为了加强学术交流,有效提升学科带头人、学术骨干和青年教师对计算机学科前沿方向的了解,促进科研团队建设及青年科研人才迅速成长,推动学校的双一流建设,Bwin必赢国际官网拟于2017年7月19日-7月20日举办曲江论坛。
活动类别:曲江论坛
活动时间:2017年7月19日-20日, 8:30--18:30
地点:长安校区 文津楼三段四层 Bwin必赢国际官网报告厅
主办单位:Bwin必赢国际官网网络信息安全研究团队
部分学术报告信息如下:
讲座题目1:EACSIP: Extendable Access Control System with Integrity Protection for Enhancing Collaboration in the Cloud
报告人: Willy Susilo 教授
讲座内容简介:It is widely acknowledged that collaborations with more users increase productivity. Secure cloud storage is a promising tool to enhance such a collaboration. Access control system can be enabled with attribute-based encryption. In this system, a user encrypts and uploads his/her data to the cloud with an access policy, such that only people who satisfy that access policy can decrypt the data. When a recipient would like to enable another person who is originally unauthorized by the original access policy, this recipient will need to extend the access policy by adding a new policy that includes the new person - hence, the notion of Extendable Access Control System. Admitting new users to access the uploaded data is an important requirement in enhancing collaborations. The main issue is with regards to the integrity protection during the process of extending the access policy. When a new access policy is added, the cloud has to be sure that the extended access policy remains guarding the same encrypted data as the original access policy, even though the cloud cannot decrypt this ciphertext, which is a challenging problem to solve. In this talk, we answer the above problem affirmatively by introducing EACSIP: an Extendable Access Control System with Integrity Protection, which is suitable to enhance collaboration in the cloud. The construction of EACSIP is built on top of a novel cryptographic primitive, namely Functional Key Encapsulation with Equality Testing (FKE-ET). The security proof and the performance evaluation of EACSIP are provided in this work.
报告人介绍:Willy Susilo received the Ph.D. degree in computer science from the University of Wollongong, Wollongong, NSW, Australia. He is currently a Professor, the Head of the School of Computing and Information Technology and the director of the Insitute of Cybersecurity and Cryptology (iC2), University of Wollongong (UOW). He is an Associate Editor of many international journals, such as IEEE Transactions on Information Forensics and Security and Elsevier’s Computer Standards and Interface, and has served as a program committee member in many prestigious international conferences. He is the editor-in-chief of the Information journal. He was awarded with a prestigious ARC Future Fellow. He received the prestigious Researcher of The Year award in 2016 from UOW. His current research interests include cloud security, cryptography, and information security. He is a senior member of IEEE since 2001.
讲座题目2:细粒度可控的可修订数字签名
报告人:黄欣沂 教授
报告摘要:报告将结合云计算、大数据等环境介绍Redactable Signatures (可修订数字签名)的性质、定义、设计和应用,并介绍关于细粒度可控的可修订数字签名的设计思路。
报告人介绍:黄欣沂,福建师范大学数学与Bwin必赢国际官网教授,博士生导师,中国密码学会理事。长期从事数字签名、身份认证等方面的研究,在ACM CCS,ESORICS, PKC,IEEE Transactions,ACM Transactions等学术会议和期刊上发表多篇学术论文。担任 IEEE TDSC等学术期刊编委,ACM AsiaCCS 等学术会议主席,ESORICS等学术会议程序委员会委员。主持国家自然科学基金、霍英东青年教师基金、福建省杰出青年科学基金等科研项目。
讲座题目3:密码逆向防火墙
报告人:陈荣茂 博士
摘要: The revelations of Edward Snowden in 2013 has attracted worldwide attention. It is shown that the computer machine could be compromised before delivered to the customer and the implemented cryptographic protocol may be even subverted and thus not as secure as thought. Since then, Post-Snowden Cryptography has become a prominent research direction in recent years. In Eurocrypt 2015, Mironov and Stephens-Davidowitz proposed a novel concept named Cryptographic Reverse Firewall (CRF) which can resist exfiltration of secret information from an arbitrarily compromised machine. In this talk, I will provide several examples of cryptographic protocol subversion attacks and then introduce our recent progress on this line of research. Particularly, I will show how to generically construct CRFs for several widely used cryptographic protocols including message-transmission protocol, oblivious signature-based envelope and oblivious transfer.
报告人简介:陈荣茂,博士,中国人民解放军国防科技大学计算机学院助理研究员。2011年和2013年于国防科技大学计算机学院获得学士和硕士学位,2013年受国家留学基金委资助被公派到澳大利亚Wollongong大学计算与信息安全中心攻读博士学位,2016年9月博士毕业回国并留校工作至今。主要研究兴趣为网络与信息安全,现阶段重点从事公钥密码学理论及应用研究。迄今为止以第一作者和主要作者身份在CRYPTO,ASIACRYPT,CT-RSA,Designs, Codes and Cryptography 以及IEEE Transaction on Information
Forensics and Security等学术会议和期刊上发表学术论文20余篇。先后担任多个国际学术会议程序委员会委员,以及CT-SA,ESORICS,AsiaCCS, IEEE GLOBECOM, TIFS, DCC, The Computer Journal, Information Science等20多个学术会议和期刊审稿人。
讲座题目4:Authenticated Key Exchange Resilient to Key Leakage and Bad Randomness
报告人:杨国民 博士
报告摘要: Authenticated key exchange (AKE) protocols allow two parties communicating over an insecure network to establish a common secret key. They form a central component in many network security standards such as TLS/SSL, SSH and IPSec. The traditional AKE protocols are designed under the assumption that the secrets used by the AKE algorithm, such as the long-term user secret key and the ephemeral secret key (or randomness), are out of the reach of the adversary. However, such an assumption may not be valid in the real implementations of AKE protocols. This talk will present the security issues in AKE caused by key leakage attacks and the use of bad randomness in AKE executions due to various reasons. Some countermeasures to address these problems will also be discussed.
报告人介绍: Dr. Guomin Yang is a Senior Lecturer and Australian Research Council Discovery Early Career Researcher Award Research Fellow at the School of Computing and Information Technology, University of Wollongong (UOW), Australia. He was admitted to the Mathematics Department of Fudan University in 1999, and moved to City University of Hong Kong in 2000 after being awarded the Hong Kong Jockey Club Scholarship. He received the Bachelor, Master and PhD degrees in Computer Science from City University of Hong Kong in 2004, 2006 and 2009, respectively. Before joining UOW in 2012, he was a Research Scientist at the Temasek Laboratories, National University of Singapore. Dr. Yang’s research interests are applied cryptography and network security. He has published over 90 research papers that have appeared at many respected venues such as ACM/IEEE Transactions, CRYPTO, ASIACRYPT, PKC, CT-RSA, ESORICS and INFOCOM.
讲座题目5:Dynamic Searchable Symmetric Key Encryption
报告人:徐鹏 教授
报告摘要: Dynamic Searchable Symmetric Encryption} (DSSE) allows a client not only to search over ciphertexts as the traditional searchable symmetric encryption does, but also to update these ciphertexts according to requirements, e.g., adding or deleting some ciphertexts. It has been recognized as a fundamental and promising method to build secure cloud storage. We propose a new DSSE scheme to overcome the drawbacks of previous schemes. The biggest challenge is to realize the physical deletion of ciphertexts with small leakage. We employ both logical and physical deletions, and run physical deletion in due course to avoid extra information leakage. Our instantiation achieves noticeable improvements throughout all following aspects: search performance, storage cost, functionality, and information leakage when operating its functions. We also demonstrate its provable security under adaptive attacks and practical performance according to experimental results.
报告人介绍:华中科技大学计算机学院教授,信息安全研究所副所长。主要研究方向包括:基于身份密码学、格密码学、可搜索加密、云安全等。在数个国内外知名期刊/会议发表论文,主要包括:IEEE TC,IEEE TIFS,IEEE TSC,ACM TECS,Information Sciences,FGCS,Chinese Science Bulletin,Science China Information Science,ACISP,ASIACCS,ICC,中国科学等,获ACISP 2017最佳论文奖。主持了国家自然科学面上基金与青年基金,深圳市基础研究(学科布局)项目;参与国家重点研发计划项目2项,973项目1项,863项目1项。
讲座题目6:Analysis of Clickjacking Attacks and an Effective Defense Scheme for Android Devices
报告人:杜小江 教授
报告摘要:Smartphones bring users lots of convenience by integrating all useful functions people may need. While users are spending more time on their phones, have they ever questioned of being spoofed by the phone they are interacting with? This paper conducts a thorough study of the mobile clickjacking attacks. We first present how the clickjacking attack works and the key points to remain undiscovered. Then, we evaluate its potential threats by exploring the feasibility of launching clickjacking attacks on various UIs, including system app windows, 3rd-party app windows, and other system UIs. Finally, we propose a system-level defense scheme against clickjacking attacks on Android platform, which requires no user or developer effort and is compatible with existing apps. The performance of the countermeasure is evaluated with extensive experiments. The results show that our scheme can effectively prevent clickjacking attacks with only a minor impact to the system.
报告人介绍:杜小江现任美国天普大学(Temple University)计算机系的终身教授。他从清华大学获得学士,硕士学位,从美国马里兰大学获得博士学位。杜博士的研究方向主要包括无线系统安全、物联网安全、计算机网络安全和无线网络与通信等。他在无线系统安全、计算机通信和在异构传感器网络等方面做出了开创性的研究。杜博士在Springer出版专著一本. 目前已在国际顶级期刊和会议上发表论文200多篇,其中SCI收录70余篇和EI收录200余篇,其中三篇文章获得了国际会议的最佳论文奖。是三个国际期刊的编委,多次担任过IEEE/ACM国际会议的主席,并多次在国际学术会议作特邀报告。多次参加美国科学基金会的科研项目书评审会。杜博士已经获得超过5百万美元的科研经费。他已经主持/承担了16项美国政府的科研项目,其中7项是由美国国家科学基金会资助,3项是由美国陆军研究局资助, 2项是由美国空军研究局资助. 杜博士目前是IEEE高级会员(Senior Member),以及ACM终身会员(Life Member)。