Summer School Talks

Talks

Here are the currently confirmed summer school talks!

  • Authenticated encryption: state-of-the-art and beyond
    Slides
  • Speaker: Joan Daemen

  • Abstract: Nowadays the core functionality of symmetric cryptography is authenticated encryption (AE), that combines encryption to protect the confidentiality of data with its authentication. In this presentation we define the security goal of AE and show how AE schemes can be built and proven secure assuming an ideal primitive. In what many consider the state-of-the-art, the primitive is a block cipher (in practice AES), and it is assumed to behave like a random permutation.

  • Private Information Retrieval: are we close to make it practical?
    Slides
  • Speaker: Sofía Celi

  • Abstract: Private Information Retrieval (PIR) schemes provide the ability to make private queries on databases that are hosted by a(n) untrusted (semi-honest) server(s). In the the single-server setting (where there are no trust assumptions over non-colluding servers), the majority of approaches with tolerable costs are limited to querying indices (single items) over flat arrays. However, this abstraction differs greatly from real-world instantiations of both structured and unstructured databases.

  • Empirical Security Research in the Android Ecosystem
    Slides
  • Speaker: Juan Tapiador

  • Abstract: Android dominates the mobile operating system landscape worldwide, with over 3 billion active users and nearly 9 million mobile apps. The open-source nature of the Android Open Source Project (AOSP) has been instrumental in this success. However, it has also facilitated a complex supply chain across the software stack, involving Original Equipment Manufacturers (OEMs), Mobile Network Operators (MNOs), application markets, and a diverse ecosystem of third-party developers, advertising, and tracking services.

  • Federated Learning Security: From Advantages to Adversaries
  • Speaker: Alexandra Dmitrienko

  • Abstract: The rise of machine learning (ML) as a disruptive technology has ushered in a new era of intelligent applications. Among these advancements, distributed learning, particularly federated learning (FL), stands out as a significant evolution in collaborative intelligence. FL's unique capacity to utilize decentralized data sources enables privacy-preserving collaborative training, particularly beneficial in application domains where accessing public data is challenging or unfeasible, such as healthcare, finance, and beyond.

  • Anamorphic Encryption: Private Communication against a Dictator.
    Slides
  • Speaker: Giuseppe Persiano

  • Abstract: Cryptosystems have been developed over the years under the typical prevalent setting which assumes that the receiver’s key is kept secure from the adversary, and that the choice of the message to be sent is freely performed by the sender and is kept secure from the adversary as well. Under these fundamental and basic operational assumptions, modern Cryptography has flourished over the last half a century or so, with amazing achievements: New systems (including public-key Cryptography), beautiful and useful models (including security definitions such as semantic security), and new primitives (such as zero-knowledge proofs) have been developed. Furthermore, these fundamental achievements have been translated into actual working systems, and span many of the daily human activities over the Internet. However, in recent years, there is an overgrowing pressure from many governments to allow the government itself access to keys and messages of encryption systems (under various names: escrow encryption, emergency access, communication decency acts, etc.).

  • GDPR and ePrivacy Compliance
    Slides
  • Speaker: Cristiana Teixeira Santos

  • Abstract: Web advertising relies on continuous data collection and tracking that allows advertising companies and data brokers to profit from processing a vast amount of personal data from Web users. The ePrivacy Directive requires to collect user’s consent before any access or storage of non-mandatory data, such as cookies and other tracking technologies. The GDPR defined the rules on what a legally compliant consent entail. In case of websites, consent is usually presented in the form of consent banners that should provide a meaningful choice to accept or reject such data collection. Today, EU users encounter such pop-ups on almost every website.

  • Foundations of Layer-2 Blockchain Protocols
    Slides
  • Speaker: Matteo Maffei

  • Abstract: Permissionless blockchains enable secure payments, and more generally computations, in a decentralized, trustless environment. Transactions are verified through a consensus mechanism and all valid transactions are recorded in a public, distributed ledger. While grounbreaking in nature and, despite their tender age, already rich of societal impact, existing blockchain technologies suffer from a few inherent limitations. First, storing each transaction on the ledger presents obvious scalability issues and fails to meet the growing user demands: For instance, in Bitcoin, the transaction throughput is technically limited to tens of transactions per second, a throughput three orders of magnitude lower than credit card networks. Secondly, consensus protocols operate on individual blockchains, whereas rich DeFi applications require to synchronize operations and transfer coins from a blockchain to the other, which typically requires trusted parties.

  • Key Transparency: from theory to practice
    Slides
  • Speaker: Esha Ghosh

  • Abstract: End-to-end encryption (E2EE) in messaging and calling/meeting apps have become ubiquitous in the past few years. Security of end-to-end encrypted communication apps crucially rely on the assumption that the user has the correct identity public key for the person they wish to establish an encrypted communication channel with. Traditionally, E2EE communication systems have required the user to perform cumbersome manual checks to establish the authenticity of these identity public keys, e.g. by physically scanning QR codes, or by verbally reading a fingerprint. In practice, these verifications are rarely performed.

  • Evolving Security in Cellular Networks: Privacy Challenges, Device-Level Testing, and Autonomous Swarm Networking
    Slides
  • Speaker: Aanjhan Ranganathan

  • Abstract: Security and flexibility are paramount concerns in the rapidly evolving landscape of cellular communications. This talk addresses key themes in mobile network security, focusing on privacy challenges, device-level testing, and dynamic networking for autonomous swarms. We start by examining privacy threats through SMS timing attacks, revealing how these timings can be exploited to track user locations covertly.

  • Hiding Your Size (how to conceal input size in Private Set Intersection Protocols)
    Slides
  • Speaker: Gene Tsudik

  • Abstract: Private set operations, such as private set intersection (PSI), are popular in many application domains, and are actually widely used by both industrial and government entities. Many flavors of these operations have been designed that reveal either less information or do so only under certain conditions, e.g., if the intersection size exceeds a certain threshold. One important parameter that is almost always revealed is each party's input (set) size. For settings where input size is deemed sensitive, compact Size-Hiding PSI protocols are needed.

  • New Directions in Physical Layer Security - From Privacy Protection to Nuclear Warheads
    Slides
  • Speaker: Christof Paar

  • Abstract: Classical physical-layer security (PLS) has been studied for nearly half a century. In the past, the main objective had been to realize information-theoretically secure communication, yet those schemes haven't gained much practical relevance. We argue that it is more promising to apply PLS to problems for which there is no solution using digital-only schemes. Along this line of thinking, a promising field of research is wireless sensing, which utilizes radio channels to obtain information about physical environments.

  • Microarchitectural Weird Machines
    Slides
  • Speaker: Yuval Yarom

  • Abstract: Over the last two decades, significant research effort has been vested in understanding emergent behaviour of computer microarchitecture and its impact on security. A large number of attacks exploiting emergent behaviour of caches and other components have been described, demonstrating significant threat to the security of computer systems.

  • Side-Channel Attacks on Implementations of CRYSTALS-Kyber and CRYSTALS-Dilithium PQC Algorithms
  • Speaker: Elena Dubrova

  • Abstract: With the advent of quantum computing and the threat it poses to current public key cryptographic systems, there is a need for new, post-quantum cryptographic (PQC) solutions. The state-of-the-art in PQC is quickly moving from research to standards, implementation, and deployment. The 3GPP is planning to introduce PQC algorithms in 5G as soon as the final NIST and IETF standards are published.

  • Secure implementations of Post-quantum schemes
    Slides
  • Speaker: Gustavo Banegas

  • Abstract: Physical security for cryptographic schemes is now a necessity. In modern cryptography, we are no longer dealing solely with personal computers; instead, we are dealing with various processes, necessitating the secure implementation of the scheme.




Speakers

Here are the currently confirmed school speakers!

#

Joan Daemen

Radboud University, The Netherlands
#

Juan Tapiador

Universidad Carlos III de Madrid, Spain
#

Alexandra Dmitrienko

Julius-Maximilians-Universität Würzburg, Germany
#

Giuseppe Persiano

Università di Salerno, Italy
#

Cristiana Teixeira Santos

Utrecht University, The Netherlands
#

Matteo Maffei

TU Wien, Austria
#

Esha Ghosh

Microsoft, Redmond, Washington, US
#

Aanjhan Ranganathan

Northeastern University, Boston, USA
#

Gene Tsudik

University of California, Irvine, USA
#

Christof Paar

Max Planck Institute for Security and Privacy, Bochum, Germany
#

Yuval Yarom

Ruhr University Bochum, Germany
#

Elena Dubrova

Royal Institute of Technology (KTH), Sweden
#

Gustavo Banegas

Qualcomm, France