Menu Close

The HAIC public outreach initiative aims to make cybersecurity more accessible to a broader audience. As part of this initiative, are organizing HAIC Talks, a series of public lectures on contemporary topics in cybersecurity. In the style of studia generalia, these lectures are free and open to everyone. No background knowledge in cybersecurity is required. HAIC Talks are made possible through the generous support of the Aalto University School of Science.

Sign-up for our HAIC Talks mailing list to hear about future events.


Lecture description: Increasingly countries and regions have strict laws and regulations to protect the privacy of personal data. For example, the states of the European Union (EU) enforce the General Data Protection Regulations (GDPR) to protect personal data of individuals living in the EU. Much research has focused on preserving the privacy of data using various advanced cryptographic techniques. However, and irrespective of the privacy of the data itself, just the queries requesting the data raise severe privacy concerns owing to numerous attacks and data breaches using access patterns.

Our goal in this talk is to demonstrate how private access of data, using sophisticated, expensive but secure cryptographic methods can become a practical reality in the near future. Our focus is on supporting oblivious queries and thus hide any associated access patterns on both private and public data.

For private data, ORAM (Oblivious RAM) is one of the most popular approaches for supporting oblivious access to encrypted data. However, most existing ORAM datastores are not fault tolerant and hence an application may lose all of its data when failures occur. To achieve fault tolerance, we propose QuORAM, the first datastore to provide oblivious access and fault-tolerant data storage using a quorum-based replication protocol.

For public data, PIR (Private Information Retrieval) is the main mechanism proposed in recent years.  However, PIR requires the server to consider data as an array of elements and clients retrieve data using an index into the array. This requirement limits the use of PIR in many practical settings, especially for key-value stores, where the client may be interested in a particular key, but does not know the exact location of the data at the server.

In this talk we will discuss recent efforts to overcome these limitations, using Fully Homomorphic Encryption (FHE), to improve the performance, scalability and expressiveness of privacy preserving queries of public data.

A man smiling at the cameraAbout the speaker: Amr El Abbadi is a Professor of Computer Science. He received his B. Eng. from Alexandria University, Egypt, and his Ph.D. from Cornell University. His research interests are in the fields of fault-tolerant distributed systems and databases, focusing recently on Cloud data management, blockchain based systems and privacy concerns.

Prof. El Abbadi is an ACM Fellow, AAAS Fellow, and IEEE Fellow.  He was Chair of the Computer Science Department at UCSB from 2007 to 2011. He served as Associate Graduate Dean at the University of California, Santa Barbara from 2021–2023.  He has served as a journal editor for several database journals, including, The VLDB Journal, IEEE Transactions on Computers and The Computer Journal. He has been Program Chair for multiple database and distributed systems conferences, including most recently SIGMOD 2022. He currently serves on the executive committee of the IEEE Technical Committee on Data Engineering (TCDE) and was a board member of the VLDB Endowment from 2002 to 2008. In 2007, Prof. El Abbadi received the UCSB Senate Outstanding Mentorship Award for his excellence in mentoring graduate students. In 2013, his student, Sudipto Das received the SIGMOD Jim Gray Doctoral Dissertation Award. Prof. El Abbadi is also a co-recipient of the Test of Time Award at EDBT/ICDT 2015.  He has published over 350 articles in databases and distributed systems and has supervised over 40 PhD students.

Time: 17.4.2024 at 16:00 – 17:30 (coffee and buns served from 15:30). The lecture will be approximately 60 minutes, after which there will be time for questions.

Venue: Lumituuli auditorium, Dipoli, Aalto University (Otakaari 24, Espoo)

Registration: The event is open to all and free of charge but we ask you to register for the event as it helps us to estimate the number of coffee ordered, thank you.


Lecture description: 5G has learned lessons from previous generations and improved the privacy of a subscriber. Still it seems that the privacy is not perfect and there are offerings like Pretty Good Phone Privacy (PGPP) that promise an even better privacy. As a consumer, the question arises, how good is 5G privacy and what are the real privacy risks, if I take PGPP is my privacy really better and what are the potential side effects? In this talk, we will focus on location privacy, its improvements, but also the weak practical issues that come when 5G networks are deployed.

This HAIC Talk was not recorded but you can find the presentation slides here: Privacy in 5G – Explained at the example of Pretty Good Phone Privacy (PGPP)– with Silke Holtmanns

a woman smiling at cameraAbout the speaker: Silke has 23 years of telecommunication security experience. She worked for Ericsson, Nokia, AdaptiveMobile Security, ENEA and is now with the PwC Finland 5G Security Team. She holds a PhD in Mathematics and is a Certified Information System and Cloud Security Professional (CISSP and CCSP). The technology evolved and Silke is securing that path from mobile payments, WAP, 3GPP, GSMA, LTE & 5G, remote provisioning, eSIM, core network, OpenRAN, SMS, interconnection, threat analysis, to cloud & virtualization and security compliance.

Silke has discovered new attacks e.g., for slicing attacks, location and presented at Blackhat and Defcon.

Silke is a member of the EU ENISA Advisory Group to provide her expertise to secure 5G and critical infrastructure. In her position at PwC she assists vendors, cloud providers, vertical industries and operators.

Silke is deeply into cooking and Taekwondo.

Time: 27.4.2023 at 16:00 – 17:30 (coffee and buns served from 15:30). The lecture will be approximately 60 minutes, after which there will be time for questions.

Venue: T1 auditorium, CS building, Aalto University (Konemiehentie 2, Espoo)

Registration: The event is open to all and free of charge but we ask you to register for the event as it helps us to estimate the number of coffee ordered, thank you.


Lecture description: In a couple of years, “study items” for the 6G security standard will be set. Security issues not included in these study items are unlikely to be standardized and patched even in 6G. Therefore, before these study items are set, the security research community needs to put in effort to find security vulnerabilities in cellular standards up to 5G. Furthermore, as a community, we need to find solutions to these vulnerabilities that are practical enough to be accepted by the standard bodies. In this talk, I will introduce unpatched design vulnerabilities and attacks in cellular standards up to 5G. I will also talk about potential defense mechanisms and reasons why they have not been accepted in 3GPP so far. 

This HAIC Talk was not recorded but you can find the presentation slides here: Unpatched-design-vulnerabilities-in-cellular-standards_YK.

a man staring at cameraAbout the speaker:  Yongdae Kim is a Professor in the Department of Electrical Engineering and the Graduate School of Information Security and a head of Police Science and Technology Research Center at KAIST. He received a PhD degree from the computer science department at the University of Southern California in 2002. Before joining KAIST in 2012, he was a professor in the Department of Computer Science and Engineering at the University of Minnesota – Twin Cities for 10 years. He served as a KAIST Chair Professor between 2013 and 2016 and a director of Cyber Security Research Center between 2018 and 2020.  He is currently serving as a steering committee member of ACM WISEC and served as a general chair for ACM CCS 2021, a program committee chair for ACM WISEC 2022, an associate editor for ACM TOPS, and a steering committee member of NDSS. His main research interest is finding and fixing novel vulnerabilities for emerging technologies such as drones, self-driving cars, and cellular networks.

Time: 12.12.2022 at 16:00 – 17:30 (coffee and buns served from 15:30). The lecture will be approximately 60 minutes, after which there will be time for questions.

Venue: Lumituuli, Dipoli, Aalto University (Otakaari 24, Espoo)

Registration: The event is open to all and free of charge but we ask you to register for the event as it helps us to estimate the number of coffee ordered, thank you.


Lecture description: Applied cryptography has been a very active area in the last 10 years since the Snowden revelations. From being used selectively, cryptography is now used everywhere for both security and privacy. To prevent pervasive monitoring, mandatory to use encryption, identity protection, and perfect forward secrecy are now seen as requirements. The increased use of crypto has put new requirements on performance, and old standards with questionable security have been replaced with new high-performance algorithms with improved side-channel protection. Current activities include aligning with zero trust principles and making systems resistant to attacks from quantum computers. This talk will explain how and why applied cryptography has evolved in recent years and how it will change with the introduction of post-quantum algorithms and key encapsulation mechanisms.

This HAIC Talk was not recorded but you can find the presentation slides here: Current State of Applied Cryptography – Attacks, Standardization, Government Requirements, and Best Practices – with John Mattsson

A man staring at cameraAbout the speaker:  John is an expert in cryptographic algorithms and security protocols at Ericsson Research. His work focuses on applied cryptography, security protocols, privacy, IoT security, post-quantum cryptography, and trade compliance. During his 15 years at Ericsson, he has worked with a lot of different technology areas and been active in many security standardization organizations including IETF, IRTF, 3GPP, GSMA, and NIST where he has significantly influenced Internet and cellular security standards. In addition to designing new protocols, John has also found significant attacks on many algorithms and protocols including Polar Bear, GCM, SRTP, CoAP, and SCTP. John holds an M.Sc. in engineering physics from KTH Royal Institute of Technology, Sweden, and an M.Sc. in business administration and economics from Stockholm University.

 

Time: 31.10.2022 at 16:00 – 17:30 (coffee and buns served from 15:30). The lecture will be approximately 45 minutes, after which there will be time for questions.

Venue: Lumituuli, Dipoli, Aalto University (Otakaari 24, Espoo)

Registration: The event is open to all and free of charge but we ask you to register for the event as it helps us to estimate the number of coffee ordered, thank you.


Lecture description: QUIC is a new UDP-based transport protocol for the Internet, and specifically, the web. Originally designed and deployed by Google, it already makes up 35% of Google’s egress traffic, which corresponds to about 7% of all Internet traffic. The strong interest by many other large Internet players in the ongoing IETF standardization of QUIC is likely to lead to an even greater deployment in the near future.

This talk will first present what is QUIC, the unique design aspects of the protocol, and how it is different from the conventional HTTP/TLS/TCP web stack. It will then discuss the performance of QUIC on the Internet and the potential impact of the protocol once it is widely deployed.

A man smiling at the cameraAbout the speaker: Lars is an experienced technology leader with deep expertise in distributed systems, network architectures and protocol design, ranging from the Internet to datacenter to IoT/edge environments. He drives NetApp’s networking strategy through academic collaborations with top universities and open source collaborations.

Lars has been leading Internet standardization for two decades as a member of the IETF’s steering group and architecture board, and he currently chairs the IETF. In the past, he chaired the IETF’s research arm, the IRTF, and the IETF’s QUIC working group. He also serves on the program and organization committees of academic conferences such as ACM SIGCOMM and USENIX NSDI, as well as numerous other boards.

Lars received his Ph.D. in Computer Science from the University of Southern California (USC) in 2003. Before joining NetApp in 2011, he was a Principal Scientist at Nokia and served on the corporation’s CTO and CEO Technology Councils. In parallel, from 2009-2014, Lars was an Adjunct Professor at Aalto University. From 2003-2006, he was a senior researcher at NEC Labs.

Time: 24.5.2022 at 12:30-12:30. The lecture will be approximately 45 minutes, after which there will be time for questions.

Venue: T1 lecture hall (2nd floor), CS-building, Konemiehentie 2, 02150 Espoo.

Registration: Please register to our event so that we don’t run out of coffee and buns!

This HAIC Talk is part of the Secure Systems Demo Day 2022. After the talk there will be other posters and demonstrations of the research group’s recent results. Demo Day 2022 is open to everyone and free of charge.


A woman smiling at the cameraAbout the speaker:  Franziska (Franzi) Roesner is an Associate Professor in the Paul G. Allen School of Computer Science & Engineering at the University of Washington, where she co-directs the Security and Privacy Research Lab. Her research focuses broadly on computer security and privacy for end users of existing and emerging technologies. Her work has studied topics including online tracking and advertising, security and privacy for sensitive user groups, security and privacy in emerging augmented reality (AR) and IoT platforms, and online mis/disinformation. She is the recipient of a Consumer Reports Digital Lab Fellowship, an MIT Technology Review “Innovators Under 35” Award, an Emerging Leader Alumni Award from the University of Texas at Austin, a Google Security and Privacy Research Award, and an NSF CAREER Award. She serves on the USENIX Security and USENIX Enigma Steering Committees. She received her PhD from the University of Washington in 2014 and her BS from UT Austin in 2008. Her website is at https://www.franziroesner.com.

Time: 23.5.2022 at 16:00 – 17:30. The lecture will be approximately 60 minutes, after which there will be time for questions.

Venue: Online

Registration: Please register to receive online meeting information.

Please note that this HAIC talk precedes the Secure Systems Demo Day 2022.


Lecture description: Shopping online? Find yourself asking: are there really only 3 items left at this price? In some cases, the answer is that it is a downright lie or at best misleading in nature. Yet, it is not always easy to recognize this kind of content or the effect it has on consumers. In the shopping example, consumers may not realize they are being duped into making purchasing decisions they may not have, if fully informed and presented with accurate information. To keep up with this increasing trend towards intentionally misleading user interface choices, or dark patterns, which steer consumers down certain paths for the gain of the service provider, policy-makers are creating, discussing, and reviewing current regulations for online content. In this talk, I present case studies of dark patterns and the current consumer protections in place to prevent users from being harmed in the US: dark patterns used in shopping websites and in social media account deletion interfaces. I will provide evidence about the prevalence of these issues on the web, how users perceive them, and discuss what kinds of solutions can be put into place to help consumers become aware of and be protected from unfair and unjust practices that rely on misleading premises. To conclude, I will provide suggestions for future work for researchers, policy-makers, and designers who are invested in enhancing online consumer protections.

 

A woman smiling at cameraAbout the speaker:  Marshini Chetty is an assistant professor in the Department of Computer Science at the University of Chicago, where she co-directs the Amyoli Internet Research Lab or AIR lab. She has a Ph.D. in Human-Centered Computing from Georgia Institute of Technology, USA and a Masters and Bachelors in Computer Science from the University of Cape Town, South Africa. In her former lives, Marshini was on the faculty in the Computer Science Department at Princeton University and the College of Information Studies at the University of Maryland, College Park. Her work has won best paper awards at SOUPS, CHI, and CSCW and has been funded by the National Science Foundation, the National Security Agency, Intel, Microsoft, Facebook, and multiple Google Faculty Research Awards.

Prior to this position, Marshini was research faculty in the Department of Computer Science at Princeton University where she founded and directed the Princeton Human Computer Interaction Laboratory. Before working at Princeton, Marshini was an assistant professor at the College of Information Studies at the University of Maryland, College Park where she directed the NetCHI laboratory. In the past, Marshini also completed two post-doctoral research fellowships at ResearchICTAfrica in Cape Town, South Africa and with Prof. W. Keith Edwards at the College of Computing at  Georgia Institute of Technology. Marshini received her Ph.D. in Human-Centered Computing from Georgia Institute of Technology where she was advised by Prof. Rebecca E. Grinter. She started her journey in the USA after she completed her MSc., BSc.(Hons), and BSc. in Computer Science at the University of Cape Town, South Africa (her beautiful home country).

Time: 27.4.2022 at 16:00 – 17:30. The lecture will be approximately 60 minutes, after which there will be time for questions.

Venue: Online

Registration: Please register to receive online meeting information.


Description: During the last 10 years security researchers and standards experts have been working on specifications to ensure that state-of-the-art cryptography can be used on low end IoT devices. Most of those standards efforts have either been completed or are in the final stages. At the same time, industry groups and governmental agencies have written IoT security guidelines offering valuable suggestions for developers to design more secure IoT products. Even IoT security regulation exists asking for state-of-the-art crypto, the use of standards, and for a ban of passwords.

What challenges do developers face designing IoT products? Can they use open source software implementations and follow IoT security guidelines? In this talk Hannes Tschofenig will make an attempt to answer this question.

About the speaker: Hannes Tschofenig is employed by Arm; prior employers include the European Data Protection Supervisor, Nokia Siemens Networks, and Siemens. His work life focused on developing global standards to make the Internet more secure. He has been active in the IETF for the past 15 years and contributed to more than 80 RFCs on security, privacy and various Internet protocols. Hannes co-chaired several IETF working groups, including OAuth, ACE, KEYPROV, DIME, and ECRIT. From 2010 to 2014 Hannes was a member of the Internet Architecture Board (IAB), a committee of the IETF. Currently, he is a board member and chair of the Device Management and Service Enablement working group of OMA SpecWorks.

Venue: Online

Time: 16:00-17:30. The lecture will be approximately 60 minutes, after which there will be time for questions.

Registration: Registration is closed.

 



This talk is part of the Secure Systems Demo Day 2020 program.

Description: A variety of experts — computer scientists, policy makers, judges — constantly make decisions about best practices for computational systems. They decide which features are fair to use in a machine learning classifier predicting whether someone will commit a crime, and which security behaviors to recommend and require from end-users. Yet, the best decision is not always clear. Studies have shown that experts often disagree with each other, and, perhaps more importantly, with the people for whom they are making these decisions: the users.

This raises a question: Is it possible to learn best-practices directly from the users? The field of moral philosophy suggests yes, through the process of descriptive decision-making, in which we observe people’s preferences from which to infer best practice rather than using experts’ normative (prescriptive) determinations of best practice. In this talk, I will explore the benefits and challenges of applying such a descriptive approach to making computationally-relevant decisions regarding: (i) optimizing security prompts for an online system; (ii) determining which features are fair to include in a classifier and which decision makers should evaluate fairness; (iii) defining standards for ethical virtual reality content.

 

You can find presentation slides here: Learning from the People: From Normative to Descriptive Solutions to Problems in Security, Privacy & Machine Learning

photograph-of-elissa-redmiles

About the speaker: Elissa M. Redmiles is a Faculty Member and Research Group Leader of the Digital Harm group at the Max Planck Institute for Software Systems. She additionally serves as a consultant and researcher at multiple institutions, including Microsoft Research and Facebook. Dr. Redmiles uses computational, economic, and social science methods to understand users’ security, privacy, and online safety-related decision-making processes. Much of her work focuses specifically on investigating inequalities that arise in these decision-making processes and mitigating those inequalities through the design of systems that facilitate safety equitably across users. Dr. Redmiles’ work has been featured in popular press publications such as Scientific American, Wired, Business Insider, Newsweek, Schneier on Security, and CNET and has been recognized with multiple Distinguished Paper Awards at USENIX Security as well as the John Karat Usable Privacy and Security Research Award. Dr. Redmiles received her B.S. (Cum Laude), M.S., and Ph.D. in Computer Science from the University of Maryland. As a graduate student, she was supported by a NSF Graduate Research Fellowship, a National Defense Science and Engineering Graduate Fellowship, and a Facebook Fellowship.

This talk is part of the Secure Systems Demo Day 2020 program. With registration you get participation links to both online events. The Secure Systems Demo Day is an annual meet-up for researchers in academia and industry and gives an overview of the current information security research going on in Finland’s capital area.


You can find presentation slides here: 5th Generation Crime-fighting in Cyberspace: Lawful Intercept in 5G Networks