Brazilian Symposium in Information Security and Computational Systems
Title: Recent Developments in Post-Quantum CryptographySummary: The security of public-key cryptography is based on the hardness of some mathematical problems such as the integer factorization problem (IFP) and the discrete logarithm problem (DLP). However, in 1994 Shor proposed a quantum polynomial time algorithm for solving the IFP and DLP, and thus the widely used public-key cryptography (RSA cryptosystem or elliptic curve cryptography) is expected to eventually become vulnerable. From this viewpoint, the American National Security Agency (NSA) announced preliminary plans for transitioning to quantum-resistant algorithms in 2015, and the National Institute of Standards and Technology (NIST) started to standardize post-quantum cryptography (PQC) in 2016. In this talk, we give an overview of the recent research on PQC, which will still be secure in the era of quantum computers. Short Bio: Tsuyoshi Takagi received the B.Sc. and M.Sc. degrees in Mathematics from Nagoya University in 1993 and 1995, respectively. He had engaged in the research on network security at NTT Laboratories from 1995 to 2001. He received the PhD from Technical University of Darmstadt in 2001. He was an Assistant Professor in the Department of Computer Science at Technical University of Darmstadt until 2005. He is currently a Professor in Graduate School of Information Science and Technology at the University of Tokyo. His current research interests are information security and cryptography. He has received DOCOMO Mobile Science Award in 2013, IEICE Achievement Award in 2013, and JSPS Prize in 2014. Dr. Takagi is a Program Chair of the 7th International Conference on Post-Quantum Cryptography PQCrypto 2016, a Program Co-Chair of Asiacrypt 2016 and 2017.
Title: Format Preserving Encryption based on Feistel NetworksSummary: Format preserving encryption (FPE) is a kind of block cipher defined over a very small message domain. FPE was standardized by NIST in 2016 and is massively used to encrypt credit card numbers. The NIST standard FF1 and FF3 are Feistel-based encryption. In this presentation, we show that FF3 was badly flawed, but easy to fix, and we study the generic security of Feistel schemes in this setting.Short Bio: Serge Vaudenay entered at the Ecole Normale Supérieure in Paris in 1989 with a major in Mathematics. He received his PhD in Computer Science from University of Paris 7 - Denis Diderot in 1995. He subsequently became a research fellow at CNRS (National Center for Scientific Research in France). In 1999, he was appointed as a Professor at the EPFL, where he created the Security and Cryptography Laboratory.He works on cryptography and the security of digital information. Most of his work relates to security analysis and provable security of cryptographic algorithms and protocols, especially in symmetric cryptography, post-quantum public-key cryptography, RFID protocols and distance bounding. He wrote an essay on cryptography (in French, published by PPUR) and a textbook on cryptography (published by Springer). He was program chair of several research conferences and workshops: ACNS'14, INDOCRYPT'13, AFRICACRYPT'12, SAC'11, AFRICACRYPT'08, EUROCRYPT'06, MYCRYPT'05, PKC'05, SAC'01, and FSE'98. In 2007-12, he was an elected director of the IACR (International Association for Cryptologic Research).
Title: O Que nos Mostram os Incidentes Mais Prevalentes no Brasil: Evolução ou Involução da Segurança nos últimos 20 anos?Summary: 1997 marcou o início da formalização do tratamento de incidentes de segurança no Brasil, com a criação do CERT.br (à época chamado NBSO), do CERT-RS e do CAIS/RNP. Desde então cresceram não somente o número de CSIRTs e de incidentes de segurança na Internet, mas também a necessidade de mais investimento em prevenção e tratamento de incidentes. Esta palestra avaliará, à luz dos incidentes mais prevalentes no Brasil no último ano, como a Segurança da Informação evoluiu nestes 20 anos. São os ataques realmente novos e avançados? Estão os desenvolvedores melhorando o Estado da Arte da Engenharia de Software? Estão as ferramentas de segurança conseguindo proteger cidadãos e organizações a contento? Estamos conseguindo formar profissionais preparados para atuar no cenário atual de ataques e ameaças?Short Bio: Trabalha com Gestão de Incidentes de Segurança no CERT.br desde 1999, onde atua no apoio para a criação de novos Grupos de Resposta a Incidentes de Segurança (CSIRTs) no Brasil, no treinamento de profissionais de segurança e no desenvolvimento e disseminação de boas práticas de operação de redes Internet. É também instrutora dos cursos do CERT/CC, da Carnegie Mellon University, e da Escola de Governança da Internet no Brasil, do CGI.br. Participou do Comitê Gestor do FIRST e da Coordenação dos Fóruns de Boas Práticas sobre Spam e CSIRTs do Internet Governance Forum (IGF), das Nações Unidas. Foi moderadora e palestrante em eventos nacionais e internacionais, incluindo IGF, LACNIC, FIRST, APWG, MAAWG, OEA, ITU, London Action Plan e AusCERT, abordando os temas de Gestão de Incidentes, Privacidade, Implantação de CSIRTs, Fraudes na Internet, Spam e Honeypots. É formada em Ciências da Computação pela UFSC e Doutora em Computação Aplicada pelo INPE.
Title: Desafios Práticos em Segurança e Privacidade nas Aplicações em Nuvem.Short Bio: Dr. Conrado P. L. Gouvêa é desenvolvedor de software na KRYPTUS Soluções em Segurança da Informação, onde trabalha na implementação de sistemas seguros para ambientes desktop, servidores, móveis e embarcados. Possui doutorado em Ciência da Computação pela Universidade Estadual de Campinas (Unicamp), realizando pesquisa na implementação segura e eficiente de criptografia incluindo criptografia de curvas elípticas, baseada em emparelhamentos e cifração autenticada, para processadores MSP430, ARM e SPARC. É um dos autores do toolkit criptográfico RELIC.
Title: Recount 2016: an Uninvited Security Audit of the 2016 US Presidential ElectionShort Bio: Matt Bernhard is a graduate student of computer science and the University of Michigan. His research interests include on technology, security, and society, with a focus on election systems and security. He has contributed to voting research projects like STAR-Vote, the 2016 Green Party recounts, and efforts the world over to better secure democracy. Abstract: The 2016 U.S. presidential election was preceded by unprecedented cyberattacks and produced a result that surprised many people in the U.S. and abroad. Was it hacked? To find out, we teamed up with scientists and lawyers from around the country—and a presidential candidate—to initiate the first presidential election recounts motivated primarily by e-voting security concerns. In this talk, we will explain how the recounts took place, what we learned about the integrity of the election, and what needs to change to ensure that future U.S. elections are secure.
Title: End-to-end verifiable e-voting systems without tallying authoritiesShort Bio: Feng Hao is Reader in Security Engineering at the School of Computing Science, Newcastle University. He graduated with a PhD in 2007 from the Computer Laboratory, University of Cambridge, under the joint supervision of Prof Ross Anderson and Prof John Daugman. He had six years working experience in the security industry before joining Newcastle University as a lecturer in 2010. He co-designed J-PAKE, which has been used by many million users in commercial products including Mozilla Firefox, Palemoon, Google Nest, ARM mbed OS, OpenSSL, NSS, Bouncycastle API. J-PAKE has also been adopted by the Thread Group as an IoT industry standard, and has been published as an international standard in ISO/IEC 11770-4. He co-designed DRE-i, which lays the foundation for an ERC Starting Grant on “self-enforcing e-voting” (SEEV) and an ERC Proof of Concept. In 2017, he co-edited, with Peter Ryan, a book “Real-World Electronic Voting: Design, Analysis and Deployment” (CRC Press), which consolidates the state of the art in the e-voting field in real-world settings. He is both the lead editor and a contributing author of this book. Currently he serves on the editorial boards of the IEEE Security & Privacy magazine and the Journal of Information Security and Applications (Elsevier) as an Associate Editor.
Adapt or create an application or a cloud service to make it safer with the use of Code Execution and Cryptography and compete to prizes of R$ 3,000.00. For more information, click here.
The deadline for submitting full papers has been extended until July 17, 2017.
The proceedings of SBSeg 2017 and the Short Courses book will be available on the 30th of October of 2017.