WELCOME TO ADIoT 2022
The 5th International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT 2022)
Program:
Friday, 30 September 2022 (Local time in Denmark, CEST)
08:50 - 09:00
Welcome Session
Workshop chairs
09:00 - 10:00
Keynote
Prof. Zhiqiang Lin (The Ohio State University, USA)
Talk title: Rethinking the Security and Privacy of Bluetooth Low Energy
Abstract: Being a near range wireless communication technology, Bluetooth Low Energy (BLE) has been widely used in numerous Internet-of-Things (IoT) devices from healthcare, fitness, wearables, to smart home because of its extremely lower energy consumption. Unfortunately, the past several years have also witnessed numerous security flaws, from implementation (e.g., leaking UUIDs) to specification (e.g., downgrading attacks) that have rendered billions of Bluetooth devices vulnerable to attacks. While luckily these flaws have been discovered, there is no reason to believe that the current Bluetooth Low Energy protocols and implementations (even with all those fixes enabled) are free from attacks, since Bluetooth Low Energy consists of multiple layers with various sub-protocols and components.
In this keynote, Dr. Lin will talk about a number of recently identified security and privacy threats against the BLE, and the lessons learned from those threats. In particular, he will first discuss the protocol-level downgrade attack, an attack that can force the secure BLE channels into insecure ones to break the data integrity and confidentiality of BLE traffic. Then, he will discuss how the current threat model of BLE fails and why it is time now to rethink the security principles in the design of BLE. Next, he will introduce Bluetooth Address Tracking (BAT) attack, a new protocol-level attack discovered from his group, which can track randomized Bluetooth MAC addresses by using an allowlist-based side channel. He will discuss the lessons learned, root causes of the attack, and its countermeasures. Finally, he will conclude his talk by discussing future directions in Bluetooth security and privacy.
Bio: Dr. Zhiqiang Lin is currently a Distinguished Professor of Engineering at The Ohio State University. His research interests center around systems and software security, with a key focus on (1) developing automated binary analysis techniques for vulnerability discovery and malware analysis, (2) hardening the systems and software from binary code rewriting, virtualization, and trusted execution environment, and (3) the applications of these techniques in Mobile, IoT, Bluetooth, and Connected and Autonomous Vehicles. He has published over 100 papers, many of which appeared in the top venues in cybersecurity. He is a recipient of Harrison Faculty Award for Excellence in Engineering Education, NSF CAREER award, AFOSR Young Investigator award, and Outstanding Faculty Teaching Award. He received his Ph.D. in Computer Science from Purdue University.
10:00 - 10:15
Coffee Break
10:15 - 11:15
Session 1:
- The Final Round: Benchmarking NIST LWC Ciphers on Microcontrollers
Sebastian Renner, Enrico Pozzobon and Jurgen Mottok
- Evolving a Boolean Masked Adder Using Neuroevolution
Sebastian Renner, Enrico Pozzobon and Jurgen Mottok
- Extended Abstract: Explainable AI and Deep Autoencoders Based Security Framework for IoT Network Attack Certainty
Chathuranga Sampath Kalutharage, Xiaodong Liu and Christos Chrysoulas
11:15 - 12:15
Session 2:
- Constraints and Evaluations on Signature Transmission Interval for Aggregate Signatures with Interactive Tracing Functionality
Ryu Ishii, Kyosuke Yamashita, Zihao Song, Tadanori Teruya, Yusuke Sakai, Takahiro Matsuda, Goichiro Hanaoka, Kanta Matsuura and Tsutomu Matsumoto
- Extended Abstract: Post-Quantum Secure Communication with IoT Devices Using Kyber and SRAM Behavioral and Physical Unclonable Functions
Roberto Roman, Rosario Arjona and Iluminada Baturone
- Effective Segmentation of RSSI Timeseries Produced by Stationary IoT Nodes: comparative study
Pooria Madani and Natalija Vlajic
12:15 - 13:40
Lunch
13:40 - 15:00
Session 3:
- Consumer-friendly Methods for Privacy Protection against Cleaning Robots
Yanxiu Wuwang and Gunther Schiefer
- Resource Efficient Federated Deep Learning for IoT Security Monitoring
Idris Zakariyya, Harsha Kalutarage and M. Omar Al-Kadri
- Man-in-the-OBD: A modular, protocol agnostic firewall for automotive dongles to enhance privacy and security
Felix Klement, Henrich C. Poehls and Stefan Katzenbeisser
- Mapping the Security Events to the MITRE ATT&CK Attack Patterns to Forecast Attack Propagation
Roman Kryukov, Vladimir Zima, Elena Doynikova, Evgenia Novikova and Igor Kotenko
15:00 - 15:15
Closing Session
Friday, 30 September 2022 (Local time in Denmark, CEST)
08:50 - 09:00
Welcome Session
Workshop chairs
09:00 - 10:00
Keynote
Prof. Zhiqiang Lin (The Ohio State University, USA)
Talk title: Rethinking the Security and Privacy of Bluetooth Low Energy
Abstract: Being a near range wireless communication technology, Bluetooth Low Energy (BLE) has been widely used in numerous Internet-of-Things (IoT) devices from healthcare, fitness, wearables, to smart home because of its extremely lower energy consumption. Unfortunately, the past several years have also witnessed numerous security flaws, from implementation (e.g., leaking UUIDs) to specification (e.g., downgrading attacks) that have rendered billions of Bluetooth devices vulnerable to attacks. While luckily these flaws have been discovered, there is no reason to believe that the current Bluetooth Low Energy protocols and implementations (even with all those fixes enabled) are free from attacks, since Bluetooth Low Energy consists of multiple layers with various sub-protocols and components.
In this keynote, Dr. Lin will talk about a number of recently identified security and privacy threats against the BLE, and the lessons learned from those threats. In particular, he will first discuss the protocol-level downgrade attack, an attack that can force the secure BLE channels into insecure ones to break the data integrity and confidentiality of BLE traffic. Then, he will discuss how the current threat model of BLE fails and why it is time now to rethink the security principles in the design of BLE. Next, he will introduce Bluetooth Address Tracking (BAT) attack, a new protocol-level attack discovered from his group, which can track randomized Bluetooth MAC addresses by using an allowlist-based side channel. He will discuss the lessons learned, root causes of the attack, and its countermeasures. Finally, he will conclude his talk by discussing future directions in Bluetooth security and privacy.
Bio: Dr. Zhiqiang Lin is currently a Distinguished Professor of Engineering at The Ohio State University. His research interests center around systems and software security, with a key focus on (1) developing automated binary analysis techniques for vulnerability discovery and malware analysis, (2) hardening the systems and software from binary code rewriting, virtualization, and trusted execution environment, and (3) the applications of these techniques in Mobile, IoT, Bluetooth, and Connected and Autonomous Vehicles. He has published over 100 papers, many of which appeared in the top venues in cybersecurity. He is a recipient of Harrison Faculty Award for Excellence in Engineering Education, NSF CAREER award, AFOSR Young Investigator award, and Outstanding Faculty Teaching Award. He received his Ph.D. in Computer Science from Purdue University.
10:00 - 10:15
Coffee Break
10:15 - 11:15
Session 1:
- The Final Round: Benchmarking NIST LWC Ciphers on Microcontrollers
Sebastian Renner, Enrico Pozzobon and Jurgen Mottok
- Evolving a Boolean Masked Adder Using Neuroevolution
Sebastian Renner, Enrico Pozzobon and Jurgen Mottok
- Extended Abstract: Explainable AI and Deep Autoencoders Based Security Framework for IoT Network Attack Certainty
Chathuranga Sampath Kalutharage, Xiaodong Liu and Christos Chrysoulas
11:15 - 12:15
Session 2:
- Constraints and Evaluations on Signature Transmission Interval for Aggregate Signatures with Interactive Tracing Functionality
Ryu Ishii, Kyosuke Yamashita, Zihao Song, Tadanori Teruya, Yusuke Sakai, Takahiro Matsuda, Goichiro Hanaoka, Kanta Matsuura and Tsutomu Matsumoto
- Extended Abstract: Post-Quantum Secure Communication with IoT Devices Using Kyber and SRAM Behavioral and Physical Unclonable Functions
Roberto Roman, Rosario Arjona and Iluminada Baturone
- Effective Segmentation of RSSI Timeseries Produced by Stationary IoT Nodes: comparative study
Pooria Madani and Natalija Vlajic
12:15 - 13:40
Lunch
13:40 - 15:00
Session 3:
- Consumer-friendly Methods for Privacy Protection against Cleaning Robots
Yanxiu Wuwang and Gunther Schiefer
- Resource Efficient Federated Deep Learning for IoT Security Monitoring
Idris Zakariyya, Harsha Kalutarage and M. Omar Al-Kadri
- Man-in-the-OBD: A modular, protocol agnostic firewall for automotive dongles to enhance privacy and security
Felix Klement, Henrich C. Poehls and Stefan Katzenbeisser
- Mapping the Security Events to the MITRE ATT&CK Attack Patterns to Forecast Attack Propagation
Roman Kryukov, Vladimir Zima, Elena Doynikova, Evgenia Novikova and Igor Kotenko
15:00 - 15:15
Closing Session
