首页 >> 学术动态 >> 正文


作者: wqy       发布: 2019-12-17      来源:




报告1:From Security Protocol Design to Implementation --- Finding Implementation Flaws in Password and OTP Authentication Code in Android Apps

主讲人:Prof.Robert Deng, Singapore Management University

摘要:A security protocol is an abstraction, done by security experts with clear assumptions; while its implementation is a software (or hardware), done by engineers who are often not security savvy and hence may introduce various flaws in the implementation. Password and One Time Password (OTP) are widely used to validate users’ identities in computer systems because they are convenient to use and “simple” to implement. However, we find that even simple password and OTP authentication protocols are often implemented incorrectly. We develop GLACIATE and AUTH-EYE, respectively, to study the extent and types of implementation flaws in password and OTP authentication code in Android apps. GLACIATE automatically and accurately learns the common password authentication implementation flaws from a relatively small training dataset, and then identifies whether the flaws exist in other apps. AUTH-EYE is an automatic analysis tool which checks whether an OTP authentication implementation violates any of a pre-defined set of security rules.

个人简介:Robert Deng is AXA Chair Professor of Cybersecurity and Director of the Secure Mobile Centre, School of Information Systems, Singapore Management University (SMU). His research interests are in the areas of data security and privacy, network security, and system security. He received the Outstanding University Researcher Award from National University of Singapore, Lee Kuan Yew Fellowship for Research Excellence from SMU, and Asia-Pacific Information Security Leadership Achievements Community Service Star from International Information Systems Security Certification Consortium. He serves/served on many editorial boards and conference committees, including the editorial boards of IEEE Security & Privacy Magazine, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Information Forensics and Security, Journal of Computer Science and Technology, and Steering Committee Chair of the ACM Asia Conference on Computer and Communications Security. He is a Fellow of IEEE and Fellow of Academy of Engineering Singapore.


报告2:Two-Factor Authentication for IoT Devices using Historical Data

主讲人:Prof.Jianying Zhou, Singapore University of Technology and Design

摘要:With the increasing adoption of remote control and command execution at IoT devices, two-factor entity authentication is increasingly demanded for security compliance, which is challenging for typical IoT devices with the resource constraints. In this talk, I will present a novel two-factor authentication mechanism using the historical data exchanged between an IoT device and the backend server. Despite the potentially huge volume of historical data, a constant storage at the IoT device suffices. The mechanism demonstrates very good resilience to compromise at the server end. It is also scalable for different IoT platforms by adjusting the tradeoff between security and computational overhead at the IoT device.

个人简介:Jianying Zhou is a professor and co-center director for iTrust at Singapore University of Technology and Design (SUTD). Before joining SUTD, he was a principal scientist and the head of Infocomm Security Department at Institute for Infocomm Research, A*STAR. He also worked at the headquarters of Oracle as a security consultant. He received PhD in Information Security from Royal Holloway, University of London. His research interests are in applied cryptography and network security, cyber-physical system security, mobile and wireless security. He is a co-founder & steering committee co-chair of ACNS. He is also steering committee chair of ACM AsiaCCS, and steering committee member of Asiacrypt.





个人简介林东岱,中国科学院信息工程研究所学术委员会主任、研究员、博士生导师,中国密码学会和中国保密协会常务理事,中国密码学会密码数学专业委员会和中国保密协会隐私保护专业委员会主任委员。主要从事密码学、安全协议、网络与系统安全、分布式密码计算等方面的研究工作,在《IEEE Transaction on Information Theory》、《Designs, Codes and Cryptography》、EUROCRYPT和ASIACRYPT等国内外学术刊物和学术会议上发表论文200余篇。先后参加或承担八五攀登计划、九五攀登计划预选项目,国家重大基础研究规划(973)、国家高科技发展计划(863)、国家自然科学基金与中国科学院战略性先导专项等项目。担任《Science China》、《密码学报》、《计算机研究与发展》及《信息安全学报》、《保密科学技术》等杂志编委,以及数十个国际会议大会主席、程序委员会主席或程序委员会委员,曾获2006年国家密码科技进步一等奖,2009年中国科学院“朱李月华优秀教师”奖、2011年国家科技进步二等奖和2014年中国科学院优秀指导教师奖。


报告4The ZUC-256 Stream Cipher



个人简介:张斌,现任中国科学院软件研究所研究员/博士生导师,一直致力于流密码的分析与设计,及相关基础数学问题的研究。2016年获得中国密码学会密码创新奖一等奖,受聘为新加坡南洋理工大学理学院数学系Visiting Professor。





个人简介:张江,博士,密码科学技术国家重点实验室副研究员。主要从事公钥密码可证明安全理论、抗量子密码和多方安全计算协议设计与分析研究,近五年在三大密码会议CRYPTO、EUROCRYPT、AISACRYPT和IEEE TMC、TCS等重要国际期刊上发表了多项研究成果,受邀担任AISACRYPT 2017等国际会议程序委员和Journal of Cryptology等国际期刊的审稿人,曾获密码创新奖一等奖,省部级科技进步一等奖,以及中国科学院和中国密码学会优秀博士学位论文等荣誉,并入选中国科协2016-2018年度“青年人才托举工程”。


报告6Some Recent Results on the Construction of Lightweight Diffusion Layers


摘要:MDS matrices are important building blocks providing diffusion functionality for the design of many symmetric-key primitives. In recent years, continuous efforts are made on the construction of MDS matrices with small area footprints in the context of lightweight cryptography. The constructions of lightweight MDS matrices can be divided into two categories: iterative constructions and single-cycle constructions. In this talk, we will present some new results on the single-cycle construction of involutory MDS matrices and iterative construction of general MDS matrices, in which both area and latency are considered. The new (involutory) MDS matrices identified in this work can be used as lightweight diffusion components of symmetric-key cryptographic algorithms.

个人简介孙思维,中国科学院信息工程研究所副研究员。主要研究兴趣为对称密码算法设计与分析自动化、密码算法的优化与安全实现。近些年在CRYPTO、ASIACRYPT、FSE、USENIX Security等密码学和信息安全顶级会议发表论文30余篇,参与了973和国家重点研发计划等多个重要项目,国家重点研发计划课题负责人。设计并开发了一套基于混合整数规划的自动化密码分析软件框架,在多个国家相关部门的算法分析与设计任务中得到了重要应用。