Abstract : Cryptographic Hash Functions are ubiquitous in our day-to-day digital lives. Primarily they ensure data integrity which is one of the fundamental crypto goals making the analysis of these hash functions imperative. After briefly introducing the research area, this talk will focus on devising “Distinguishers” of the latest cryptographic hash function – SHA3. “Distinguishers” constitute a specific paradigm of analyzing hash functions that deals with exhibiting non-random behavior.  The talk will zoom-in to the domain of higher-order derivatives of Boolean functions and its applications to analysis of SHA3 in the form of the Zero-Sum property. Finally, our latest research result which proposes a new class of Distinguishers of SHA3 will be presented. The technique presented relies on a variant of classical higher order Boolean derivatives over special subspaces. It exploits internal symmetry of the hash function to come up with the best distinguisher on SHA3 penetrating up to 9 rounds that succeeds with probability one and outperforms the closest competitor, in terms of effort, by a factor of 4.

Brief Bio: Dhiman Saha is an Assistant Professor in the Department of Electrical Engineering and Computer Science at IIT Bhilai. Prior to that he was working as a Visiting Scientist at the R.C Bose Center for Cryptology & Security, ISI Kolkata. He   received his PhD in 2017 from the Computer Science and Engineering Department, IIT Kharagpur where he also served as a Research Associate in the Crypto Research Lab. His broad area of research encompasses both theoretical and physical aspects of Cryptography. As a part of his thesis he worked on the cryptanalysis of hash functions and authenticated ciphers. He has broken three authenticated encryption schemes submitted to the on-going CAESAR competition and has been involved in the analysis of latest cryptographic hash standard - SHA3. Before joining for his PhD, he worked in the Electronic Design Automation industry for over two years. He completed his MS degree from IIT Kharagpur in 2009 with a thesis on Hardware Security. He received his BE from NIT Agartala in 2006 and was awarded the Gold Medal for Computer Science and Engineering. He was also recipient of the NEC Scholarship during his BE. Along with hash functions and authenticated ciphers, his recent research interests include randomness in public permutations, infective counter-measures in fault analysis and memory-hard functions.

Abstract: Internet of Things (IoT) become a backbone of sensing infrastructure to several mission critical applications such as healthcare, disaster management, and other components of smart cities. Due to the resource constraint sensing devices, IoT infrastructure use edge datacenters (EDCs) for real-time data streams processing. The key requirement of such applications is the need for near real-time stream data processing in large scale sensing networks. This trend gives birth to an area called big sensing data streams. EDCs are deployed to decrease the latency and network congestion by processing data streams and user requests in near real time. Protecting data communications from malicious activity become a key factor as all the communications through the insecure channel. One of the challenging tasks in such applications is to ensure the integrity and trustworthiness of collected data so that reliable decisions are made based on these data. Thus, protecting the data streams from information leakage and unauthorized access are become key challenges. Providing data security for big sensing data in the context of application and near real time analytics is a challenging problem. This talk covers the security aspect of big sensing data in IoT and EDC integration. Applying cryptographic technique is the most efficient way to secure data transmission. Symmetric cryptographic method is explored to provide multilevel data security based on data sensitive level. Multilevel data security purely application specific and where different dataset are of different sensitive level, hence they need different level of security while transmitting through insecure channel or stored in cloud. Followed by, access control method over big sensing data is proposed while stream query processing. This access control mechanism protect data during query processing to extract information. Combination of above two method provides end-to-end security with multilevel data protection. More technical details with applications will be covered during this talk.

Short Biography:

Dr. Deepak Puthal is a Lecturer (Assistant Professor) at Faculty of Engineering and Information Technologies, University of Technology Sydney, Australia. He obtained a Ph.D. in Computer Science from University of Technology Sydney in 2017. He is the recipient of 2017 IEEE Distinguished Doctoral Dissertation Award. His research interest includes Cyber Security, Internet of Things, and Edge/Fog Computing. His research outcome appears in top- notch journals/transactions and conference proceedings as 50 articles with a Google Scholar h-index of 15. He has been serving on the editorial board of several journals or transactions, including IEEE  Transactions  on  Big  Data,  IEEE  Consumer  Electronics Magazine, International Journal of Communication Systems (John Wiley & Sons), Internet Technology Letters (John Wiley & Sons) and KSII Transactions on Internet and Information Systems (TIIS). He is a Section Editor (Section - Big Data Security and Privacy) of Encyclopedia of Big Data Technologies (Springer). He is also serves at Program Committee Chair to several IEEE and ACM sponsored international conferences.

Abstract: A smart contract is hard to patch for bugs once it is deployed, irrespective of the money it holds. A recent bug caused losses worth around $50 million of cryptocurrency in the Ethereum Blockchain.  We present Zeus---a sound fault detection framework to verify smart contracts. Zeus leverages both abstract interpretation and symbolic model checking, along with the power of constrained horn clauses to quickly verify contracts for safety. We have built a prototype of Zeus for Ethereum and the Hyperledger Fabric blockchain platforms and evaluated it with over 22,400 smart contracts. Our evaluation indicates that about 94.6% of contracts (containing cryptocurrency worth more than $0.5 billion) are vulnerable. Zeus is sound with zero false negatives and has a low false positive rate, with an order of magnitude improvement in analysis time as compared to any prior attempt at verifying smart contracts.  

Bio: Mohan is a Researcher Staff Member with IBM Research, India. He is broadly interested in Systems, Security and Program Analysis, with a current focus on Blockchain. Mohan has published several papers in high impact conferences. He earned his PhD in Computer Science from Rutgers University in 2013.