Monday, 3 October 2022
Time: 9:00 am - 10:00 am
Talk title: The Rise of Side Channel Attacks: the case of wireless and mobile systems
Speaker: Guevara Noubir
Abstract: Over the last decade, security and privacy has became a major concern for organizations, governments, and society. This resulted in extensive efforts to develop and deploy a wide variety of hardware and software defense mechanisms ranging from network security protocols, secure computing platforms, to usable security and policies. As the low-hanging vulnerabilities became harder to exploit, side-channel attacks started receiving more attention from the larger security community. The research community has been very prolific in discovering a wide variety of exploitable side-channel attacks. In this talk, we focus on side-channels in wireless and mobile systems. We discuss their unique features and root cause such as resource constraints, inherent emissions, couplings and systems optimization. We review several recent attacks from our own work and others to illustrate the origins and risks. We also discuss defense approaches and their limitations in terms of effectiveness and realism.
Guevara Noubir is a Professor at Northeastern University (Boston, MA) within the Khoury College of Computer Sciences and currently serving as the Executive Director of Cybersecurity Programs, and the PI of Northeastern University’s NSA/DHS designated Center of Academic Excellence in Cybersecurity. He received the US National Science Foundation CAREER Award in 2005, Google Faculty Research Award on Privacy in 2016, Northeastern University Excellence in Research and Creative Activity Award 2018, best paper awards at ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2011 and 2018, and the IEEE Conference on Communications and Network Security best paper in 2016. Dr. Noubir led Northeastern University winning teams in the DARPA Spectrum Collaboration Challenge (SC2) in 2017, 2018, and finalist in 2019 (winning a total of $2M). He also led Northeastern’s winning team in the DARPA Spectrum Challenge collaborative scenario in 2013. Dr. Noubir chaired the technical program committee of several security conferences including the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), and IEEE Conference on Communications and Network Security. He serve(d) on the editorial boards of ACM Transaction on Privacy and Security, IEEE Transactions on Mobile Computing, Elsevier Journal on Computer Networks, and IEEE Transaction on Information Forensics and Security. His research has been funded by BAE Systems, ARPA, Draper Labs, Microsoft Research, ONR, NSA, NSF, and Raytheon. Dr. Noubir holds a PhD in Computer Science from the Swiss Federal Institute of Technology in Lausanne (EPFL) and MS in CS (diplôme d’ingénieur) from Ecole Nationale Supérieure d’Informatique et de Mathématiques Appliquées de Grenoble (ENSIMAG), France. He held research and visiting positions at CSEM SA, EPFL, Eurecom, MIT, and UNL. He is a co-founder of Novowi a startup focussing on wireless and mobile systems security.
Tuesday, 4 October 2022
Time: 9:00 am - 10:00 am
Talk title: Wicked bizarre physics of analog sensor security
Speaker: Kevin Fu, the University of Michigan
Medical devices, healthcare delivery, and other cyber-physical systems depend on sensors to make safety-critical, automated decisions. My research lab investigates the problem of how to protect cyber-physical systems from adversaries who can maliciously control sensor output by subverting its semiconductor physics. Finding principled, systematic solutions is extremely important to give consumers confidence in innovative medical devices and other emerging technology. Unique to our embedded security research contributions is an emphasis on protecting the longevity of implanted batteries and using software-only approaches to mitigate design flaws in legacy hardware. These contributions were important to creating the field of medical device security; advancing the academic community's ability to measurably defend against signal injection attacks on sensors; and changing how international regulators evaluate security of consumer products. In this talk, I will highlight academic research on protecting sensor semiconductors from maliciously modulated sound waves, radio waves, and lasers that can compromise software systems in cyber-physical systems such as pacemakers and vaccine cold-chain transportation.
Kevin Fu is Associate Professor of EECS at the University of Michigan where he directs the Archimedes Center for Healthcare and Device Security. Fu previously served as the nation's inaugural Acting Director of Medical Device Cybersecurity at U.S. FDA’s Center for Devices and Radiological Health (CDRH) and Program Director for Cybersecurity at the Digital Health Center of Excellence (DHCoE). His research vision is a world where science-based security is built-in by design to all embedded systems: medical devices, healthcare delivery, autonomous transportation, manufacturing, and the Internet of Things. His research lab focuses on analog cybersecurity—how to model and defend against threats to the physics of computation and sensing. Fu is most known for his security research on cryptographic and low-power inventions to defend against vulnerabilities in an implantable cardiac defibrillator. His research led to a decade of revolutionary improvements at medical device manufacturers, global regulators, and international healthcare safety standards bodies. Security solutions resulting from this research foresaw the risks of malicious software affecting hospitals a decade before ransomware began to disrupt clinical workflow at worldwide.
Fu has been recognized as an IEEE Fellow, Sloan Research Fellow, and MIT Technology Review TR35 Innovator of the Year. He received best paper awards from USENIX Security, IEEE Security & Privacy, and ACM SIGCOMM. His research on pacemaker security received an IEEE Security & Privacy Test of Time Award. He co-founded healthcare cybersecurity startup Virta Labs. Fu has testified in the House and Senate and was commissioned by the National Academy of Medicine for a report on trustworthy medical device software. He serves as a member of the Association for the Advancement of Medical Instrumentation (AAMI) Biomedical Instrumentation & Technology Editorial Board, the ACM Committee on Computers and Public Policy, and the USENIX Security Steering Committee. He chairs the USENIX Security Test of Time Awards Selection Committee. He chaired the USENIX Security PC and served as the inaugural co-chair of the AAMI cybersecurity working group to create the first FDA-recognized consensus standards to improve the security of medical device manufacturing. He founded the Archimedes Center for Healthcare and Device Security, and co-founded the N95decon.org team for emergency reuse decontamination of N95 masks during pandemic shortages. Fu served as a member of the U.S. NIST Information Security and Privacy Advisory Board and federal science advisory groups. Fu received his BS, MEng, and PhD from MIT. He earned a certificate of artisanal bread making from the French Culinary Institute, builds wood-fired brick ovens, and enjoys woodworking.