Seminars & Talks

Seminars & Talks

  • Prof. Sajal K. Das, IEEE Fellow, Daniel St. Clair Endowed Chair, Missouri University of Science and Technology, USA
    Friday, January 12, 2018 - 15:30
    RM 101

    ABSTRACT

    We live in an era in which our physical and personal environments are becoming increasingly intertwined and smarter due to the advent of pervasive sensing, wireless communications, computing, and actuation technologies. Indeed our daily livingin smart cities and connected communities will depend on a wide variety of smart service systems and cyber-physical infrastructures, such as smart energy, transportation, healthcare, supply-chain, etc. Alongside, the availability of low-cost wireless sensor networks, Internet of Things (IoTs) and rich mobile devices (e.g., smartphones) are also empowering humans with fine-grained information and opinion collection through crowdsensing about events of interest, thus resulting in actionable inferences and decisions. This synergy has led to cyber-physical-social (CPS) convergence with human in the loop that exhibits complex interactions, inter-dependencies and adaptations between engineered/natural systems and human users with agoal to improve quality of life experience in what we call smart living. However, the main challenges are posed by the scale, heterogeneity, big data, and resource limitations in context recognition and situation awareness using sensors, IoTs and CPS networks. This talk will first highlight unique research issues and challenges in smart living and CPS systems, followed by novel solutions for energy-efficient data gathering and fusion, coverage and connectivity, security and trustworthiness, and trade-off between energy and information quality in multi-modal context recognition. We will present case studies and experimental results for smart grid and smart healthcare applications. The talk will be concluded with directions for future research.

     

    BioGRAPHY

    Dr. Sajal K. Das, whose academic genealogy includes Thomas Alva Edison,  is a professor of Computer Science and Daniel St. Clair Endowed Chair at Missouri University of Science and Technology, Rolla, where he was the Chair of Computer Science Department during 2013-2017. During 2008-2011, he served the NSF as a Program Director in the Computer and Network Systems Division. Prior to 2013, Dr. Das was a University Distinguished Scholar Professor of Computer Science and Engineering, and founding director of Center for Research in Wireless Mobility and Networking (CReWMaN) at the University of Texas at Arlington. His broad research interests include IoTs, big data analytics, cloud computing, wireless sensor networks, mobile and pervasive computing, cyber-physical systems, smart environments including smart grid and smart healthcare, cyber-security and trustworthiness, biological and social networks, and applied graph theory and game theory. He has directed over $15M funded projects and published over 700 papers in high quality journals and refereed conference proceedings. He holds 5 US patents, co-authored 52 invited book chapters, and 4 books – “Smart Environments: Technology, Protocols, and Applications” (John Wiley, 2005); “Handbook on Securing Cyber-Physical Critical Infrastructure: Foundations and Challenges” (Morgan Kaufman, 2012); “Mobile Agents in Distributed Computing and Networking” (Wiley, 2012); and “Principles of Cyber-Physical Systems: An Interdisciplinary Approach” (Cambridge University Press, 2018). According to DBLP, Dr. Das is one of the most prolific authors in computer science. His h-index is 78 with more than 25,000 citations according to Google Scholar. He has graduated 41 Ph.D. students. He is a recipient of 10 Best Paper Awards and numerous awards for research, teaching, mentoring and professional services, including IEEE Computer Society’s Technical Achievement Award for pioneering contributions to sensor networks and mobile computing, and Graduate Dean’s Award of Excellence in Mentoring Doctoral Students. Dr. Das serves as the founding Editor-in-Chief of Elsevier’s Pervasive and Mobile Computing journal (since 2005) and as Associate Editor of several journals including IEEE Transactions on Mobile Computing and ACM Transactions on Sensor Networks. A (co)-founder of IEEE PerCom, WoWMoM, SMARTCOMP, and ICDCN conferences, he has served on numerous ACM and IEEE conference committees as General Chair, Technical Program Chair, or Program Committee member. Dr. Das is an IEEE Fellow for pioneering contributions to parallel, distributed and mobile computing.

  • Vijay V. Vazirani, University of California, Irvine
    Wednesday, January 3, 2018 - 12:30
    KD 101

    Abstract:  Is matching in NC, i.e., is there a deterministic fast parallel algorithm for it? This has been an outstanding open question in TCS for over three decades, ever since the discovery of Random NC matching algorithms. Within this question, the case of planar graphs has remained an enigma: On the one hand, counting the number of perfect matchings is far harder than finding one (the former is #P-complete and the latter is in P), and on the other, for planar graphs, counting has long been known to be in NC whereas finding one has resisted a solution!

    The case of bipartite planar graphs was solved by Miller and Naor in 1989 via a flow-based algorithm.  In 2000, Mahajan and Varadarajan gave an elegant way of using counting matchings to finding one, hence giving a
    different NC algorithm.

    However, non-bipartite planar graphs still didn't yield: the stumbling block being odd tight cuts.  Interestingly enough, these are also a key to the solution: a balanced odd tight cut leads to a straight-forward divide
    and conquer NC algorithm. The remaining task is to find such a cut in NC. This requires several algorithmic ideas, such as finding a point in the interior of the minimum weight face of the perfect matching polytope and
    uncrossing odd tight cuts.

    Paper available at:  https://arxiv.org/pdf/1709.07822.pdf

    Joint work with Nima Anari.

    About the speaker:

    Vijay Vazirani is a leading theoretical computer scientist, with seminal contributions in many areas, e.g., in complexity theory, algorithmic matching theory, approximation algorithms, algorithmic game theory,
    computability of market equilibria, etc. Two of his most significant contributions are: if UNIQUE-SAT is in P then NP = RP (Valiant-Vazirani Theorem), and an algorithm for finding maximum matchings in general
    graphs, the best algorithm for the problem till date.

  • Rajesh K. Gupta, UCSD
    Friday, December 29, 2017 - 15:30
    RM101

    Abstract:Emerging cyber-physical systems are distributed systems in constant interaction with their physical environments through sensing and actuation at network edges. Precise knowledge of time is important for many of its operations from networking, localization to embedded control algorithms. Yet, timing uncertainty increases by orders of magnitude through the software, network stack and due to architectural and adversarial operational factors. Project ROSELINE is a collaboration among four universities with the goal to make timing information visible and controllable, reduce timing uncertainty to enable robust and secure time-centric applications. The strategies range from specialized architectural and programming assists to synchronization protocols that reduce communication burden, establish limits on the quality of time and its impact on stability of control algorithms. In this talk, I will provide an overview of the strategies and results from the ongoing collaborative project.

    Speaker Bio: Rajesh Gupta research interests span topics in embedded and cyber-physical systems with a focus on timing and energy from algorithms, devices to systems that scale from IC chips, and data centers to built environments such as commercial buildings. He currently leads NSF project MetroInsight with the goal to organize and use city-scale sensing data for improved services. His past contributions include SystemC modeling and SPARK parallelizing high-level synthesis, both of which have been incorporated into industrial practice. Earlier, Gupta led NSF Expeditions on Variability, and DARPA-sponsored efforts under the Data Intensive Systems (DIS) and Circuit Realization at Faster Timescales (CRAFT) programs. Gupta and his students have received a best demonstration paper award at ACM BuildSys'16 , best paper award at IEEE/ACM DCOSS’08 and a best demonstration award at IEEE/ACM IPSN/SPOTS’05.Gupta received a Bachelor of Technology in electrical engineering from IIT Kanpur, India; a Master of Science in EECS from University of California, Berkeley; and a PhD in electrical engineering from Stanford University, US. He currently holds INRIA International Chair at the French international research institute in Rennes, Bretagne Atlantique. Gupta  is a Fellow of the IEEE and the ACM.

  • Mani Srivastava, UCLA
    Friday, December 29, 2017 - 14:30
    RM101

    Abstract: Sensors in our phones, sensors on our bodies, sensors in our spaces. Just in a short time span we seem to have beeninundated by sensors everywhere. Sitting at the edges of the emerging distributed computing fabric being called theInternet of Things (IoT), networked sensors produce rich data of high volume, velocity, and variety. These sensorydata streams enable pervasive awareness, predictive analytics, customization and just-in- time intervention in avariety of application domains such as mHealth, smart buildings, and intelligent transportation.

    While their benefits are numerous, sensors also present immense new privacy and security risks that are hard tocomprehend as the high-dimensionality sensor data is quite different from other data that we encounter in our livesand have experience with. Sophisticated adversaries, benefiting from the same advances in computing technologiesas the sensing systems, can manipulate sensory sources and analyze data in subtle ways to extract sensitiveknowledge, cause erroneous inferences, and subvert decisions. The consequences of these compromises will onlyamplify as our society increasingly complex human-cyber- physical systems with increased reliance on sensoryinformation and real-time decision cycles.

    The problems of privacy and security are getting magnified as the early sensing-focused IoT systems are leading to anew generation of IoT systems where the sensor data is being used to influence and control the state of human-cyber-physical systems at multiple scales ranging from personal to societal. The sensor data, instead of beingingested primarily for slower time-scale knowledge discovery and decision making, is becoming part of a complexweb of distributed autonomous and semi-autonomous feedback loops controlling and coordinating swarms ofautonomous devices owned and managed by multiple parties and intelligently operating in shared spaces whileinteracting with humans and the physical world around them. Such systems present new threats and systemvulnerabilities, such as corruption of control loops, exploitation of physical channels among sensors and actuators,and manipulation of timing information that control algorithms critically depend upon.

    Drawing upon examples from applications such as mobile health and sustainable buildings, this talk will discuss thechallenges in designing a trustworthy computing substrate for pervasive perception, cognition, and action. For it tobe trusted by both, the pervasive sensing infrastructure must be robust to active adversaries who are deceptivelyextracting private information, manipulating beliefs and subverting control decisions. Solving these challengeswould require a new science of resilient, secure and trustworthy networked sensing and control systems thatcombines methods from multiple disciplines, and the talk would provide some initial insights and results.

    Speaker Bio: Mani Srivastava is on the faculty in the ECE Department at UCLA, with a joint appointment in the CS Department.Previously, he obtained his undergraduate degree from IIT Kanpur, his MS and PhD from UC Berkeley. Beforejoining UCLA, and worked at Bell Labs Research. His research is broadly in the area of networked human-cyber-physical systems, and spans problems across the entire spectrum of applications, architectures, algorithms, andtechnologies. His current interests include issues of energy efficiency, privacy and security, data quality, andvariability in the context of systems and applications for mHealth and sustainable buildings. He is a Fellow of theACM and the IEEE. More information about his research is available at his lab’s website: http://www.nesl.ucla.edu.

  • Ramesh Karri (New York University, New York)
    Tuesday, August 22, 2017 - 10:00
    RM 301

    Abstract: This presentation will explore the security implications of biochips that are envisioned for use in lab-on-chips. We will discuss how attackers in the bio-chip supply chain can undermine proprietary biochemical protocols or alter their results, with serious consequences for laboratory analysis, healthcare, and biotechnology innovation.

    Bio: Ramesh Karri is a Professor of Electrical and Computer Engineering at Tandon School of Engineering, New York University. He has a Ph.D. in Computer Science and Engineering, from the University of California at San Diego. His research and education activities span hardware cybersecurity including trustworthy ICs, processors and cyberphysical systems; security-aware computer aided design, test, verification, validation and reliability; nano meets security; metrics; benchmarks; hardware cybersecurity competitions; additive manufacturing security. He has over 200 journal and conference publications including tutorials on Trustworthy Hardware in IEEE Computer (2) and Proceedings of the IEEE (5). His groups work on hardware cybersecurity was nominated for best paper awards (ICCD 2015 and DFTS 2015) and received awards at conferences (ITC 2014, CCS 2013, DFTS 2013 and VLSI Design 2012) and at competitions (ACM Student Research Competition at DAC 2012, ICCAD 2013, DAC 2014, ACM Grand Finals 2013, Kaspersky Challenge and Embedded Security Challenge). He was the recipient of the Humboldt Fellowship and the National Science Foundation CAREER Award. He is the area director for cyber security of the NY State Center for Advanced Telecommunications Technologies at NYU-Poly; Co-founded the NYU Center for CyberSecurity  -CCS (http://cyber.nyu.edu/), co-founded the Trust-Hub (http://trust-hub.org/) and founded and organizes the Embedded Security Challenge, the annual red team blue team event at NYU,  (http://www.nyu.edu/csaw2016/csaw-embedded).

  • Farshad Khorrami (New York University, New York)
    Tuesday, August 22, 2017 - 10:00
    RM 301

    Abstract: This talk will address some of our prior and on-going efforts on various security aspects of analog side channels of embedded cyber-physical systems (CPS). Modern CPS are complex interconnections of heterogeneous hardware and software components. With increasing complexity, connectivity, and programmability of embedded CPS devices, the potential cyber-attack surface has also been increasing making the study of related cyber-security issues highly relevant and timely. In particular, analog side channels are especially interesting from both attack (e.g., exploiting these side channels as an attack mechanism such as for information leakage) and defense viewpoints (e.g., utilizing these side channels for real-time monitoring). In this context, process-aware information leakage utilizing acoustic side channels from CPS instrumentation without impacting process stability and performance will be discussed. Thermal side channel monitoring of CPS devices leveraging their typical periodic code structures will also be discussed. Both the algorithmic techniques and hardware implementation aspects will be presented in the talk. The implementation of a Hardware-In-The-Loop (HITL) CPS testbed for study of cyber-security of embedded CPS devices will also be presented.

    Bio:  Farshad Khorrami received his Bachelors degrees in Mathematics and Electrical Engineering in 1982 and 1984 respectively from The Ohio State University. He also received his Master's degree in Mathematics and Ph.D. in Electrical Engineering in 1984 and 1988 from The Ohio State University. Dr. Khorrami is currently a professor of Electrical & Computer Engineering Department at NYU where he joined as an assistant professor in Sept. 1988. His research interests include adaptive and nonlinear controls, robotics and automation,  control systems and CPS security, embedded systems security, unmanned vehicles (fixed-wing and rotary wing aircrafts as well as underwater vehicles and surface ships), smart structures, large-scale systems and decentralized control, smart grid security, and microprocessor based control and instrumentation. Prof. Khorrami has published more than 250 refereed journal and conference papers in these areas. His book on "modeling and adaptive nonlinear control of electric motors" was published by Springer Verlag in 2003. He also has fourteen U.S. patents on novel smart micro-positioners and actuators, control systems, cyber security, and wireless sensors and actuators. He has developed and directed the Control/Robotics Research Laboratory at Polytechnic Univrsity (Now NYU).  His research has been supported by the Army Research Office, National Science Foundation, Office of Naval Research, DARPA, Sandia National Laboratory, Army Research Laboratory, NASA, Boeing, and several corporations. Prof. Khorrami has served as general chair and conference organizing committee member of several international conferences.

  • Hoda A. Alkhzaimi, New York University Abu Dhabi
    Tuesday, August 22, 2017 - 10:00
    RM 301

    Abstract: Throughout the years, designing a symmetric cipher with a specific security rationale, and designing the cryptanalytic techniques that will test the claimed security bounds went hand-in-hand to test the boundaries on the design and attack methods. This formed a continuous evolution in the approaches that cryptographic primitives are constructed to be suitable for future and current hardware environments. This seminar session is meant to shed focus on the different conventional and lightweight design approaches for block ciphers. In addition to considering different design criteria and requirements for the different layers within a certain design. It will also introduce an  overview on the possible generic, structural and statistical cryptanalytic techniques that can be used to test or reduce certain security properties within a design. We will finally look into possible connections between different cryptanalytic methods and how this can be used to utilize an effective attack model.

    Bio: Hoda A.Alkhzaimi is currently a research assistant professor in New York University and the Director of Center of Cyber Security in NewYork University AD. She served in different posts for research and development in Cyber Security and Cryptology for the past years. She headed the Department of Research and Development for Cyber Security and Cryptology in different national initiatives in the United Arab Emirates along with her associations to different security initiatives nationally and internationally.  Alkhzaimi has a specific expertise in cryptology; cryptanalysis, constructing and validating security hardware and software components, constructing trusted security architectures for different environments in different products for the respective industries. HodaA.Alkhzaimi obtained her PhD inCryptanalysis from Denmark Technical University. Her current research interests include
    Space, Aerospace, and UAV security, constructing and analyzing cryptographic primitives, validating and investigating links between different cryptanalytic approaches and utilizing cryptographic primitives in different cybersecurity architectures as in Internet of Things and big data analysis among ot

  • Ozgur Sinanoglu (New York University at Abu Dhabi)
    Tuesday, August 22, 2017 - 10:00
    RM 301

    Globalization of Integrated Circuit (IC) design and manufacturing is making designers and users of ICs re-assess their trust in hardware. As the IC design flow spans the globe - driven by cost-conscious consumer electronics - hardware is increasingly prone to reverse engineering, Intellectual Property (IP) piracy and malicious modifications (i.e., hardware trojans). An attacker, anywhere within the global design flow, can reverse engineer the functionality of an IC/IP, steal and claim ownership of the IP or introduce counterfeits into the supply chain. Moreover, an untrusted IC fab may overbuild ICs and sell them illegally. Finally, rogue elements in the fabs may insert hardware trojans into the design without the knowledge of the designer or the end-user of the IC; this additional functionality may subsequently be exploited to introduce errors in the results, steal sensitive information or incapacitate a fielded system. The semiconductor industry routinely loses $billions annually due to these attacks.  This talk will cover various forms of threats that the electronic chip supply chain is up against, as well as defenses against these threats. It will focus on one particular solution—logic locking—by covering its basics and evolution. It will also demonstrate the first-ever prototype: the first chip that is resilient to hardware-level threats.

    Bio:  Ozgur Sinanoglu is an associate professor of electrical and computer engineering at New York University Abu Dhabi. He earned his B.S. degrees, one in Electrical and Electronics Engineering and one in Computer Engineering, both from Bogazici University, Turkey in 1999. He obtained his MS and PhD in Computer Science and Engineering from University of California San Diego in 2001 and 2004, respectively. He has industry experience at TI, IBM and Qualcomm, and has been with NYU Abu Dhabi since 2010. During his PhD, he won the IBM PhD fellowship award twice. He is also the recipient of the best paper awards at IEEE VLSI Test Symposium 2011 and ACM Conference on Computer and Communication Security 2013.  Prof. Sinanoglu’s research interests include design-for-test, design-for-security and design-for-trust for VLSI circuits, where he has around 160 conference and journal papers, and 20 issued and pending US Patents. Sinanoglu has given more than a dozen tutorials on hardware security and trust in leading CAD and test conferences, such as DAC, DATE, ITC, VTS, ETS, ICCD, ISQED, etc. He is serving as track/topic chair or technical program committee member in about 15 conferences, and as (guest) associate editor for IEEE TIFS, IEEE TCAD, ACM JETC, IEEE TETC, Elsevier MEJ, JETTA, and IET CDT journals.  Prof. Sinanoglu is the director of the Design-for-Excellence Lab at NYU Abu Dhabi. His recent research in hardware security and trust is being funded by US National Science Foundation, US Department of Defense, Semiconductor Research Corporation, and Mubadala Technology.

  • Ajay Singh, 15111005
    Monday, July 17, 2017 - 11:30
    KD 101

    In the recent years, there has been a rapid rise in the number of files submitted to anti-virus companies for analysis, so it has become very difficult to analyse functionality of each file manually. Malware developers have been highly successful in evading the signature-based detection techniques. Most of the prevailing static analysis techniques involve a tool to parse the file. The entire analysis process becomes dependent to the efficacy of the tool, if the tool crashes the process is hampered. Most of the dynamic analysis techniques involve the binary file to be run in a sand-boxed environment to examine its behaviour. This can be easily thwarted by hiding the malicious activities of the file if it is being run inside a virtual environment. In this thesis, we have explored a new technique to represent malware as images. We then used existing neural network techniques, for classifying images, to train a classifier for classifying new malware files into their respective classes. By converting the file into an image representation we have made our analysis process independent of any tool also the process becomes less time consuming. With our model we have been able to get an accuracy of 98.21% in classifying malware samples. 

  • Pranjul Ahuja, 15111029
    Monday, July 17, 2017 - 10:30
    KD 101

    There has been an exponential  growth in the number of malware in the cyber world in the last few years. Modern malware use sophisticated techniques such as polymorphism and metamorphism to thwart the malware detection and analysis.

    Detecting malware on the basis of their features and behavior is critical for the computer security community. Most anti-virus depends on the signature based detection which is relatively easy to evade and is ineffective for zero-day exploit based malwares. Static analysis analyzes the executables without executing them whereas dynamic analysis actually executes the malware in a sand-boxed environment and the system changes are logged for further investigation. In this thesis, we are adopting a hybrid approach in which we integrate the feature vectors extracted from both static and dynamic analysis to detect unknown malware. Our experiments obtained an accuracy of 98.62% in detecting malware. Our detection system is robust and scalable as we have increased the amount of samples used for analysis and reduced the feature space compared to the existing approaches in the literature.

Pages

  • Prof. Sajal K. Das, IEEE Fellow, Daniel St. Clair Endowed Chair, Missouri University of Science and Technology, USA
    Friday, January 12, 2018 - 15:30
    RM 101

    ABSTRACT

    We live in an era in which our physical and personal environments are becoming increasingly intertwined and smarter due to the advent of pervasive sensing, wireless communications, computing, and actuation technologies. Indeed our daily livingin smart cities and connected communities will depend on a wide variety of smart service systems and cyber-physical infrastructures, such as smart energy, transportation, healthcare, supply-chain, etc. Alongside, the availability of low-cost wireless sensor networks, Internet of Things (IoTs) and rich mobile devices (e.g., smartphones) are also empowering humans with fine-grained information and opinion collection through crowdsensing about events of interest, thus resulting in actionable inferences and decisions. This synergy has led to cyber-physical-social (CPS) convergence with human in the loop that exhibits complex interactions, inter-dependencies and adaptations between engineered/natural systems and human users with agoal to improve quality of life experience in what we call smart living. However, the main challenges are posed by the scale, heterogeneity, big data, and resource limitations in context recognition and situation awareness using sensors, IoTs and CPS networks. This talk will first highlight unique research issues and challenges in smart living and CPS systems, followed by novel solutions for energy-efficient data gathering and fusion, coverage and connectivity, security and trustworthiness, and trade-off between energy and information quality in multi-modal context recognition. We will present case studies and experimental results for smart grid and smart healthcare applications. The talk will be concluded with directions for future research.

     

    BioGRAPHY

    Dr. Sajal K. Das, whose academic genealogy includes Thomas Alva Edison,  is a professor of Computer Science and Daniel St. Clair Endowed Chair at Missouri University of Science and Technology, Rolla, where he was the Chair of Computer Science Department during 2013-2017. During 2008-2011, he served the NSF as a Program Director in the Computer and Network Systems Division. Prior to 2013, Dr. Das was a University Distinguished Scholar Professor of Computer Science and Engineering, and founding director of Center for Research in Wireless Mobility and Networking (CReWMaN) at the University of Texas at Arlington. His broad research interests include IoTs, big data analytics, cloud computing, wireless sensor networks, mobile and pervasive computing, cyber-physical systems, smart environments including smart grid and smart healthcare, cyber-security and trustworthiness, biological and social networks, and applied graph theory and game theory. He has directed over $15M funded projects and published over 700 papers in high quality journals and refereed conference proceedings. He holds 5 US patents, co-authored 52 invited book chapters, and 4 books – “Smart Environments: Technology, Protocols, and Applications” (John Wiley, 2005); “Handbook on Securing Cyber-Physical Critical Infrastructure: Foundations and Challenges” (Morgan Kaufman, 2012); “Mobile Agents in Distributed Computing and Networking” (Wiley, 2012); and “Principles of Cyber-Physical Systems: An Interdisciplinary Approach” (Cambridge University Press, 2018). According to DBLP, Dr. Das is one of the most prolific authors in computer science. His h-index is 78 with more than 25,000 citations according to Google Scholar. He has graduated 41 Ph.D. students. He is a recipient of 10 Best Paper Awards and numerous awards for research, teaching, mentoring and professional services, including IEEE Computer Society’s Technical Achievement Award for pioneering contributions to sensor networks and mobile computing, and Graduate Dean’s Award of Excellence in Mentoring Doctoral Students. Dr. Das serves as the founding Editor-in-Chief of Elsevier’s Pervasive and Mobile Computing journal (since 2005) and as Associate Editor of several journals including IEEE Transactions on Mobile Computing and ACM Transactions on Sensor Networks. A (co)-founder of IEEE PerCom, WoWMoM, SMARTCOMP, and ICDCN conferences, he has served on numerous ACM and IEEE conference committees as General Chair, Technical Program Chair, or Program Committee member. Dr. Das is an IEEE Fellow for pioneering contributions to parallel, distributed and mobile computing.

  • Vijay V. Vazirani, University of California, Irvine
    Wednesday, January 3, 2018 - 12:30
    KD 101

    Abstract:  Is matching in NC, i.e., is there a deterministic fast parallel algorithm for it? This has been an outstanding open question in TCS for over three decades, ever since the discovery of Random NC matching algorithms. Within this question, the case of planar graphs has remained an enigma: On the one hand, counting the number of perfect matchings is far harder than finding one (the former is #P-complete and the latter is in P), and on the other, for planar graphs, counting has long been known to be in NC whereas finding one has resisted a solution!

    The case of bipartite planar graphs was solved by Miller and Naor in 1989 via a flow-based algorithm.  In 2000, Mahajan and Varadarajan gave an elegant way of using counting matchings to finding one, hence giving a
    different NC algorithm.

    However, non-bipartite planar graphs still didn't yield: the stumbling block being odd tight cuts.  Interestingly enough, these are also a key to the solution: a balanced odd tight cut leads to a straight-forward divide
    and conquer NC algorithm. The remaining task is to find such a cut in NC. This requires several algorithmic ideas, such as finding a point in the interior of the minimum weight face of the perfect matching polytope and
    uncrossing odd tight cuts.

    Paper available at:  https://arxiv.org/pdf/1709.07822.pdf

    Joint work with Nima Anari.

    About the speaker:

    Vijay Vazirani is a leading theoretical computer scientist, with seminal contributions in many areas, e.g., in complexity theory, algorithmic matching theory, approximation algorithms, algorithmic game theory,
    computability of market equilibria, etc. Two of his most significant contributions are: if UNIQUE-SAT is in P then NP = RP (Valiant-Vazirani Theorem), and an algorithm for finding maximum matchings in general
    graphs, the best algorithm for the problem till date.

  • Rajesh K. Gupta, UCSD
    Friday, December 29, 2017 - 15:30
    RM101

    Abstract:Emerging cyber-physical systems are distributed systems in constant interaction with their physical environments through sensing and actuation at network edges. Precise knowledge of time is important for many of its operations from networking, localization to embedded control algorithms. Yet, timing uncertainty increases by orders of magnitude through the software, network stack and due to architectural and adversarial operational factors. Project ROSELINE is a collaboration among four universities with the goal to make timing information visible and controllable, reduce timing uncertainty to enable robust and secure time-centric applications. The strategies range from specialized architectural and programming assists to synchronization protocols that reduce communication burden, establish limits on the quality of time and its impact on stability of control algorithms. In this talk, I will provide an overview of the strategies and results from the ongoing collaborative project.

    Speaker Bio: Rajesh Gupta research interests span topics in embedded and cyber-physical systems with a focus on timing and energy from algorithms, devices to systems that scale from IC chips, and data centers to built environments such as commercial buildings. He currently leads NSF project MetroInsight with the goal to organize and use city-scale sensing data for improved services. His past contributions include SystemC modeling and SPARK parallelizing high-level synthesis, both of which have been incorporated into industrial practice. Earlier, Gupta led NSF Expeditions on Variability, and DARPA-sponsored efforts under the Data Intensive Systems (DIS) and Circuit Realization at Faster Timescales (CRAFT) programs. Gupta and his students have received a best demonstration paper award at ACM BuildSys'16 , best paper award at IEEE/ACM DCOSS’08 and a best demonstration award at IEEE/ACM IPSN/SPOTS’05.Gupta received a Bachelor of Technology in electrical engineering from IIT Kanpur, India; a Master of Science in EECS from University of California, Berkeley; and a PhD in electrical engineering from Stanford University, US. He currently holds INRIA International Chair at the French international research institute in Rennes, Bretagne Atlantique. Gupta  is a Fellow of the IEEE and the ACM.

  • Mani Srivastava, UCLA
    Friday, December 29, 2017 - 14:30
    RM101

    Abstract: Sensors in our phones, sensors on our bodies, sensors in our spaces. Just in a short time span we seem to have beeninundated by sensors everywhere. Sitting at the edges of the emerging distributed computing fabric being called theInternet of Things (IoT), networked sensors produce rich data of high volume, velocity, and variety. These sensorydata streams enable pervasive awareness, predictive analytics, customization and just-in- time intervention in avariety of application domains such as mHealth, smart buildings, and intelligent transportation.

    While their benefits are numerous, sensors also present immense new privacy and security risks that are hard tocomprehend as the high-dimensionality sensor data is quite different from other data that we encounter in our livesand have experience with. Sophisticated adversaries, benefiting from the same advances in computing technologiesas the sensing systems, can manipulate sensory sources and analyze data in subtle ways to extract sensitiveknowledge, cause erroneous inferences, and subvert decisions. The consequences of these compromises will onlyamplify as our society increasingly complex human-cyber- physical systems with increased reliance on sensoryinformation and real-time decision cycles.

    The problems of privacy and security are getting magnified as the early sensing-focused IoT systems are leading to anew generation of IoT systems where the sensor data is being used to influence and control the state of human-cyber-physical systems at multiple scales ranging from personal to societal. The sensor data, instead of beingingested primarily for slower time-scale knowledge discovery and decision making, is becoming part of a complexweb of distributed autonomous and semi-autonomous feedback loops controlling and coordinating swarms ofautonomous devices owned and managed by multiple parties and intelligently operating in shared spaces whileinteracting with humans and the physical world around them. Such systems present new threats and systemvulnerabilities, such as corruption of control loops, exploitation of physical channels among sensors and actuators,and manipulation of timing information that control algorithms critically depend upon.

    Drawing upon examples from applications such as mobile health and sustainable buildings, this talk will discuss thechallenges in designing a trustworthy computing substrate for pervasive perception, cognition, and action. For it tobe trusted by both, the pervasive sensing infrastructure must be robust to active adversaries who are deceptivelyextracting private information, manipulating beliefs and subverting control decisions. Solving these challengeswould require a new science of resilient, secure and trustworthy networked sensing and control systems thatcombines methods from multiple disciplines, and the talk would provide some initial insights and results.

    Speaker Bio: Mani Srivastava is on the faculty in the ECE Department at UCLA, with a joint appointment in the CS Department.Previously, he obtained his undergraduate degree from IIT Kanpur, his MS and PhD from UC Berkeley. Beforejoining UCLA, and worked at Bell Labs Research. His research is broadly in the area of networked human-cyber-physical systems, and spans problems across the entire spectrum of applications, architectures, algorithms, andtechnologies. His current interests include issues of energy efficiency, privacy and security, data quality, andvariability in the context of systems and applications for mHealth and sustainable buildings. He is a Fellow of theACM and the IEEE. More information about his research is available at his lab’s website: http://www.nesl.ucla.edu.

  • Ramesh Karri (New York University, New York)
    Tuesday, August 22, 2017 - 10:00
    RM 301

    Abstract: This presentation will explore the security implications of biochips that are envisioned for use in lab-on-chips. We will discuss how attackers in the bio-chip supply chain can undermine proprietary biochemical protocols or alter their results, with serious consequences for laboratory analysis, healthcare, and biotechnology innovation.

    Bio: Ramesh Karri is a Professor of Electrical and Computer Engineering at Tandon School of Engineering, New York University. He has a Ph.D. in Computer Science and Engineering, from the University of California at San Diego. His research and education activities span hardware cybersecurity including trustworthy ICs, processors and cyberphysical systems; security-aware computer aided design, test, verification, validation and reliability; nano meets security; metrics; benchmarks; hardware cybersecurity competitions; additive manufacturing security. He has over 200 journal and conference publications including tutorials on Trustworthy Hardware in IEEE Computer (2) and Proceedings of the IEEE (5). His groups work on hardware cybersecurity was nominated for best paper awards (ICCD 2015 and DFTS 2015) and received awards at conferences (ITC 2014, CCS 2013, DFTS 2013 and VLSI Design 2012) and at competitions (ACM Student Research Competition at DAC 2012, ICCAD 2013, DAC 2014, ACM Grand Finals 2013, Kaspersky Challenge and Embedded Security Challenge). He was the recipient of the Humboldt Fellowship and the National Science Foundation CAREER Award. He is the area director for cyber security of the NY State Center for Advanced Telecommunications Technologies at NYU-Poly; Co-founded the NYU Center for CyberSecurity  -CCS (http://cyber.nyu.edu/), co-founded the Trust-Hub (http://trust-hub.org/) and founded and organizes the Embedded Security Challenge, the annual red team blue team event at NYU,  (http://www.nyu.edu/csaw2016/csaw-embedded).

  • Farshad Khorrami (New York University, New York)
    Tuesday, August 22, 2017 - 10:00
    RM 301

    Abstract: This talk will address some of our prior and on-going efforts on various security aspects of analog side channels of embedded cyber-physical systems (CPS). Modern CPS are complex interconnections of heterogeneous hardware and software components. With increasing complexity, connectivity, and programmability of embedded CPS devices, the potential cyber-attack surface has also been increasing making the study of related cyber-security issues highly relevant and timely. In particular, analog side channels are especially interesting from both attack (e.g., exploiting these side channels as an attack mechanism such as for information leakage) and defense viewpoints (e.g., utilizing these side channels for real-time monitoring). In this context, process-aware information leakage utilizing acoustic side channels from CPS instrumentation without impacting process stability and performance will be discussed. Thermal side channel monitoring of CPS devices leveraging their typical periodic code structures will also be discussed. Both the algorithmic techniques and hardware implementation aspects will be presented in the talk. The implementation of a Hardware-In-The-Loop (HITL) CPS testbed for study of cyber-security of embedded CPS devices will also be presented.

    Bio:  Farshad Khorrami received his Bachelors degrees in Mathematics and Electrical Engineering in 1982 and 1984 respectively from The Ohio State University. He also received his Master's degree in Mathematics and Ph.D. in Electrical Engineering in 1984 and 1988 from The Ohio State University. Dr. Khorrami is currently a professor of Electrical & Computer Engineering Department at NYU where he joined as an assistant professor in Sept. 1988. His research interests include adaptive and nonlinear controls, robotics and automation,  control systems and CPS security, embedded systems security, unmanned vehicles (fixed-wing and rotary wing aircrafts as well as underwater vehicles and surface ships), smart structures, large-scale systems and decentralized control, smart grid security, and microprocessor based control and instrumentation. Prof. Khorrami has published more than 250 refereed journal and conference papers in these areas. His book on "modeling and adaptive nonlinear control of electric motors" was published by Springer Verlag in 2003. He also has fourteen U.S. patents on novel smart micro-positioners and actuators, control systems, cyber security, and wireless sensors and actuators. He has developed and directed the Control/Robotics Research Laboratory at Polytechnic Univrsity (Now NYU).  His research has been supported by the Army Research Office, National Science Foundation, Office of Naval Research, DARPA, Sandia National Laboratory, Army Research Laboratory, NASA, Boeing, and several corporations. Prof. Khorrami has served as general chair and conference organizing committee member of several international conferences.

  • Hoda A. Alkhzaimi, New York University Abu Dhabi
    Tuesday, August 22, 2017 - 10:00
    RM 301

    Abstract: Throughout the years, designing a symmetric cipher with a specific security rationale, and designing the cryptanalytic techniques that will test the claimed security bounds went hand-in-hand to test the boundaries on the design and attack methods. This formed a continuous evolution in the approaches that cryptographic primitives are constructed to be suitable for future and current hardware environments. This seminar session is meant to shed focus on the different conventional and lightweight design approaches for block ciphers. In addition to considering different design criteria and requirements for the different layers within a certain design. It will also introduce an  overview on the possible generic, structural and statistical cryptanalytic techniques that can be used to test or reduce certain security properties within a design. We will finally look into possible connections between different cryptanalytic methods and how this can be used to utilize an effective attack model.

    Bio: Hoda A.Alkhzaimi is currently a research assistant professor in New York University and the Director of Center of Cyber Security in NewYork University AD. She served in different posts for research and development in Cyber Security and Cryptology for the past years. She headed the Department of Research and Development for Cyber Security and Cryptology in different national initiatives in the United Arab Emirates along with her associations to different security initiatives nationally and internationally.  Alkhzaimi has a specific expertise in cryptology; cryptanalysis, constructing and validating security hardware and software components, constructing trusted security architectures for different environments in different products for the respective industries. HodaA.Alkhzaimi obtained her PhD inCryptanalysis from Denmark Technical University. Her current research interests include
    Space, Aerospace, and UAV security, constructing and analyzing cryptographic primitives, validating and investigating links between different cryptanalytic approaches and utilizing cryptographic primitives in different cybersecurity architectures as in Internet of Things and big data analysis among ot

  • Ozgur Sinanoglu (New York University at Abu Dhabi)
    Tuesday, August 22, 2017 - 10:00
    RM 301

    Globalization of Integrated Circuit (IC) design and manufacturing is making designers and users of ICs re-assess their trust in hardware. As the IC design flow spans the globe - driven by cost-conscious consumer electronics - hardware is increasingly prone to reverse engineering, Intellectual Property (IP) piracy and malicious modifications (i.e., hardware trojans). An attacker, anywhere within the global design flow, can reverse engineer the functionality of an IC/IP, steal and claim ownership of the IP or introduce counterfeits into the supply chain. Moreover, an untrusted IC fab may overbuild ICs and sell them illegally. Finally, rogue elements in the fabs may insert hardware trojans into the design without the knowledge of the designer or the end-user of the IC; this additional functionality may subsequently be exploited to introduce errors in the results, steal sensitive information or incapacitate a fielded system. The semiconductor industry routinely loses $billions annually due to these attacks.  This talk will cover various forms of threats that the electronic chip supply chain is up against, as well as defenses against these threats. It will focus on one particular solution—logic locking—by covering its basics and evolution. It will also demonstrate the first-ever prototype: the first chip that is resilient to hardware-level threats.

    Bio:  Ozgur Sinanoglu is an associate professor of electrical and computer engineering at New York University Abu Dhabi. He earned his B.S. degrees, one in Electrical and Electronics Engineering and one in Computer Engineering, both from Bogazici University, Turkey in 1999. He obtained his MS and PhD in Computer Science and Engineering from University of California San Diego in 2001 and 2004, respectively. He has industry experience at TI, IBM and Qualcomm, and has been with NYU Abu Dhabi since 2010. During his PhD, he won the IBM PhD fellowship award twice. He is also the recipient of the best paper awards at IEEE VLSI Test Symposium 2011 and ACM Conference on Computer and Communication Security 2013.  Prof. Sinanoglu’s research interests include design-for-test, design-for-security and design-for-trust for VLSI circuits, where he has around 160 conference and journal papers, and 20 issued and pending US Patents. Sinanoglu has given more than a dozen tutorials on hardware security and trust in leading CAD and test conferences, such as DAC, DATE, ITC, VTS, ETS, ICCD, ISQED, etc. He is serving as track/topic chair or technical program committee member in about 15 conferences, and as (guest) associate editor for IEEE TIFS, IEEE TCAD, ACM JETC, IEEE TETC, Elsevier MEJ, JETTA, and IET CDT journals.  Prof. Sinanoglu is the director of the Design-for-Excellence Lab at NYU Abu Dhabi. His recent research in hardware security and trust is being funded by US National Science Foundation, US Department of Defense, Semiconductor Research Corporation, and Mubadala Technology.

  • Ajay Singh, 15111005
    Monday, July 17, 2017 - 11:30
    KD 101

    In the recent years, there has been a rapid rise in the number of files submitted to anti-virus companies for analysis, so it has become very difficult to analyse functionality of each file manually. Malware developers have been highly successful in evading the signature-based detection techniques. Most of the prevailing static analysis techniques involve a tool to parse the file. The entire analysis process becomes dependent to the efficacy of the tool, if the tool crashes the process is hampered. Most of the dynamic analysis techniques involve the binary file to be run in a sand-boxed environment to examine its behaviour. This can be easily thwarted by hiding the malicious activities of the file if it is being run inside a virtual environment. In this thesis, we have explored a new technique to represent malware as images. We then used existing neural network techniques, for classifying images, to train a classifier for classifying new malware files into their respective classes. By converting the file into an image representation we have made our analysis process independent of any tool also the process becomes less time consuming. With our model we have been able to get an accuracy of 98.21% in classifying malware samples. 

  • Pranjul Ahuja, 15111029
    Monday, July 17, 2017 - 10:30
    KD 101

    There has been an exponential  growth in the number of malware in the cyber world in the last few years. Modern malware use sophisticated techniques such as polymorphism and metamorphism to thwart the malware detection and analysis.

    Detecting malware on the basis of their features and behavior is critical for the computer security community. Most anti-virus depends on the signature based detection which is relatively easy to evade and is ineffective for zero-day exploit based malwares. Static analysis analyzes the executables without executing them whereas dynamic analysis actually executes the malware in a sand-boxed environment and the system changes are logged for further investigation. In this thesis, we are adopting a hybrid approach in which we integrate the feature vectors extracted from both static and dynamic analysis to detect unknown malware. Our experiments obtained an accuracy of 98.62% in detecting malware. Our detection system is robust and scalable as we have increased the amount of samples used for analysis and reduced the feature space compared to the existing approaches in the literature.

Pages

  • Ajay Singh, 15111005
    Monday, July 17, 2017 - 11:30
    KD 101

    In the recent years, there has been a rapid rise in the number of files submitted to anti-virus companies for analysis, so it has become very difficult to analyse functionality of each file manually. Malware developers have been highly successful in evading the signature-based detection techniques. Most of the prevailing static analysis techniques involve a tool to parse the file. The entire analysis process becomes dependent to the efficacy of the tool, if the tool crashes the process is hampered. Most of the dynamic analysis techniques involve the binary file to be run in a sand-boxed environment to examine its behaviour. This can be easily thwarted by hiding the malicious activities of the file if it is being run inside a virtual environment. In this thesis, we have explored a new technique to represent malware as images. We then used existing neural network techniques, for classifying images, to train a classifier for classifying new malware files into their respective classes. By converting the file into an image representation we have made our analysis process independent of any tool also the process becomes less time consuming. With our model we have been able to get an accuracy of 98.21% in classifying malware samples. 

  • Pranjul Ahuja, 15111029
    Monday, July 17, 2017 - 10:30
    KD 101

    There has been an exponential  growth in the number of malware in the cyber world in the last few years. Modern malware use sophisticated techniques such as polymorphism and metamorphism to thwart the malware detection and analysis.

    Detecting malware on the basis of their features and behavior is critical for the computer security community. Most anti-virus depends on the signature based detection which is relatively easy to evade and is ineffective for zero-day exploit based malwares. Static analysis analyzes the executables without executing them whereas dynamic analysis actually executes the malware in a sand-boxed environment and the system changes are logged for further investigation. In this thesis, we are adopting a hybrid approach in which we integrate the feature vectors extracted from both static and dynamic analysis to detect unknown malware. Our experiments obtained an accuracy of 98.62% in detecting malware. Our detection system is robust and scalable as we have increased the amount of samples used for analysis and reduced the feature space compared to the existing approaches in the literature.

  • Shobhit Rastogi
    Monday, July 10, 2017 - 11:00
    KD 103

    Abstract: SMTP is a text based protocol and this property of the protocol renders it really insecure as any mail can be compromised if intercepted. Therefore, I have augmented the source code of  an open source MTA ,i.e., Haraka to incorporate the public key cryptography using openpgpjs module. Haraka is written in asynchronous JS and is totally based on plugins. For the first time, the client generates a key pair and sends the public key component of the key to the designated server for registration. The registration process follows OTP authentication. Now every client registered on the network has a secret private key and the corresponding public key stored on the server. I have created a server whose sole task is key management. Whenever a client wants to send a mail, it requests the server for the public key of the recipient and encrypts the mail body. The mail is decrypted by the designated client with it’s private key and the pass phrase, which are kept confidential.

  • Mohit Sharma & Utsava Verma
    Monday, July 10, 2017 - 11:00
    KD 103

    Abstract: The only way to really determine what a piece of malicious software is doing is to analyze it. Statistics show that around 3 lakhs malwares per day are being encountered by various antivirus companies. Analysis of such large number of malwares is a challenging task. Moreover, most of the malware are modified versions of some pre-existing malware and do not need manual analysis. The experts need to focus more on the malwares not encountered before to identify their signature. There are two techniques which can be used to perform an analysis on a piece of software to understand what it does: static analysis – analyzing the source of the malware and dynamic analysis-observation of network traffic and any changes made to the operating system environment as the executable runs. Our focus during the internship was on static analysis. We applied machine learning models on the attributes of the files such as Windows Portable Executable files in order to correctly classify a file as malicious or benign.

  • Amodini Vardhan
    Monday, July 10, 2017 - 11:00
    KD 103

    Abstract: Cyber security audits of the existing grade management system-OARS has revealed number of attacks on the system that could lead to serious consequences such as revealing the grades and changing them by unauthorized users and attackers.

    Thus, to mitigate such incidents in the future in this project a software is being built on open source content-management framework -Drupal. The Grade Management system covers the three major phases of an academic session- Pre-Registration, Grading and Registration accessible to students, instructors and admin officers. The system is being built in a scalable way such that it caters the needs of colleges and universities all over India. The talk will focus on describing the major functionalities implemented for all the three types of users. Security of the software is ensured by providing strict roles to every authenticated user such that they can only view content as per their roles (student, instructor or admin office), through strong password settings, checking drupal vulnerabilities and using various penetration testing tools. Two factor authentications is also implemented for every user(tfa) which gives access to a user only when he enters the password and Time-based One-time Password at the login.

    The talk will majorly focus on:

    1.The general flow of website from the point of view of all the 3 types of users.

    2.Scalabilty and how easily it can be changed as per the requirements of college.

    3.How the security of the system is ensured and future works.

  • Jayadeep reddy Ganta
    Monday, July 10, 2017 - 11:00
    KD 103

    Abstract: As the world is shifting towards the faster 4G LTE which is the next generation network enabling to meet the requirements of mobile migrations of Internet applications such as VoIP (Voice over IP), video streaming and mobile TV, Encryption of data being sent through the network is of utmost importance. As per international standards set by 3GPP and ETSI organisation, AES, SNOW-3G and ZUC algorithms have chosen for maintaining data security. The objective of the internship is to design a co-processor for ZUC algorithm, EIA-3 and EEA-3 algorithms on FPGA board. Although these algorithms could be implemented on processors using software solutions, implementing a dedicated co-processor would make the process more robust in nature, difficult for the attacker to interfere if the system is compromised and increase the throughput of the algorithm by many folds than the software implementation. ZUC algorithm is a stream cipher mainly intended for the Chinese market as it is the only algorithm approved by the Chinese government. My work has been mainly focused on understanding the ZUC algorithm in its entirety and implementing it on an Artix-7 board. After implementing the algorithm using the Xilinx Vivado tool, I checked for the important characteristics like critical path, maximum operating frequency, area used and total power consumed and compared them existing literature to check the efficiency of my design. Using ZUC as core, I have finally implemented EEA-3 and EIA-3 algorithm which are the actual confidentiality and integrity algorithm which will be deployed in field.

  • Mugdha Jadhao
    Monday, July 10, 2017 - 11:00
    KD 103

    Abstract: In communication systems, cryptographic algorithms play an important role to provide secrecy, authentication and integrity. The elementary difference between emerging 4G wireless networks and other preceding versions is that 4G operates entirely on the TCP/IP architectural suite, thus becoming totally IP based which makes it more prone to risks in terms of safety and reliability. The whole security architecture of LTE/SAE consists of four main hardware-oriented cryptographic algorithms as per international set standards: KASUMI block cipher, SNOW-3G stream cipher, the MILENAGE algorithm set, and the ZUC algorithm. It is generally easy to implement crypto algorithms in software, but such algorithms are proven to be quite slow for real-time applications, such as mobile phones. For this reason, it becomes necessary to implement crypto algorithms as hardware modules or crypto processors. My task was to design a coprocessor for SNOW-3G algorithm and use it as a core in EEA1 confidentiality and EIA1 integrity algorithms and implement on FPGA Artix 7 board. The algorithm was designed in verilog language. Post implementation important characteristics like critical path, maximum operating frequency, area used and total power consumed were noted in the Xilinx Vivado tool and compared with existing literature to check the efficiency of the design. 

  • Aditya Srivastava
    Saturday, July 8, 2017 - 12:00
    KD 102

    Abstract: Critical Infrastructures are the most important assets for any country in terms of economic and financial aspects and they vary from country to country. For India, power and water supplies are some of the critical infrastructures that are controlled using industrial control systems. SCADA (supervisory control and data acquisition systems) plays an important role in it. Recently they have become attractive target for highly skilled and organized cyber attackers. In the past a malware named STUXNET targeted industrial site of Iran-Uranium enrichment plant. It manipulated the set point at which the centrifuges are supposed to rotate which changed the speed of the centrifuges without the knowledge of the uranium enrichment plant-operators. A recent power blackout in Ukraine's capital Kiev was caused by a cyber-attack which created a blackout in entire north zone of the capital.

    These incidents have drawn our attention towards strengthening of cybersecurity in critical infrastructure. And for this we need persistent security systems which can defend against zero day attacks. We have seen signature based IDS (Intrusion Detection Systems) that can defend against known or defined attack types but not unknown or zero days. For this we need Intelligent Intrusion detection systems that use deep learning techniques like neural networks to defend against these attacks. 

    This project involves

    • Development of a Simulation Environment of an Industrial Control System using Python, Virtualization Technology and communication protocol MODBUS TCP.
    • An anomaly based IDS using LSTM Recurrent Neural Network for ICS as these have the capabilities to learn important patterns and forget the not so important things about the operation of the plant.
    • Analysis of Code Injection Attacks detected by IDS
  • Akshat Aggarwal
    Saturday, July 8, 2017 - 11:30
    KD 102

    Abstract: In the current era of cyber warfare and security threat attacks, where the strength of any nation in the present world is measured largely by the growth of its technical strength, it comes as a crucial need to constantly monitor and analyze the ongoing threats and day to day malicious activities. The Cyber Threat Intelligence Analysis project will deal with:

    1. Real-time extraction of raw threat intelligence data like malicious IP addresses, latest information regarding Botnets, Malwares, Spams IP, Phishing attacks across the world from multiple reliable sources and threat feeds across the Internet and from the honeypot sources of the IIT Kanpur Honey-pot network.

    2. The project further aims to make a statistical dashboard and a web API service of this data. This includes providing real-time updates of multiple statistical visualizations like threat intelligence pie-charts, GeoIP maps, country-wise comparisons, date-time analysis and other data aggregation techniques.

    3. The final task accomplished in this project is to detect whether a URL is malicious or safe by analyzing and classifying URLs as malicious or benign by applying machine learning algorithms on a corpus of URL text. An analysis of accuracy of multiple machine learning classification algorithms is done and the best one is chosen.

  • Sagar Sharma
    Saturday, July 8, 2017 - 11:00
    KD 102

    Abstract: In today's scenario, every facility is being digitalized. These facilities and luxuries are the result of several work-hours of rigorous work put in by the team of developers, be it a standalone application or a massively multiplayer gaming network. But security is seldom the priority of developers unless the system is designed to provide security itself. And the fact remains that people with malicious intent still try to take advantage of the security loopholes left by the developers, mostly for profit and sometimes just for fun. Given the facility is a critical system like a power plant, such attacks may lead to nationwide distress. On the other hand, vulnerabilities in a system like a banking network can cause economic loss to numerous individuals. However, more than 75% of these vulnerabilities exist on the application level. These are mostly the implementation and programming mistakes. Some of them are: integer overflow, buffer overflow, faulty string formatting, double free etc. Though this lead to most of the exploitation which are easily avoidable by simple practices and awareness, like VAPT, input validation, input sanitization, etc. These are the few topics that I would be discussing and demonstrating.

Pages

  • Prof. Sajal K. Das, IEEE Fellow, Daniel St. Clair Endowed Chair, Missouri University of Science and Technology, USA
    Friday, January 12, 2018 - 15:30
    RM 101

    ABSTRACT

    We live in an era in which our physical and personal environments are becoming increasingly intertwined and smarter due to the advent of pervasive sensing, wireless communications, computing, and actuation technologies. Indeed our daily livingin smart cities and connected communities will depend on a wide variety of smart service systems and cyber-physical infrastructures, such as smart energy, transportation, healthcare, supply-chain, etc. Alongside, the availability of low-cost wireless sensor networks, Internet of Things (IoTs) and rich mobile devices (e.g., smartphones) are also empowering humans with fine-grained information and opinion collection through crowdsensing about events of interest, thus resulting in actionable inferences and decisions. This synergy has led to cyber-physical-social (CPS) convergence with human in the loop that exhibits complex interactions, inter-dependencies and adaptations between engineered/natural systems and human users with agoal to improve quality of life experience in what we call smart living. However, the main challenges are posed by the scale, heterogeneity, big data, and resource limitations in context recognition and situation awareness using sensors, IoTs and CPS networks. This talk will first highlight unique research issues and challenges in smart living and CPS systems, followed by novel solutions for energy-efficient data gathering and fusion, coverage and connectivity, security and trustworthiness, and trade-off between energy and information quality in multi-modal context recognition. We will present case studies and experimental results for smart grid and smart healthcare applications. The talk will be concluded with directions for future research.

     

    BioGRAPHY

    Dr. Sajal K. Das, whose academic genealogy includes Thomas Alva Edison,  is a professor of Computer Science and Daniel St. Clair Endowed Chair at Missouri University of Science and Technology, Rolla, where he was the Chair of Computer Science Department during 2013-2017. During 2008-2011, he served the NSF as a Program Director in the Computer and Network Systems Division. Prior to 2013, Dr. Das was a University Distinguished Scholar Professor of Computer Science and Engineering, and founding director of Center for Research in Wireless Mobility and Networking (CReWMaN) at the University of Texas at Arlington. His broad research interests include IoTs, big data analytics, cloud computing, wireless sensor networks, mobile and pervasive computing, cyber-physical systems, smart environments including smart grid and smart healthcare, cyber-security and trustworthiness, biological and social networks, and applied graph theory and game theory. He has directed over $15M funded projects and published over 700 papers in high quality journals and refereed conference proceedings. He holds 5 US patents, co-authored 52 invited book chapters, and 4 books – “Smart Environments: Technology, Protocols, and Applications” (John Wiley, 2005); “Handbook on Securing Cyber-Physical Critical Infrastructure: Foundations and Challenges” (Morgan Kaufman, 2012); “Mobile Agents in Distributed Computing and Networking” (Wiley, 2012); and “Principles of Cyber-Physical Systems: An Interdisciplinary Approach” (Cambridge University Press, 2018). According to DBLP, Dr. Das is one of the most prolific authors in computer science. His h-index is 78 with more than 25,000 citations according to Google Scholar. He has graduated 41 Ph.D. students. He is a recipient of 10 Best Paper Awards and numerous awards for research, teaching, mentoring and professional services, including IEEE Computer Society’s Technical Achievement Award for pioneering contributions to sensor networks and mobile computing, and Graduate Dean’s Award of Excellence in Mentoring Doctoral Students. Dr. Das serves as the founding Editor-in-Chief of Elsevier’s Pervasive and Mobile Computing journal (since 2005) and as Associate Editor of several journals including IEEE Transactions on Mobile Computing and ACM Transactions on Sensor Networks. A (co)-founder of IEEE PerCom, WoWMoM, SMARTCOMP, and ICDCN conferences, he has served on numerous ACM and IEEE conference committees as General Chair, Technical Program Chair, or Program Committee member. Dr. Das is an IEEE Fellow for pioneering contributions to parallel, distributed and mobile computing.

  • Vijay V. Vazirani, University of California, Irvine
    Wednesday, January 3, 2018 - 12:30
    KD 101

    Abstract:  Is matching in NC, i.e., is there a deterministic fast parallel algorithm for it? This has been an outstanding open question in TCS for over three decades, ever since the discovery of Random NC matching algorithms. Within this question, the case of planar graphs has remained an enigma: On the one hand, counting the number of perfect matchings is far harder than finding one (the former is #P-complete and the latter is in P), and on the other, for planar graphs, counting has long been known to be in NC whereas finding one has resisted a solution!

    The case of bipartite planar graphs was solved by Miller and Naor in 1989 via a flow-based algorithm.  In 2000, Mahajan and Varadarajan gave an elegant way of using counting matchings to finding one, hence giving a
    different NC algorithm.

    However, non-bipartite planar graphs still didn't yield: the stumbling block being odd tight cuts.  Interestingly enough, these are also a key to the solution: a balanced odd tight cut leads to a straight-forward divide
    and conquer NC algorithm. The remaining task is to find such a cut in NC. This requires several algorithmic ideas, such as finding a point in the interior of the minimum weight face of the perfect matching polytope and
    uncrossing odd tight cuts.

    Paper available at:  https://arxiv.org/pdf/1709.07822.pdf

    Joint work with Nima Anari.

    About the speaker:

    Vijay Vazirani is a leading theoretical computer scientist, with seminal contributions in many areas, e.g., in complexity theory, algorithmic matching theory, approximation algorithms, algorithmic game theory,
    computability of market equilibria, etc. Two of his most significant contributions are: if UNIQUE-SAT is in P then NP = RP (Valiant-Vazirani Theorem), and an algorithm for finding maximum matchings in general
    graphs, the best algorithm for the problem till date.

  • Rajesh K. Gupta, UCSD
    Friday, December 29, 2017 - 15:30
    RM101

    Abstract:Emerging cyber-physical systems are distributed systems in constant interaction with their physical environments through sensing and actuation at network edges. Precise knowledge of time is important for many of its operations from networking, localization to embedded control algorithms. Yet, timing uncertainty increases by orders of magnitude through the software, network stack and due to architectural and adversarial operational factors. Project ROSELINE is a collaboration among four universities with the goal to make timing information visible and controllable, reduce timing uncertainty to enable robust and secure time-centric applications. The strategies range from specialized architectural and programming assists to synchronization protocols that reduce communication burden, establish limits on the quality of time and its impact on stability of control algorithms. In this talk, I will provide an overview of the strategies and results from the ongoing collaborative project.

    Speaker Bio: Rajesh Gupta research interests span topics in embedded and cyber-physical systems with a focus on timing and energy from algorithms, devices to systems that scale from IC chips, and data centers to built environments such as commercial buildings. He currently leads NSF project MetroInsight with the goal to organize and use city-scale sensing data for improved services. His past contributions include SystemC modeling and SPARK parallelizing high-level synthesis, both of which have been incorporated into industrial practice. Earlier, Gupta led NSF Expeditions on Variability, and DARPA-sponsored efforts under the Data Intensive Systems (DIS) and Circuit Realization at Faster Timescales (CRAFT) programs. Gupta and his students have received a best demonstration paper award at ACM BuildSys'16 , best paper award at IEEE/ACM DCOSS’08 and a best demonstration award at IEEE/ACM IPSN/SPOTS’05.Gupta received a Bachelor of Technology in electrical engineering from IIT Kanpur, India; a Master of Science in EECS from University of California, Berkeley; and a PhD in electrical engineering from Stanford University, US. He currently holds INRIA International Chair at the French international research institute in Rennes, Bretagne Atlantique. Gupta  is a Fellow of the IEEE and the ACM.

  • Mani Srivastava, UCLA
    Friday, December 29, 2017 - 14:30
    RM101

    Abstract: Sensors in our phones, sensors on our bodies, sensors in our spaces. Just in a short time span we seem to have beeninundated by sensors everywhere. Sitting at the edges of the emerging distributed computing fabric being called theInternet of Things (IoT), networked sensors produce rich data of high volume, velocity, and variety. These sensorydata streams enable pervasive awareness, predictive analytics, customization and just-in- time intervention in avariety of application domains such as mHealth, smart buildings, and intelligent transportation.

    While their benefits are numerous, sensors also present immense new privacy and security risks that are hard tocomprehend as the high-dimensionality sensor data is quite different from other data that we encounter in our livesand have experience with. Sophisticated adversaries, benefiting from the same advances in computing technologiesas the sensing systems, can manipulate sensory sources and analyze data in subtle ways to extract sensitiveknowledge, cause erroneous inferences, and subvert decisions. The consequences of these compromises will onlyamplify as our society increasingly complex human-cyber- physical systems with increased reliance on sensoryinformation and real-time decision cycles.

    The problems of privacy and security are getting magnified as the early sensing-focused IoT systems are leading to anew generation of IoT systems where the sensor data is being used to influence and control the state of human-cyber-physical systems at multiple scales ranging from personal to societal. The sensor data, instead of beingingested primarily for slower time-scale knowledge discovery and decision making, is becoming part of a complexweb of distributed autonomous and semi-autonomous feedback loops controlling and coordinating swarms ofautonomous devices owned and managed by multiple parties and intelligently operating in shared spaces whileinteracting with humans and the physical world around them. Such systems present new threats and systemvulnerabilities, such as corruption of control loops, exploitation of physical channels among sensors and actuators,and manipulation of timing information that control algorithms critically depend upon.

    Drawing upon examples from applications such as mobile health and sustainable buildings, this talk will discuss thechallenges in designing a trustworthy computing substrate for pervasive perception, cognition, and action. For it tobe trusted by both, the pervasive sensing infrastructure must be robust to active adversaries who are deceptivelyextracting private information, manipulating beliefs and subverting control decisions. Solving these challengeswould require a new science of resilient, secure and trustworthy networked sensing and control systems thatcombines methods from multiple disciplines, and the talk would provide some initial insights and results.

    Speaker Bio: Mani Srivastava is on the faculty in the ECE Department at UCLA, with a joint appointment in the CS Department.Previously, he obtained his undergraduate degree from IIT Kanpur, his MS and PhD from UC Berkeley. Beforejoining UCLA, and worked at Bell Labs Research. His research is broadly in the area of networked human-cyber-physical systems, and spans problems across the entire spectrum of applications, architectures, algorithms, andtechnologies. His current interests include issues of energy efficiency, privacy and security, data quality, andvariability in the context of systems and applications for mHealth and sustainable buildings. He is a Fellow of theACM and the IEEE. More information about his research is available at his lab’s website: http://www.nesl.ucla.edu.

  • Ramesh Karri (New York University, New York)
    Tuesday, August 22, 2017 - 10:00
    RM 301

    Abstract: This presentation will explore the security implications of biochips that are envisioned for use in lab-on-chips. We will discuss how attackers in the bio-chip supply chain can undermine proprietary biochemical protocols or alter their results, with serious consequences for laboratory analysis, healthcare, and biotechnology innovation.

    Bio: Ramesh Karri is a Professor of Electrical and Computer Engineering at Tandon School of Engineering, New York University. He has a Ph.D. in Computer Science and Engineering, from the University of California at San Diego. His research and education activities span hardware cybersecurity including trustworthy ICs, processors and cyberphysical systems; security-aware computer aided design, test, verification, validation and reliability; nano meets security; metrics; benchmarks; hardware cybersecurity competitions; additive manufacturing security. He has over 200 journal and conference publications including tutorials on Trustworthy Hardware in IEEE Computer (2) and Proceedings of the IEEE (5). His groups work on hardware cybersecurity was nominated for best paper awards (ICCD 2015 and DFTS 2015) and received awards at conferences (ITC 2014, CCS 2013, DFTS 2013 and VLSI Design 2012) and at competitions (ACM Student Research Competition at DAC 2012, ICCAD 2013, DAC 2014, ACM Grand Finals 2013, Kaspersky Challenge and Embedded Security Challenge). He was the recipient of the Humboldt Fellowship and the National Science Foundation CAREER Award. He is the area director for cyber security of the NY State Center for Advanced Telecommunications Technologies at NYU-Poly; Co-founded the NYU Center for CyberSecurity  -CCS (http://cyber.nyu.edu/), co-founded the Trust-Hub (http://trust-hub.org/) and founded and organizes the Embedded Security Challenge, the annual red team blue team event at NYU,  (http://www.nyu.edu/csaw2016/csaw-embedded).

  • Farshad Khorrami (New York University, New York)
    Tuesday, August 22, 2017 - 10:00
    RM 301

    Abstract: This talk will address some of our prior and on-going efforts on various security aspects of analog side channels of embedded cyber-physical systems (CPS). Modern CPS are complex interconnections of heterogeneous hardware and software components. With increasing complexity, connectivity, and programmability of embedded CPS devices, the potential cyber-attack surface has also been increasing making the study of related cyber-security issues highly relevant and timely. In particular, analog side channels are especially interesting from both attack (e.g., exploiting these side channels as an attack mechanism such as for information leakage) and defense viewpoints (e.g., utilizing these side channels for real-time monitoring). In this context, process-aware information leakage utilizing acoustic side channels from CPS instrumentation without impacting process stability and performance will be discussed. Thermal side channel monitoring of CPS devices leveraging their typical periodic code structures will also be discussed. Both the algorithmic techniques and hardware implementation aspects will be presented in the talk. The implementation of a Hardware-In-The-Loop (HITL) CPS testbed for study of cyber-security of embedded CPS devices will also be presented.

    Bio:  Farshad Khorrami received his Bachelors degrees in Mathematics and Electrical Engineering in 1982 and 1984 respectively from The Ohio State University. He also received his Master's degree in Mathematics and Ph.D. in Electrical Engineering in 1984 and 1988 from The Ohio State University. Dr. Khorrami is currently a professor of Electrical & Computer Engineering Department at NYU where he joined as an assistant professor in Sept. 1988. His research interests include adaptive and nonlinear controls, robotics and automation,  control systems and CPS security, embedded systems security, unmanned vehicles (fixed-wing and rotary wing aircrafts as well as underwater vehicles and surface ships), smart structures, large-scale systems and decentralized control, smart grid security, and microprocessor based control and instrumentation. Prof. Khorrami has published more than 250 refereed journal and conference papers in these areas. His book on "modeling and adaptive nonlinear control of electric motors" was published by Springer Verlag in 2003. He also has fourteen U.S. patents on novel smart micro-positioners and actuators, control systems, cyber security, and wireless sensors and actuators. He has developed and directed the Control/Robotics Research Laboratory at Polytechnic Univrsity (Now NYU).  His research has been supported by the Army Research Office, National Science Foundation, Office of Naval Research, DARPA, Sandia National Laboratory, Army Research Laboratory, NASA, Boeing, and several corporations. Prof. Khorrami has served as general chair and conference organizing committee member of several international conferences.

  • Hoda A. Alkhzaimi, New York University Abu Dhabi
    Tuesday, August 22, 2017 - 10:00
    RM 301

    Abstract: Throughout the years, designing a symmetric cipher with a specific security rationale, and designing the cryptanalytic techniques that will test the claimed security bounds went hand-in-hand to test the boundaries on the design and attack methods. This formed a continuous evolution in the approaches that cryptographic primitives are constructed to be suitable for future and current hardware environments. This seminar session is meant to shed focus on the different conventional and lightweight design approaches for block ciphers. In addition to considering different design criteria and requirements for the different layers within a certain design. It will also introduce an  overview on the possible generic, structural and statistical cryptanalytic techniques that can be used to test or reduce certain security properties within a design. We will finally look into possible connections between different cryptanalytic methods and how this can be used to utilize an effective attack model.

    Bio: Hoda A.Alkhzaimi is currently a research assistant professor in New York University and the Director of Center of Cyber Security in NewYork University AD. She served in different posts for research and development in Cyber Security and Cryptology for the past years. She headed the Department of Research and Development for Cyber Security and Cryptology in different national initiatives in the United Arab Emirates along with her associations to different security initiatives nationally and internationally.  Alkhzaimi has a specific expertise in cryptology; cryptanalysis, constructing and validating security hardware and software components, constructing trusted security architectures for different environments in different products for the respective industries. HodaA.Alkhzaimi obtained her PhD inCryptanalysis from Denmark Technical University. Her current research interests include
    Space, Aerospace, and UAV security, constructing and analyzing cryptographic primitives, validating and investigating links between different cryptanalytic approaches and utilizing cryptographic primitives in different cybersecurity architectures as in Internet of Things and big data analysis among ot

  • Ozgur Sinanoglu (New York University at Abu Dhabi)
    Tuesday, August 22, 2017 - 10:00
    RM 301

    Globalization of Integrated Circuit (IC) design and manufacturing is making designers and users of ICs re-assess their trust in hardware. As the IC design flow spans the globe - driven by cost-conscious consumer electronics - hardware is increasingly prone to reverse engineering, Intellectual Property (IP) piracy and malicious modifications (i.e., hardware trojans). An attacker, anywhere within the global design flow, can reverse engineer the functionality of an IC/IP, steal and claim ownership of the IP or introduce counterfeits into the supply chain. Moreover, an untrusted IC fab may overbuild ICs and sell them illegally. Finally, rogue elements in the fabs may insert hardware trojans into the design without the knowledge of the designer or the end-user of the IC; this additional functionality may subsequently be exploited to introduce errors in the results, steal sensitive information or incapacitate a fielded system. The semiconductor industry routinely loses $billions annually due to these attacks.  This talk will cover various forms of threats that the electronic chip supply chain is up against, as well as defenses against these threats. It will focus on one particular solution—logic locking—by covering its basics and evolution. It will also demonstrate the first-ever prototype: the first chip that is resilient to hardware-level threats.

    Bio:  Ozgur Sinanoglu is an associate professor of electrical and computer engineering at New York University Abu Dhabi. He earned his B.S. degrees, one in Electrical and Electronics Engineering and one in Computer Engineering, both from Bogazici University, Turkey in 1999. He obtained his MS and PhD in Computer Science and Engineering from University of California San Diego in 2001 and 2004, respectively. He has industry experience at TI, IBM and Qualcomm, and has been with NYU Abu Dhabi since 2010. During his PhD, he won the IBM PhD fellowship award twice. He is also the recipient of the best paper awards at IEEE VLSI Test Symposium 2011 and ACM Conference on Computer and Communication Security 2013.  Prof. Sinanoglu’s research interests include design-for-test, design-for-security and design-for-trust for VLSI circuits, where he has around 160 conference and journal papers, and 20 issued and pending US Patents. Sinanoglu has given more than a dozen tutorials on hardware security and trust in leading CAD and test conferences, such as DAC, DATE, ITC, VTS, ETS, ICCD, ISQED, etc. He is serving as track/topic chair or technical program committee member in about 15 conferences, and as (guest) associate editor for IEEE TIFS, IEEE TCAD, ACM JETC, IEEE TETC, Elsevier MEJ, JETTA, and IET CDT journals.  Prof. Sinanoglu is the director of the Design-for-Excellence Lab at NYU Abu Dhabi. His recent research in hardware security and trust is being funded by US National Science Foundation, US Department of Defense, Semiconductor Research Corporation, and Mubadala Technology.

  • Sujoy Sinha Roy
    Friday, July 7, 2017 - 17:00
    KD101

    Abstract: Shor's algorithm running on a powerful quantum computer would break  the RSA and ECC public-key cryptosystems. Keeping in mind the recent progress in quantum computing, NIST has recommended a gradual shift towards quantum-computing-secure public-key cryptography. Post-quantum cryptography refers to cryptographic algorithms that are presumed secure against quantum attacks. Of several candidates, lattice-based public-key cryptography is the most promising one. We investigated implementation aspects of lattice-based post-quantum public key schemes whose security is based on the hardness of the ring-LWE problem. These cryptographic schemes perform arithmetic operations in a polynomial ring and require sampling from a discrete Gaussian distribution. To design a discrete Gaussian sampler that satisfies a negligible statistical distance to the accurate distribution, we analyzed the Knuth-Yao random walk, and proposed an algorithm that is fast and lightweight. For efficient polynomial multiplication, we applied the number theoretic transform and performed computational and architectural optimizations. From these primitives, we designed a compact coprocessor architecture. For a medium security level, the architecture takes only 20/9µs to compute encryption/decryption on a Xilinx FPGA. We also implemented the proposed algorithms on resource-constrained software platforms and found that the ring-LWE-based public-key encryption is roughly 10 times faster than the ECC-based public-key encryption.

    Homomorphic encryption enables computation on encrypted data. One application of homomorphic encryption is private cloud computing: a user uploads her encrypted data in the cloud and then computes on the encrypted data. The ring-LWE problem has been used to construct homomorphic encryption schemes. However, software implementations of homomorphic evaluation are very slow due to its arithmetic involving very large polynomials with large coefficients. In this research, we designed a multi-core FPGA-based accelerator for the homomorphic encryption scheme FV. Fast computation time is achieved by implementing various optimizations on both algorithm and architecture levels. We observe that though the computation intensive arithmetic can be accelerated, the overhead of external memory access becomes a bottleneck. Then we propose a more practical scheme that uses a special module to assist homomorphic function evaluation in less time. With this module, we can evaluate encrypted search roughly 20 times faster than the implementation without this module.