Click here to load reader
Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
BRIEF TECHNICAL PLAN :: Cyber Security and Assurance Technologies (CS&AT) Track – IBCAST-2020.
[[ HALL – A ]] Session – 1 (9:30 AM - 11:00 AM)
Te
a B
reak
Session – 2 (11:30 AM - 13:00 PM)
Lun
ch &
Pra
yer
Bre
ak
Session – 3 (14:00 PM - 16:30 / 16:50 PM)
14
Jan
Conference Inauguration – By invitation Only (Auditorium)
During 10:15 AM to 11:15 AM NO ACTIVITY
Conference Registration From 12:30 PM Onwards
Session Start Time: 2:20 PM (Day-1 Only) FOREIGN INVITED TALKS
Dr. Arsalan Husein, USF, USA. (90 mins) Topic: Physical Layer Security: Latest Trends, Threats & Countermeasures Prof. Dr. LIU Jianwei, Beihang University, China. (45 mins) Topic: 5G Network Security - Current Research Situation & Key Technologies
15
Jan
FOREIGN INVITED TALKS Mr. Andrey Golov, Security Code, Russia. (45 mins) Topic: Digital Independence and Future Challenges of Cyber Security Mr. Andrey Golov, Security Code, Russia. (45 mins) Topic: UEFI Security and How to Tackle Hidden Functionality of BIOS
LOCAL INVITED TALK Dr. Hanif Durad, PIEAS. (40 mins) Topic: Cyber Security Challenges in Industrial Critical Infrastructure PAPER ID: CS&AT-573, CS&AT-620, CS&AT-700
TECHNICAL WORKSHOP Mr. Emre Tinaztepe, Binalyze LLC, USA/Estonia. (150-170 mins) Topic: Malware Forensics
16
Jan
FOREIGN INVITED TALK Dr. Alisa Koreneva, Security Code, Russia. (45 Mins) Topic: Encryption Performance of Certain Wide Block Ciphers and Stream Ciphers (Talk is based on work by Prof. Vladimir Fomichev) PAPER ID: CS&AT-319, CS&AT-445, CS&AT-622
FOREIGN INVITED TALK Mr. Denis Legezo, Kaspersky, Russia. (50 Mins) Topic: Regional Targeted Malware Threat Landscape in Central Asia PAPER ID: CS&AT-86, CS&AT-699
FOREIGN INVITED TALK Dr. Alisa Koreneva, Security Code, Russia. (45 Mins) Topic: Evaluation Mechanism of Block and Stream Ciphers including GOST
LOCAL INVITED TALK Mr. Mahir Mohsin, Trillium. (45 Mins) Topic: Cyber Threat Intelligence Dr. Sadaf Rubab, NUST. (30 mins) Topic: AI assisted Cyber Security
[[ HALL – B ]]
14
Jan
Conference Inauguration – By invitation Only (Auditorium)
During 10:15 AM to 11:15 AM
Tea
Bre
ak
NO ACTIVITY Conference Registration From 12:30 PM Onwards
Lun
ch &
Pra
yer
Bre
ak
Session Start Time: 2:20 PM (Day-1 Only) TECHNICAL WORKSHOP
Dr. Kashif Saghar, CESAT. (150 Mins) Topic: Formal Verification using UPPAL
15
Jan
LOCAL INVITED TALKS Dr. Jamal Abdul Nasir, IIUI. (40 mins) Topic: Data Science and Malicious Package Updates Dr. Muhammad Shiraz, FUUAST. (40 mins) Topic: Remote Data Integrity in Computational Clouds: Challenges and Opportunities PAPER ID: CS&AT-105, CS&AT-690
LOCAL INVITED TALKS Dr. Usman Nasir, IIU. (30 mins) Topic: Challenges in adopting Automated Testing PAPER ID: CS&AT-701, CS&AT-134, CS&AT-635
Dr. Muhammad Safyan, GCU (40 Mins) Topic: Semantic Technologies for Malware Analysis
TECHNICAL WORKSHOP Muhammad Asim Minhas, CESAT. (110 Mins) Topic: Unit Testing and Test Driven Development
16
Jan
LOCAL INVITED TALKS Dr. Syed Nasir Mehmood Shah, KICSIT (40 Mins) Topic: Multi-tier Security Techniques for Data Leakage Detection and Prevention in Computing Systems Dr. Rizwan Ahmad, SEECS, NUST (40 Mins) Topic: Wireless Body Area Networks: An overview and open research challenges
LOCAL INVITED TALKS Dr. Aamer Nadeem, CUST (40 Mins) Topic: Formal Methods and Testing Mr. Majd ud Din, Bentley Systems (40 Mins) Topic: DevOps – Assuring Quality with Speed
PAPER ID: CS&AT-257 LOCAL INVITED TALK
Mr. Noor Muhammad, Xflow Research. (60 Mins) Topic: Deep Packet Inspection (DPI): Industry's perspective Mr. M. Zeeshan, Xflow Research (60 Mins) Topic: Fast Packet Processing: Industry's perspective
Technical Program of CS&AT Track (IBCAST-2020) – Day 1 (14 January, 2020)
HA
LL-A
10:15-11:15
CONFERENCE INAGURAL SESSION
12:30-13:00
CONFERENCE REGISTRATION ACTIVITY
13:00-14:00
LUNCH & PRAYER BREAK
14:20-15:50
Topic: Physical Layer Security: Latest Trends, Threats and Countermeasures
Foreign Invited Talk by Prof. Dr. Arsalan Husein, University of South Florida, Tampa, FL, USA.
15:50-16:35
Topic: 5G Network Security – Current Research Situation and Key Technologies
Foreign Invited Talk by Prof. Dr. LIU Jianwei, Beihang University, China
HA
LL-B
09:30-13:00
INAGURAL SESSION/REGISTRATION ACTIVITY
13:00-14:00
LUNCH BREAK & PRAYER BREAK
14:00-16:30
Topic: Formal Verification using UPPAL Technical Workshop by Dr. Kashif Saghar, CESAT, Pakistan.
Technical Program of CS&AT Track (IBCAST-2020) – Day 2 (15 January, 2020)
HA
LL-A
09:30-10:15
Topic: Digital Independence and Future Challenges of Cyber Security
Foreign Invited Talk by Mr. Andrey Golov, Security Code, Russia.
10:15-11:00
Topic: UEFI Security and How to Tackle the Hidden Functionality of BIOS
Foreign Invited Talk by Mr. Andrey Golov, Security Code, Russia.
11:00-11:30
TEA BREAK
11:30-12:10
Topic: Cyber Security Challenges in Industrial Critical Infrastructure
Local Invited talk by Dr. Hanif Durad, PIEAS, Pakistan.
12:15-12:30
Topic: CS&AT-573: Machine Learning for Detecting Drift Fault of Sensors in Cyber-Physical Systems
Sana Ullah Jan, University of Ulsan, South Korea.
12:31-12:45
CS&AT-620: Decentralized and secure cooperative edge node grouping to process IoT applications in heterogeneous Smart Cyber-Physical Systems
Muhammad Mudassar, Beijing Institute of Technology, Beijing, China.
12:46-13:00
CS&AT-700: Towards an Efficient Intrusion Detection System for High Speed Networks
Kashif Naseer Qureshi, Bahria University, Islamabad, Pakistan.
13:00-14:00
LUNCH BREAK & PRAYER BREAK
14:00-16:30
Topic: Malware Forensics Technical Workshop by Mr. Emre Tinaztepe, Binalyze LLC, USA / Estonia.
HA
LL-B
09:30-10:00
Topic: Data Science and Malicious Package Updates
Local Invited Talk by Dr. Jamal Abdul Nasir, IIUI, Islamabad, Pakistan. (30 mins)
10:00-10:30
Topic: Remote Data Integrity in Computational Clouds: Challenges and Opportunities
Local Invited Talk by Dr. Muhammad Shiraz, FUUAST, Islamabad, Pakistan. (30 mins)
10:31-10:45
CS&AT-105: AutoQP: Genetic Programming for Quantum Programming
Mr Usama Ahsan, PIEAS, Islamabad
10:46-11:00
CS&AT-690: Theoretical Eval of Coupling Metrics in Software Fault Prediction
Muhammad Rizwan, Capital University of Science & Technology, (CUST)
TEA BREAK
11:30-12:05
Topic: Challenges in adopting Automated Testing
Local Invited Talk, Dr. Usman Nasir, IIUI, Islamabad, Pakistan. (30 mins)
12:10-12:25
CS&AT-701: Empirical Evaluation of Coupling Metrics in Software Fault Prediction
Muhammad Rizwan, Capital University of Science & Technology, (CUST)
12:26-12:40
CS&AT-134: Predicting Survivors of Titanic Disaster Using ML Algorithms
Myda Khalid, University of Lahore
12:41-12:55
CS&AT-635: A new Ensemble approach for Software Fault Prediction
Ehsan Elahi, COMSATS University, Islamabad
LUNCH BREAK & PRAYER BREAK 14:00-14:30
Topic: Semantic Technologies for Malware Analysis
Local Invited Talk by Dr. Muhammad Safyan, GCU, Lahore, Pakistan. (30 mins)
14:30-16:15
Topic: Unit Testing & Test Driven Development
Workshop by Mr. M. Asim Minhas, CESAT.
Technical Program of CS&AT Track (IBCAST-2020) – Day 3 (16 January, 2020)
HA
LL-A
09:30-10:15
Topic: Encryption Performance of Certain Wide Block Ciphers and Stream Ciphers (This talk is primarily based on the work of Prof. Vladimir Fomichev)
Foreign Invited Talk by Dr. Alisa Koreneva, Security Code, Russia. (45 Mins)
10:15-11:00
CS&AT-445: Formal Verification of Blockchain based Credential Management System
Mohammad Hani, PIEAS, Islamabad, Pakistan.
11:01-11:15
CS&AT-319: Analysis of QKD Protocols: Simulation & Comparison
Ehtesham Khan, CESAT, Islamabad.
11:16-11:30
CS&AT-622: An Improved Authentication Protocol for Global Mobility Network
Mehmood Ul Hassan, NUST, Pakistan.
TEA BREAK
11:30-12:20
Topic: Regional Targeted Malware Threat Landscape in Central Asia
Foreign Invited Talk by Mr. Denis Legezo, Kaspersky, Russia.
12:25-12:40
CS&AT-86: ARMINTEL: A Heterogeneous Microprocessor Architecture Enabling Intel Applications on ARM
Saqib Madni, PIEAS, Islamabad, Pakistan.
12:40-12:55
CS&AT-699: Hardware Trojan Detection using FBHT in FPGAs
Kashif Naseer, Bahria University, Islamabad, Pakistan
LUNCH BREAK & PRAYER BREAK
14:01-14:45
Topic: Evaluation Mechanism of Block and Stream Ciphers including GOST
Foreign Invited Talk by Dr. Alisa Koreneva, Security Code, Russia. (45 Mins)
14:45-15:30
Topic: Cyber Threat Intelligence Local Invited Talk by Mr. Mahir Mohsin, Trillium, Pakistan. (30 mins)
15:30-16:10
Topic: AI assisted Cyber Security Local Invited Talk by Dr. Sadaf Rubab, NUST, Islamabad. (30 mins)
HA
LL-B
09:30-10:10
Topic: Multi-tier Security Techniques for Data Leakage Detection and Prevention in Computing Systems
Local Invited Talk by Dr. Syed Nasir Mehmood Shah, KICSIT (40 Mins)
10:15-10:55
Topic: Wireless Body Area Networks: An overview and open research challenges
Local Invited Talk by Dr. Rizwan Ahmad, SEECS, NUST. (40 Mins)
TEA BREAK 11:30-12:10
Topic: Agent Oriented Programming Local Invited Talk by Dr. Aamer Nadeem, CUST, Islamabad. (40 Mins)
12:15-12:55
Topic: Quality baked with Speed: DevOps and Technologies
Local Invited Talk by Mr. Majd ud Din, Bentley Systems, Islamabad. (40 Mins)
LUNCH BREAK & PRAYER BREAK
14:00-14:15
CS&AT-257: Face Recognition Framework using Tetra-Patterns and ML
Dr. Ali Javed, Oakland University, United States.
14:15-16:15
Topic: Deep Packet Inspection (DPI): Industry's perspective Topic: Fast Packet Processing: Industry's perspective
Mr. Noor Muhammad, Xflow Research, Islamabad. (60 Mins) Mr. M. Zeeshan, Xflow Research, Islamabad (60 Mins)
Profiles of Foreign Keynote Speakers and Abstracts of Talks (IBCAST-2020)
SPEAKER: Prof. Dr. Arsalan Husein,
Professor Department of Electrical Engineering, University of South Florida, Tampa, FL, USA.
BIOGRAPHY:
Dr. Arslan (IEEE Fellow) has received his BS degree from Middle East Technical University
(METU), Ankara, Turkey in 1992; MS and Ph.D. degrees in 1994 and 1998 from Southern
Methodist University (SMU), Dallas, TX. USA. From January 1998 to August 2002, he was with
the research group of Ericsson Inc., NC, USA, where he was involved with several projects
related to 2G and 3G wireless communication systems. Since August 2002, he has been with
the Electrical Engineering Dept. of University of South Florida, Tampa, FL, USA, where he is a
Professor. In December 2013, he joined Istanbul Medipol University to found the Engineering
College, where he has worked as the Dean of the School of Engineering and Natural Sciences.
He has also served as the director of the Graduate School of Engineering and Natural Sciences
in the same university. In addition, he has worked as a part-time consultant for various
companies and institutions including Anritsu Company, Savronik Inc., and The Scientific and
Technological Research Council of Turkey.
Dr. Arslan’s research interests are related to advanced signal processing techniques at the
physical and medium access layers, with cross-layer design for networking adaptivity and
Quality of Service (QoS) control. He is interested in many forms of wireless technologies
including cellular radio, wireless PAN/LAN/MANs, fixed wireless access, aeronautical networks,
underwater networks, in vivo networks, and wireless sensors networks. His current research
interests are on 5G and beyond, physical layer security, interference management (avoidance,
awareness, and cancellation), cognitive radio, small cells, power line communications, smart
grid, UWB, multi-carrier wireless technologies, dynamic spectrum access, co-existence issues
on heterogeneous networks, aeronautical (High Altitude Platform) communications, in vivo
channel modeling and system design, and underwater acoustic communications. He has served
as technical program committee chair, technical program committee member, session and
symposium organizer, and workshop chair in several IEEE conferences. He is currently a
member of the editorial board for the IEEE Surveys and Tutorials and the Sensors Journal. He
has also served as a member of the editorial board for the IEEE Transactions on
Communications, the IEEE Transactions on Cognitive Communications and Networking
(TCCN), the Elsevier Physical Communication Journal, the Hindawi Journal of Electrical and
Computer Engineering, and Wiley Wireless Communication and Mobile Computing Journal.
TITLE: Physical Layer Security: Latest Trends, Threats and Countermeasures
SYNOPSIS / ABSTRACT:
Today's wireless services and systems have come a long way since the rollout of the
conventional voice-centric cellular systems. The demand for wireless access in voice and multi-
media applications has increased tremendously. The trend on the variety and the number of
mobile devices along with the mobile applications will certainly continue beyond 5G, creating a
wide range of technical challenges. One of the biggest challenges is the security of the
communication beyond the classical crypto based approaches which secure the information. In
this talk, security aspects of the physical communication and also physical signal which is called
Physical Layer Security (PHY Security) will be discussed. Latest trends, threats, and techniques
to improve the security of the physical signal will be discussed. The tentative outline of the talk
will be as follows:
Wireless Communication trends, requirements Importance of secure communication Classification of communication security PHY security: Communication and REM PHY security: Eavesdropping, Spoofing & Jamming Anti-jamming capable communication Cross-layer security Secure communication & other advanced radio access technologies Case- studies:
a) Security in URLLC (URLL & Secure communication) b) Security in vehicular network (V2V and V2I) c) Security in NOMA d) Security in LIS
WORKSHOP TRAINER: Emre TINAZTEPE,
Founder and Managing Director, Binalyze LLC, USA. / Estonia.
BIOGRAPHY:
Emre TINAZTEPE is a veteran Cyber Security expert who has been in the cyber security
industry for 15 years. He is specialized in Reverse Engineering, Malware Analysis, Kernel Driver
Development, and Software Engineering. Emre is the founder of Binalyze – an Incident
Response Company developing next-generation solutions for solving the problems of modern
incident response. He is a keen learner and a team leader by nature. Apart from actively coding
with his team, he is training classes on Malware Analysis and Incident Response both on-
demand and a full semester at TOBB ETU University.
WORKSHOP TITLE: Malware Forensics
WORKSHOP PLAN:
What is memory forensics and why we should use it? Getting used to with tools of choice, Analyzing Botnets with Volatility and Rekal Analyzing APT attacks with Volatility and Rekal
SPEAKER: Prof. Dr. LIU Jianwei,
Professor and Dean, School of Cyber Science and Technology, Beihang University, Beijing, China.
BIOGRAPHY:
Dr. Jianwei Liu received his Ph.D in communication engineering from Xidian University, China in
1998, and his B.S. and M.S. degrees in electronic engineering from Shandong University, China
in 1985 and 1988. He is currently a professor and dean of School of Cyber Science and
Technology, Beihang University. His current research interests include cryptographic protocol
design, wireless and mobile network security, space-air-ground integrated network security, and
5G network security. He has published 6 books and nearly 200 papers in his research fields. He
is a senior member of the Chinese Institute of Electronics and director of the Chinese
Association for Cryptologic Research. He has been awarded the first prize of technological
invention of China.
TITLE: 5G Network Security – Current Research Situation and Key Technologies
SYNOPSIS / ABSTRACT:
With the development of Internet of things, 5G network business expands from 1G-4G
communications to industrial Internet and smart city, and supports more business scenarios,
higher performance indicators and stronger and more flexible communication security
capabilities. However, 5G network is faced with many security risks and challenges in unified
authentication, terminal security, virtualization security, edge computing, network slicing,
security domain isolation and other aspects. 5G security has attracted people's attention and
become a hot research topic. The main contents of this presentation are as follows:
(1) The development status of 5G network and the security threats it faces are summarized.
Then, according to the 5G network characteristics, business scenarios and security
requirements, five security risks and challenges of 5G are summarized.
(2) The security key technologies of 5G access network security, including 5G network control
plane/user plane and signaling encryption, 5G network authentication and key distribution
protocol, 5G network slicing security and key management, and 5G network slicing operation
support system, are explained in detail.
(3) The research status of 5G security in China and abroad, the technical standards which are
put forward by international standardization organizations, Chinese standards of 5G security are
listed, and the development of 5G terminals by Chinese manufacturers are introduced.
(4) The 5G security research projects and research progress carried out by the 5G security
research team in Beihang university, and development prospects of 6G communication
technology are introduced.
SPEAKER: Andrey Golov,
Chief Executive Officer (CEO), Security Code Ltd. / Trusted Access Technologies, Moscow, Russia.
BIOGRAPHY:
Andrey Golov is the Chief Executive Officer at Trusted Access Technologies. He has more than 15 years of executive experience on IT and Securitstrategy for overseeing all business functions, gooperational and financial goals. Andreydegree in IT management. Andrey also holds CISSP and CISA certificates.
TITLE-1: Digital independence and Future Challenges of Cyber Security
SYNOPSIS / ABSTRACT:
Digital transformation is taking place across all facets of society, business and government. Business processes are getting deeply automized. It is happening by creating new IT services (especially E-government) and developing IT infrastructure (IoT and Critical Infrastructure).Simultaneously, cyber-attacks are becoming morcriminals are using sophisticated methods to steal data and money and more over to intercept of control of critical infrastructure. But all elements of the basic IT infrastructure (computers, networks and data centers) do not have a wide control, encryption, authentication and others are embedded or products that run on operating system (OS) like Microsoft. But if an attacker gets privileged access to the OS, then he is able to be completely unnoticed by the user to disable all security mechanisms (switch it off) and gain access to critical data. The problem is that pure software security products are not enough to provide protection for sensitive environments.operating system and its basic security mechanism integrity.
We will discuss key topics regarding sensitive ITadministrator and security officer privileges across the whole IT infrastructure?classification policy and IT infrastructure security together?and why it is necessary for modern security?
TITLE-2: UEFI Security and How to Tackle
SYNOPSIS / ABSTRACT:
UEFI plays crucial yet invisible role in endpoint security. Recently we observe high profile attackers target them to evade standard security tools and get persistence. brief overview regarding key components
What the key components of UEFI are from security prospective? UEFI image, loading process, an Which threats they are vulnerable to? Model of threats How to tackle those threats? Protection approach and how
Security Code Ltd. / Trusted Access Technologies,
Golov is the Chief Executive Officer at Trusted Access Technologies. He has more than 15 years of executive experience on IT and Security positions. He is responsible for overall strategy for overseeing all business functions, go-to-market activities, attainment of strategic,
Andrey has degree in mathematics, financial analysis and MBA also holds CISSP and CISA certificates.
and Future Challenges of Cyber Security
Digital transformation is taking place across all facets of society, business and government. siness processes are getting deeply automized. It is happening by creating new IT services
government) and developing IT infrastructure (IoT and Critical Infrastructure).attacks are becoming more complex and frequent. Hackers/
are using sophisticated methods to steal data and money and more over to intercept of But all elements of the basic IT infrastructure (computers,
networks and data centers) do not have a wide variety. Security mechanisms like access control, encryption, authentication and others are embedded or products that run on operating
But if an attacker gets privileged access to the OS, then he is able to ed by the user to disable all security mechanisms (switch it off) and gain
The problem is that pure software security products are not enough to provide protection for sensitive environments. Entire security posture is heavily depeoperating system and its basic security mechanism integrity.
We will discuss key topics regarding sensitive IT-infrastructure protection; How to divide IT administrator and security officer privileges across the whole IT infrastructure?classification policy and IT infrastructure security together? What is hardwareand why it is necessary for modern security?
UEFI Security and How to Tackle the Hidden Functionality of BIOS
UEFI plays crucial yet invisible role in endpoint security. Recently we observe high profile attackers target them to evade standard security tools and get persistence. The talk brief overview regarding key components, vulnerabilities and attack vectors on UEFI, including:
What the key components of UEFI are from security prospective? UEFI image, loading process, and architecture Which threats they are vulnerable to? Model of threats
to cut off potentially dangerous activities from BIOS level.
Golov is the Chief Executive Officer at Trusted Access Technologies. He has more than y positions. He is responsible for overall market activities, attainment of strategic,
has degree in mathematics, financial analysis and MBA
Digital transformation is taking place across all facets of society, business and government. siness processes are getting deeply automized. It is happening by creating new IT services
government) and developing IT infrastructure (IoT and Critical Infrastructure). ackers/ organized
are using sophisticated methods to steal data and money and more over to intercept of But all elements of the basic IT infrastructure (computers,
variety. Security mechanisms like access control, encryption, authentication and others are embedded or products that run on operating
But if an attacker gets privileged access to the OS, then he is able to ed by the user to disable all security mechanisms (switch it off) and gain
The problem is that pure software security products are not enough to Entire security posture is heavily dependent on
How to divide IT administrator and security officer privileges across the whole IT infrastructure? How to tie data
What is hardware-based security
of BIOS
UEFI plays crucial yet invisible role in endpoint security. Recently we observe high profile The talk will provide
ors on UEFI, including:
to cut off potentially dangerous activities from BIOS level.
SPEAKER: Alisa Koreneva,
R&D Team Lead, Department of Certification, Information Security and Cryptography, Security Code Ltd. / Trusted Access Technologies, Moscow, Russia.
BIOGRAPHY:
Alisa Koreneva is an information security specialist and reliable researcher, who helps
developers to implement cryptographic schemes. She is a team lead in Moscow R&D center of
Security Code/Trusted Access Technologies, which produces certified cyber security
solutions for enterprises and government agencies.
Alisa is a student supervisor, patentee and author of more than 25 publications and 20
presentations. Her main research interests are block ciphers and Shannon confusion principles,
as well as entropy, randomness and pseudo random number generators.
In 2019, Alisa became a guest editor for the Journal of Computer Virology and Hacking
Techniques (Springer). She is in charge of the special issue about Russian research in
cryptology and information security systems.
TITLE-1: Encryption Performance of Certain Wide Block Ciphers and Stream Ciphers
SYNOPSIS / ABSTRACT:
In this talk, we introduce a novel family of cryptographic schemes with a block size ranging from
256 up to 1024 bits. We call these algorithms Wide Block Ciphers. Without loss of generality, we
focus on the version called KB-256. In the context of information security, these schemes may
be of considerable interest since they allow enhancing encryption performance in a significant
way and providing the properties of confusion and diffusion in terms of Claude E. Shannon.
Developers can utilize the proposed schemes as building blocks for the algorithms of ensuring
information confidentiality and integrity.
TITLE-2: Evaluation Mechanism of Block Ciphers and Stream Ciphers including GOST
SYNOPSIS / ABSTRACT:
We talk about the main methods that are applied by cryptographers all over the world to block
ciphers evaluation. Taking into consideration a long history of GOST algorithms research, we
observe the evaluation process and present the main results regarding the security properties of
national ciphers of the Russian Federation.
SPEAKER: Denis Legezo,
Senior Security Researcher, Global Research and Analysis Team (GreAT), Kaspersky Lab, Russia.
BIOGRAPHY:
In Kaspersky Lab Denis Legezo is working as Senior Security Researcher with Global Research
and Analysis Team (GreAT) and specialized on targeted attacks research. He got his degree at
cybernetics and applied mathematics facility of Moscow State University in 2002. His diploma
topic was directly related to information security. Then he started his career as a programmer in
different public and commercial companies. Before joining Kaspersky Lab in the beginning of
2014, he worked as a technical expert for one of the Russian IT companies. He presented his
targeted malware researches at RSA Conference, SAS, VirusBulletin, MBLT Dev.
TITLE: Regional Targeted Malware Threat Landscape in Central Asia
SYNOPSIS / ABSTRACT:
In 2019, Central Asia was a hotspot in terms of targeted malware campaigns. We witnessed a
rise in the number of cases of targeted malware infections spread via ISPs and service
providers. Even when users resort to safe and recommended practices, they are still vulnerable
to these more cunning attacks. In this talk, we will discuss the techniques currently in use for
these targeted infections and how they abuse user trust on multiple levels.
One of the cases we’ll discuss leverages custom malware designed to compromise TLS-
encrypted communications used in the HTTPS protocol. Via a combination of installing digital
certificates on the target’s browsers and manipulating the TLS handshake to their own schema,
the malware operators are able to distinguish the target’s traffic, even after NAT routing, and
decrypt it. To mark and distinguish the target’s traffic the developers come up with their own
technically ingenious mechanisms – by patching the system’s PRNG functions.
We will also discuss the operations of another prolific actor, StrongPity. One of the most
fascinating aspects of StrongPity’s operations is the spread of malware via HTTP 307
redirections at the ISP level. The victims are just going about their normal browsing, trying to
download popular software from the official website, when they are silently redirected to a
version that has been trojanized by the malware operators.
Moreover, ISPs aren’t the only service providers being abused for targeted attacks! We will
discuss new research into how a national data centre in Asia was used as a similar infection
vector. The attackers compromised the data centre where the local government’s online
services are hosted. Once inside, they not only gained access to multiple government services
at once, they were also able to add malicious scripts to government websites to use them for
watering hole attacks for further targeted infections.
Profiles of Local Invited Speakers and Abstracts of Talks (IBCAST-2020)
SPEAKER: Dr. Muhammad Hanif Durad,
Professor /Deputy Chief Scientist, Department of Computer & Information Sciences( DCIS), Pakistan Institute of Engineering & Applied Sciences (PIEAS), P.O. Nilore, Islamabad, Pakistan.
http://www.pieas.edu.pk/departments.cshtml
BIOGRAPHY:
Dr. Muhammad Hanif Durad, did his M. Sc. Physics from Government College University Lahore
in 1990. During his undergrad studies, he won the district government Merit Scholarship and
Certificate of Merit from Government College University Lahore. In 1994, he did his M.S. in
Systems Engineering from Pakistan Institute of Engineering & Applied Sciences (PIEAS).
After graduating from PIEAS, he joined Computer Division, PINSTECH where he worked on
various projects related to computer interfacing, network deployment and development. In April
2003, he joined PIEAS faculty from where he won the HEC merit scholarship for PhD studies
abroad. He completed his PhD from Beijing Institute of Technology (BIT), P.R. China in July
2007. His thesis title was “Evaluation of trust in Open and Grid Networks”.
He is heading Cyber Security group and is also Incharge of Critical Infrastructure Protection and
Malware Analysis Lab, the constituent part of National Center for Cyber Security, Pakistan. He is
reviewer of many reputed journals and international conferences. He has authored many papers
in internationally reputed peer-reviewed journals and conferences. His research interests include
Network Security, Cryptography, Embedded System Security, Industrial Control Cyber security,
Cluster/ Grid/ Cloud/ fog computing.
TITLE: Cyber Security Challenges in Industrial Critical Infrastructure
SYNOPSIS / ABSTRACT:
Nowadays, the industrial sector is being challenged by several cybersecurity concerns. Direct
attacks by malicious persons and (or) software form part of the severe threats to industrial
control systems (ICSs). These affect products/ production qualities, brand reputations, sales
revenues, and aggravate the risks to health and safety of human lives. To manage
this phenomenon, refined and holistic (combining people, process, and technology perspectives)
security strategies and solutions are required to enhance security in ICS. In this talk I will give
insightful review of possible solution path beginning with the understanding of ICS security
trends relative to cyber threats, vulnerabilities, attacks and patterns, risks, and the impacts of all
these on the industrial environment.
SPEAKER: Dr. Syed Nasir Mehmood Shah
Associate Professor Dr. A. Q. Khan Institute of Computer Sciences and Information Technology (KICSIT), Kahuta, Pakistan.
www.kicsit.edu.pk
BIOGRAPHY:
Dr. Syed Nasir Mehmood Shah is serving as Deputy Director and Associate Professor at Dr. A.
Q. Khan Institute of Computer Sciences and Information Technology (KICSIT), Kahuta,
Pakistan. He did his PhD in Information Technology with specialization in the field of Grid
Computing from Universiti Teknologi PETRONAS, Malaysia. He did his MSc and MS in
Computer Science from Quaid-e-Azam University, Islamabad and COMSATS Institute of
Information Technology, Islamabad respectively. He has been associated with academia and
industry at different levels for the last 16 years. He has published more than 35 research papers
in the reputed journals, book chapters and conferences. He remained the Conference Secretary
for Annual Computational Science Conference 2013-2015. He has been serving on the
organizing and technical committees of many international conferences. Dr. Nasir has an active
collaboration with other researchers in Pakistan as well as abroad. He is also member of
Pakistan Society of Computational Science and Pakistan Information Security Association.
TITLE: Multi-tier Security Techniques for Data Leakage Detection and Prevention in
Computing Systems
SYNOPSIS / ABSTRACT:
NA.
SPEAKER: Dr. Muhammad Safyan,
Assistant Professor Department of Computer Science, Government College University, Lahore, Pakistan.
http://dcs.gcu.edu.pk/DCS/faculty
BIOGRAPHY:
Awaited.
TITLE: Semantic Technologies for Malware Analysis.
SYNOPSIS / ABSTRACT:
NA.
SPEAKER: Dr. Aamer Nadeem,
Professor, Head of Software Engineering Program, Capital University of Science and Technology, Islamabad.
https://cust.edu.pk/our_team/dr-aamer-nadeem/
BIOGRAPHY:
Dr. Aamer Nadeem received his MSc degree in computer science from Quaid-i-Azam University
(QAU), MS in software engineering from National University of Sciences and Technology
(NUST), and PhD in computer science from Mohammad Ali Jinnah University (MAJU). During
his PhD, he worked as a Visiting Scholar at the Chinese University of Hong Kong (CUHK) under
research collaboration. He has over 30 years of teaching, research and industry experience in
computer science and software engineering. He has supervised 41 Masters and two PhD
research theses in software engineering. He has authored or co-authored over 90 articles in
international journals and conferences. He is a professional member of the Association for
Computing Machinery (ACM).
TITLE: Formal Methods and Testing.
SYNOPSIS / ABSTRACT:
NA.
SPEAKER: Mr. Majd ud Din,
Director, Pakistan Software Testing Board, (March 1, 2016 to date) Bentley Systems Pakistan (Pvt.) Ltd.
Senior Manager (May 1, 2014 to date) Software Quality Bentley Systems Pakistan (Pvt.) Ltd.
Blogger (October 7, 2012 to date) https://knowledgetester.wordpress.com/
BIOGRAPHY:
An experienced executive with ~20 years of experience that includes ~10 years in management
role. Good at mentoring and nurturing engineering teams to focus them on achieving business
goals. Have participated in many innovative technology projects in a catalyst role to improve the
quality. Facilitator of leadership courses for industry professionals and a blogger/ trainer on
software quality topics.
TITLE: DevOps – Assuring Quality with Speed.
SYNOPSIS / ABSTRACT:
NA.
SPEAKER: Dr. Muhammad Shiraz,
Assistant Professor, Department of Computer Science, Federal Urdu University of Arts, Science and Technology, Islamabad, Pakistan.
http://mobcc.fsktm.um.edu.my/index.php/Dr_Muhammad_Shiraz
BIOGRAPHY:
Dr. Muhammad Shiraz completed his PhD. Degree with Distinction from University of Malaya,
Malaysia in 2013 and Masters in Computer Science from Allama Iqbal Open University (AIOU)
Islamabad, Pakistan in 2007. He completed his under graduation from CECOS University of
Information Technology and Emerging Sciences Peshawar, Pakistan with the distinction of Gold
medal. Currently, he is an active researcher in the Mobile Cloud Computing Research Group at
Faculty Computer Science and Information Technology University Malay Kuala Lumpur. His
areas of interest include distributed applications design for Ubiquitous Networks, Distributed
Systems, Lightweight Applications, Smart Client Applications and Optimization Strategies,
Mobile Cloud Computing.
TITLE: Remote Data Integrity in Computational Clouds: Challenges and Opportunities.
SYNOPSIS / ABSTRACT:
Cloud computing is practical form of a long held dream of using computing resources as a utility.
Computational clouds are deployed for augmenting low potential client computing devices.
Recently, a number of distributed computing models have emerged to leverage computational
clouds for mitigating resources limitations of specialized and low potential computing devices
like sensor nodes, IoT devices, and smartphones. The implications of computational clouds
include cost efficiency, scalability, flexibility, better IT resource management, high reliability,
great mobility and better performance. Hence, cloud computing become the compulsion of the
consumers to compete in marketplace. However, the widespread services and abundant
resources in the cloud datacenters are subjected to privacy and security threats including
malware attacks, botnet attacks and suspicious blog entries. Similarly, users outsource data
assets to cloud datacenters, therefore for the reason of centralized shared pool nature of cloud
computing environment the cloud consumers physically lose control on their data and tasks. As
the cloud consumer’s data assets are on stake of cloud vendor, hence, the cloud consumer
depends upon centralized cloud vender’s security measures for implementing privacy and
ensuring data security. However, blindly relying on cloud service provider is impractical for the
reasons that the goals and benefits of the cloud consumer and cloud service provider may differ
with each other. Therefore, the cloud consumer needs mechanisms that ensure high degree of
confidence on data security and trust on the cloud service provider. Security concerns in cloud
include confidentiality and privacy, lack of control, availability, data integrity and accuracy. Many
researchers develop different mechanisms of data security and integrity for cloud computing
environment. This session presents discussion on challenges and opportunities in ensuring
integrity in computational clouds. Objectives are to highlight the importance of reliable, cost
effective and a fast solution for cloud consumers that make them confident about the security,
and integrity of their data that is outsourced to the cloud environment.
SPEAKER: Dr. Rizwan Ahmad,
Assistant Professor Department of Electrical Engineering, School of Electrical Engineering and Computer Science (SEECS), National University of Sciences and Technology (NUST), NUST Campus H-12, Islamabad.
http://seecs.nust.edu.pk/faculty/rizwan.html
BIOGRAPHY:
Rizwan Ahmad received M.Sc. degree in Communication Engineering and Media Technology
from the University of Stuttgart, Stuttgart, Germany in 2004 and Ph.D. degree in Electrical
Engineering from Victoria University, Melbourne, Australia in 2010. From 2010 to 2012, he was
a Postdoctoral Research Fellow with Qatar University on a QNRF grant. He is currently working
as Assistant Professor at School of Electrical Engineering and Computer Science, National
University of Sciences and Technology, Pakistan. He also leads the Communication Systems
and Networking (CSN) research group at NUST. His research interests include medium access
control protocols, spectrum and energy efficiency, energy harvesting and performance analysis
for wireless communication and networks. He has published and served as a reviewer for IEEE
journals and conferences. He also serves on the TPC of leading conferences in the
communication and networking field, including, e.g. IEEE VTC, IEEE ICC, IEEE Globecom. He
is a member of IEEE. He was the recipient of the prestigious International Postgraduate
Research Scholarship from the Australian Government.
TITLE: Wireless Body Area Networks: An overview and open research challenges.
SYNOPSIS / ABSTRACT:
In this talk, I will present an overview of the WBAN standards and discuss a few of our works
where we have conducted simulations related to performance of WBANs. WBANs are bringing
in the new revolution and have emerged as a definite solution to increase the quality of health
care and subsequently decrease the cost of patient monitoring, and management. They also
serve a large number of non-medical applications. The main topics of discussion are use of
spectrum and energy efficient techniques such network coding, channel coding, hierarchical
modulation etc. for reliable communications. This presentation will also discuss solutions to
superframe efficiency at MAC layer using dynamism and backoff algorithms. Reliable co-
existence in the case of multiple WBANs while exploiting the node priorities is also discussed.
Finally, some open challenges will be discussed.
SPEAKER: Mahir Mohsin Sheikh
Chief Executive Officer (CEO), Trillium Information Security Systems, 10th Floor, AWT Plaza, 5-The Mall, Rawalpindi, Pakistan.
https://infosecurity.com.pk/
BIOGRAPHY:
Mahir has Bachelor in Science Degree (2004-2008) from the University of Toronto, Canada and
MS Degree in Information Assurance (2009-2010) from the Norwich University, United States.
He also has multiple prestigious industry certifications to his credit, including: CISSP, HISP, ITIL
Foundation, ISO 27001 Lead Auditor, BS 25999 Lead Auditor, Qualified Certified Information
Systems Auditor, Senior Systems Manager (CNSS 4012).
TITLE: Cyber Threat Intelligence.
SYNOPSIS / ABSTRACT:
NA.
SPEAKER: Dr. Jamal Abdul Nasir,
Assistant Professor, Faculty of Computer Science & Software Engineering, International Islamic University, Islamabad, Pakistan.
https://www.iiu.edu.pk/?page_id=1825
BIOGRAPHY:
Jamal Nasir is PhD Computer Science from LUMS, Pakistan and Research Fellow from Royal Melbourne Institute of Technology (RMIT), Australia. His research interests include Data Science, Machine Learning, Natural Language Processing and Automated Software Testing. Currently, he is working as an Assistant Professor at the International Islamic University Islamabad. Jamal has more than 10 years of experience of teaching, training and research projects with Microsoft, TeraData, European Union and many international universities.
TITLE: Data Science and Malicious Package Updates.
SYNOPSIS / ABSTRACT:
Automatic installation of updates is a part of automation now-a-days, but is it safe or becoming a real threat in the form of malicious package updates? Are un-trusted packages from several third-parties safe in software ecosystems? Can Data Science cater this problem? If yes, then how and how much effective? This talk would give the audience an overview of current research in Data Science, and as a case study solution of malicious package updates.
SPEAKER
Mr. Noor Muhammad Malik, Cloud Engineer. Mr. Muhammad Zeeshan Nazir, Design Engineer.
Xflow Research. Software Technology Park, Sector I-9/3, Islamabad, 44000, Pakistan. Tel: +92-51-874-4471. http://xflowresearch.com/
BIOGRAPHY:
Mr. Noor Muhammad Malik,
Work experience of Linux, Kubernetes, Openstack, Storage, C and Python.
Mr. Muhammad Zeeshan Nazir,
A software developer with the experience of developing network applications, for performance intensive carrier grade environments.
xFlow Research Inc. is one of the very first companies providing SDN, NFV, OpenStack
development services. Our roots in academic networking research provide us with skills and
resources to quickly develop proof of concepts and scalable software solutions for SDN, NFV,
and OpenStack.
Our focus has been on various controllers, OVS porting, overlays (VxLAN, NVGRE, STT, GTP
etc.), NIC porting, NFV, Virtualization, Open Flow, DPDK, SRIOV etc. We also provide profiling/
benchmarking services. We have developed TCAM optimization, data visualization/ control
software as well. Some of the companies we have worked with are: Dell, Broadcom, Marvell,
Intel, Cavium, Tellabs along with several universities.
TITLE-1: Introduction to Deep Packet Inspection (DPI) – Industry's perspective.
BRIEF DETAILS OF TALK:
Introduction to DPI and DPI History DPI Techniques Industry Requirements and Research Areas Live Demo for DPI
TITLE-2: Introduction to Fast Packet Processing – Industry's perspective.
BRIEF DETAILS OF TALK:
Introduction of Fast Packet Processing Why Fast Packet Processing? The WoW Factor Benefits and opportunities in the field Comparison with Legacy Setup Examples of usage Industry Requirements Research Areas
SPEAKER: Dr. Usman Nasir,
Assistant Professor, Faculty of Computer Science & Software Engineering, International Islamic University, Islamabad, Pakistan.
https://www.iiu.edu.pk/?page_id=1825
BIOGRAPHY: Usman Nasir has a PhD Computer Science from UK with research interests in Enterprise technology, Cloud Computing, BlockChain and Automated Software Testing. During his PhD years, he worked in collaboration with Google, Microsoft and Accenture helping their clients in migrating services to Enterprise Cloud. Usman has more than 12 years of experience of teaching, training and consulting services with local and international organizations. He currently works as an Assistant Professor at the International Islamic University Islamabad and working with PSTB on developing software testing training/course for undergraduate students.
TITLE: Challenges in adopting Automated Testing.
SYNOPSIS / ABSTRACT: Testing Automation is the new buzz word and now becoming a new target for QA management to get their teams to do. But is it that easy? What are the issues and challenges in adopting and assimilating automated tools into the teams' daily work. How soon can we see the end of an era of manual testing, formal verification? Will these tools make us more reliant on scripting languages? The solutions to these problems are given by practitioners. This talk would give the audience answers to these questions by sharing the current research and latest opinions from the wider software development community.
WORKSHOP TRAINER: Muhammad Asim Minhas,
Manager, CESAT, Islamabad, Pakistan.
BIOGRAPHY: NA.
WORKSHOP TITLE: Unit Testing and Test Driven Development.
SYNOPSIS / ABSTRACT: NA.
WORKSHOP TRAINER: Dr. Kashif Saghar,
Director, CESAT, Islamabad, Pakistan.
BIOGRAPHY: NA.
WORKSHOP TITLE: Formal Verification using UPPAL.
SYNOPSIS / ABSTRACT: NA.