1. The School of Electrical Engineering and Computer Science (EECS) CS/ECE Advanced Network Security Dr. Attila Altay Yavuz Big Picture and Organization Advanced Network Security Dr. Attila Altay Yavuz1Fall 2015

2. OSU EECS Dr. Attila Altay Yavuz 2 Outline (current lecture) Self-introduction Big Picture –Grand-vision, problems and challenges Course Objectives ( overview) –Touching important problems and tools (name & functionality) –Grading Example Project Topics –Decision on your topic, assess your background/commitment

3. OSU EECS Dr. Attila Altay Yavuz 3 Self-Intro Assistant Professor, EECS at Oregon State University Adjunct Faculty, University of Pittsburgh (Jan. 2013 - now) Research Scientist, Bosch Research Center (Dec. 2011- Aug. 2014) –Develop security and privacy research programs –Privacy-preserving Big Data Technologies (~1M) –Secure Internet-of Things and Systems (~250K) Ph.D., North Carolina State University (Jan. 2007- Aug. 2011) –Compromise Resilient and Compact Crypto for Digital Forensics MS, Bogazici University (2004-2006) –Efficient Crypto Mechanisms for Military Ad-hoc Networks

4. OSU EECS Dr. Attila Altay Yavuz 4 Self-Intro (Cont’) Research Interests: Applied cryptography, network security, privacy Academic Collaborations: Upitt, UNC, UCI, Purdue-CIT, CMU Industry Collaborations: Bosch, Oracle, Cisco, SEI-CMU, ISE Some Impact Examples: ECU Privacy-Preserving Medical Databases (HCTM, 2016) Secure Intra-car Networks (OEMs, 2018)

5. OSU EECS Medium term Long term Near term Big Picture: Technology Trends & Vision Smart-infrastructures and distributed systems Big Data Technologies Cloud-based Applications Smart Home Inter vehicular networks Smart-grid Smart-city Digitalized Healthcare Inf. Sys. 5

6. Challenges of Security and Privacy in IoTS Requirements and Challenges Cloud-based Services Smart-home and WSNs Heterogeneity Vehicular networks (e.g., Car-2-X) High Performance/Scalability Data Availability Interconnectivity 6 SOMETHING MISSING?

7. Need for Privacy Enhancing Technologies 7 Privacy Breaches: Big Data and IoTS

8. OSU EECS Cyber Physical Systems - Vulnerabilities Reliable Cyber-Physical Systems (e.g., smart-grid) are vital – Susceptible: Northeast blackout (2003), 50 million people, $10 billion cost – Attacks: False data injection [Yao CCS09’], over 200 cyber-attacks in 2013 Vulnerability: Commands and measurements are not authenticated Requirements for a security method – Real-time  Extremely fast processing (a few ms) – Limited bandwidth  Compact – Several components  Scalability Limitations of Existing Methods – PKC is not yet feasible (computation, storage, tag size) – Symmetric crypto is not scalable (key management ) 8

9. OSU EECS Security Challenges for Smart-Infrastructures (II) 9 Internet ECU Vulnerability: Commands and measurements are not authenticated Security for Inter-car Networks – Manipulate direction/velocity, crashes Security for Intra-car Networks – Large attack surface [Usenix '11] – ECUs of break/acceleration, airbag Challenges – Strict safety requirements – Limited bandwidth, real-time processing The state-of-art cannot address (as discussed) Inter-car and Intra-car Networks

10. OSU EECS Heterogeneity: Resource-Constraints vs. Efficiency Requirements –Designing efficient cryptographic primitives for resource-constrained systems –Code-size, battery issues, transmission range, cost –Specialized Authentication and Integrity Methods Scalability: Key Distribution vs. Efficiency Requirements –Symmetric crypto, O(n^2) key distribution, very fast but not scalable –Public key, how to distribute certificates? –Advanced Key Establishment, Distribution and Management Methods Outsourcing vs. Privacy/Integrity Dilemma –How to operate on the encrypted data efficiently? How to ensure the integrity? –Privacy Enhancing Technologies: Searchable Encryption, Oblivious RAM, Differential Privacy, Secure MPC… Interconnectivity and increased attack surface –Extra tools, primitives, and all above an integrated manner Resiliency, fault-tolerance, compromise-resiliency, and more… 10 Some Challenges – About This Course

11. OSU EECS Pillars and Target Topics Pillar I-II: Authentication and Integrity – Broadcast Authentication: Internet, wireless net., multi-media, … Vehicular networks, power-grid, smart-grid, drones… – Specialized Signatures: Real-time, compromise-resilient, hybrid, … Pillar III: Privacy (Confidentiality) and Functionality – Privacy Enhancing Technologies – Cloud computing and data outsourcing: SE, DF, MPC, ORAM, PoR – Privacy-preserving data mining Pillar IV: Availability and Resiliency – Denial of Service (Client-server application) – Fault-tolerance via redundancy and secret sharing, effective storage Packet loss (any comm. medium) Active adversaries – 11

12. OSU EECS Dr. Attila Altay Yavuz 12 Outline (current lecture) Self-introduction Big Picture –Grand-vision, problems and challenges Course Objectives ( overview) –Touching important problems and tools (name & functionality) –Grading Example Project Topics –Decision on your topic, assess your background/commitment

13. OSU EECS High-Level Objectives (I) Advanced Primitives –Hash-based: Fundamental for authentication, commitment, etc. One-time Signatures HORS, variants and its relationship with traditional signatures Hash chains Merkle-Trees –Resiliency and Fault-Tolerance Secret Sharing Rabin’s Information Dispersal Bloom Filters Tools: Denial of Service Protection and more –Client-server puzzles Pre-image based, special image based Discrete Log Based Outsourced Puzzles

14. OSU EECS High-Level Objectives (II) Broadcast Authentication –TESLA: Playing with time factor  efficient authentication –EMSS: Address non-repudiation and sync. Issues Hybrid Cryptography via Signcryption Delay-Aware Authentication for Vehicular Networks –Rapid Authentication Scheme –Structure-Free Rapid Authentication Framework –Hardware-Accelerated Rapid Authentication (RA) Privacy and Security in Cognitive Radio Networks –LPOS in Centralized Setting –Database-Driven Approaches –Anti-Jamming in Cognitive Radio Networks

15. OSU EECS High-Level Objectives (III) User-Friendly Authentication Methods –Computer Vision Methods and Fuzzy Extractors Differential Privacy and Outsourced Computation (Optional) Group Diffie-Hellman Key Exchange –GDH.1, GDH.2, GDH.3 Tree-based Group Diffie-Hellman Key Exchanged –Member Join-Leave, Partition, Merges Group Key Distribution Methods –Forward and backward security, Iolus –Logical Key Hierarchy, Key Graphs

16. OSU EECS High-Level Objectives (IV) ( Student Lectures) Oblivious RAM Differential Privacy Garbled Circuits Secure MPC Private Set Intersection Fully Homomorphic Encryption Embedded Security for Medical Devices

17. OSU EECS High-Level Objectives (V) ( Project Presentations) Searchable Encryption Oblivious RAM Secure Logging Time-valid Digital Signatures Wireless Sensor Network Security Other potential topics???

18. OSU EECS In-class paper presentation, %15 each, %30 total (subject to change) –See potential topics at the webpage –Full lecture style (or a single paper style) + question preparation Survey/Scouting, %20 –Aligned with the research project topic Research Project, %40 –A good progress can remove survey/scouting! –Either select one of given topics, or propose your own project –Your preference + your skill set, team effort versus individual work –Please let me know if you will continue this course by next week Class attendance/participation %5-10 Take-homes (optional) 18 Grading

19. OSU EECS Dr. Attila Altay Yavuz 19 Outline (current lecture) Self-introduction Big Picture –Grand-vision, problems and challenges Course Objectives ( overview) –Touching important problems and tools (name & functionality) –Grading Example Project Topics –Decision on your topic, assess your background/commitment