ACNS 2023

21st International Conference on Applied Cryptography and Network Security
Kyoto, Japan
19-22 June, 2023

Keynote Speakers

Challenges and Solutions to Post-Quantum Secure Messaging

Shuichi Katsumata
PQShield Ltd, U.K. and AIST, Japan

Learn More

Abstract

In recent years, secure messaging protocols such as the Signal protocol and the Messaging Layer Security (MLS) protocol have garnered interest in both academia and industry. However, these protocols were primarily designed with "classical" cryptography in mind, rendering them vulnerable to attacks from quantum computers. We explain several challenges of adapting these classical secure messaging protocols to be post-quantum secure; typically due to the lack of a suitable counterpart to the Diffie-Hellman key exchange protocol and the higher communication costs associated with post-quantum cryptography. We will then discuss solutions to these challenges, including techniques tailored to lattice-based cryptography.

Biography: Dr. Shuichi Katsumata is a Lead Cryptography Researcher at PQShield Ltd, U.K., where he specializes in the construction and security analysis of cryptographic primitives/protocols with a focus on post-quantum security. He is also a Collaborative Researcher at the National Institute of Advanced Industrial Science and Technology (AIST), Japan. He received his Ph.D. in Science from the University of Tokyo as well as his Masters and BS degrees. He is the recipient of the MIT Technology Review, Innovators Under 35 Japan, 2022 for his work on post-quantum secure messaging protocols.

Language-enforced Data Confidentiality against Memory Disclosure and Transient Execution Attacks

Michalis Polychronakis
Department of Computer Science, Stony Brook University, U.S.A.

Learn More

Abstract

As control flow hijacking attacks become more challenging due to the deployment of exploit mitigation technologies, the leakage of sensitive process data through the exploitation of memory disclosure vulnerabilities is becoming an increasingly important threat. To make matters worse, the threat of data leakage has been exacerbated by the recent spate of transient execution attacks, which can leak otherwise inaccessible process data through residual microarchitectural side effects. Numerous attack variants have aptly shown that existing isolation and sandboxing technologies are not adequate for preventing the in-process and cross-process leakage of sensitive application data. In this talk I will present our line of research on elevating data confidentiality as a core language feature. Preventing the exposure of plaintext developer-annotated data in memory provides future-proof protection against both memory disclosure and transient execution attacks, by accepting the fact that sensitive data may be leaked, and ensuring that it will always remain useless for the attacker, as any leaked data will always remain encrypted.

Biography: Michalis Polychronakis is an associate professor in the Computer Science Department at Stony Brook University. He received the BSc ('03), MSc ('05), and PhD ('09) degrees in Computer Science from the University of Crete, Greece, while working as a research assistant in the Distributed Computing Systems Lab at FORTH-ICS. His research aims to improve the security of computer systems and networks, build defenses against malicious software and online threats, reinforce the privacy of our online interactions, and enhance our understanding of the internet and its darker sides. He has published more than 100 peer-reviewed papers, and is the recipient of the DARPA Young Faculty Award and the NSF CAREER Award.

Workshops Speakers

ADSC Automated Tools for Cryptanalysis: the State of the Arts and Future Directions

Jian Guo (NTU, Singapore)

AIBlock How to Protect Data Feed to Smart Contracts with Authenticated Zero Knowledge Proof

Zhiguo Wan (Zhejiang Laboratory, China)

AIHWS A Look into Side-Channel Vulnerabilities in Lattice-Based Post-Quantum Cryptography

Shivam Bhasin (NTU, Singapore)

AIHWS Side Channel Information Leakage - The Night is Dark and Full of Terrors

Maria Mushtaq (Telecom Paris, France)

AIoTS Certifiably Robust Learning via Knowledge-Enabled Logical Reasoning

Bo Li (UIUC, USA)

AIoTS Maritime Cybersecurity: Challenges, Guidelines and Testbeds

Jianying Zhou (SUTD, Singapore)

CIMSS Security Evaluation of Modern Industrial Control Systems

Michail Maniatakos (NYU Abu Dhabi, UAE)

CIMSS Trend of Charging Infrastructure Threats: From Mobile Devices to Automotive

Weizhi Meng (DTU, Denmark)

Cloud S&P Controlled Distributed Computations in the Cloud

Sara Foresti (Universita' degli Studi di Milano, Italy)

Cloud S&P Toward Privacy-Preserving Aggregate Reverse Skyline Query with Strong Security

Rongxing Lu (University of New Brunswick, Canada)

SCI Measurable and Deployable Security: Gaps, Successes, and Opportunities

Danfeng (Daphne) Yao (Virginia Tech, USA)

SecMT Towards Quality Assurance of On-device AI Models in Android Apps

Chunyang Chen (Monash University, Australia)

SecMT How Evidence-based Research Can Enhance Mobile Privacy and Security

Narseo Vallina Rodriguez (IMDEA Networks, Madrid, Spain)

SiMLA Towards Trustworthy Machine Learning from Weakly Supervised, Noisy, and Biased Data

Masashi Sugiyama (RIKEN, Japan)

Springer
ACNS
ACNS