2022 ABCP Annual Conference: Cyber Security

Abstract: I will give a brief account of my efforts at working with a variety of companies, including HP (formerly Hewlett Packard), Huawei, and a couple of small London-based startups. Then I’ll focus on one of the successes – I’ll describe an app that one of the London-based companies is releasing, partly based on my 2017 paper “Making decryption accountable”.

Professor Mark Ryan

Bio: Mark D. Ryan is director of the Birmingham Centre for Cyber Security and Privacy. He leads the security research group at Birmingham, which is recognised by NCSC and EPSRC as an Academic Centre of Excellence in Cyber Security. He was formerly HP Professor of Computer Security (2016-21) and EPSRC Fellow (2010-15). His research achievements include developing security concepts and systems for internet-based voting; systems for cloud computing that guarantee confidentiality from the cloud provider; design and development of methods and tools for analysis of security protocols; and analysis of protocols of hardware roots of trust. These results have been published in top conferences and journals, including IEEE S&P, ACM CCS, J. Computer Security, CSF, NDSS. Mark holds a BA and MA from University of Cambridge, and a PhD in Computer Science from Imperial College, London.

Abstract: Contact data (the times that two people have been co-located) has come to the fore recently as the basis of Covid apps. Most of these have been implemented in a way to reduce privacy risks – but what are these risks? While it is tempting to view contact data as derived from location data, and transfer potential privacy risks from that side, this brief talk will consider a complementing and more foundational view.

Professor Eerke Boiten

Bio: Eerke Boiten is Professor of Cyber Security and Head of the School of Computer Science and Informatics at De Montfort University. After his PhD in the Netherlands, he worked at the University of Kent from 1995, and set up and led Kent’s interdisciplinary Research Centre in Cyber Security in 2012. Looking beyond just his own discipline, Eerke developed an interest in the policy sides of data, starting from a perspective of technical realism. He frequently engages in public debate in this area. In 2017, he moved to De Montfort University to lead the Cyber Technology Institute, which obtained NCSC/EPSRC Academic Centre of Excellence in Cyber Security Research status in 2019. His current research projects are in privacy and cyber security.

Abstract: News about privacy invasions, discrimination, and biases in big tech platforms are commonplace today, and big tech’s reluctance to disclose how they operate counteracts ideals of transparency, openness, and accountability. This talk explains what corporate surveillance is, how big tech tracks users through websites and apps, and how researchers can study big tech systems to make them more transparent.

Dr Isabel Wagner

Bio: Isabel Wagner is an Associate Professor in Computer Science with De Montfort University. Her research interests are in privacy and transparency, particularly metrics to quantify the effectiveness of privacy protections, privacy-enhancing technologies in smart cities, and web measurement to create transparency for corporate surveillance systems.

Abstract: Distributed machine learning has been widely studied in order to handle exploding amount of data. We study an important yet less visited distributed learning problem where features are inherently distributed or vertically partitioned among multiple parties, and sharing of raw data or model parameters among parties is prohibited due to privacy concerns. We propose an ADMM sharing framework to approach risk minimization over distributed features, where each party only needs to share a single value for each sample in the training process, thus minimizing the data leakage risk. We establish convergence and iteration complexity results for the proposed parallel ADMM algorithm under non-convex loss. We further introduce a novel differentially private ADMM sharing algorithm and bound the privacy guarantee with carefully designed noise perturbation. The experiments based on a prototype system show that the proposed ADMM algorithms converge efficiently in a robust fashion, demonstrating an advantage over gradient-based methods especially for data set with high dimensional feature spaces.

Dr Peng Liu

Bio: Dr Peng Liu is a Lecturer in Statistics at School of Mathematics, Statistics and Actuarial Science, University of Kent (2019-Now). Previously he was a Postdoctoral Fellow at Department of Mathematical and Statistical Sciences, University of Alberta (2017-2018), a Senior Postdoctoral Fellow at Department of Biostatistics, University of Washington and Fred Hutchinson Cancer Research Centre (2015-2017), a Research Assistant at Department of Mathematics, Hong Kong Baptist University (2013-2015). He has a PhD in Biostatistics from Academy of Mathematics and Systems Science, Chinese Academy of Science (2015) and BSc degree from Central China Normal University (2010). His research interests include biostatistics, functional and neuroimaging data analysis, rank estimation, causal inference, data bridging, matrix factorization, differential privacy federated learning and reinforcement learning. He has published 4 papers in top computer science conference proceedings and 6 international statistical journals, including Thirty-Sixth AAAI Conference on Artificial Intelligence (AAAI 2022), NeurIPS-20 workshop on Scalability, Privacy, and Security in Federated Learning, and 19th IEEE International Conference on Data Mining (ICDM 2019), Statistica Sinica, Annals of the Institute of Statistical Mathematics, The Canadian Journal of Statistics. He is the Reviewer of the Mathematical Reviews/MathSciNet (American Mathematical Society), he has received the Instistute of Mathematical Statistics (IMS) New Researchers Conference Travel Award (2018).

Abstract: In this talk, we present how to tackle privacy issues in cybertwin with federated learning (FL), which exploits clients to collaboratively train a machine learning (ML) model without the awareness of private data. We develop an estimation scheme to reveal the data distribution of local dataset residing in the clients without the awareness of private data. We consider two scenarios in FL: 1) the server could receive the individual trained model for each selected device; 2) the server could receive the aggregated model from the selected clients. We formulate two device selection problems for training performance improvement. We develop two online learning algorithms to tackle the selection problems for both individual model uploading and aggregated model uploading. The proposed algorithms are demonstrated, aiming to avoid privacy leakage and extra computation in the clients for 6G. We validate the effectiveness of the proposed client selection algorithms with sufficient experiments in cybertwin-driven 6G networks.

Professor Victor Chang

Bio: Professor Victor Chang is currently a Professor of Business Analytics at Aston Business School, Aston University, UK. He was a Professor of Data Science and Information Systems at SCEDT, Teesside University, Middlesbrough, UK, between September 2019 and May 2022. He was a Senior Associate Professor, Director of Ph.D. (June 2016- May 2018) and Director of MRes (Sep 2017 – Feb 2019) at International Business School Suzhou (IBSS), Xi’an Jiaotong-Liverpool University (XJTLU), Suzhou, China, between June 2016 and August 2019. He was also a very active and contributing key member at Research Institute of Big Data Analytics (RIBDA), XJTLU. He was an Honorary Associate Professor at University of Liverpool. Previously he was a Senior Lecturer at Leeds Beckett University, UK, between Sep 2012 and May 2016. Within 4 years, he completed Ph.D. (CS, Southampton) and PGCert (Higher Education, Fellow, Greenwich) while working for several projects at the same time. Before becoming an academic, he has achieved 97% on average in 27 IT certifications. He won a European Award on Cloud Migration in 2011, IEEE Outstanding Service Award in 2015, best papers in 2012, 2015 and 2018, the 2016 European special award and Outstanding Young Scientist 2017. He is a visiting scholar/Ph.D. examiner at several universities, an Editor-in-Chief of IJOCI & OJBD journals, former Editor of FGCS, Associate Editor of IEEE TII, JGIM, IJBSR, IJEBM & Cyber Security & Apps. He’s also an Editor of Information Fusion, IDD, Scientific Reports & Discover IoT journal, a founding chair of two international workshops and founding Conference Chair of IoTBDS and COMPLEXIS since Year 2016. He is the founding Conference Chair for FEMIB since Year 2019. He published 3 books as sole authors and the editor of 2 books on Cloud Computing and related technologies. He gave 30 keynotes at international conferences. He is widely regarded as one of the most active and influential young scientists and experts in IoT/Data Science/Cloud/security/AI/IS, as he has experience developing 10 different services for multiple disciplines.

Abstract: The payoff of Deep neural network (DNN) as a mainstream end-to-end solution for solving complex computer vision problems with super-human accuracy is an outcome of investment in computing power and labour on arduous data collection and labelling tasks. A proprietary well-trained DNN model therefore deserves specific intellectual property (IP) protection and digital rights management (DRM). Unfortunately, surrogate attacks on DNN model have become more threatening with the proliferation of Machine Learning as a Service (MLaaS) and AI compilers for mapping pretrained DNN models onto efficient edge accelerator platform. Emerging model extraction techniques make it feasible to reverse engineer a deployed DNN model and rebuild an AI product or solution with similar quality at a lower cost than re-designing a DNN from scratch. The rampant DNN IP infringement is further exacerbated by the lack of buyer traceability to deter fraudsters from misappropriation of distributed models. Dishonest users (or business competitors) of a DNN IP are incentivized by the low risk and small payout for extorting large profits from illegal redistribution of the purchased model or their redeployment as MLaaS. The pirated model may undergo post-processing or transfer learning to fit into the attacker’s use cases to evade IP detection. This talk will present a new buyer-traceable DRM scheme against model piracy and misappropriation. Unlike existing methods that require white-box access to extract the latent information for verification, the proposed method utilizes data poisoning for distributorship embedding and black-box verification. The ownership and distributorship of a backdoor-trained user model can be validated by querying the suspect model with a set of composite triggers. A positive suspect will output labels that pinpoint the dishonest buyer while an innocent model will output the correct labels with high confidence. The results of tracking accuracy and robustness of the proposed IP protection method on DNNs trained with different datasets and applications will be presented.

Professor Chip Hong Chang

Bio: Chip Hong Chang is an Associate Professor at the Nanyang Technological University (NTU) of Singapore. He held concurrent appointments at NTU as Assistant Chair of Alumni of the School of EEE from 2008 to 2014, Deputy Director of the Center for High Performance Embedded Systems from 2000 to 2011, and Program Director of the Center for Integrated Circuits and Systems from 2003 to 2009. He has coedited five books, and have published 13 book chapters, more than 100 international journal papers (>80 are in IEEE), more than 180 refereed international conference papers (mostly IEEE), and have delivered over 50 keynotes, tutorial and invited seminars. His current research interests include hardware security, trustworthy sensing, anti-spoofing biometric, secure edge AI and PQC accelerators. Dr Chang currently serves as the Senior Area Editor of IEEE Transactions on Information Forensic and Security (TIFS), and Associate Editor of the IEEE Transactions on Circuits and Systems-I (TCAS-I) and IEEE Transactions on Very Large Scale Integration (TVLSI) Systems. He was the Associate Editor of the IEEE TIFS and IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD) from 2016 to 2019, IEEE Access from 2013 to 2019, IEEE TCAS-I from 2010 to 2013, Integration, the VLSI Journal from 2013 to 2015, Springer Journal of Hardware and System Security from 2016 to 2020 and Microelectronics Journal from 2014 to 2020. He also guest edited about 10 journal special issues including IEEE TCAS-I, IEEE Transactions on Dependable and Secure Computing (TDSC), IEEE TCAD and IEEE Journal on Emerging and Selected Topics in Circuits and Systems (JETCAS). He has held key appointments in the organizing and technical program committees of more than 60 international conferences (mostly IEEE), including the General Co-Chair of 2018 IEEE Asia-Pacific Conference on Circuits and Systems and the inaugural Workshop Chair and Steering Committee of the ACM CCS satellite workshop on Attacks and Solutions in Hardware Security. He is the 2018-2019 IEEE CASS Distinguished Lecturer, a Fellow of the IEEE, IET and AAIA.

Abstract: The relationship between hardware security and trusted computing has been discussed for several decades. From my point of view, there are still some aspects worthy of discussion. The core technology of trusted computing is an attestation service for a computer platform. In this talk, I would like to discuss with the audience how to build robust and long-term secure attestation services that start from tamper-resistant hardware devices.

Professor Liqun Chen

Bio: Liqun Chen is a Professor in Secure Systems at the University of Surrey. Prior to taking this position in 2016, she was a principal research scientist at Hewlett-Packard Laboratories, Bristol, UK. She developed several cryptographic schemes that were adopted by International Standards bodies, ISO/IEC, IEEE and TCG (Trusted Computing Group). In particular, she designed several cryptographic algorithms (including direct anonymous attestation and the multiple signature interfaces) used in the Trusted Platform Module (TPM). She co-authored the paper “Direct anonymous attestation”, which was originally published at ACM CCS 2004 and received a Test of Time award at ACM CCS 2014. She was the technical leader and principal investigator in the EU H2020 FutureTPM project, which identified and developed algorithms for a TPM that will be secure against quantum computer attacks. She is also a principal investigator in several other EU Horizon projects, which make use of trusted computing and distributed ledger technologies to achieve security and privacy in real world applications. Her current research interests are applied cryptography, trusted computing, and network security.

Abstract: With the rapid proliferation of pervasive electronic devices in our lives, the internet of things (IoT) has become a reality and its influence on our day to day activities is set to further increase with a projected 125 Billion connected devices by 2030. However, this poses serious security and privacy issues as we will no longer have direct control over with whom and what our devices communicate. Due to a globalisation of supply chains, counterfeit, hacked, or cloned devices acting on a network are a significant threat. In addition, IoT devices are often low-cost in area, low-power and typically are restricted in both memory and computing power. To address these, physical unclonable functions (PUFs) have been widely developed. This talk will introduce the outperformance of PUF technology and challenges in PUF designs, such as machine learning attacks. A PUF demo will be presented.

Dr Chongyan Gu

Bio: Dr Chongyan Gu is a Lecturer in the Centre for Secure Information Technologies (CSIT) at Queen’s University Belfast. Dr Gu has a track record of producing industry-relevant research of commercial value. Her research into physical unclonable functions (PUFs) was licensed as part of a security architecture for electronic vehicle (EV) charging systems by LG-CNS, South Korea, and a number of defence companies have evaluated the PUF to identify and authenticate components in high security applications. Her team was the overall winner of INVENT 2015, a competition to accelerate the commercialisation of innovative ideas. Dr Gu is an expert in hardware security and security in approximate computing, specifically physical unclonable functions (PUFs), true random number generator (TRNG), hardware Trojan detection, logic obfuscation circuit and machine learning attacks.

She is an IEEE Senior Member. She currently serves as an Associate Editor of IEEE TETC, technical programme committee member of the IEEE Circuits and Systems for Communications (CASCOM) committee, and conference video editor for the IEEE Nanotechnology Council (NTC). She was invited to publish a paper in the Proceedings of the IEEE (IF: >10). The paper presented the first in-depth discussion of the security vulnerabilities in approximate computing.

Abstract: Two-party ECDSA signatures have received much attention due to their widespread deployment in cryptocurrencies. It can prevent a single-point of failure, e.g., losing all your Bitcoin if the secret key of your digital wallet is stolen.

Depending on whether or not the message is required, we could divide two-party signing into two different phases, namely, offline and online. This paper proposes an online-friendly two-party ECDSA with a lightweight online phase and a single multiplicative-to-additive function in the offline phase. It is constructed by a novel design of a re-sharing of the secret key and a linear sharing of the nonce. We implement our scheme and show that it outperforms prior online-friendly schemes by a factor of roughly 2 to 9 in both communication and computation.

Dr Tsz Hon Yuen

Bio: Dr Tsz Hon Yuen is an assistant professor in the Department of Computer Science at the University of Hong Kong. Before joining the University of Hong Kong, he was a senior researcher of Shield Lab at Huawei Singapore Research Centre. He received his Ph.D. degree from the University of Wollongong in 2010 and worked as a post-doctoral fellow in the University of Hong Kong before joining Huawei.

His current research interests include cryptography, privacy-preserving protocols and blockchain. He has published more than 50 technical papers, including top journals and conferences such as Crypto, Eurocrypt and CCS. He received the Best Paper Award in ESORICS 2014.

Abstract: Password-authenticated key exchange (PAKE) is a major area of cryptographic protocol research and practice. In this talk, I’ll provide a systematic review of the thirty years research in this field, a summary of the state-of-the-art, a taxonomy to categorize existing protocols and summarize lessons learned. This is based on a recent ASIACCS’22 paper with Paul van Oorschot.

Professor Feng Hao

Bio: Feng Hao is a Professor of Security Engineering at the Department of Computer Science, University of Warwick. He received his PhD in 2007 in Computer Science from the University of Cambridge. He worked in the security industry for a few years before joining academia. With colleagues, he designed a few cryptographic protocols: AV-net, OV-net, J-PAKE, YAK, DRE-i, DRE-ip and SEAL. Among them, J-PAKE (with Peter Ryan) has been adopted by the Thread Group as a de facto standard to perform the IoT commissioning process (used in Google Nest, ARM mbed, NXP, D-Link, Qualcomm, Samsung, and Texas Instruments etc) and standardized in ISO/IEC 11770-4. DRE-ip (with Siamak Shahandashti) was successfully trialled in Gateshead during the UK local elections on 2 May 2019. His 2006 paper (with Ross Anderson and John Daugman) on “combining crypto with biometrics effectively” (IEEE Trans. Computers) is ranked the top in Google Classic papers in the category of “cryptography & computer security”. His work on “self-enforcing e-voting” has led to a €1.5m ERC starting grant and an ERC proof-of-concept grant. With Peter Ryan, he co-edited a book “Real-World Electronic Voting: Design, Analysis and Deployment” (CRC Press, 2017).

Abstract: Web 3.0, in terms of decentralization and token-based economics, isn’t new! For a decade, pioneers in projects such as Solid and the HAT have researched and offered new systems aiming to drastically decentralise the web. At its core, it’s a platform allowing you, me and everyone of us, to store our private information in Personal Data Stores (PDS), which an individual can have full control of, therefore store all the data within it. By having our own PDS, we are able to legally contract with the websites and apps that we want to, storing the data for ourselves, and also holding organisations to account for the usage of our data.

This is the first time, we, any consumer, can exercise our “data right” over highly valuable 1PORCHE data – 1st party authenticated, Privacy preserved, On-demand, Real-time, Contextual, Holistic and Ethical personal data.

This talk is to bring a live discussion around what data exchange (and its associated analytics, privacy, security) and business models may look alike, and how opportunities may emerge in various industries in an era of 1PORCHE data.

Spoiler alert: you may be surprised to find out how beef farming industry is being revolutionized when “data rights” are given back to individual cattle!

Professor Xiao Ma

Bio: Xiao Ma is Professor of Entrepreneurship and Management at Nottingham Business School, and the Director of the Centre for Business and Industry Transformation – CBIT. He is an internationally recognised thought-leader and educator in entrepreneurship, business transformation, and digital economy. He co-created the No. 1 ranked entrepreneurship programme in the UK (Eduniversal Best Master’s rankings in 2021).

As the CBIT director, he leads the scaling of an integrated approach in bringing together industry transformation research, disruptive business practice, and personalised education. His has led innovative businesses to fast-track growth to disrupt industry “norms”, including some Fortune 500 companies and many PLCs listed in US, China, Japan and Singapore.

Informed by industry challenges, he has led the augmentation of the existing research base in new business models and digital economy, through a portfolio of high impact research projects.

He is a seasoned innovator and entrepreneur, a 5-time founder to start, grow and exit ventures in Europe and Asia. His latest exit, the Hub of All Things, is recognised by UK’s House of Lords Select Committee on Artificial Intelligence as one of the platforms that truly enables personal data driven personalised AI. The commercial arm, DataSwift, has been backed by top VCs in the UK and named one of the hottest technology companies to watch.

Professor Luis E C Rocha

Abstract: Misreporting is a common source of bias in population surveys involving sensitive information such as sexual behaviour, abortion, or criminal activity. To protect privacy, survey participants tend to avoid full disclosure of sensitive personal information, which can compromise the results of survey studies. We introduce a novel ego-centric sampling method based on the respondent’s social networks to make inferences indirectly and anonymously on sensitive traits. By using model and real-world populations, we show that high statistical performance can be achieved using our method and the novel estimator.

Bio: Luis Rocha is Professor of Econophysics and Social Physics. He is affiliated to the Dept of Economics and the Dept of Physics and Astronomy, and leads the Complex Systems Institute at Ghent University, Belgium (www.csi.ugent.be). His research and teaching cover interdisciplinary physics and complexity sciences applied to social, economic and health problems, with focus on computational modelling and network science.

Abstract: The talk will discuss several preliminary research works in the area of extra care home and mobile security domain where AI and machine learning has been used to identify unusual behaviours and raise alarms.

Professor Yanguo Jing

Bio: Professor Dr Yanguo Jing is an Associate Dean at Coventry University, will join Leeds Trinity University from August 2022 as its Dean of the Faculty of Business, Computing and Digital Industries. He is a Professor in Artificial Intelligence and Enterprise. He has over 20 years’ teaching, knowledge exchange and research activities. He is a Fellow of the British Computer Society and a Charter IT professional. Yanguo has secured over £30M funding in his career so far. Yanguo’s prime research interests are AI and big data. His recent research work focuses on the use of machine-learning methods to capture interaction and user behaviour patterns that can be used to develop intelligent applications. This research has been applied in applications such as business analytics, sports analytics, and user behaviour pattern recognition in social networks and extra-care/ Assisted Living settings. He participated in several research and enterprise projects with sponsors and clients such as Cadent Gas, Pfizer, Welsh Government, KPIT, UK’s Comic Relief charity and JISC in the UK.

Abstract: In this talk, the speaker will walk the audience through important milestones of socio-technical aspects of privacy, including important research works, concepts, phenomena, documents and legal pieces. Two selected research areas (Privacy Notices and Policies, and Behavioural Nudging) will be used to showcase some representative research work. Finally, the speaker will briefly introduce his own related work in recent years, hoping to stimulate some useful discussions and inspire new collaborations.

Professor Shujun Li

Bio: Shujun Li is Professor of Cyber Security at the School of Computing, University of Kent in the UK. He is the Director of the Institute of Cyber Security for Society (iCSS), which represents the University of Kent as one of 19 UK government recognised Academic Centres of Excellence in Cyber Security Research (ACEs-CSR). His research interests are mostly around interdisciplinary topics covering cyber security and privacy, human factors, digital forensics and cybercrime, social media analytics, and AI. He has published over 100 research papers at international journals and conferences, and received four Best Paper Awards (IEEE Transactions on Circuits and Systems Guillemin-Cauer Best Paper Award 2022, and Best Paper Awards at IIEEK IEVC 2012, HAS 2017 and HICSS 2021) and a Honourable Mention at ICWSM 2020. He published a monograph on cognitive modelling (Springer 2020), and co-edited four books including Handbook of Digital Forensics of Multimedia Data and Devices (John Wiley & Sons, Inc. and IEEE Press 2015). In 2012, he received an ISO/IEC Certificate of Appreciation, for being the lead editor of ISO/IEC 23001-4:2011, the 2nd edition of the MPEG RVC (Reconfigurable Video Coding) standard. He is currently on the editorial boards of a number of international journals, and has been on the organising or technical program committees of over 100 international conferences and workshops. He is a Fellow of BCS, a Senior Member of IEEE, and a Member of ACM. He is a Vice President and Founding Co-Director of the ABCP.