In the past few decades, two mostly distinct communities have taken shape under the broader information assurance umbrella: a theoretical community – mainly working on foundational aspects of cryptography, and a systems security community – focused on building secure systems.
Today, these two communities form an important part of the world of cyber security research and are essentially interdependent. The systems community requires the strengths and foundational insights of the theoreticians. The theoretical community needs relevant problems to work on.
Yet, despite this intrinsic potential synergy, as well as the plethora of significant cyber security problems of clear mutual interest, few points of intersection and dialogue exist between the two communities. They continue to publish and meet in mostly separate venues and work on disjoint problems for years before the occasional transfer of knowledge.
This seminar, organized by members of both communities aims to change that and initiate a discussion between the system security researchers and the cryptographic foundations explorers, centered around a set of key topics of high modern relevance and interest in cyber security, including, but not limited to: MPC: secure multi-party computation, HE: homomorphic encryption, post-quantum crypto, side/covert channels, leakage and virtualization security, secure outsourcing, secure hardware design, anti-surveillance/anti-censorship systems, program obfuscation and a number of other topics to be established in the beginning of the seminar.
Ultimately, the major goal of the seminar is to bring together the theoretical cryptography and security systems research communities for an intense cross-domain dialogue.
Security/systems researchers should go home having found out and understood more cryptographic constructs. Theoretical cryptography researchers should go home having been exposed to a set of new problems that appear in practice.
Given the recent important advancements in both theoretical cryptography and system security, it is time for a focused mutual exchange of ideas across research communities to set up the theoretical and practical foundations for cybersecurity in the decades to come.
The seminar aimed to bring together communities with different backgrounds and form a bridge between them.
The outcomes ranged from a series of bridging exercises where participants summarized the current thoughts in existing areas; these included areas such as
- Hardware Attacks: Where we summarized the known attacks in this space.
- Computing on Encrypted Data: Various aspects of this were discussed, including Secure Guard Extensions (SGX), Searchable Symmetric Encryption (SSE), Multi Party Computation (MPC), and Fully Homomorphic Encryption (FHE).
We then went on to discuss more technical aspects, rather than just summarizing work,
- Cyberphysical Systems and IoT: Where the research challenges of performing work in this new area were discussed. A reliance on practical experimental was noted in the current research landscape.
- Mass Surveillance, Trapdoors, Secure Randomness: The recent ``backdooring'' of the DUAL--EC random number generator formed the background of this discussion. The seminar examined different aspects of this area, both in preventing, creating and detecting backdoors.
- Anonymous Payment Systems: This was a rather broad discussion which examined a number of issues around payments in general, and how cryptography could solve address these issues.
We also discussed aspects related to the process of research in this field. In particular focusing on the problem of the lack of expository writing. Here we identified a number of disincentives in the research culture which prevents the creation of more discursive writing and expository articles. A number of solutions both existing, and proposed, were discussed to solve this issue. In another small breakout we discussed the lack of incentives to work on the underlying hard problems upon which our security infrastructure rests.
In summary the seminar found more problems with our current research trends, than solutions.
- Raad Bahmani (TU Darmstadt, DE)
- Daniel J. Bernstein (University of Illinois - Chicago, US) [dblp]
- Konstantin Beznosov (University of British Columbia - Vancouver, CA) [dblp]
- Alex Biryukov (University of Luxembourg, LU) [dblp]
- Allison Bishop (Columbia University - New York, US) [dblp]
- Alexandra Boldyreva (Georgia Institute of Technology - Atlanta, US) [dblp]
- Nikita Borisov (University of Illinois - Urbana Champaign, US) [dblp]
- Ferdinand Brasser (TU Darmstadt, DE) [dblp]
- Christian Cachin (IBM Research Zurich, CH) [dblp]
- Bogdan Carbunar (Florida International University - Miami, US) [dblp]
- Melissa Chase (Microsoft Corporation - Redmond, US) [dblp]
- Jung Hee Cheon (Seoul National University, KR) [dblp]
- Marc C. Dacier (QCRI - Doha, QA) [dblp]
- George Danezis (University College London, GB) [dblp]
- Yevgeniy Dodis (New York University, US) [dblp]
- Maria Dubovitskaya (IBM Research Zurich, CH) [dblp]
- Dieter Gollmann (TU Hamburg-Harburg, DE) [dblp]
- Christian Grothoff (INRIA - Rennes, FR) [dblp]
- Krista Grothoff (GNUNet e. V. - Rennes, FR) [dblp]
- Nadia Heninger (University of Pennsylvania - Philadelphia, US) [dblp]
- Aaron Michael Johnson (NRL - Washington, US) [dblp]
- Stefan Katzenbeisser (TU Darmstadt, DE) [dblp]
- Florian Kerschbaum (SAP SE - Karlsruhe, DE) [dblp]
- Yongdae Kim (KAIST - Daejeon, KR) [dblp]
- Tanja Lange (TU Eindhoven, NL) [dblp]
- Kristin Lauter (Microsoft Research - Redmond, US) [dblp]
- Yehuda Lindell (Bar-Ilan University - Ramat Gan, IL) [dblp]
- Sarah Meiklejohn (University College London, GB) [dblp]
- Refik Molva (EURECOM - Sophia Antipolis, FR) [dblp]
- Moni Naor (Weizmann Institute - Rehovot, IL) [dblp]
- Claudio Orlandi (Aarhus University, DK) [dblp]
- Kenneth G. Paterson (Royal Holloway University of London, GB) [dblp]
- Adrian Perrig (ETH Zürich, CH) [dblp]
- Giuseppe Persiano (University of Salerno, IT) [dblp]
- Andreas Peter (University of Twente, NL) [dblp]
- Benny Pinkas (Bar-Ilan University - Ramat Gan, IL) [dblp]
- Martina Angela Sasse (University College London, GB) [dblp]
- Vitaly Shmatikov (Cornell Tech NYC, US) [dblp]
- Radu Sion (National Security Institute - Stony Brook, US) [dblp]
- Nigel P. Smart (University of Bristol, GB) [dblp]
- Gene Tsudik (University of California - Irvine, US) [dblp]
- Avishai Wool (Tel Aviv University, IL) [dblp]
- operating systems
- security / cryptology
- secure multi-party computation
- homomorphic encryption
- post-quantum cryptography
- side/covert channels
- virtualization security
- secure outsourcing
- secure hardware design
- anti-surveillance/anti-censorship systems