CSE Colloquium: Automated Reasoning of Security and Privacy of Networks and Cyber-Physical Systems

Zoom Information 

Join from PC, Mac, Linux, iOS or Android: https://psu.zoom.us/j/122542215 

or iPhone one-tap (US Toll): +16468769923,122542215# or +13126266799,122542215# 

or Telephone: 

Dial: 

+1 646 876 9923 (US Toll) 

+1 312 626 6799 (US Toll) 

+1 301 715 8592 (US Toll) 

+1 346 248 7799 (US Toll) 

+1 669 900 6833 (US Toll) 

+1 253 215 8782 (US Toll) 

Meeting ID: 122 542 215 

International numbers available: https://psu.zoom.us/u/adBsnTPXaN 

 

Abstract: Security and user privacy for complex networks and cyber-physical systems are often considered as afterthoughts. This leads to inadequate security evaluation early on the development cycle that fails to identify missing security and privacy guarantees in protocol designs. To make matters worse, unsafe practices and operational oversights stemming from unvetted simplification of complex protocol interactions further contribute to the deviation of deployments from designs. In this talk, I will highlight how my research addresses these problems by developing principled techniques for analyzing design specifications and deployments of complex networks and cyber-physical systems. 

I will first present a new adversarial reasoning technique combining the capabilities of a symbolic model checker and a cryptographic protocol verifier that enabled us to identify 20+ new vulnerabilities in 4G and 5G cellular network design specifications. I will then discuss three new side-channel attacks in 4G and 5G networks uncovered with our probabilistic reasoning technique. Next, I will talk about a fuzzing technique which is more effective than the state-of-the-art in reasoning about correctness of an implementation when direct feedback on code coverage information is missing. Finally, I will conclude with a discussion on challenges in adapting and scaling our current approaches for a holistic analysis of 5G and next-generation cellular networks, IoT, and cyber-physical systems. 

Biography: Syed Rafiul Hussain is a Postdoctoral Researcher in the Department of Computer Science at Purdue University from where he also received his Ph.D. in December 2018. His research interests broadly lie in network and system security with a focus on the fundamental improvement of security and privacy analysis of emerging networks and cyber-physical systems, including cellular networks and Internet-of-Things. His papers have received awards and nominations, including ACSAC'19 distinguished paper award, NDSS'19 distinguished paper award honorable mention, and ACM SIGBED EWSN'17 best paper award nomination. He has been inducted twice in the Hall of Fame Mobile Security Research by GSMA for his contribution in identifying 20+ new protocol flaws in 4G and 5G cellular networks. His findings led to several changes in the 4G and 5G cellular protocol designs and in operational networks. His work has been featured by mass media outlets worldwide, including the New York Times, Washington Post, Forbes, MIT Technology Review, and The Register. 
 

Share this event

facebook linked in twitter email

Media Contact: Trent Jaeger

 
 

About

The School of Electrical Engineering and Computer Science was created in the spring of 2015 to allow greater access to courses offered by both departments for undergraduate and graduate students in exciting collaborative research fields.

We offer B.S. degrees in electrical engineering, computer science, computer engineering and data science and graduate degrees (master's degrees and Ph.D.'s) in electrical engineering and computer science and engineering. EECS focuses on the convergence of technologies and disciplines to meet today’s industrial demands.

School of Electrical Engineering and Computer Science

The Pennsylvania State University

207 Electrical Engineering West

University Park, PA 16802

814-863-6740

Department of Computer Science and Engineering

814-865-9505

Department of Electrical Engineering

814-865-7667