resource-constrained embedded systems

Dr. Ali Abbasi, CISPA

From critical infrastructure to consumer electronics, embedded systems are all around us. Like any computer, embedded systems have vulnerabilities that attackers can exploit. This talk will take us on a journey toward securing embedded systems. We start the talk by providing an overview of our past research on designing security mitigations for real-time and resource-constrained embedded systems. The next step is diving into ways to discover security vulnerabilities in embedded systems. We specifically look into fuzzing for resource-constrained embedded systems. We then discuss future approaches to fuzzing high-end embedded systems. High-end embedded systems often come with complex software and are heavily protected with Intellectual Property (IP) protection. We will discuss how a side-channel-based approach could help us to test such embedded systems. To end our talk, we will look into possible extensions of our software security approaches to other domains, such as space-borne systems.

Dr. Ali Abbasi is a faculty at CISPA Helmholtz Center for Information Security. Previously, he was a Post-Doc researcher at the Chair of System Security at Ruhr-University Bochum. His research interests include embedded systems security, security of mission-critical real-time systems, and secure space and automotive systems. He lead the Embedded Security group at CISPA, which develops and implements new methods to protect embedded systems against various classes of attacks, both on the hardware and firmware.

Institution

• CISPA Helmholtz Center for Information Security

Generative AI (genAI) is becoming more integrated into our daily lives, raising questions about potential threats within genAI systems and the misuse of their output. In this talk, we will take a closer look at the resulting challenges and security threats associated with generative AI. These relate to two possible categories: malicious inputs used to inject into generative models, and computer-generated output that is indistinguishable from human-generated content.

In the first case, specially designed inputs are used to exploit models such as LLMs, to disrupt alignment or to steal sensitive information. Existing attacks show that content filters of LLMs can be easily bypassed with specific inputs and that private information can be leaked. We demonstrate that even with full white-box access, it is difficult to prevent prompt injection attacks, and this provides only limited protection. This talk will therefore cover an alternative for protecting intellectual property by obfuscating sensitive inputs.

In the second threat scenario, generative models are utilized to produce fake content that is impossible to distinguish from human-generated content. This fake content is often used for fraudulent and manipulative purposes, and impersonation and realistic fake news are already possible using a variety of techniques. As these models continue to evolve, detecting these fraudulent activities will become increasingly difficult, while the attacks themselves will become easier to automate and require less expertise. This talk will provide an overview of the current challenges we are facing in detecting fake media in human and machine interactions.

The final part of the presentation will deal with the use of generative models in security applications. This includes benchmarking and fixing vulnerable code, as well as understanding the capabilities of these models by investigating their code deobfuscation abilities.

Bio
Lea Schönherr is a tenure track faculty at CISPA Helmholtz Center for Information Security since 2022. She obtained her PhD from Ruhr-Universität Bochum, Germany, in 2021 and is a recipient of two fellowships from UbiCrypt (DFG Graduate School) and Casa (DFG Cluster of Excellence). Her research interests are in the area of information security with a focus on adversarial machine learning and generative models to defend against real-world threats. She is particularly interested in language as an interface to machine learning models and in combining different domains such as audio, text, and images. She has published several papers on threat detection and defense of speech recognition systems and generative models.

Institution

• CISPA Helmholtz Center for Information Security

Dr. Wouter Lueks, CISPA

Digital technology creates risks to people's privacy in ways that did not exist before. I design end-to-end private systems to mitigate these real-world privacy risks. In this talk I will discuss my designs for two applications. These applications highlight key aspects of my work: I analyse security, privacy, and deployment requirements; and address these requirements by designing new cryptographic primitives and system architectures.

In the first part of this talk, I will present DatashareNetwork, a document search system for investigative journalists that enables them to locate relevant documents for their investigations. DatashareNetwork combines a novel multi-set private set intersection primitive with anonymous communication and authentication systems to create a decentralised and privacy-friendly document search system. In the second part of this talk, I will give an overview of my recent work in designing privacy friendly systems for humanitarian aid distribution. In collaboration with the International Committee for the Red Cross (ICRC) we designed systems for the registration and distribution of humanitarian aid that meets the requirements of the ICRC, while providing strong privacy protection for humanitarian aid distribution.

Bio:
Wouter Lueks is a tenure-track faculty member at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany. Before that he was a postdoctoral researcher at EPFL in Lausanne, Switzerland where he worked with Prof. Carmela Troncoso. He is interested in solving real-world problems by designing end-to-end privacy-friendly systems. To do so he combines privacy, applied cryptography, and systems research. His work has real-world impact. For instance, his designs for privacy-friendly contact tracing have been deployed in millions of phones around the world, and his secure document search system is being deployed by a large organization for investigative journalists. 

Institution

• CISPA Helmholtz Center for Information Security

Xiao Zhang, PhD, CISPA

Institution

• CISPA Helmholtz Center for Information Security