CSE Colloquium: Automated Reasoning of Security and Privacy of Networks and Cyber-Physical Systems

Zoom Information 

Join from PC, Mac, Linux, iOS or Android: https://psu.zoom.us/j/122542215 

or iPhone one-tap (US Toll): +16468769923,122542215# or +13126266799,122542215# 

or Telephone: 

Dial: 

+1 646 876 9923 (US Toll) 

+1 312 626 6799 (US Toll) 

+1 301 715 8592 (US Toll) 

+1 346 248 7799 (US Toll) 

+1 669 900 6833 (US Toll) 

+1 253 215 8782 (US Toll) 

Meeting ID: 122 542 215 

International numbers available: https://psu.zoom.us/u/adBsnTPXaN 

Abstract: Security and user privacy for complex networks and cyber-physical systems are often considered as afterthoughts. This leads to inadequate security evaluation early on the development cycle that fails to identify missing security and privacy guarantees in protocol designs. To make matters worse, unsafe practices and operational oversights stemming from unvetted simplification of complex protocol interactions further contribute to the deviation of deployments from designs. In this talk, I will highlight how my research addresses these problems by developing principled techniques for analyzing design specifications and deployments of complex networks and cyber-physical systems. 

I will first present a new adversarial reasoning technique combining the capabilities of a symbolic model checker and a cryptographic protocol verifier that enabled us to identify 20+ new vulnerabilities in 4G and 5G cellular network design specifications. I will then discuss three new side-channel attacks in 4G and 5G networks uncovered with our probabilistic reasoning technique. Next, I will talk about a fuzzing technique which is more effective than the state-of-the-art in reasoning about correctness of an implementation when direct feedback on code coverage information is missing. Finally, I will conclude with a discussion on challenges in adapting and scaling our current approaches for a holistic analysis of 5G and next-generation cellular networks, IoT, and cyber-physical systems. 

Biography: Syed Rafiul Hussain is a Postdoctoral Researcher in the Department of Computer Science at Purdue University from where he also received his Ph.D. in December 2018. His research interests broadly lie in network and system security with a focus on the fundamental improvement of security and privacy analysis of emerging networks and cyber-physical systems, including cellular networks and Internet-of-Things. His papers have received awards and nominations, including ACSAC'19 distinguished paper award, NDSS'19 distinguished paper award honorable mention, and ACM SIGBED EWSN'17 best paper award nomination. He has been inducted twice in the Hall of Fame Mobile Security Research by GSMA for his contribution in identifying 20+ new protocol flaws in 4G and 5G cellular networks. His findings led to several changes in the 4G and 5G cellular protocol designs and in operational networks. His work has been featured by mass media outlets worldwide, including the New York Times, Washington Post, Forbes, MIT Technology Review, and The Register.