Tomorrow (29 Nov)
|Joel Höglund: Public key infrastructure for the Internet of Things|
Location: ITC 2244, Time: 13:00
Moderator: André Teixeira
The overall goal of the thesis work is to take important steps towards making IoT devices first class Internet citizens, by bringing PKI solutions that live up to modern security standards to the IoT world. During the first part of the PhD work the focus has been on reducing the overhead caused by certificates and certificate management protocols down to acceptable levels for constrained IoT devices. By combining efficient encodings and domain knowledge, both the certificates themselves and the certificate management operations can be reduced by at least 50%. By designing certificate management protocols for application layer security the footprint can be further reduced, while utilizing the most up-to-date crypto solutions. As a result, true end-to-end security and better possibilities for interoperability with mainstream Internet solutions can be achieved. Parts of the work are being standardised through IETF. Upcoming work includes proposing solutions for handling transfer of trust in IoT systems with a minimum or no human intervention, as well as further work on certificate revocation suitable for IoT scenarios.
Joel Höglund is doing his PhD within the Connected Intelligence unit at RISE, with close cooperation with the Cybersecurity unit. Before starting the PhD work he has been working within the area of networked embedded systems in several EU projects, implementing and adapting systems software for resource-constrained devices, with the target to make them resource efficient and interoperable through standard based solutions. With the start of the SSF funded phd project security became a new focus, while still adhering to the previous goals and constraints of IoT systems.
Tomorrow (29 Nov)
|Han Wang: Trustworthy Federated Learning for IoT Security|
Location: ITC 2244, Time: 13:50
Moderator: Christian Rohner
With the introduction of new privacy laws, such as the General Data Protection Regulation (GDPR) in the EU, the amount of data shared should always be minimized. The most significant benefit of using AI at the edge of IoT networks is keeping data within personal/industrial spaces and at the same time allowing gaining ML advantages to help solving performance and IoT security problems such as anomaly detection. Federated Learning has emerged as a very promising paradigm for training distributed ML models. It enables IoT edge devices to collaboratively train models in a decentralized way and keep the private data staying on the devices at the same time. Despite the advantages, FL brings challenges as well. In a real-world setup, the collected data varies significantly among devices since user’s preferences and local environments are different. This is especially relevant for IoT anomaly detection, as the type of attacks or anomalies observed by each device can be different. Because of this heterogeneity in IoT network, the training data for ML models are usually non-IID and imbalanced which has been shown to degrade model’s performance. This presentation will cover (i) introduction to AI at the IoT edge, (ii) background of federated learning, (iii) and challenges and solution for robust federated learning
Han Wang is a Ph.D. student at RISE Cybersecurity and Uppsala University in Sweden. She received the double M.S. Degrees in Information Technology from Uppsala University, Sweden, and Computer Science and Information Engineering from National Taiwan Normal University, Taiwan in 2017. Her current research is focused on federated learning for IoT security, and security for machine learning.
Tomorrow (29 Nov)
|Kevin Thandiackal (ETH Zurich): Generative Implicit Feature Replay for Continual Learning|
Location: ITC 4307, Time: 14:15-15:00
Neural networks are prone to catastrophic forgetting when trained incrementally on different tasks. Popular incremental learning methods mitigate such forgetting by retaining a subset of previously seen samples and replaying them during the training on subsequent tasks. However, this is not always possible, e.g., due to data protection regulations. In such restricted scenarios, one can employ generative models to replay either artificial input samples or features to a classifier. In this talk, I will present a novel approach called Generative Implicit Feature Replay, where a generative model is trained to replay input samples that induce the same hidden features as real samples when they are passed through the classifier. This technique thus incorporates the benefits of input and feature replay: (1) unlike input replay, the generative model explicitly learns the distribution of features that are relevant for classification; (2) in contrast to conventional feature replay, the entire classifier remains trainable; and (3) image-space augmentations can be leveraged, which increases classification performance while also mitigating overfitting during the training of the generative model.
Tomorrow (29 Nov)
|Anum Khurshid: Hardware-assisted Trusted Execution Environments for Resource-constrained IoT|
Location: ITC 2244, Time: 14:45
Moderator: Christian Rohner
Trusted Execution Environments (TEE) are becoming an integral part of devices ranging from large-scale cloud-based system to resource constrained IoT devices. TrustZone holds one of the largest share in the TEE market for IoT devices and has recently expanded even further with the release of TrustZone-M into ARMv8-M Cortex-M23 and Cortex-M33 processors. TrustZone-M provides a TEE for isolated execution of security sensitive operations by partitioning the system into two domains (i.e., non-secure world and secure world). Since TrustZone-M is recently incorporated into ARMv8-M, processors which are designed for low-power IoT devices, we explore the platforms for improvements and to harden the security of these devices. TrustZone-M provides isolated execution of security sensitive operations; however, isolation of execution is not sufficient to completely protect system resources, a secure communication channel between the two worlds for the applications to share critical data has to be guaranteed. The communication channel between the non-secure world and secure world is vulnerable to several different attacks. To this end, we have proposed and build a secure communication channel for secure transmission of data between the non-secure and secure world of TrustZone-M. Another one of the major shortcomings in Trusted Execution Environments such as TrustZone-M is an inability to check if the code running inside the trusted zone is malicious. Once secure software is established to run in the secure zones, there is no possibility to check the behaviour of the application. The risk due to unchecked applications in the secure world arises from the fact that there is a lack of standardization in IoT devices; and the diversity of third-party components and application suppliers makes it challenging to establish trust between component suppliers, vendors, and device owners. We have developed a mechanism for protecting system resources and peripherals against suspicious code execution in secure zones. We have implemented proof-of-concept of both the solutions on the MUSCA-A evaluation board that has Cortex-M33 processor with TrustZone-M extensions. We plan to utilize these TEEs with newly established capabilities of secure inter-world communication and monitoring of application behavior, to develop protocols for automated remote attestation and certification of IoT software.
Anum is an Industrial PhD Student at RISE Research Institutes of Sweden. She is doing her PhD in Hardware-assisted Trusted Execution Environments focusing on IoT security. Her research interests broadly encompass software security, embedded systems security, IoT certification, remote attestation and trusted execution technologies. She is a part of two H2020 projects, the RISE internal Knowledge Platform and an SSF project on IoT software security. Anum did her Master of Science in Computer Science specializing in Cybersecurity and BS in Computer Science from COMSATS University, Islamabad in 2017 and 2014 respectively.
Friday 3 Dec
|Konrad-Lorenz Krentz, Uppsala University: A Middlebox-Centered Remote Denial-of-Sleep Defense with Reduced Trust Assumptions|
, Time: 15:00-16:00
Welcome to the next Cybersecurity seminar!
Join via Zoom: Click here for Zoom link
A remote denial-of-sleep attack occurs when a battery-powered Internet of things (IoT) device expends energy for receiving and processing unwanted packets from the Internet. While seemingly benign, such attacks may even raise safety concerns, e.g., in the context of Internet-connected in-body networks. The state-of-the-art defense is to let a middlebox perform authenticity, freshness, and per-client rate limitation checks before forwarding packets to IoT devices. However, current work assumes that such a middlebox is fully trusted so as to legitimize giving it the end-to-end keying material required for authenticity checking. In this talk, I present our current efforts to advance the state of the art to tolerate the compromise of most of the software that runs on such a middlebox by performing the packet filtering inside a trusted execution environment (TEE). Our approach raises two key challenges. First, whereas running TEEs on embedded devices is well researched, the case when an IoT device itself acts as a relying party is not. In particular, there appears to be no lightweight remote attestation protocol for this scenario. To this end, we propose a remote attestation protocol that builds on (i) the Constrained Application Protocol (CoAP) and (ii) cryptographic primitives that IoT devices often have built-in acceleration for. Second, an attacker should not be able to bypass our TEE, i.e., forward, inject, or replay packets without our TEE’s consent. To that end, we integrate our remote denial-of-sleep defense with an emerging defense against a set of lower layer denial-of-sleep attacks, namely the embedding of one-time passwords (OTPs) in the Layer 1 or 2 headers of radio transmissions. We are implementing our remote denial-of-sleep defense using the RISC-V-based TEE technology Keystone and CC2538-based IoT devices.
Konrad-Felix Krentz received a B.Sc., M.Sc., and Ph.D. degree all in IT-Systems Engineering from Potsdam University, Germany. Presently, he is developing security mechanisms for in-body networks as part of his postdoctoral research at Uppsala University. His research interests include IoT and cybersecurity.
André and Christian for the security arena
|Disputation | PhD defense|
|Rebecca Cort: Getting Work Done: The Significance of the Human in Complex Socio-Technical Systems|
Location: Häggsalen, Ångströms, Time: 10:15
Rebecca Cort will present and defend her PhD thesis Getting Work Done: The Significance of the Human in Complex Socio-Technical Systems
Opponent: Prof. Ann Blandford
Supervisor: Prof. Anders Arweström Jansson
This thesis aims to deepen the understanding of the role and relevance of the worker in the functioning of complex socio-technical systems. The perspective adopted is profoundly human-centred and the worker is considered as a resource. This stands in stark contrast to the performance-related measurements and accident investigations which have typically formed much research on work in complex safety-critical systems and conveyed a perspective of the human as merely a system cog. The empirical material in this thesis is based on ethnographic fieldwork in the shape of workplace studies conducted across two distinct work domains: manufacturing and operational train traffic. The studies are informed by distributed cognition (DCog) and activity theory (AT) as prominent theoretical approaches for developing in-depth understandings of how work activities are accomplished in situations where the interplay between humans and their socio-cultural and material environment is of interest. The findings are illustrated by empirical work that provides detailed accounts of work practices derived from a total of four work settings. It is illustrated how acquired experiences and skills allow the workers to simultaneously use and create resources in the socio-material environment. The findings also reveal novel characteristics of adaptations as driven by a human agency rather than being a result of external demands, which is the common view in literature on work in safety-critical domains. Based on the findings, the role of the worker is illustrated as a meaning-making actor – not only participating in, but also actively contributing to the system and its functioning. In that capacity, the worker is acting as a driving force for a process of continuous development, allowing the system to continue to function although frequently exposed to uncertainties and unexpected events. This thesis contributes to a deepened understanding of the role of human workers in socio-technical systems, highlighting how workers are an invaluable asset when it comes to managing large variations and unexpected events in technology-mediated complex work. This contribution is complementary to the current understanding of how to uphold system safety and provides insight into what underlies a mutually beneficial relationship between humans and technology to which both parties can contribute with what they do best.
|Vidar Stiernström: High-order finite difference methods with applications in Geophysics|
Location: ITC 2347, Time: 13:15-15:00
Join via Zoom: Click here for Zoom link
External reviewer/opponent:Marco Kupiainen, Swedish Meteorological and Hydrological Institute, Rossby Centre
|Licentiatseminarium | Licentiate seminar|
|Niklas Gunnarsson: On the registration and modeling of sequential medical images|
Location: POL 2347, Time: 10:00-12:00
External reviewer: Prof. Atsuto Maki (KTH)
Examiner: David Sumpter (FUAP)
Real-time imaging can be used to monitor, analyze and control medical treatments. In this thesis, we want to explain the spatiotemporal motion and thus enable more advanced procedures, especially real-time adaptation in radiation therapy. The motion occurring between image acquisitions can be quantified by image registration, which generates a mapping between the images.
The contribution of the thesis consists of three papers, where we have used different approaches to estimate the motion between images.
In Paper I, we combine a state-of-the-art method in real-time tracking with a learned sparse-to-dense interpolation scheme. For this, we track an arbitrary number of regions in a sequence of medical images. We estimated a sparse displacement field, based on the tracking positions and used the interpolation network to achieve its dense representation.
Paper II was a contribution to a challenge in learnable image registration where we finished at 2nd place. Here we train a deep learning method to estimate the dense displacement field between two images. For this, we used a network architecture inspired by both conventional medical image registration methods and optical flow in computer vision.
For Paper III, we estimate the dynamics of spatiotemporal images by training a generative network. We use nonlinear dimensional reduction techniques and assume a linear dynamic in a low-dimensional latent space. In comparison with conventional image registration methods, we provide a method more suitable for real-world scenarios, with the possibility of imputation and extrapolation.
Although the problem is challenging and several questions are left unanswered we believe a combination of conventional, learnable, and dynamic modeling of the motion is the way forward.
|Disputation | PhD defense|
|Christos Sakalis: Rethinking Speculative Execution from a Security Perspective|
Location: ITC 2347, Time: 10:15
Christos Sakalis will present and defend his PhD thesis Rethinking Speculative Execution from a Security Perspective
Opponent: Prof. Josep Torrellas
Supervisor: Magnus Själander
Speculative out-of-order execution is one of the fundamental building blocks of modern, high-performance processors. To maximize the utilization of the system's resources, hardware and software security checks in the speculative domain can be temporarily ignored, without affecting the correctness of the application, as long as no architectural changes are made before transitioning to the non-speculative domain. Similarly, the microarchitectural state of the system, which is by necessity modified for every single operation (speculative or otherwise) also does not affect the correctness of the application, as such state is meant to be invisible on the architectural level. Unfortunately, while the microarchitectural state of the system is indeed separate from the architectural state and is typically hidden from the users, it can still be observed indirectly through its side-effects, through the use of "side-channels". Starting with Meltdown and Spectre, speculative execution, combined with existing side-channel attacks, can be abused to bypass both hardware and software security barriers and illegally gain access to data that would not be accessible otherwise.
Embroiled in a battle between security and efficiency, computer architects have designed numerous microarchitectural solutions to this issue, all the while new attacks are being constantly discovered. This thesis proposes two such speculative side-channel defenses, Ghost loads and Delay-on-Miss, both of which protect against speculative side-channel attacks targeting the cache and memory hierarchy as their side-channel. Ghost loads work by making speculative loads invisible in the memory hierarchy, while Delay-on-Miss, which is both simpler and more secure than Ghost loads, restricts speculative loads from even reaching many levels of the hierarchy.
At the same time, this thesis also tackles security problems brought on by speculative execution that are not themselves speculative side-channel attacks, namely microarchitectural replay attacks. In the latter, the attacker abuses speculative execution not to gain access to data but to amplify an otherwise already existing side-channel. This is achieved by trapping the execution of a victim application in a repeating window of speculation, forcing it to constantly squash and re-execute the same side-channel instructions again and again. To counter such attacks, Delay-on-Squash is introduced, which prevents instructions from being replayed in the same window of speculation, hence stopping any microarchitectural replay attempts.
Overall, between Delay-on-Squash, Delay-on-Miss, and Ghost loads, this thesis covers a wide range of insecure microarchitectural behaviors and secure countermeasures for them, all the while balancing the trade-offs between security, performance, and complexity.
|Disputation | PhD defense|
|Ghafour Ahani: Optimal Scheduling for Timely Information in Communication Systems|
Location: ITC 2446, Time: 13:15
Ghafour Ahani will present and defend his PhD thesis Optimal Scheduling for Timely Information in Communication Systems.
Opponent: Prof. Andreas Kassler
Supervisor: Prof. Di Yuan
The explosive growth of data in information society poses significant challenges in the timely delivery of information in the context of communication networks. Hence, optimal utilization of scarce network resources is crucial. This dissertation contributes to several aspects related to the timely delivery of information, including scheduling of data flows between sources and destinations in a network, scheduling of content caching in a base station of mobile networks, and scheduling of information collection. Two important metrics, namely, delivery deadline and information freshness, are accounted for. Mathematical models and tailored solution approaches are developed via tools from optimization.
Five research papers are included in the dissertation. Paper I studies a flow routing and scheduling problem with delivery deadline. This type of problem arises in many applications such as data exchange in scientific projects or data replication in data centers where large amounts of data need to be timely distributed across the globe. Papers II, III, and IV investigate content caching along time in a base station. Content caching at the network’s edge has recently been considered a costefficient way of providing users with their requested information. In Paper II, the schedule for updating the cache is optimized with respect to the content requests of users and the popularity of contents over time. Paper III, as an extension of Paper II, addresses the question of how to keep the cache information fresh, as all contents can not be updated due to the limited capacity of the backhaul link. The freshness of information is quantified via the notion of age of information (AoI). Paper IV investigates joint optimization of content caching as well as recommendation? the latter contributes to satisfying content requests in case of a cache miss. Paper V studies optimal scheduling of information collection from a set of sensor nodes via an unmanned aerial vehicle. The objective is to keep the overall AoI as small as possible.
In these studies, analysis of problem complexity is provided, and timeefficient solution algorithms based on column generation, Lagrangian decomposition, and graph labeling are developed. The algorithms also yield a bound of global optimum, that can be used to assess the performance of any given solution. The effectiveness of the algorithms in obtaining nearoptimal solutions is demonstrated via extensive simulations.
|Licentiatseminarium | Licentiate seminar|
|Karl Bengtsson Bernander: Improving training of deep learning for biomedical image analysis and computational physics|
Location: ITC 4307, Time: 10:15
Opponent: Magnus Oskarsson, Lunds universitet
Internal seminars. Lecturers may be either internal or external.