IEEE Conference on Communications and Network Security
2–5 October 2023 // Orlando, FL, USA

CYBER-PHYSICAL SYSTEMS SECURITY WORKSHOP PROGRAM

7:30 AM - 8:50 AM - BREAKFAST AND REGISTRATION

8:50 AM - 9:00 AM - OPENING REMARKS

9:00 AM - 10:00 AM - SESSION 1 - AI Applications in Cyber-Physical Systems Security

  • Adversarial Attacks on Deep Learning-Based UAV Navigation System

Mohammed Mynuddin (Research Assistant, USA); Sultan Uddin Khan (North Carolina A&T State University, USA); Mahmoud Nabil (North Carolina A & T, USA); Ahmad Alsharif (University of Alabama, USA & Benha University, Egypt)

  • Self-similarity based network anomaly detection for industrial control systems

Bryan Martin and Chad A Bollmann (Naval Postgraduate School, USA)

  • Leveraging Neuro-Inspired Reinforcement Learning for Secure Reputation-based Communication in Connected Vehicles

Heena Rathore (Texas State University, USA); Henry Griffith (San Antonio College, USA)

10:00 AM - 10:30 AM - BREAK

10:30 AM - 11:30 AM - KEYNOTE Speaker: Prof. David Mohaisen

11:30 AM - 1:00 PM - LUNCH

1:00 PM - 2:00 PM - SESSION 2 - Specifications for Secure Cyber-Physical Systems

  • Security Analysis of Trust on the Controller in the Matter Protocol Specification

Kumar Shashwat, Francis Hahn and Xinming Ou (University of South Florida, USA); Anoop Singhal (NIST, USA)

  • A Smart Grid Ontology: Vulnerabilities, Attacks, and Security Policies

Utku Tefek (Advanced Digital Sciences Center, Singapore & University of Illinois Urbana-Champaign, USA); Ertem Esiner and Carmen Cheh (Advanced Digital Sciences Center, Singapore); Daisuke Mashima (Illinois Advanced Research Center at Singapore & National University of Singapore, Singapore)

  • A BERT-based Empirical Study of Privacy Policies' Compliance with GDPR

Lu Zhang (Warwick University, United Kingdom (Great Britain)); Nabil Moukafih, Hamad Alamri, Gregory Epiphaniou and Carsten Maple (University of Warwick, United Kingdom (Great Britain))

2:00 PM - 2:10 PM - CLOSING REMARKS

 

Keynote information:

Speaker: Prof. David Mohaisen

A picture containing person, person, suit, wearingDescription automatically generated

  • Biography: David Mohaisen is a Professor of Computer Science at the University of Central Florida, where he has been since 2017. Previously, he was an Assistant Professor at SUNY Buffalo (2015-2017) and a Senior Scientist at Verisign Labs (2012-2015), which he joined after earning his Ph.D. in Computer Science from the University of Minnesota in 2012. His research interests are in applied security and privacy, covering networked systems, software systems, IoT and AR/VR, machine learning, and blockchain systems. His research has been published in top conferences and journals alike, with multiple best paper awards. Among other services, he has been an Associate Editor of IEEE TMC, IEEE TDSC, and IEEE TPDS.  He is a senior member of ACM (2018) and IEEE (2015), a Distinguished Speaker of the ACM (2021-2023) and Distinguished Visitor of the IEEE Computer Society (2021-2023).
  • Title: Towards a Measurement-Guided Understanding of Blockchain Security: Attacks and Defenses

  • Abstract: Blockchains promise various security benefits in distributed systems, although their security is loosely understood. For instance, it is theoretically established that the Bitcoin blockchain safety relies on strong network synchrony and a stable network configuration, and violating the safety by a majority attack or eclipsing requires strong adversaries (e.g., 51% hash rate or an ISP controlling millions of IP addresses). These requirements are costly. Thus, notable attacks have yet to be observed in practice.

    In this talk, we will empirically demonstrate that real-world blockchains, such as Bitcoin, do not conform to the ideal specifications of synchrony and stable network configurations. As a result, we show ways to reduce the requirement for violating blockchain safety by presenting two practical attacks, HashSplit and SyncAttack. In HashSplit, we first formulate an ideal functionality framework for the correct communication among the mining nodes that preserves safety. Our model specifies that strong network synchrony can only be guaranteed if the mining nodes form a completely connected topology and receive blocks simultaneously. However, our large-scale measurements suggest that the mining nodes must conform to the ideal model and receive blocks at different times. Using such settings, we instantiate a well-connected adversary to partition the network with only a 26% hash rate.  In the SyncAttack, we unveil that the existing security models have largely ignored the permissionless nature of blockchains characterized by node churn. By exploiting the churn, an adversary can control all connections made among the newly arriving nodes by simply occupying all the incoming connection slots of the existing nodes. Supported by evidence from measurements and root-cause analysis that points to flaws in real-world implementations, we instantiate an adversary that can fork the blockchain with only 120 IP addresses, allowing the adversary to double-spend without any mining powers. We will also discuss defenses for secure blockchains against partitioning.

 

 

Patrons