2023
Special Topic Sessions
We are pleased to introduce a special topic session that delves into the intriguing and constantly evolving security field in emerging technologies. This session will explore three key security areas of focus: Blockchain, Artificial Intelligence, and Quantum. Our expert speakers will provide insights into the unique challenges and potential solutions for securing these cutting-edge technologies, and discuss the latest research and advancements in these fields. Join us to gain a deeper understanding of the future of security in emerging technologies.
Special Session I: Blockchain Security on 5/17
Session Chair: Sang-Yoon Chang, University of Colorado at Colorado Spring.
Topic 1: Proof of Storage on L2 Dynamic Datasets with an Ethereum L1 Contract
Speaker: Frank Liu, Chief Scientist of EthStorage & QuarkChain
Abstract: EIP-4844/Danksharding is a vital component of Ethereum's scalability roadmap, aimed at significantly increasing the upload bandwidth of binary large objects (BLOBs). In this presentation, we will explore a zero-knowledge-based proof system designed to efficiently verify on-chain that BLOBs are stored off-chain with the desired redundancy, such as around 100 physical replicas, given a list of commitments of the BLOBs on-chain. By deploying these storage nodes in an L2 network and assuming the honesty of at least one node, we introduce EthStorage, an L2 storage network that leverages the security of the mainnet while extending Ethereum's storage scalability. We will delve further into topics such as building the proof/verification system when BLOBs are frequently modified and devising incentivization/payment systems that utilize ETH as payment to ensure the desired replication factor.
Topic 2: Mitigating DAO Governance Takeover Attacks with Reputation
Speaker: Jordan Rein (co-Founder) and Alexander Gusev (co-Founder), Soulbound Labs
Abstract: DAO governance takeover attacks occur when an attacker acquires a significant amount of voting power in a decentralized autonomous organization (DAO) and uses it to manipulate the decision-making process in their favor. To mitigate such attacks, DAOs can leverage reputation-based systems. By rewarding members for their contributions and weighting their votes based on reputation, DAOs can foster a more collaborative and resilient decision-making process. Soulbound Labs’ mission is to create a decentralized reputation system that offers a Web3 native, privacy-conscious, censorship-resistant, grass roots alternative to the centralized commercial and social credit systems currently prevalent in our Web2 society.
Topic 3: The future of Zero Knowledge technologies
Speaker: Gokay Saldamli , co-founder at Semiotic AISemiotic and San Jose State University
Abstract: Zero-knowledge (ZK) technologies are a family of privacy-preserving techniques that enable one party to prove the knowledge of a secret without revealing it. These techniques have a broad range of applications, from secure communication to digital identity, from decentralized finance to supply chain management. With ongoing research and development efforts, ZK improves the blockchain scalability, usability, and security. As these technologies become more widely adopted, we can expect to see a more decentralized and trustless world, where individuals have greater control over their data and assets.
Special Session II: AI for Cybersecurity on 5/18
Session Chair: Meenakshi Jindal, Software Engineer at Netflix | IEEE Senior Member
Topic 1: Elevating Cyber Governance Risk and Compliance
Speaker: Khushboo Kashyap, Director, Information Security at Rubrik, Inc.
Abstract: With the rapid advancement of artificial intelligence, we're seeing more and more organizations integrating AI systems into their operations. However, with this integration comes the need for increased security measures to protect against potential cyber threats.
In my talk, we will cover some of the potential cyber threats that could affect AI systems as they relate to the Confidentiality, Integrity and Availability (CIA) security goals, like data manipulation and data poisoning. We will also go through key cybersecurity measures to focus upon for building robust proactive cybersecurity capabilities. Given my area of expertise, I will deep dive into Cyber Governance Risk and Compliance (GRC) principles which can be applied to reach better security outcomes for AI, like Data governance, Trust and transparency, and Security culture.
Topic 2: The rise of the Lakehouse for Cybersecurity and AI
Speaker: Lipyeow Lim, Technical Director for Cybersecurity GTM at Databricks
Abstract: The current fascination with LLMs and generative AI has sparked renewed interest in applying AI/ML to cybersecurity problems. Many organizations are struggling with applying AI/ML to cybersecurity either because they do not have the AI/ML capacity or because their legacy SIEM simply cannot scale AI/ML on the petabyte-scale cybersecurity data. The lakehouse architecture democratizes both data and AI for cybersecurity by unifying data platforms with comprehensive AI/ML capabilities. The lakehouse architecture has the performance profile of a data warehouse and the cost effectiveness of a data lake and thus is able to empower AI in cybersecurity at scale. This talk introduces the lakehouse architecture and how it is enabling organizations to build effective and efficient AI-based threat detection and prevention systems.
Topic 3: The AI Revolution of Traffic Analytics
Speaker: David C. Anastasiu, Assistant Professor at Santa Clara University
Abstract: Transportation is an important area that can benefit from rich data automatically captured by sensors. Traditionally, these sensors have been embedded in highways and roadways at great expense to install and service. Recent advances in computer vision and artificial intelligence have made it possible to instead derive actionable insights from the video feeds of inexpensive cameras mounted at intersections or along various corridors. We will discuss a variety of video-based traffic analytics problems that have been tackled by hundreds of research teams throughout the world in recent years. Their solutions are quickly reaching similar or better performance as those based on embedded sensors and provide a modern AI-based alternative that can make transportation systems smarter and more reliable. Finally, I will conclude the talk with several examples currently transferring these recent research advancements to real-world applications in a town near you.
Special Session III: Future Trends: The Quantum Leap for Cybersecurity and more on 5/19
Session Chair: Vishnu Pendyala, Chair of IEEE Computer Society in Santa Clara & San Jose State University.
Topic 1: Post-Quantum Internet Security Protocols: Overheads and Optimization Strategies
Speaker: Dimitrios Sikeridis, Innovative Engineer, VMware
Abstract: With the White House memorandums of May 4 and November 18, 2022, a challenging picture is emerging within the US federal government and broader industry: the pressing need to begin migration to quantum safe public key cryptography. Indeed, the potential development of large-scale quantum computers is raising concerns among IT and security research professionals due to their ability to solve (elliptic curve) discrete logarithm and integer factorization problems in polynomial time. All currently used public key algorithms would be deemed insecure in a post-quantum setting. In response, the National Institute of Standards and Technology (NIST) is standardizing quantum-resistant crypto algorithms, focusing primarily on their security guarantees. In this talk, we analyze the performance of the NIST post-quantum algorithm candidates and investigate the imposed latency on handshake performance when both post-quantum key exchange and authentication are integrated into protocols like TLS and SSH. In addition, we are evaluating several different solutions towards eliminating the adverse effects of the new post-quantum algorithms on Internet Security protocol performance. Specifically, we (a) propose and evaluate the combination of different PQ signature algorithms across the same certificate chain in TLS, (b) examine how the initial TCP window size affects post-quantum TLS and SSH performance, and (c) propose a novel framework for Intermediate Certificate Authority (ICA) certificate suppression in TLS that reduces the authentication message size and prevents excessive round-trip delays.
Topic 2: Post-Quantum Cryptography Solution Considerations
Speaker: Sunny Dosanjh, CEO DUSA Space
Abstract: The threat of a cryptographically relevant quantum computer (CRQC) that will break classic public key cryptography poses a significant threat to our current security solutions. Companies are now beginning to heed government warnings regarding the risk of bad actors compromising current secure communications and harvesting data for decryption at a later date. In the United States, the National Institute of Standards and Technology (NIST) has been evaluating post-quantum candidate algorithms for seven years and is in the process of finalizing a quantum-resistant standard. The challenge, for any organization utilizing RSA or ECC, is determining the impact that a post-quantum cryptographic (PQC) upgrade will have on their data, applications, networks and devices.
This talk will provide solution considerations regarding the implementation of PQC, how Quantum Random Number Generators (QRNGs) impact performance and the layering of PQC on top of TLS. In addition, the talk will also include how PQC is employed for end-to-end secure communications.
Topic 3: The path to real-world Quantum Advantage and Quantum-Safe enterprise security
Speakers: Das Pemmaraju (Technical Lead), Michael Maximilien (Distinguished Engineer) at IBM
Abstract: In 2022, IBM Quantum announced an ambitious road map for scalable quantum computing with 100,000 qubits and beyond towards the second part of this decade [1]. We will discuss key technologies IBM plans to deliver along this path to real-world quantum advantage including modular multichip architectures, advanced error mitigation techniques and quantum middleware seamlessly orchestrating quantum and classical compute workloads. Anticipating the rise of quantum-centric supercomputing and the potential quantum threat to traditional cryptographic protocols, IBM is also leading the development and delivery of Quantum Safe [2] cryptographic security. We will discuss key features of IBM’s open-source Quantum Safe strategy to enable large scale migration of the world’s cryptographic security systems to the post-quantum era.
Special Panel Session IV: Future Cybersecurity Careers on 5/19
Session Chair: Radhika Rastogi, Sr Manager, Product Security at Capital One
Panel Speakers:
Mona Salvi, Senior Director, Product Security at HubSpot
Nidhi Batra, Site Reliability Engineering at Palo Alto Networks
Santrupti M Sobarad, Senior Information Security at Adobe
Nithya Nair, Principal Tech. Specialist, Microsoft
If you have any questions, please contact us at event.manager@svcsi.org
SVCC 2023 technically sponsored by IEEE
Supported by SVCSI, a nonprofit organization in cybersecurity