各部门、各单位:
应我校bet356亚洲版体育官网邀请,美国俄亥俄州立大学张悦、西安电子科技大学王剑锋、陕西师范大学来齐齐将于12月9日在线上做无线通信安全、结构化加密、格基签名及应用等网络空间安全领域的学术报告,欢迎广大师生参加!报告的具体安排如下:
报告时间:2022年12月9日(周五)
报告地点:腾讯会议(ID:692 680 751)
报 告 一: Rethink the Security and Privacy of Bluetooth Low Energy(张悦),上午 10:00-11:30,腾讯会议 692 680 751
摘 要:As near-range wireless communication technology, Bluetooth Low Energy (BLE) has been widely used in numerous Internet-of-Things (IoT) devices. Unfortunately, the past several years have also witnessed numerous security flaws that have rendered billions of Bluetooth devices vulnerable to attacks. While luckily these flaws have been discovered, there is no reason to believe that current Bluetooth Low Energy protocols and implementations are free from attacks.
In this talk, Dr. Zhang will talk about a number of recently discovered security and privacy threats against the BLE, and the lessons learned from those threats. In particular, he will first discuss the protocol-level downgrade attack, an attack that can force the secure BLE channels into insecure ones to break the data integrity and confidentiality of BLE traffic. Then, he will introduce Bluetooth Address Tracking (BAT) attack, a new protocol-level attack discovered, which can track randomized Bluetooth MAC addresses by using a novel allow list-based side channel. Next, he will discuss the lessons learned, root causes of the attack, and its countermeasures. Finally, he will conclude his talk by discussing future directions in Bluetooth security and privacy.
报告人简介:张悦,博士,现在俄亥俄州立大学从事博士后研究,主要研究方向为物联网安全。曾在 ACM CCS,USENIX Security,NDSS, TDSC,TPDS,INFOCOM,RAID,SIGMETRICS,BlackHat Aisa 等国际信息安全顶级期刊、会议上发表论文高水平论文 30 余篇 (其中CCF-A 论文14篇,安全四大顶会6篇); 获2022年 ACM CCS最佳论文奖提名, 获 2021 年度广东省科学技术奖(自然科学奖)一等奖,获 ICII2019最佳论文奖,获 2021, 2019 广东省 CCF 最佳论文一等奖; 指导学生获“互联网 +”大学生竞赛国家铜奖,广东省创新创业大赛铜奖,累计申请/获批国家专利 20余项,美国专利 5 项。任 TDSC,TIFS,TMC,IOT-J 等著名期刊审稿人, IEEE DSC,SecureComm 等会议程序委员会委员。曾多次发现 Bluetooth SIG,谷歌、Apple、德州仪器、MQTT、腾讯等组织、知名公司的高危严重漏洞。
报 告 二:Practical Volume-Hiding Encrypted Multi-Maps with Optimal Overhead and Beyond(王剑锋),下午 14:30-16:00,
腾讯会议 692 680 751
摘 要:Encrypted multi-map (EMM), as a special case of structured encryption, has attracted extensive attention recently. However, most of EMM constructions reveal the real volumes of queried keys, which can be leveraged to launch leakage-abuse attacks, as demonstrated by Kellaris et al. in CCS 2016 and Kornaropoulos et al. in S&P 2021.
In this talk, we propose a practical non-lossy volume-hiding EMM scheme, XorMM, that can achieve optimal query communication complexity with minimal storage cost. Specifically, compared to the state-of-the-art dprfMM (Patel et al. CCS 2019), the client in our scheme receives only ℓ matching results while not suffering from data loss, where ℓ is the maximum volume of all keys. In addition, the storage cost of XorMM is approximately 1.23𝑛, where 𝑛 is the total number of key/value pairs. Furthermore, we initiate the study of volume-hiding EMM against malicious servers. we present the first verifiable volume-hiding EMM scheme, VXorMM, from merely symmetric cryptographic tools. The scheme still outperforms dprfMM while supporting verifiability, the query complexity and storage overhead of which are approximately ℓ + 1 and 2.46𝑛, respectively. Finally, we implement our proposed schemes and compare them with the most efficient scheme dprfMM (Patel et al. CCS 2019). The experimental results demonstrate that both of our schemes are superior to the state-of-the-art in both search and storage cost. In particular, XorMM (resp. VXorMM) brings a saving of 76% (resp. 52%) in server storage cost and achieves a speedup of 1.8X (resp. 1.6X) in search latency.
报告人简介:王剑锋,西安电子科技大学网络与信息安全学院副教授
博士生导师,中国密码学会青年工作委员会委员。主要研究领域为密码学、云数据安全和区块链隐私保护技术等。在网络安全与密码学国际知名会议/期刊发表学术论文70余篇,包括ACM CCS (信息安全四大顶会)、ESORICS、IEEE TC、IEEE TDSC、IEEE TIFS、IEEE TSC等;主持国家自然科学基金面上项目/青年项目、国家重点研发计划子课题、陕西省重点研发计划国际科技合作重点项目等科研项目;荣获首届中国密码学会优秀博士学位论文奖、教育部高等学校自然科学奖二等奖和陕西省高等学校科学技术奖一等奖等。
报 告 三:Lattice-based Commit-Transferrable Signatures and Applications to Anonymous Credentials(来齐齐),
下午 16:00-17:30,
腾讯会议 692 680 751
摘 要:Anonymous Credentials are an important tool to protect user's privacy for proving possession of certain credentials. While many constructions have been proposed based on pre-quantum assumptions, it has remained as an interesting open question how to achieve an efficient post-quantum construction. As there are reasonable worries that large-scale quantum computers might become a reality in the near future, it is important to determine whether we can port the prior research experiences to design plausible post-quantum solutions.
To tackle this, we make the following contributions. By distilling prior design insights, we first propose a new primitive called commit-transferrable signature (CTS), which combined with a multi-theorem straight-line extractable non-interactive zero-knowledge proof of knowledge (NIZKPok) gives a modular approach to construct anonymous credentials. We then show efficient instantiations of CTS and the required NIZKPoK from lattices, which are believed to be post-quantum hard. Finally, we propose concrete parameters for the CTS, NIZKPoK, and the overall anonymous credentials, based on Module-SIS and Ring-LWE. This would serve as an important guidance for future deployment in practice.
报告人简介:来齐齐,陕西师范大学计算机科学学院,副教授,硕士生导师。研究方向为后量子安全的公钥密码方案和协议的设计与分析。2015年获得西安电子科技大学密码学专业博士学位,2011年获得西安电子科技大学密码学专业硕士学位。在国际密码学会顶级会议Eurocrypt,PKC等发表多篇论文。主持国家自然科学基金面上项目、青年项目各1项。
特此通知。
bet356亚洲版体育官网
2022年12月2日
