Speakers

Professor Daniele Antonioli

EURECOM, France

Talk title: Why is Hard to Secure Mobile Proximity Services

Abstract: Mobile devices such as phones, tablets, and wearables enable proximity services on a large scale. These services use wireless technologies (such as Wi-Fi and Bluetooth) to connect users within a specific range and exchange information. Proximity information ranges from general-purpose files and contacts to privacy-preserving COVID-19 proximity identifiers. Since these services affect millions of mobile users worldwide, their security against cyber threats is paramount. It is not pleasant if an attacker in proximity (or even remotely) can eavesdrop on private communication or tamper with personal data. However, adopting (even essential) security mechanisms for proximity services is easy in theory but pretty hard in practice. For example, it is challenging to provide confidentiality and authenticity while at the same time provide energy-efficient and accurate proximity tracing. On top of that, a usable proximity service has to scale well with the number of users and provide the same quality of services across different software and hardware ecosystems (e.g., Android and iOS) and usage condition (e.g., indoor and outdoor). In this talk, we look at two commercial proximity services. First, Google's Nearby Connections (NC) is an API to connect Android devices using a combination of Wi-Fi and Bluetooth and without requiring an Internet connection. Second, Google/Apple's Exposure Notification (EN) framework. EN powers most COVID-19 contact-tracing mobile applications in Europe, including the ones used in Italy, Germany, and Switzerland. Throughout the talk, the audience will learn, among others, real-world proximity services' architectures, pitfalls, vulnerabilities, attacks, countermeasures, and related research trends.

Bio: Daniele Antonioli is an Assistant Professor at EURECOM with the Software and System Security (S3) group in France. He is interested in wireless systems security (e.g., Bluetooth and Wi-Fi), cyber-physical systems security (e.g., ICS, MiniCPS, SCADA) and applied cryptography (e.g., secure protocol analysis and reverse engineering). Daniele holds a PhD in Computer Science from SUTD (Singapore), a MS and BS in Electronics and Telecommunications Engineering from UniBO (Italy). For more information see his website at https://francozappa.github.io.

Professor Soteris Demetriou

Imperial College London, UK

Talk title: Analyzing and Designing the Security of a Mobile Platform

Abstract: Mobile platforms are enabled by complex operating systems which arbitrate access by untrusted applications to a rich pool of shared resources. However, malicious actors have long been exploiting such shared infrastructure to compromise users’ privacy. We can defend against such adversaries, but this will require the design of security mechanisms spanning the entire platform’s software stack but also leveraging advancements in hardware capabilities. I will show how we can achieve such designs that are not only robust but also efficient and backward compatible, and discuss some emerging security and privacy challenges in mobile computing.

Bio: Soteris Demetriou is an Assistant Professor at the Department of Computing at Imperial College London where he leads the Applications, Platforms and Systems Security group. His research interests lie in the security and privacy of mobile and cyber-physical systems. He received his BSc/MEng in Electrical and Computer Engineering by the University of Patras, and his MSc and PhD in Computer Science by the University of Illinois at Urbana-Champaign in 2018.