IWSEC 2018

We will have keynote talks from following world-leading researchers.

Hardware Security: Emerging Research Field in IoT Era

Abstract

Hardware security in mobile and embedded systems is drawing much attention in the context of the rapid growth of Internet-of-Things. Due to the easier accessibility, security threats and vulnerabilities for "things" located everywhere are more critical in comparison with PCs and servers in a room. In particular, the threats of side-channel attacks are non-trivial because they can be done by relatively low-cost equipment in a non-destructive manner. In the last few decades, a variety of side-channel attacks have been reported and defeated, but they are still being one of the hottest topics in the field of hardware security research.

This talk will start with an overview of researches on hardware security, and then introduce the-state-of-the-art side-channel attacks and countermeasures including a novel reactive countermeasure that makes it possible to prevent all the microprobe-based side-channel attacks.

Biography

Naofumi Homma received the Ph.D degrees in information sciences from Tohoku University, Sendai, Japan, in 2001. Since 2016, he has been a Professor in the Research Institute of Electrical Communication, Tohoku University. In 2009-2010 and 2016-2017, he was a visiting professor at Telecom ParisTech in Paris, France. His research interests include computer arithmetic, VLSI design methodology, and hardware security. He received a number of awards including the Best Symposium Paper Award at the 2013 IEEE International Symposium on Electromagnetic Compatibility (EMC 2013), the Best Paper Award at the 2014 IACR International Conference on Cryptographic Hardware and Embedded Systems (CHES 2014), and the JSPS Prize in 2018. He served as a Program Co-Chair of 2017 IACR International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017).

---

Research on Android Malware Detection and Android Forensics

Abstract

Mobile phones are very popular and contains a lot of sensitive data, which is the new target for hackers. In order to avoid Android users from installing malicious apps, Google advises users to download apps only from the official Google Play Store that has a built-in mechanism called "Google Play Protect". However, many malicious apps still slip in the store before Google can detect it. There was a report on Symantec official blog last year reported that Android malware on Google Play adds devices to botnet. There are many research efforts to detect Android botnet, and the botnet datasets are kindly shared for the community. The detection techniques can be either the static Android code analysis or the dynamic analysis from the network traffic sent in and out from the infected Android phones.

In this talk, I will present how can we apply the machine learning method to help in detecting Android botnets from the Android application package. We also tested our system by inspecting 500 Android applications from the top ranks in game categories provided on the official Google Play Store. Moreover, I will also discuss about the OWASP Mobile Top Ten Risks 2016, which we use as the guideline to inspect the application source code in details. We inspect three Android apps from hospitals in Thailand and five stock-and-trade Android applications. Android forensic techniques we use including reviewing the source code, analyzing sensitive data from the captured network traffic, and finding sensitive data from the local database stored on the phone.

Biography

Ph.D. in Computer Engineering, Nara Institute of Science and Technology (NAIST), Japan, March 2003. Master of Engineering in Computer Engineering, Tokyo University of Agriculture and Technology (TUAT), Japan, March 1999. Bachelor of Engineering in Computer Engineering, Tokyo University of Agriculture and Technology (TUAT), Japan, March 1997. Current Research Interest: Computer Network, Mobile Security, Network Security