IBM Research-IISc Workshop on Security & Privacy

Celebrating 20 years of IBM Research, India
March 17, 2018 (Saturday)
Venue: CSA 254, Department of Computer Science and Automation (CSA), IISc Bangalore
(Apply here to attend the workshop)


IBM Research and IISc are organizing a workshop on Security and Privacy, to celebrate 20 years of IBM Research in India. The event features talks by researchers from IISc and IBM Research on frontier areas in Cryptography and System Security.


Time Saturday, 17 March 2018
09:30 - 10:15 IBM Research - IISc Collaboration Overview : Prof. Sanjit Chatterjee (CSA, IISc) + Diptikalyan Saha (IBM, IRL)
10:15 - 11:00 Keynote Talk: Prof. Vinod Ganapathy (CSA, IISc)

In the beginning of 2018, the popular media was rife with news articles describing Meltdown and Spectre, two devastating attacks that affected millions of computers worldwide. This talk will provide a technical overview of these attacks. The talk will show how two age-old performance-enhancing tricks---out-of-order execution and speculative execution---by now considered mundane in the computer architecture community were put to spectacular use by the designers of the attacks.

11:00 - 11:30 Coffee and Tea
11:30 - 12:00 Talk 1: Manish Kesarwani (IBM, IRL)


Enterprise customers of cloud services are wary of outsourcing sensitive user and business data due to inherent security and privacy concerns. In this context, storing and computing directly on encrypted data is an attractive solution, especially against insider attacks. Homomorphic encryption, the keystone enabling technology is unfortunately prohibitively expensive. In this talk, we will explain our techinques for executing basic SQL queries and finding k-Nearest Neighbours (k-NN) directly on encrypted data, a basic data-mining and machine learning algorithm.

12:00 - 12:30 Talk 2: Aakash Shah + Shravan Kumar (CSA, IISc)


In recent years, private search over encrypted data has garnered significant interest in the community with works focusing on supporting more complex structures and queries. In this talk, we focus on the problem of secure wildcard search over encrypted data. The setting consists of three entities viz. the data owner, the server and the client. The data owner outsources the encrypted data to the server, who obliviously services the clients' queries. In our proposed solution, the Blind Seer protocol is extended to support wildcard queries. We provide a reasonable security guarantee, by describing a leakage profile which captures all the information leaked by the protocol to the respective parties. Asymptotically, the solution is sub-linear in the number of keywords and the initial implementation results look promising.

12:30 - 13:00 Talk 3: Prof. K. Gopinath (CSA, IISc)


Aadhaar is the national identities project of the Government of India. The main benefit of Aadhaar is expected to be better decision making using modern analytics (for eg, detecting fraud) as citizens can only use such an identity to avail of services from various government as well as private service providers; this necessarily involves building a huge store with necessary information on citizens such as mapping of ids to biometrics. Such stores raise many security and privacy concerns and therefore should be designed and analyzed very carefully. The threat model for such systems should address both internal and external attackers. Previous writings in the press and research work in this area have discussed many issues such as unwanted profiling and tracking of individuals, authentication without consent, collusion between multiple service providers leading to correlation of user data that may result in loss of privacy, suitability of biometrics chosen and the use of fake biometrics. While some analyses have suggested use of certain types of cryptographic operations to provide a solution, a comprehensive and workable solution for, say, avoiding profiling, has been lacking till recently, and there are also many problems from a larger systems perspective that need to be addressed such as access control models to constrain the access to sensitive data during collection and update of data as well as integrity of its metadata.

While “bullet proof” security is not possible for such a large system in principle, it is also not the case that certain aspects such as profiling cannot be handled through technical solutions; currently only legal provisions are available post facto for handling breaches. In this talk, we discuss our solution on how to avoid profiling and then discuss newer features in Aadhaar system wrt security.

13:00 - 13:30 Talk 4: Dr. Tapas Pandit (CSA, IISc)


Almost all the deployed public key cryptosystems will become insecure once a full scale quantum computer becomes a reality. This is because, quantum algorithms, like that of Shor proposed in 1994 can solve, for example, the factoring problem and discrete log problem in poly time. This algorithm can be used to break the widely used cryptosystems like RSA, Elliptic curve cryptography and Diffie-Hellman key-exchange using a quantum computer. Does it mean an end to cryptography once quantum computers become practical. The answer is affirmatively no as there are many candidates, called post-quantum crypto candidates, available which are believed to be secure against attacks by a quantum computer. Post-quantum cryptography deals with cryptosystems that run on conventional computers and are secure against attacks by quantum computers. In this talk, we will focus on post-quantum security notions and some candidate cryptosystems.

13:30 - 14:30 Lunch (CSA Lawns)
14:30 - 15:30 Talk 5: Atul Kumar (IBM, IRL)

Machine learning based system are increasingly being used for sensitive tasks such as security surveillance, guiding autonomous vehicle, taking investment decisions, detecting and blocking network intrusion and malware etc. However, recent research has shown that machine learning models are venerable to attacks by adversaries at all phases of machine learning (e.g., training data collection, training, operation). All model classes of machine learning systems can be misled by making them wrongly classify inputs that are carefully crafted. Maliciously created input samples can affect the learning process of a ML system by either slowing the learning process, or affecting the performance of the learned model or causing the system make error only in attacker’s planned scenario.

15:30 - 16:00 Brain-Storming Session on Security/Privacy issues in the era of AI/ML
16:00 - 17:00 Closure and Tea


The Registration is Free, but please register only if you intend to join.
Apply here to attend the workshop. Deadline: 2:00pm IST, Mar 16, 2018 (Friday). Notification will be sent by: Mar 16, 2018 (EOD).


Manish Kesatwani

Manish Kesarwani

Research Engineer
IBM Research Lab, India
Contact: +91-80-712-43823

Sanjit Chatterjee

Prof. Sanjit Chatterjee

Associate Professor
Indian Institute of Science, Bangalore
Contact: +91-80-22933248

Przenieś do góry strony