The talks will cover a broad and diverse range of topics ranging from examining future trends in computer security to understanding cybersecurity within the federal government. Exciting new research in various computer security mechanisms and systems for securing cyber spaces and data will also be presented.
Cyber security is no longer confined to traditional components such as desktop computers and data centers. Today, cyber security challenges extend to the mobile device you are likely carrying right now. Cyber is also a key part our vehicles, medical devices, and building controls. Nearly every sector from energy and financial systems to the food and agriculture have benefited by new cyber components. Along with these advances have come cyber related vulnerabilities. Researchers have demonstrated techniques for remotely hacking vehicles on the Interstate and medical devices. Actual cyber incidents have disrupted systems from 911 centers in the US to the Ukrainian power grid. This talk will look at both existing and emerging threats and review some of the R&D efforts to address these threats, as seen from a DHS Science and Technology Directorate Cyber Security Division perspective.
Quantum computers may come into existence sometime between 2030 and 2050 that are capable of breaking RSA and ECC, and of finding 128 bit AES keys. Intel uses these algorithms in products. In this talk, I will discuss where Intel uses cryptography in products, and describe the research we have done in preparation of making a recommendation to Intel for changes to be prepared for the potential existence of quantum computers. I will also mention an algorithm we use, EPID, for anonymous signatures for which we have not yet found a post quantum secure replacement.
Hardware is not only the root of any computing and communication device, it can also outperform software implementation of most applications by up to several order of magnitudes. In this talk, we will discuss cybersecurity challenges and opportunities for hardware in the era of Internet of Things (IoT). We start with examples on the security vulnerabilities introduced by hardware: the power analysis attack which can reveal secret keys from design optimized for performance; standard digital logic designs that may create unauthorized control to the system; hardware Trojan Horse that can be seamlessly embedded during system design, and the untrusted supply chain. Then we report some advances on how hardware can be used to build better and stronger security and trust in IoT devices. Examples include trust platform module (TPM), silicon physical unclonable function (PUF), hardware based authentication, and hardware-software co-design approaches.
At Galois, we have been pursuing a variety of new cyberdefense technologies: technologies to find attackers, confuse attackers, frustrate DDoS attempts, manage CVEs, prioritize response activities, and develop software that supports these activities. In this talk, we describe the underlying philosophy that connects all these technologies, and how this philosophy was inspired by a change in attitude about how best to defend networks. We then use examples of technologies we are developing – our DDoS defense tool, 3DCoP, our alarm system, CyberChaff, and others – that best highlight how this point of view can be reified into next-generation cyber solutions.