolved and become increasingly interconnected, they have also become vulnerable to sophisticated cyber threats. First, this talk will discuss how the change of these systems from being isolated entities to interconnected systems has expanded their attack surface. The second part of the talk will focus on the challenges presented by the dynamic nature of these environments. Traditional Machine Learning (ML)-based security methods, which often rely on pre-trained models and static assumptions, are inadequate in such evolving and dynamic contexts, highlighting the need for adaptive cybersecurity measures. Lastly, the talk will conclude by highlighting future challenges and directions in enhancing the security of industrial systems against the ever-changing landscape of cyber threats.
Bio: Abdullah Alsaedi is a PhD candidate at the School of Computing Technologies, RMIT University. He received his master’s degree in network systems from Swinburne University, in 2018. His research focuses on the cybersecurity of Industrial network systems and the development of adaptive and robust intrusion detection solutions.
Jakapan Suaboot (Prince of Songla University)
Title: NativeVRF: A Simplified Decentralized Random Number Generator on EVM Blockchains
Abstract: Smart contracts are like small programs that run on a special kind of computer network called a blockchain. This network is decentralized, meaning no one person or organization controls it. When people on the network want to agree on something, they do so by reaching a consensus, or general agreement.
One challenge with these smart contracts is when they need to use random numbers, like in lotteries or games. Existing decentralized random number generation methods are not perfect—they either lack security, are not practical, or are expensive.
This talk discusses a new method called NativeVRF, which is a simple and cost-effective way to generate random numbers for smart contracts. Our experiments show that NativeVRF is as secure as other widely used methods, like Randao and Chainlink VRF. What's more, it's easier to set up, requires less computer power, and is compatible with all Ethereum blockchains, helping the blockchain community grow.
Bio: Jakapan Suaboot received the B.Eng and M.Eng (research) degrees in Computer Engineering from Prince of Songkla University (Thailand) and the PhD from RMIT University (Australia) in 2007, 2010, and 2021, respectively. He currently is a lecturer at the College of Computing, Prince of Songkla University, Phuket, Thailand. His research interests include malware detection, data breach prevention, machine learning, blockchain, and security in decentralized finance (DeFi).
Benjamin Turnbull (UNSW/ADFA)
Title: Complexity and Simulation for Cybersecurity
Abstract: Simulation is an important aspect of cybersecurity, allowing us to test and validate new approaches in safe ways, and for training. However, given the increase in complexity of information platforms, simulating offensive and defensive adversaries, effects and this presentation discusses the underlying benefits, limitations, and approaches to simulation for cybersecurity.
Bio: Benjamin Turnbull is an Associate Professor in Cybersecurity at the University of New South Wales, Canberra. His research focuses on the intersection of cyber-security, simulation, scenario-based learning and the security of heterogeneous devices and future networks. This involves the modeling and simulation of cyber-related systems to understand the impacts of influence and its impact in conjunction with other cyber-enabled effects. He has worked extensively with Australian and Allied governments, in the field.