11th Information Security Practice & Experience Conference   

5-8 May 2015, Beijing, China   


Techniques for Securing Scalable Multimedia Content in Server-Proxy-User Distribution Networks

     Modern multimedia coding standards, such as JPEG2000 for image coding and H.264/SVC for video coding, are designed with scalability in mind and possess the so called “compress once, decompress many ways” properties. For the sake of scalability, Internet-based multimedia content distribution increasingly resorts to autonomous proxies to automatically adapt to network bandwidth as well as capabilities of end user devices. The introduction of such proxies between content servers and end users, however, brings unprecedented challenges to content security. In this talk we will provide an overview on the recent progress in multimedia content security in the server-proxy-user architecture. In particular, we will present techniques for achieving end-to-end content authentication and encryption which are transparent to transcoding operations at the proxies and are compatible with the multimedia coding standards.

     Robert H. Deng has been a Professor at the School of Information Systems, Singapore Management University since 2004. Prior to this, he was Principal Scientist and Manager of Infocomm Security Department, Institute for Infocomm Research, Singapore. His research interests include data security and privacy, multimedia security, network and system security. He was Associate Editor of the IEEE Transactions on Information Forensics and Security from 2009 to 2012 and Associate Editor of Security and Communication Networks from 2007 to 2013. He is currently Associate Editor of IEEE Transactions on Dependable and Secure Computing, and a member of Editorial Board of Journal of Computer Science and Technology (the Chinese Academy of Sciences) and International Journal of Information Security, respectively. He is the chair of the Steering Committee of the ACM Symposium on Information, Computer and Communications Security (ASIACCS). He received the University Outstanding Researcher Award from the National University of Singapore in 1999 and the Lee Kuan Yew Fellow for Research Excellence from the Singapore Management University in 2006. He was named Community Service Star and Showcased Senior Information Security Professional by ISC2 under its Asia-Pacific Information Security Leadership Achievements program in 2010.

The NIST Randomness Beacon and Applications

David René Peralta
National Institute of Standards and Technology (NIST), USA

     Tables of random numbers have probably been used for multiple purposes at least since the Industrial Revolution. In the digital age, algorithmic random number generators have largely replaced these tables. I will describe the NIST Randomness Beacon. This is an online resource that expands the use of randomness to multiple scenarios in which the latter methods cannot be used. The extra functionalities stem mainly from three features. First, the Beacon-generated numbers cannot be predicted before they are published. Second, the public, time-bound, and authenticated nature of the Beacon allows a user application to prove to anybody that it used truly random numbers not known before a certain point in time. Third, this proof can be presented offline and at any point in the future. For example, the proof could be mailed to a trusted third party, encrypted and signed by an application, only to be opened if needed and authorized.

     René Peralta received a B.A. in Economics from Hamilton College in 1978. In 1980 he received a M.S. in Mathematics from the State University of New York at Binghamton. In 1985 he received a Ph.D. in Computer Science from the University of California at Berkeley. His publications are mostly in algorithmics and cryptology. Until 2005 he held teaching and research positions at various universities around the world. In that year he took a research scientist position at the National Institute of Standards and Technology (NIST). Currently he is at the Computer Security Division of NIST. He is involved in several projects of current relevance. These include SHA-3, the NIST Randomness Beacon, and the National Strategy for Trusted Identities in Cyberspace. His two most active current research areas are privacy-enhancing cryptography and circuit complexity.

Breaking Mobile Social Networks for Automated User Location Tracking

     Location-based social networks (LBSNs) feature location-based friend discovery services attracting hundreds of millions of active users world-wide. While leading LBSN providers claim the well-protection of their users’ location privacy, this talk shows for the first time through real world attacks that these claims do not hold after summarizing the existing practices from the industry. In the identified attacks, a malicious individual with the capability of no more than a regular LBSN user can easily break most LBSNs by manipulating location information fed to LBSN client apps and running them as location oracles. This talk will further address the development of an automated user location tracking system based on the proposed attack and its test on leading LBSNs including Wechat, Skout, and Momo. Real-world experiments on 30 volunteers and the defense approaches will also be discussed. These findings serve as a critical security reminder of the current LBSNs pertaining to a vast number of users.

     Kui Ren is an associate professor of Computer Science and Engineering and the director of UbiSeC Lab at State University of New York at Buffalo. He received his PhD degree from Worcester Polytechnic Institute. Kui's research interests include Cloud & Outsourcing Security, Wireless & Wearable System Security, and Human-centered Computing. His research has been supported by NSF, DoE, AFRL, MSR, and Amazon. He is a recipient of NSF CAREER Award in 2011 and Sigma Xi/IIT Research Excellence Award in 2012. Kui has published 135 peer-review journal and conference papers and received several Best Paper Awards including IEEE ICNP 2011. He currently serves as an associate editor for IEEE Transactions on Mobile Computing, IEEE Transactions on Information Forensics and Security, IEEE Wireless Communications, IEEE Internet of Things Journal, IEEE Transactions on Smart Grid, Elsevier Pervasive and Mobile Computing, and Oxford The Computer Journal. Kui is a senior member of IEEE, a member of ACM, a Distinguished Lecturer of IEEE, and a past board member of Internet Privacy Task Force, State of Illinois.

Mobile Platform Security: Industrial Approaches on Building the Chain of Trust

Tieyan Tieyan Li
Huawei Technologies Pte. Ltd., Singapore

     Over the years, we witness the rise of mobile devices, while security and privacy are the major problems encountered in mobile internet era. Mobile malware grew by 16% in Q3 2014 (The total samples exceeded 5 million) and 112% in the past year. Mobile attacks will continue to grow rapidly as new technologies expand the attack surface. To address the challenges, device manufacturers are building platform security based on a chain of trust: from silicon chip (hardware isolation: TrustZone); up to Secure OS (TEE); to rich OS (SE for Android), to application level isolation (Containerization), to App Sandbox, as well as security policies (e.g., BYOD scenarios for enterprise MDM, MAM, etc.). Weaving those security mechanisms into various hardware and software layers, an integrated mobile platform security architecture could be constructed as a solid foundation for safeguarding the security of mobile ecosystem. In this talk, we cite a number of industrial practices (e.g., Apple iOS; Google Android-Samsung Knox; Huawei Device Security) to illustrate the current status and future trends in this field.

     Dr. Tieyan Li is an expert on security and applied cryptography, and a technology generalist on applications, systems and networks. He is currently doing research on mobile platform security at Shield Lab., Central Research Institute, Huawei Technologies. Dr. Li received his Ph.D. Degree in Computer Science from National University of Singapore. From that on, he was a security scientist at Institute for Infocomm Research, I2R Singapore. Dr. Li is proficient in security design, architect, innovation and practical development. He was also active both in academic security fields with more than 80 journal/conference publications/book chapters, and industrial fields with more than 10 patents. His recent research interests include Mobile/Cloud/IoT Security and Applied Cryptography. Dr. Li has served as the PC members and reviewers for many security conferences, workshops and journals. He is a senior advisor for startups and an influential speaker in industrial security forums/summits.