Locations: darmstadtium and Georg Christoph Lichtenberg-Haus

September 9 – 13, 2019

CROSSING Summer School on Sustainable Security & Privacy

Welcome to the CROSSING Summer School on Sustainable Security & Privacy organized by TU Darmstadt, Germany, on September 9-13, 2019.

The CROSSING Summer School targets graduate students and postdocs interested in sustainable security and privacy. Lectures by renowned experts will provide insights into the foundations as well as state-of-the-art solutions and focus on an in-depth understanding of selected topics. There will be also room for discussions and networking between participants and lecturers.

The CROSSING Summer School on Sustainable Security & Privacy is a five-day event. It starts with the two-day CROSSING Conference which provides an overview on different aspects of sustainable security and privacy. An optional one-day social event follows, a hiking tour. The CROSSING Summer School ends with two additional days of in-depth technical talks given by internationally renowned speakers with many networking opportunities between researchers interested in the field of sustainable security and privacy.

In cooperation with IACR


September 9-10, 2019 CROSSING Conference sessions
16 speakers • Venue: darmstadtium
September 11, 2019 Social event: Hiking Tour “Hessische Bergstraße”
September 12-13, 2019 Technical sessions
8 speakers • Venue: Georg-Christoph-Lichtenberg-Haus

Registration fee: 200 EUR. No additional registration for the Conference is required.

See Accommodation and Venues & Travel for details.

Preliminary agenda

Monday, September 9  
8:00 am - 9:00 am Registration & Welcome
9:00 am – 9:15 am Opening
9:15 am - 10:00 am Ross Anderson, University of Cambridge, UK
The sustainability of safety, security and privacy • Abstract »
Now that we’re putting software and network connections into cars and medical devices, we’ll have to patch vulnerabilities, as we do with phones. But we can’t let vendors stop patching them after three years, as they do with phones. So in May, the EU passed Directive 2019/771 on the sale of goods. This gives consumers the right to software updates for goods with digital elements, for the time period the consumer might reasonably expect. In this talk I’ll describe the background, including a study we did for the European Commission in 2016, and the likely future effects. As sustainable safety, security and privacy become a legal mandate, this will create real tension with existing business models and supply chains. It will also pose a grand challenge for computer scientists. What sort of tools and methodologies should you use to write software for a car that will go on sale in 2023, if you have to support security patches and safety upgrades till 2043?
10:00 am - 10:45 am Dongyan Xu, Purdue University, USA
10:45 am - 11:15 am Coffee break
11:15 am - 12:00 am Michele Mosca, University of Waterloo, Canada
12:00 am - 12:45 am Benny Pinkas, Bar Ilan University, Israel
Private Intersection Analytics • Abstract »
Effective data analysis often depends on data that is known to different sources, including private data whose owners cannot disclose. The task at hand is to perform effective analysis of the data while preserving its privacy. This talk will describe efficient cryptographic protocols, some of them based on variants of private set intersection (PSI), that can be applied to perform private analysis of data.
12:45 am - 1:45 pm Lunch
1:45 pm - 2:30 pm Moti Yung, Google Inc.
The Exodus of Secure Computations: From Theory to Core Business Deployment
2:30 pm - 3:15 pm Yongdae Kim, KAIST, South Korea
LTE Hacking
3:15 pm - 3:45 pm Coffee break
3:45 pm - 4:30 pm Srdjan Capkun, ETH Zürich, Switzerland
Secure Positioning: From GPS to IoT • Abstract »
In this talk I will review security issues in today’s navigation and close-range positioning systems. I will discuss why GNS systems like GPS are hard to fully secure and will present novel solutions that can be used to improve the robustness of GNS systems to attacks. I will then show how a different design of a positioning system can enable secure positioning, but also that this requires solving a set of relevant physical- and logical- layer challenges. I will present a design and implementation of a fully integrated IR UWB secure distance measurement (distance bounding) system that solves these challenges and enables secure distance measurement and secure positioning in IoT applications. Finally, I will place these efforts in the context of an upcoming IEEE 802.15.4z secure distance measurement standard.
4:30 pm - 5:15 pm Nele Mentens, KU Leuven, Belgium
Cryptographic agility in future-proof coprocessors • Abstract »
Cryptographers are continuously coming up with novel algorithms to thwart newly discovered theoretical or physical vulnerabilities, potentially leading to new standards. Therefore, it is indispensable to enable cryptographic agility, i.e., to implement mechanisms that allow cryptographic software or hardware implementations to be updated after deployment. In software and configurable hardware, implementing cryptographic agility is straightforward. It is a challenge, however, to enable this feature in dedicated hardware coprocessors. And the challenge becomes even bigger when the coprocessor needs to be updatable with algorithms that have not yet been invented. Nevertheless, many applications need the resource and energy efficiency of ASIC coprocessors, which creates a tension between efficiency and agility. This talk gives an overview of hardware architectures that address the challenge of cryptographic agility with the aim of outperforming cryptographic software and FPGA implementations.
5:15 pm - 6:00 pm Questions
Tuesday, September 10  
8:00 am – 9:00 am Registration & Welcome
9:00 am – 9:45 am Engin Kirda, North Eastern University, USA
Using AI to Detect Advanced Threats – Done Right • Abstract »
As every researcher knows, using AI in security products is the latest craze. The security industry is now promising us that AI will solve all security problems, and will save the world. In this talk, I will put on my both academic and industrial hats on (as a professor and the co-founder of a security company) and will discuss how we use ML techniques at Lastline to detect breaches and advanced threats. I will also talk about the common pitfalls and shortcomings of a lot of industrial solutions in the field.
9:45 am – 10:30 am Mathias Payer, EPFL, Switzerland
Fuzzing Low-level Code • Abstract »
In an eternal war in memory, state corruption plagues systems since the dawn of computing. Despite the rise of strong mitigations such as stack cookies, ASLR, DEP, or most recently Control-Flow Integrity, exploits are still prevalent as none of these defenses offers complete protection. This situation calls for program testing techniques that discover reachable vulnerabilities before the attacker. Finding and fixing bugs is the only way to protect against all exploitation.
We develop fuzzing techniques that follow an adversarial approach, focusing on the exposed attack surface and exploring potentially reachable vulnerabilities.
In this talk we will discuss two aspects of fuzzing hard to reach code: (i) learning what code is exposed to attacker-controlled input and (ii) testing drivers that interact with exposed peripherals.
First, we assess the threat surface by characterizing the potential computational power that a vulnerability gives. In a multi-step process we follow the flow of information an synthesize potential attacker payloads to learn how exposed certain code sequences are. Second, by providing a custom-tailored emulation environment we create mock Trojan devices that allow fuzzing the peripheral/driver interface. In these projects we develop new techniques to test different kinds of hard to reach code and exposed large amounts of vulnerabilities.
10:30 am – 11:00 am Coffee break
11:00 am – 11:45 am Rosario Cammarota, Intel Corporation
On Privacy and Security of AI Systems • Abstract »
Advances in users’ data privacy laws create pressures and pain points for both service users and service providers. On the one hand, the user wants (or would feel comfortable if) its data can be processed without being exposed to the service providers. For this, cryptographic technologies such as homomorphic encryption, masking, multi-party computation, to name a few, can be used to protect users’ data. On the other hand, a service provider wants to keep its service’s secret sauce (the AI models) secured and private from the cloud infrastructure and possible threats coming from it. For this, technologies such as trusted execution can be used to protect the service providers’ AI models.
Deploying AI systems in a scenario where a service provider, the cloud infrastructure and a service user are distinct and mutually distrusted entities is a problem that has received little attention in the past. In this talk, we cover possible AI system profiles to address this problem, their advantages, and limitations.
11:45 am – 12:30 am Farinaz Koushanfar, University of California, San Diego, USA
12:30 am – 1:30 pm Lunch
1:30 pm – 2:15 pm Yossi Oren, Ben-Gurion University of the Negev, Israel
Side Channel Attacks and Human Secrets
2:15 pm – 3:00 pm Gene Tsudik, University of Irvine, USA
Verified Proofs of Update, Reset and Erasure for Low-End Embedded Systems • Abstract »
Remote Attestation (RA) is a security service that enables a trusted verifier (Vrf) to measure current memory state of an untrusted remote prover (Prv). If correctly implemented, RA allows Vrf to remotely detect if Prv’s memory reflects a compromised state. However, RA by itself offers no means of remedying the situation once Prv is determined to be compromised. In this work we show how a secure RA architecture can be extended to enable important and useful security services for low-end embedded devices. In particular, we extend the formally verified RA architecture, VRASED, to implement provably secure software update, erasure, and systemwide resets. When (serially) composed, these features guarantee to Vrf that a remote Prv has been updated to a functional and malware-free state, and was properly initialized after such process. These services are provably secure against an adversary (represented by malware) that compromises Prv and exerts full control of its software state. Our results demonstrate that such services incur minimal additional overhead, making them practical even for the lowest-end embedded devices.
3:00 pm – 3:30 pm Coffee break
3:30 pm – 4:15 pm Lejla Batina, Radboud University, Netherlands
SCA strikes back: attacking neural networks via physical leakage… and the other way around • Abstract »
Recently, the potential of machine and consequently deep learning on side-channel analysis was discovered and confirmed even on protected cryptographic implementations. The success of those experiments has led to deep learning techniques becoming a mainstream component in side-channel leakage evaluations.
Conversely, recent work has shown that neural networks can be reversed engineered by the side-channel attacker, i.e., the adversary using physical leakage such as timing and EM. This makes neural nets an interesting target as in some applications such as security evaluation, HD maps for autonomous vehicles etc. optimized networks are considered an IP.
This talk will survey this interplay of deep learning and side-channel analysis and its impact on security.
4:15 pm – 5:00 pm Frank Krüger, George Mason University, USA
Toward a Model of Trust Drawn from Neuroscience, Psychology, and Economics • Abstract »
Trust pervades nearly every social aspect of our daily lives, and its disruption is a significant factor in mental illness. Research in the field of neuroeconomics has gained a deeper understanding of the neuropsychoeconomic (NPE) underpinnings of trust by combining complementary methodologies from neuroscience, psychology, and economics. However, a coherent model of trust that integrates separate findings under a conceptual framework is still lacking. In this presentation, I will sketch out an integrative NPE model that explains how the interactions of psychoeconomic components engage domain-general large-scale brain networks in shaping trust behavior over time. Further, I will point out the caveats of current research approaches and outline open questions that can help guide future transdisciplinary investigations for a better understanding of the neuropsychology of trust.
5:00 pm – 5:15 pm Questions
5:15 pm – 6:00 pm Closing
Wednesday, September 11  
All day Social event: Hiking Tour “Hessische Bergstraße”
Thursday, September 12  
8:00 am - 9:00 am Registration & Welcome
9:00 am – 9:15 am Opening
9:15 am - 10:15 am Wenyuan Xu, Zhejiang University, China
A Sound Story – Analog Security of Cyber-Physical Systems • Abstract »
Much security research focuses on protecting the digitalized information, e.g., securing communication via cryptographic methods. Nevertheless, hardware implementation and its internal signal conditioning path could undermine the otherwise secure mechanisms, e.g., attackers can extract secret keys via side channels. As the emerging cyber-physical systems depend on sensors to make automated decisions, it is critical to examine analog cybersecurity, i.e., analyzing the integrity and dependability of information prior to its digitalization. Such a problem is especially important in cyber-physical systems because they depend on sensors to make automated decisions. In this talk, we illustrate a few analog signal injection attacks that utilize the built-in hardware vulnerabilities of various commodity sensing systems as well as proposing the defense strategies. Our work calls to question the wisdom of allowing microprocessors and embedded systems to blindly trust that hardware abstractions alone will ensure the integrity of sensor outputs.
10:15 am - 10:30 am Coffee break
10:30 am – 11:30 am Lejla Batina, Radboud University, Netherlands
Side-channel attacks in the wild: recent advances and countermeasures • Abstract »
Physical attacks are a continuous and present threat for embedded devices. In this talk I will survey relevant issues with side-channel and fault attacks on embedded crypto implementation and adequate countermeasures. I will also present some recent attacks on real-world implementations that could be used in IoT devices and in particular some attacks on Elliptic Curve Cryptography (ECC) implementations.
11:30 am - 12:30 am Aurélien Francillon, EURECOM, France
12:30 am - 1:30 pm Lunch
1:30 pm - 2:30 pm Matthias Hollick, TU Darmstadt
The State of Wireless Security: Screwing-up Sustainably instead of Sustainable Security • Abstract »
Wireless technology enables untethered communications of billions of devices such as smartphones, sensors and actors in smart environments, wearables and medical implants, etc. Yet the history of wireless protocol security is abysmal: security flaws have been repeatedly discovered in the most important wireless standards: Bluetooth, Wi-Fi (WEP, WPA2, WPS), cellular (GSM, UMTS, LTE). Security fixes were often deployed late or to subsets of the affected systems or even postponed to the next technology generation. As a result, the ‘lifeline’ of most modern information and communications systems is at the same time one of its weakest spots and open for proximity/adjacent network attacks.
In this talk, I will discuss the (in)security of key wireless standards such as Wi-Fi and Bluetooth and introduce corresponding tools for advanced security research in this field developed in my team. I will demonstrate how Wi-Fi firmware modifications can transform off-the-shelf smartphones into versatile, programmable tools for networking and security research, and will present advanced attacks against the availability of Wi-Fi or Bluetooth communications as well as countermeasures against such advanced attacks. I will further show how Wi-Fi can be used to inconspicuously exfiltrate data from networks with very high data rates, without the ability to detect this exfiltration with off-the-shelf intrusion detection systems or regular Wi-Fi devices. This is followed by a discussion on the security of proprietary wireless protocols within the Apple ecosystem.
The talk concludes by discussing on how to break this vicious circle of poor security solutions within wireless communication systems and reach a state of adequate and sustainable security.
2:30 pm – 3:30 pm Alexandra Dmitrienko, Universität Würzburg, Germany
3:30 pm - 4:00 pm Coffee break
4:00 pm - 5:00 pm Azalia Mirhoseini, Google Brain
Learning to optimize, search and plan • Abstract »
In this talk, we go over some of our recent work on solving optimization problems. We revisit a number of important problems in search, planning, and combinatorial optimization by designing new end-to-end learning based algorithms that can quickly adapt to new environments. Our learning based approach allows us to train new optimization solvers at scale and therefore find solutions much faster that heuristics baselines. We show a number of applications of our methods in gaming, computer systems and classic combinatorial optimization problems.
5:00 pm – 6:00 pm Panel Discussion
6:00 pm – 6:30 pm Afternoon break
6:30 pm - 10:00 pm Rump Session
Friday, September 13  
8:00 am – 9:00 am Registration & Welcome
9:00 am – 10:00 am Christian Reuter, TU Darmstadt
Sustainable Security? Dual-Use and Dilemmas for Cybersecurity, Peace and Technology Assessment • Abstract »
Dual-use in information technology is a pressing issue: how can we prevent, control or manage the risk of a harmful application of IT? How can dual-use awareness and regulation help to mitigate the risks to peace and security on the national and international level? As the cyberspace has been declared a military domain, IT is of increasing importance for civil and military infrastructures. How can researchers, developers and decision makers make sure that IT is not misused to cause harm? How can they be sure that privacy is respected and data is not misused? For nuclear, biological and chemical technologies this has been discussed as the dual-use problem. This chapter illustrates the approaches towards different dual-use concepts, how to conduct technology assessment and provides insight in the implementation of dual-use assessment guidelines at TU Darmstadt, the so-called Civil Clause.
10:00 am – 11:00 am Thomas Schneider, TU Darmstadt
Efficiently Protecting Data and Functions • Abstract »
Secure computation, also called secure function evaluation, allows to efficiently compute on private data while protecting the inputs to the computation. This has many applications such as private auctions, genomic privacy, or biometric identification. In some applications, even the computation that is performed on the private data should be hidden as it is intellectual property of a service provider. This is called private function evaluation and example applications include private credit checking or privately determining insurance tariffs. An efficient way to achieve private function evaluation is to securely evaluate a universal circuit which is a Boolean circuit which can be programmed to compute an arbitrary function up to a given size. In this talk, I will give an overview and examples of our research in the area of secure and private function evaluation with a focus on applications.
11:00 am – 11:15 am Coffee break
11:15 am – 12:15 am Nikolopoulos Georgios, FORTH, Greece and TU Darmstadt
Quantum-safe entity authentication with physical unclonable keys • Abstract »
Entity authentication is one of the main cryptographic tasks. The development of quantum-safe cloning-resistant entity authentication protocols (EAPs) is of particular importance for the field, and optical schemes are currently considered to be among the most prominent candidates. In such schemes authentication relies on the optical response of physical disordered keys that are materialized by optical multiple-scattering media.
In this talk I will discuss the main physical principles underlying the optical EAPs that have been presented in the literature so far, and I will address some of their fundamental aspects, including their security against various attacks. The talk is intended for non-specialised audience, students and postdocs.
12:15 am – 1:15 pm Lunch
1:15 pm – 2:15 pm Matteo Maffei, TU Wien, Austria
Browsec: Foundations and Tools for Client-Side Web Security • Abstract »
The constantly increasing number of attacks on web applications shows how their rapid development has not been accompanied by adequate security foundations and demonstrates the lack of solid security enforcement tools. Indeed, web applications expose a gigantic attack surface, which hinders a rigorous understanding and enforcement of security properties. Hence, despite the worthwhile efforts to design secure web applications, users for a while will be confronted with vulnerable, or maliciously crafted, code.
In this talk, I will present a client-side web security enforcement framework that is practical, in that it is implemented as an extension and can thus be easily deployed at large, and also provably sound, i.e., backed up formal security proofs. At the core of this framework lies a novel monitoring technique, which treats the browser as a blackbox and intercepts its inputs and outputs in order to prevent dangerous information flows. With this lightweight monitoring approach, we can efficiently enforce fundamental web security properties, such as session integrity, cookie confidentiality, and web protocol security against strong adversarial models.
This research is supported by the ERC Consolidator Grant “Browsec: Foundations and Tools for Client-Side Web Security” (2018-2023).
2:15 pm – 3:15 pm Christopher Liebchen, Google
Separating Chaff from the Wheat: On Security Isolation Technologies
3:15 pm – 3:45 pm Coffee break
3:45 pm - 5:45 pm Lucas Davi, Universität Duisburg-Essen, Germany
From Control-Flow to Data-Oriented Exploits • Abstract »
Memory corruption attacks exploit program errors to alter program information such as function pointers and program variables maintained in memory. In the recent past, we have witnessed a variety of different attack strategies starting from classic code injection attacks to sophisticated return-oriented programming attacks that encapsulate malicious program actions inside a chain of existing and benign code sequences from shared libraries. The good news is that both academia and industry have significantly raised the bar for these attacks by proposing and implementing mitigation technologies such as control-flow integrity, code pointer integrity, and code and data layout randomization. However, the latest trend in exploitation moves from control-flow attacks to subtle data-oriented attacks. These attacks do not violate control-flow integrity but only alter program variables to trigger malicious program actions. In this lecture, we provide a detailed overview on the evolution of memory corruption attacks from control-flow to data-oriented attacks. In addition, we discuss defensive strategies and offer a hands-on lab for the development of sample exploits against vulnerable proof-of-concept applications.
Hands-on Lab on Runtime Attack
5:45 pm – 6:00 pm Closing

Social Event: Hiking Tour “Hessische Bergstraße”

The well-marked hiking trails in the Geopark Bergstraße-Odenwald, which lead to many interesting sights, allow you to get back to nature and discover the region on foot. Located between the university and science city of Darmstadt, characterised by its art nouveau influences, in the north and the romantic university city of Heidelberg in the south, the western slopes of the Odenwald are home to traces of over 2000 years of cultural and urban history. Castles and palaces, medieval noble courts, historic half-timbered houses and proud town halls, legendary villages lined up like pearls in a necklace, all bear witness to a colourful past. We will go from Heppenheim on a vineyard walk. The goal is the princely summer camp of Ludwig I, the first Grand Duke of Hesse and the Rhine in Bensheim-Auerbach.

Meeting point for the tour is 11:00 am at the bus stop next to darmstadtium. The bus brings us to Heppenheim, where we start our hiking tour in direction of Fürstenlager park in Bensheim-Auerbach. There we will stop in the mansion of the princely camp for a refreshment with local food & drinks. The return to Darmstadt is planned for 7:00 pm.

For the participation appropriate clothing and non-slip stable footwear is recommended.


Mandy Herberg, conf@crossing.tu-darmstadt.de