Vision Talk

Security & Privacy Issues of Electric Vehicles and Batteries (May 27)

While waiting for Teleportation technologies (which we had insight will bring its own security and privacy issues), we are still widely using “traditional” vehicles, which have meanwhile become highly technological and complex systems, comprising several computing and communication capabilities for passengers’ entertainment, onboard interaction among vehicle cyber-physical parts, or to interact with passengers’ devices and the road infrastructure. This evolution created multiple attack surfaces, even further extended by the capabilities and needs of Electric Vehicles (EVs) and more recent Dynamic Wireless Power Transfer (DWPT) technologies, allowing for EV charging even while driving.

In this talk, we will survey some of these attacks and countermeasures (some of which are also shared with other battery-equipped devices), with a particular focus on threats to EVs and, specifically, DWPT. We will try to answer questions like the following ones. How can attackers exploit modern Vehicle-to-Grid communication standards to steal energy? …and how to avoid being the one paying for such stolen energy? Can physical charging information of a vehicle allow for its identification and driver profiling? How can you “trust” your battery? Can we design automotive communications that are more secure, possibly also in the post-quantum era?

Mauro Conti
University of Padua, Italy

Mauro Conti is Full Professor at the University of Padua, Italy. He is also affiliated with TU Delft and University of Washington, Seattle. He obtained his Ph.D. from Sapienza University of Rome, Italy, in 2009. After his Ph.D., he was a Post-Doc Researcher at Vrije Universiteit Amsterdam, The Netherlands. In 2011 he joined as Assistant Professor at the University of Padua, where he became Associate Professor in 2015, and Full Professor in 2018. He has been Visiting Researcher at GMU, UCLA, UCI, TU Darmstadt, UF, and FIU. He has been awarded with a Marie Curie Fellowship (2012) by the European Commission, and with a Fellowship by the German DAAD (2013). His research is also funded by companies, including Cisco, Intel, and Huawei. His main research interest is in the area of Security and Privacy. In this area, he published more than 600 papers in topmost international peer-reviewed journals and conferences. He is Editor-in-Chief for IEEE Transactions on Information Forensics and Security, Area Editor-in-Chief for IEEE Communications Surveys & Tutorials, and has been Associate Editor for several journals, including IEEE Communications Surveys & Tutorials, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Information Forensics and Security, and IEEE Transactions on Network and Service Management. He was Program Chair for several conferences including TRUST 2015, ICISS 2016, WiSec 2017, ACNS 2020, CANS 2021, WiMob 2023 and ESORICS 2023, and General Chair for several conferences including SACMAT 2013, ACNS 2022 and RAID 2024. He is Fellow of the IEEE, Fellow of the AAIA, Distinguished Member of the ACM, and Fellow of the Young Academy of Europe.

Privacy by Birth: Protecting Data from the Source in
AIoT Era (May 28)

Sensors play a vital role in artificial intelligence systems, enabling them to gather various data and make informed decisions. However, the proliferation of sensors has led to a surge in collecting data with sensitive user information, e.g., facial or voice biometric information that could lead to human re-identification. Various methods have been proposed to remove such sensitive information, e.g., face obfuscation or voice conversion. Nevertheless, such anonymization methods are carried out after raw data is collected and processed, and privacy could still be bleached before they reach the anonymization software. To eliminate such threats, we propose a proactive approach to privacy protection, which we call “data privacy by birth.” The basic idea is to remove sensitive biometric information inside sensors. Thus, sensors output data that contains almost no user biometric information while sufficing the application. We will discuss the challenges of implementing “privacy by birth” with resource-constrained sensors and present two case studies.

Wenyuan Xu
Zhejiang University, China

Wenyuan Xu is a Professor in the College of Electrical Engineering at Zhejiang University. She received her Ph.D. in Electrical and Computer Engineering from Rutgers University in 2007. Prior to joining Zhejiang University in 2013, she was a tenured faculty member in the Department of Computer Science and Engineering at the University of South Carolina in the United States. Her research focuses on embedded systems security, smart systems security, and IoT security. She is a recipient of the National Science Fund for Distinguished Young Scholars of China, the NSF CAREER award, and various best-paper awards including ACM CCS 2017 and ACM AsiaCCS 2018. In addition, she is a program committee co-chair for NDSS 2022-2023 and USENIX Security 2024, and serves as an associate editor for IEEE TMC, ACM TOSN, and TPS.

Quo Vadis Bluetooth? Security by Transparency (May 29)

Bluetooth and Bluetooth LE have become ubiquitous in recent years, and became a de-facto standard for interactions with personal IoT devices. Bluetooth even formed the basis for novel applications such as contact tracing in pandemics, and Apple’s AirTag ecosystem. Given those applications, one would expect Bluetooth’s security to be sufficiently strong. Unfortunately, numerous attacks have been found on all aspects of the protocol in recent years. Because significant parts of the Bluetooth controller is not available as open source, and instead only the 3000+ pages standard document, security analysis is generally requiring significant (reverse) engineering effort. In this vision talk, we will briefly summarize core issues in Bluetooth security, how they relate to the standardization process, and how I would propose to improve future security in the Bluetooth standard.

Nils Tippenhauer
CISPA Helmholtz Center for Information Security, Germany

Nils Tippenhauer is a faculty at the CISPA Helmholtz Center for Information Security in Germany. Until 2018, Nils was an Assistant Professor at the Singapore University of Technology and Design (SUTD). He earned his Dr. Sc. in Computer Science from ETH Zurich (Switzerland) in 2012.

Nils is interested in information security aspects of practical systems. In particular, his group is currently working on security of embedded systems and industrial communication protocols in the context of industrial control systems and the Industrial Internet of Things. At SUTD, he was involved in the construction and operation of several practical testbeds in those areas (SWaT, WADI, EPIC). In addition, Nils worked on physical layer security aspects of wireless and embedded systems, for example secure ranging, distance measurements and communication using wireless signals