Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Research and Education at Aalto

Published by Modified over 6 years ago

Similar presentations

Presentation on theme: "Information Security Research and Education at Aalto"— Presentation transcript:

1 Information Security Research and Education at Aalto
N. Asokan @nasokan

2 About me Professor, Aalto University, from Aug 2013
Professor, University of Helsinki, IEEE Fellow (2017), ACM Distinguished Scientist (2016) Associate Editor-in-Chief, IEEE Security & Privacy (2017) Previously Nokia (14 y; built up Nokia security research team) IBM Research (3 y) for more background

3 Secure Systems Group Prof N. Asokan Prof Tuomas Aura Dr Andrew Paverd
Professor, Department of Computer Science Director: Helsinki-Aalto Center for Information Security Prof Tuomas Aura Professor, Department of Computer Science Director: SECCLO joint degree program Dr Andrew Paverd Research Fellow, Department of Computer Science Deputy Director: Helsinki-Aalto Center for Information Security

4 Secure Systems Group How to make it possible to build systems that are simultaneously easy-to-use and inexpensive to deploy while still guaranteeing sufficient protection? Usability Deployability/Cost Security

5 Building systems that are secure, usable, and deployable
Research Building systems that are secure, usable, and deployable

6 Current major themes Platform Security
How can we design/use pervasive hardware and OS security mechanisms to secure applications and services? Machine Learning & Security Can we guarantee performance of machine-learning based systems even in the presence of adversaries?

7 Research: Platform Security

8 Platform security: overview
Applications of platform security Examples: Protecting password-based web authentication systems Breaking & repairing deniable messaging Novel platform security mechanisms Linux kernel hardening Hardening embedded systems (C-Flat and HardScope)

9 SafeKeeper: Protecting Web Passwords
How can we use widely available trusted hardware to deter password database theft and server compromise? Web Server f(k,p,s), s salt (s) key (k) Browser f password (p) =? (k) Client-side browser extension TEE

10 Attestation can help restore deniability in messaging
Breaking & repairing deniable messaging Attestation can be used to undetectably break deniable messaging Attestation can help restore deniability in messaging Deniable messaging is useful… whistleblowers, marginalized, politicians,… and popular Signal/WhatsApp, Telegram, OTR, … Undetectably breaking deniability have TEE attest received messages to skeptical verifiers S/W attacker: thwarted using attestation H/W attackers are hard to defend against

11 Research: ML & Security

12 Machine learning and Security
Machine learning for security and privacy Examples: Fast client-side phishing detection (off-the-hook) Detection of vulnerable/compromised IoT devices (IoT Sentinel and DÏoT) Security and privacy of machine-learning based systems Privacy-preserving neural network predictions (MiniONN) Model stealing: attacks and defenses

13 IoT Sentinel: Automated device-type identification
How to protect smart home networks from vulnerable IoT devices? IoT Security Service Provider Security Gateway IoT Device Device Classification Isolation Profile Generation Enforcement Rule DB Device Fingerprinting 2. Identify device-type using fingerprint 3. Isolation decision based on security assessment of device-type 1. Passively monitor communications and extract device fingerprint 4. Enforcement of device isolation using traffic filtering

14 DÏoT: A self-learning system for detecting compromised IoT devices
Can an IoT network autonomously detect compromised IoT devices? Device Fingerprinting Anomaly Detection Local SOHO network Security Gateway Device Identification Device detection Profiling IoT Security Sevice Provider DÏoT system design Self-learning device-type identification Device-type-specific anomaly detection model Distributed and collaborative system Performance evaluation 98% accuracy in devices-type identification 94% detection of Mirai (IoT botnet) attacks No false positives

15 Privacy-preserving Neural Networks
How to make cloud-based prediction models preserve privacy? Input Input Blinded input oblivious protocols Predictions Blinded predictions Predictions violates clients’ privacy Use inexpensive cryptographic tools MiniONN (ACM CCS 2017) By Source, Fair use,

16 Building systems that are secure, usable, and deployable
Research: Other Building systems that are secure, usable, and deployable Skip to Education Skip to summary

17 Other themes / Emerging topics
Distributed consensus and blockchains (theory, applications) [AoF BCon, ICRI-CARS] Can hardware security mechanisms help design scalable consensus schemes? Securing IoT (scalability, usability) [AoF SELIoT] How do we secure IoT devices from birth to death? Stylometry and security [HICT scholarship] Can text analysis help detect deception?

18 Stay On-Topic: Generating Context-specific Fake Restaurant Reviews
How close are we to creating machine-generated deceptive online text? FAKE NMT-Fake* creates fake reviews from description: 5 Chipotle Mexican Grill Las Vegas NV Mexican Fast Food User study with skeptical people: Very poor detection, almost random (~53%) Detectable with machine learning (~97%) Demo: generate your own fake restaurant reviews REAL REAL

19 Media coverage of our research

20 Research Funding (Summary)
Cloud Security Services (CloSer ) Funded by Business Finland (formerly Tekes) Securing Lifecycles of IoT devices (SELIoT ) Funded by NSF and Academy of Finland (WiFiUS program) Aalto (Asokan), UC Irvine (Tsudik), U Florida (Traynor) Intel Collaborative Research Institute (ICRI-SC 2014 – 2017 & ICRI-CARS ) Secure Computing Collaborative, Autonomous and Resilient Systems Blockchain Consensus and Beyond (Bcon ) Funded by Academy of Finland

21 Education Training the next generation of information security researchers and professionals Skip to summary

22

23 Applications: open in December Scholarships available
secclo.aalto.fi facebook.com/secclo

24 Helsinki-Aalto Center for Information Security (HAIC)
Joint initiative: Aalto University and University of Helsinki Mission: attract/train top students in information security Offers financial aid to top students in both CCIS Security and Cloud Computing & SECCLO Three scholars in 2017; Up to five (expected) in 2018 Call for donors and supporters Supported by donations from F-Secure, Intel, Nixu, Huawei, and Aalto University School of Science 2017 2018

25 InfoSec Research and Education @ Aalto
20+ MSc and BSc theses yearly Runner-up: Best CS MSc Thesis in Finland WWW (1) 2014 ACM ASIACCS (1) Proc. IEEE (1) Best InfoSec MSc thesis in Finland PerCom (1) ACM CCS (1) Black Hat USA (1) ACM WiSec (1) PerCom (1) ACM CCS (2) 2015 Black Hat Europe (1) ACM ASIACCS (1) UbiComp (1) ACM CCS (1) NDSS (2) IEEE ICDCS (1) 2016 Best InfoSec MSc thesis in Finland CeBIT (1) Black Hat Europe (1) Runner-up: Best CS MSc Thesis in Finland ACM ASIACCS (1) DAC (1) IEEE ICDCS (2) IEEE SECON (1) 2017 Best InfoSec MSc thesis in Finland ACM CCS (1) IEEE IC (1) RAID (1) IEEE TC (1) IEEE TMC (1) WWW (1) ESORICS (1) DAC (1) IEEE TCAD (1) 2018 IEEE DSN (1) CT-RSA (1) IEEE Euro S&P (1) IEEE TC (1) (awards in green)

26 Information Security Research and Education at Aalto
N. Asokan @nasokan

Download ppt "Information Security Research and Education at Aalto"

Similar presentations

Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Secure and Trustworthy Cyberspace (SaTC) Program Sam Weber Program Director March 2012.

Secure and Trustworthy Cyberspace (SaTC) Program Sam Weber Program Director March 2012.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
Process Coloring: an Information Flow-Preserving Approach to Malware Investigation Eugene Spafford, Dongyan Xu Department of Computer Science and Center.

Process Coloring: an Information Flow-Preserving Approach to Malware Investigation Eugene Spafford, Dongyan Xu Department of Computer Science and Center.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
Towards A User-Centric Identity-Usage Monitoring System - ICIMP 2008 - Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.

Towards A User-Centric Identity-Usage Monitoring System - ICIMP Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
University of Tulsa - Center for Information Security Center for Information Security: An Overview October 4th, 2002.

University of Tulsa - Center for Information Security Center for Information Security: An Overview October 4th, 2002.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Research at MSEC Vincent Naessens – Jorn Lapon – Jan Vossaert – Koen Decroix – Faysal Boukayoua – Laurens Lemaire.

Research at MSEC Vincent Naessens – Jorn Lapon – Jan Vossaert – Koen Decroix – Faysal Boukayoua – Laurens Lemaire.
Senior Project Ideas: Blind Communication & Internet Measurements Mehmet H. Gunes.

Senior Project Ideas: Blind Communication & Internet Measurements Mehmet H. Gunes.
DNS as a Gatekeeper: Creating Lightweight Capabilities for Server Defense Curtis Taylor Craig Shue

DNS as a Gatekeeper: Creating Lightweight Capabilities for Server Defense Curtis Taylor Craig Shue
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.

Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
TGDC Meeting, July 2010 Security Considerations for Remote Electronic UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology

TGDC Meeting, July 2010 Security Considerations for Remote Electronic UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Automatic Detection of Emerging Threats to Computer Networks Andre McDonald.

Automatic Detection of Emerging Threats to Computer Networks Andre McDonald.
Data and Applications Security Research at the University of Texas at Dallas Dr. Bhavani Thuraisingham The University of Texas at Dallas April 25, 2006.

Data and Applications Security Research at the University of Texas at Dallas Dr. Bhavani Thuraisingham The University of Texas at Dallas April 25, 2006.
Security fundamentals Topic 2 Establishing and maintaining baseline security.

Security fundamentals Topic 2 Establishing and maintaining baseline security.

Similar presentations

Ads by Google