Dr. Victor Chang, IBSS, Xi'an Jiaotong University, Suzhou, China
The journey and development for Cloud Computing Adoption
Framework (CCAF) for cloud and big data security
Fernando Pérez-González, University of Vigo, Spain
Location privacy: where do we stand and where are we going?
GRISSOM IN AWE: THE CSI EFFECT AND MULTIMEDIA FORENSICS
Over time, users have become accustomed to sharing personal data when they install new apps in their smartphones. Declining to do so, normally aborts the installation process. Sadly, users have convinced themselves that the value of their data is much lower than that of the apps they install, “after all, they have nothing to hide”. And thus, in redefining their business models many companies have touted better services and applications which even come for free, in exchange for some loss of privacy. However, as we will argue, privacy and utility do not necessarily make up a zero-sum game.
In the case of space-time location, a kind of information that should be considered private, there are a number of alternatives for adversaries to learn it, ranging from the triangulation of cellular phone signals to the metadata of pictures shared in social networks. Using the powerful inference capabilities of data mining, some companies are even promising to combine all the available inputs to predict what will be the location of a person in the near future. A recent MIT study showed that with only four approximate space-time points, it was possible to univocally de-anonymize a user in a database with 1.5 million of them. And this might be only the beginning, as ever more intrusive applications step in. Even putting such Orwellian perspective aside, it is easy to understand the immense value of location data. But there is more that users can do than giving up...
In this talk we will revisit the techniques, some of them little known, that can be applied to find out where we are, and the potential threats that they entail when combined with data mining. Guaranteeing location privacy turns out to be an elusive problem, starting with the lack of one-fits-all definitions. We will describe the technologies that have been proposed during the last decade to protect location privacy, including anonymization, obfuscation, mixes, and processing with encrypted signals. Those technologies stand at the crossroads of several disciplines such as signal processing, information theory, software engineering, database management, game theory and cryptography. But we will also adopt a critical point of view: in complicating the setups and definitions, researchers have failed to answer some fundamental questions that we will single out. To conclude, we will discuss the challenges that lie ahead and their practical and societal impact.
Fernando Pérez-González received his Ph.D. in Telecommunication Engineering from the University of Vigo, Spain, in 1993. He is Professor at the Signal Theory and Communications Department, University of Vigo since 2000, where he leads the Signal Processing and Communications Group (GPSC).
In 2007-2014 he was the founding Executive Director of the Galician Research and Development Center in Advanced Telecommunications (GRADIANT), a semi-private research center. From 2009-2012 he was the holder of the prestigious Prince of Asturias Endowed Chair on Information Science and Technology at the University of New Mexico (UNM).
His research interests lie in the crossroads of signal processing, security/privacy and communications, in particular, those problems in which an adversary is present. Prof. Pérez-González has coauthored more than 200 journal and conference papers, 15 international patents, and has participated in 5 European projects related to multimedia security. He has served in the Editorial Board of several international journals, including IEEE Trans. on Information Forensics and Security and IEEE Signal Processing Letters.
He is a member of the Galician Royal Academy of Sciences and an IEEE Fellow.
Institute of Information Engineering of the Chinese Academy of Sciences
Security Challenges in the “Sea-Cloud” Environment
With the rapid development of communication and computer science, Information technology such as computer and computer network has been deeply merged into every aspect of our lives. Information technology linked the human society, the physical world and information space together, formed a new environment of "human-machine-thing" integration. And this greatly influenced the politics, economy, culture and our daily lives, promoted the progress of the society. The informatization level has become a symbol of the contemporary social productivity.
The future information technology is facing four fundamental challenges: the scalability of the amounts of accessed terminals, mass data processing performance, energy consumption and security. In response to these challenges, in 2012, the Chinese Academy of Sciences started "For the perception of China's new generation of information technology research" Strategic Priority Research Program. The Program gears to the needs of the "Perception of China" strategy, seizes the new opportunities of "human-machine-thing" integration, and takes the building of "Sea-Cloud innovation testing environment" as the driving force. The Program will change the information technology research mode, and promote a number of major information technologies and scientific innovations. The Program will lay the technological foundation for the integration and utilization of information resources, physical resources and social resources, and hence lead the new generation of IT strategic emerging industries by leaps and bounds. As a result, the Program will provide critical technical support for the construction and development ubiquitous, intelligence, security, service-oriented information society.
In this talk, we will explore the new problems and new challenges in the “human-machine-thing” integration and sea-cloud collaborative computation environment from the point of view of information security, introduce the thoughts and efforts we have made under the framework of this project.
Dongdai Lin received his M.S. degree and the Ph.D. degree in fundamental mathematics from the Institute of Systems Science, Chinese Academy of Sciences, Beijing, China, in 1987 and in 1990 respectively. He is currently the Director of the State Key Laboratory of Information Security, Institute of Information Engineering of the Chinese Academy of Sciences. He has published more than 200 research papers in journals and conference proceedings. His research interests include cryptology, security protocols, information security and symbolic computation, and he is currently working on information security and privacy, sequences and stream cipher, Boolean functions and Block ciphers. He has been awarded the first prize of Science and Technology Progress Award for Cryptology in 2006 and the second prize of National Award for Science and Technology Progress in 2011.
HUI, Lucas Chi-kwong (Dr.)
The University of Hong Kong
"Vehicular ad hoc network security, what are the issues?"
Recently, vehicular ad hoc network (VANET) becomes increasingly popular in many countries. It is an important element of the Intelligent Transportation Systems (ITSs). In a typical VANET, each vehicle is assumed to have an on-board unit (OBU) and there are road-side units (RSU) installed along the roads. A trusted authority (TA) and maybe some other application servers are installed in the backend. The OBUs and RSUs communicate using the Dedicated Short Range Communications (DSRC) protocol over the wireless channel while the RSUs, TA, and the application servers communicate using a secure fixed network (e.g. the Internet). The basic application of a VANET is to allow arbitrary vehicles to broadcast safety messages (e.g. vehicle speed, turning direction, traffic accident information) to other nearby vehicles (V2V communications) and to RSU (vehicle-infrastructure or V2I communications) regularly such that other vehicles may adjust their travelling routes and RSUs may inform the traffic control center to adjust traffic lights for avoiding possible traffic congestion. As such, a VANET can also be interpreted as a sensor network because the traffic control center or some other central servers can collect lots of useful information about road conditions from vehicles. In fact, VANET is an excellent example of ad hoc network, being dynamic in its topology. This special property will induce different security concerns, and solutions to those concerns require new application of different technologies such as cryptography, data mining etc. This talk will discuss various security issues related to VANET, as well as the research solutions to those issues.
Dr. Hui is the founder and Honorary Director of the Center for Information Security and Cryptography (CISC), and concurrently an associate professor in the Department of Computer Science, The University of Hong Kong. Dr. Hui received his BSc and MPhil degrees in computer science from The University of Hong Kong, and his MSc and PhD degrees in computer science from the University of California, Davis. Besides actively publishing more than one hundred internationally referred research papers, he is also involved in consultation work in security systems, and in industrial collaboration projects involving government departments and commercial companies. Dr. Hui's research interests include different areas in information security, including Internet security, vehicular network security, mobile network security, smart grid security, security system design involving hardware and software, security and privacy in education systems, computer forensics, cryptography, and electronic commerce. He is steering committee member of AsiaCrypt, and had organized many international conferences (ICS 2014, ProvSec 2014, ICICS 2012, AsiaCCS 2011, etc) and have been program committee of many international conferences.