CERC Seminar Series: Talks
5 January, 2016: All Your Voices Are Belong to Us: Stealing Voices to Fool Humans and Machines
Abstract: A person’s voice is one of the most fundamental attributes that enables communication with others. However, equipped with the current advancement in automated speech synthesis, an attacker can build a very close model of a victim’s voice after learning only a very limited number of samples in the victim’s voice (e.g., mined through the Internet, or recorded via physical proximity). Specifically, the attacker can use voice morphing techniques to transform its voice -- speaking any arbitrary message -- into the victim’s voice.
In this talk, we examine the aftermaths of such a voice impersonation capability, based on an off-the-shelf voice morphing tool, against three important applications and contexts: (1) impersonating the victim in a voice-based user authentication system, (2) mimicking the victim in arbitrary speech contexts (e.g., posting fake samples on the Internet or leaving fake voice messages), and (3) mimicking the victim in a Crypto Phones (e.g., Zfone, Silent Circle or Redphone) VoIP secure channel establishment process and thereby compromising the security and privacy of VoIP communications.
This talk is based on joint work with Maliheh Shirvanian and Dibya Mukhopadhyay, which appeared at the ACM CCS 2014, ESORICS 2015 and ACSAC 2015
Short Bio: Nitesh Saxena is an Associate Professor of Computer and Information Sciences at the University of Alabama at Birmingham (UAB), and the founding director of the Security and Privacy in Emerging Systems (SPIES) group/lab. He works in the broad areas of computer and network security, and applied cryptography, with a keen interest in wireless and mobile device security, and the emerging field of usable security.
Saxena’s current research has been externally supported by multiple grants from NSF, and by gifts/awards/donations from the industry, including Google (2 Google Faculty Research awards), Cisco, Comcast, Intel, Nokia and Research in Motion. He has published over 90 journal, conference and workshop papers, most at top-tier venues in Computer Science. His recent work on neuroscience-inspired security has won the Distinguished Paper Award at NDSS 2014. On the educational front, Saxena currently serves as a co-director for UAB’s MS program in Computer Forensics and Security Management. He was also the principal architect and a co-director of the M.S. Program in
Cyber-Security at the NYU's school of engineering. He is also serving as an Associate Editor for flagship security journals, IEEE Transactions on Information Forensics and Security (TIFS), and Springer’s International Journal of Information Security (IJIS). Saxena’s work has received extensive media coverage, for example, at NBC, MSN, Fox, Discovery, ABC, Bloomberg, ZDNet, ACM TechNews, Yahoo! Finance, Communications of ACM, Yahoo News, CNBC, Slashdot, Computer World, Science Daily and Motherboard.
18 December, 2015: Growing Attack Surface: Understanding and Mitigating Cross-Channel Cyber Threats
Abstract: The big data technology landscape has many aspects to it, prominently, the systems for scalable and reliable data acquisition, storage and computation, suitable tools and algorithms for curating and analyzing the data, and ultimately the applications driven by the derived intelligence from the data. In the recent years I had the opportunity to work on several topics spanning across this spectrum. In this talk, I will provide a glimpse of some of these works. Particularly, I will summarize my research on three broad themes: (i) use of stereotyping and machine learning techniques to build new genre of computational trust models, (ii) data analytics for decision support and recommendation systems, and (iii) novel erasure codes for cost effective and resilient storage of raw data.
Short Bio: Anwitaman Datta obtained his PhD from EPFL, Lausanne (Switzerland) and he is currently a tenured Associate Professor in the School of Computer Engineering at Nanyang Technological University (NTU) Singapore where he leads the Self-* Aspects of Networked & Distributed Systems (SANDS) research group. He is also a co-founder of Qiv Storage Pte Ltd (Singapore), a start-up developing resilient software defined storage appliances based on novel erasure codes.
Anwitaman's research interests span the topics of large-scale resilient distributed systems, information security and applications of data analytics. Some of his distinctive and pioneering research contributions in recent years include (i) the application of machine learning and stereotyping to computational trust, (ii) decentralized online social networks for privacy and censorship resistance, (iii) self-repairing (locally repairable) erasure codes for distributed storage systems. He has also made significant contributions to several other well established research topics, including cloud security, data center and NoSQL data stores, collaborative systems, social network analysis and decision support applications such as team recommendation, word sense disambiguation, entity and event identification.
Anwitaman’s research has been recognised internationally both at academic platforms (best paper awards at ICDCS 2007, ICDCN 2011/2014) and by the industry (HP Labs Innovation Research Program (IRP) Award 2008). He has secured multiple competitive research grants and led several Singaporean as well as international collaborative (with Eurecom, TU Darmstadt, PJIIT Warsaw) research projects. He has also been regularly invited to deliver graduate level mini-courses and seminars at different universities, for example, at Tokyo Denki University, KTH Stockholm, Technion Israel, University of Warsaw, Poland.
10 April, 2015: Growing Attack Surface: Understanding and Mitigating Cross-Channel Cyber Threats
Abstract: Smart phones allow ubiquitous access to the data and voice
channels, enabling both Internet and telephony applications. The
convergence of telephony with the Internet, with technologies like
Voice-over IP (VoIP), offers several benefits, including richer
applications and reduced communication costs. However, this
convergence also gives rise to new cross-channel threats that can
combine online and voice attacks. For example, voice phishing with
caller-id spoofing has been reported for stealing online banking
credentials. A data-driven understanding of cross-channel threats
presents new and different challenges. Also, it is unclear if threat
intelligence is being shared effectively across the telephony and
Internet channels. This talk will describe experiences with setting up
a telephony honeypot to better understand threats coming over the
voice channel. It will also describe how cross-channel attacks, which
utilize both the Internet and telephony channels to target users, are
becoming increasingly common. The talk will end with potential
defenses and how they can use cross-channel intelligence to combat a
variety of attacks.
Short Bio: Dr. Mustaque Ahamad is a professor of computer science at the
Georgia Institute of Technology, and a global professor of engineering
at New York University Abu Dhabi. He also serves as chief scientist of
Pindrop Security, which he co-founded in 2011. Dr. Ahamad served as
director of the Georgia Tech Information Security Center (GTISC) from
2004-2012. As director of GTISC, he helped develop several major
research thrusts in areas that include security of converged
communication networks, identity and access management, and security
of healthcare information technology. His research interests span
distributed systems and middleware, computer security and dependable
systems. He has published over one hundred researchpapers in these
areas. Dr. Ahamad received his Ph.D. in computer science from the
State University of New York at Stony Brook in 1985. He received his
undergraduate degree in electrical and electronics engineering from
the Birla Institute of Technology and Science, Pilani, India.
01 December, 2014: Contemporary Information Warfare and Defence
Abstract: This seminar examines the development of thinking about information in Defence, from an operational perspective. It will outline the challenges presented by the modern security and defence context and evaluate how militaries and wider government are trying to adapt.
Short Bio: Nigel joined Cranfield University at the Defence Academy of the United Kingdom to support the development of Information Operations Post-graduate studies. Since then his portfolio has widened, setting up the first Defence Cyber Masters Programme and Foreign and Commonwealth Office-Chevening cyber programmes. Researching and teaching across the socio technical domain, he has particular interest in operations planning,
communication and human behaviour in the physical and online worlds. Prior to Joining Cranfield in 2009, Nigel was Director of the UK Government’s Cyber Security Knowledge Transfer Network (2007-2009), bringing academic, public and private stakeholders together to work on innovation in contemporary cyber security challenges. From 2004-2009 he worked at QinetiQ where he ran a cyber security and information operations research and consultancy team, working across sectors in the critical infrastructure and the Ministry of Defence Research Programme. His interest in communications in security and conflict stems from a 16-year military career that saw a number of deployments around the world. In these he ran communications campaigns or provided training in audience analysis and communications planning.
Novemeber 18, 2014: National Critical Information Infrastructure Protection Centre (NCIIPC)
Short Bio: Dr. Muktesh Chander joined Indian Police Service in 1988 and has remained posted to several places including DIG Goa and Addl. Commissioner of Police, Crime, and Traffic Delhi and IG Daman Diu. He has served as Centre Director Cyber Division and National Critical Information Infrastructure Protection Centre in NTRO under Prime Ministers’ Office. He was specially selected as United Nation Police Observer and has monitored, trained and advised police in Bosnia and Herzegovina in Europe for 1 year. He has been awarded President’s Police Medal for meritorious service, President’s Police Medal for distinguished service, Police Medal for Hard Duty, UN Service Medal and 50th Anniversary of Independence Medal. He has written a number of articles on Cyber Crime and related topics, which have been published in various prestigious journals and newspapers. He is a resource person for premier institutes in India. He was member secretary of the Joint Working Group which formulated “Guidelines for Protection of National Critical Information Infrastructure”. He graduated in Electronics and Telecommunication Engineering from Delhi University. Mr. Muktesh Chander also holds a law degree from Delhi University, diploma in Human Resource Management, Diploma in Cyber Laws and Masters Degree in Criminology and Forensic Science and has submitted his Ph.D. thesis in Information Security Management to I.I.T., Delhi. He has also done Hostage Negotiation course at Louisiana State Police Academy, USA and Law Enforcement Executive Development Course with FBI, Los Angeles, USA.
09 September, 2014: Securing the Digital Enterprise
Abstract: Digital technologies have made customers powerful, giving them the option to choose and the means to instantaneously spread their opinions widely. They have become demanding, and they change brands without a blink if their experience with the product or service isn’t what they expect. Brand loyalty, therefore, has taken a backseat and customer experience has emerged supreme. In an IBM survey, 95% of CEOs said enhancing customer experience was top priority for them. Security forms a core foundation for enhancing customer experience!
Typically security has been inward looking focusing more on technology vulnerabilities and less on securing business objectives. Securing the digital enterprise entails looking outside-in, to protect customer experience its strategic objective. Also, internally the digital enterprise needs assurance against vulnerabilities introduced by digital technologies like cloud, IoT etc.
This presentation will begin with unraveling the ambiguity that exists in the definition of a digital enterprise, and then will go on to introduce a model for securing the digital enterprise, starting outside-in with customer experience and working inwards to internal security infrastructures, processes and management. From an outside-in perspective, the presentation will cover how security can enhance customer experience by ensuring privacy of customer data, which has emerged as the #1 concern having overtaken security in the digital business era; enabling secure Omni-channel customer interaction at all touch points, and managing social media-related reputational crisis. The presentation will also cover the core internal capabilities required for securing the digital enterprise – namely an IAM and federation layer, API security, Data security and governance; implementing controls to protect vulnerabilities related to mobile, social, cloud, big data, Internet of Things; changing security focus from protection to detection with continuous monitoring for anomalies and instantaneous response; transforming security to leverage context and intelligence including using big data for security insights; and enhancing CISO skills or appointing a digital risk officer with skills in IT security, operational security and physical security.
Short Bio: Mohan is an acknowledged expert and thought leader in information security. He was the Snr VP and Global CISO at Bharti Airtel, where he had also held charge as the company’s Chief Architect and CIO for its Bangladesh and Sri Lankan operations. Prior to his stint in Bharti, he was an advisor at a Big-4 consultancy, CEO of a security company he helped start, and the Director of the Indian Navy’s Information Technology, where he was awarded the Vishist Seva Medal by the President of India for innovative work in information security. He has also been a member of several national and international committees on security, including the National Task Force on information security, DOT Joint Working Group on Telecom Security, Indo-US Cyber Security Forum, IBM Security Board of Advisors, RSA Security for Business Innovation Council, and has been chairperson of the CII National Committee on data security among others. For his contribution to the information security practice he has also been awarded the DSCI Security Leader Award, CSO Forum Security Visionary Award, and the RSA Security Strategist Award.
25 March, 2014: The Future of Interaction & its Security Challenges
Abstract: The past decade has seen the exponential rise of online
social media usage. Applications have moved from being client-server
to collaborative in nature. The next decade will be witness to a
tremendous integration of cyber space with physical systems. While
these interaction paradigms open up tremendous possibilities they also
open up certain risks. This talk will look at the evolving interaction
paradigms and their security challenges.
Short Bio: Dr. Sundeep Oberoi is the Global Head for Niche Technology
Delivery Group in TCS. The role of the group is to provide delivery in
specialized technology like IT Security, RFID sensors and NFC, Web 2.0
technologies, User experience, Collaboration and Unified
Communication, Cloud Computing and Next Generation Networks. He also
heads the TCS Certifying Authority, which is India's largest issuer of
legally valid Digital Certificates. Dr Sundeep Oberoi has authored a
book "E-Security and You" explaining the IT Act, 2000 and several
other books, conference and journal publications. He holds a PhD in
Computer Science from IIT Bombay, an MTech in Computer Science from
IIT Delhi and a BTech in Chemical Engineering from IIT Kanpur.