Nordsec 2020

The 25th Nordic Conference on Secure IT Systems
November 23-24
Online

Keynote speaker: Elisa Bertino

Samuel Conte Professor of Computer Science, Purdue University

Title: Security, Privacy and Safety in the IoT


Abstract:

The Internet of Things (IoT) paradigm refers to the network of physical objects or "things" embedded with electronics, software, sensors, and connectivity to enable objects to exchange data with servers, centralized systems, and/or other connected devices based on a variety of communication infrastructures. IoT makes it possible to sense and control objects creating opportunities for more direct integration between the physical world and computer-based systems. Furthermore, the deployment of AI techniques enhances the autonomy of IoT devices and systems. IoT will thus usher automation in a large number of application domains, ranging from manufacturing and energy management (e.g. SmartGrid), to healthcare management and urban life (e.g. SmartCity). However, because of its fine-grained, continuous and pervasive data acquisition and control capabilities, IoT raises concerns about security, privacy, and safety. Deploying existing solutions to IoT is not straightforward because of device heterogeneity, highly dynamic and possibly unprotected environments, and large scale. In this talk, after outlining key challenges in IoT security and privacy, we outline a security lifecycle approach to securing IoT data, and then focus on our recent work on security analysis for cellular network protocols and edge-based anomaly detection based on machine learning techniques. We will conclude with a brief discussion of our recent work focusing on security and safety-constrained autonomous IoT devices that use use reinforcement learning techniques.

Biography:

Elisa Bertino is professor of Computer Science at Purdue University. Prior to joining Purdue, she was a professor and department head at the Department of Computer Science and Communication of the University of Milan. She has been a visiting researcher at the IBM Research Laboratory (now Almaden) in San Jose, at the Microelectronics and Computer Technology Corporation, at Rutgers University, and at Telcordia Technologies. Her main research interests include security, privacy, database systems, distributed systems, and sensor networks. Her recent research focuses on digital identity management, biometrics, IoT security, security of 4G and 5G cellular network protocols, and policy infrastructures for managing distributed systems. Prof. Bertino has published more than 700 papers in all major refereed journals, and in proceedings of international conferences and symposia. She has given keynotes, tutorials and invited presentations at conferences and other events. She is a Fellow member of ACM, IEEE, and AAAS. She received the 2002 IEEE Computer Society Technical Achievement Award "For outstanding contributions to database systems and database security and advanced data management systems", the 2005 IEEE Computer Society Tsutomu Kanai Award for "Pioneering and innovative research contributions to secure distributed systems", and the ACM 2019-2020 Athena Lecturer Award.

Keynote speaker: Marnix Dekker

Cybersecurity expert, at ENISA, the EU Agency for Cybersecurity

Title: Cybersecurity breach reporting in the EU


Abstract:

Marnix Dekker works at ENISA, the EU agency for Cybersecurity, as NIS Directive coordinator and breach reporting team lead. Marnix will speak about cyber security breach reporting, a cornerstone of EU cybersecurity legislation. He will explain the approach, processes, tooling and experiences from 9 years of breach reporting in the telecom sector and discuss challenges and pitfalls. He will also discuss the new breach reporting under the NIS Directive and discuss some of the opportunities and challenges here.

Additionally, at the end of the talk, he will give you a broader update on the overall cybersecurity policy landscape, discussing the new EECC, the status of the work under the NIS Directive, the work of the NIS Cooperation group, the 5G toolbox, and some details about the ongoing reviews of the NIS Directive and the eIDAS regulation.

Biography:

Marnix works at ENISA, the European Union Agency for Cybersecurity, where he is the NIS Directive coordinator and the team lead for telecom security, cybersecurity breach reporting, and cloud security. He has a Ph.D. degree in Computer security and an M.Sc. degree in Theoretical physics, with a thesis in Quantum mechanics.

Previously, he worked at the European Commission’s CISO office, where he was responsible for the corporate IT security strategy, the corporate policy, and responsible for linking between operational security teams and the political level and press.

Before joining ENISA he worked as an IT auditor at KPMG in The Hague, as an IT architect and protocol designer for the Dutch government’s e-ID systems, as a software develoer in Pisa, as a university teacher, and as a sailor in the North Sea offshore.

Program

All time indications are given in Central European Time (GMT+1)

Once the formal proceedings from Springer are ready, a link will appear here.

Monday November 23

13.30-14.00 Opening
14.00-14.45

Keynote Prof. Elisa Bertino, Purdue University

Session chair: Simin Nadjm-Tehrani, Linköping University
14.45-15.00Break
15.00-16.15

Session 1: Malware and attacks

Session chair: Magnus Almgren, Chalmers University
  • Persistence in Linux-Based IoT Malware
    Calvin Brierley, Jamie Pont, Budi Arief, Julio Hernandez and David Barnes (University of Kent)
  • Real-time triggering of Android memory dumps for stealthy attack investigation
    Jennifer Bellizzi, Mark Vella, Christian Colombo (University of Malta) and Julio Hernandez-Castro (University of Kent)
  • Using Features of Encrypted Network Traffic to Detect Malware
    Zeeshan Afzal (KTH Royal Institute of Technology, Karlstad University), Anna Brunstrom (Karlstad University) and Stefan Lindskog (Karlstad University, SINTEF Digital)
16.15-16.30Break
16.30-17.45

Session 2: Formal analysis

Session chair: Rene Rydhof Hansen, Aalborg University
  • Machine-checking the universal verifiability of ElectionGuard
    Thomas Haines (Norwegian University of Science and Technology), Rajeev Gore and Jack Stodart (Australian National University)
  • Information-Flow Control by means of Security Wrappers for Active Object Languages with Futures
    Farzane Karami, Olaf Owe (University of Oslo), and Gerardo Schneider (Chalmers University of Technology)
  • Efficient mixing of arbitrary ballots with everlasting privacy: How to verifiably mix the PPATC scheme
    Kristian Gjøsteen, Thomas Haines and Morten Rotvold Solberg (Norwegian University of Science and Technology)
17.45-18.15Wrapup

Tuesday November 24

10.00-10.45

Keynote Dr. Marnix Dekker, ENISA

Session chair: Mikael Asplund, Linköping University
10.45-11.00Break
11.00-12.15

Session 3: Applied cryptography

Session chair: Martin Hell, Lund University
  • (F)unctional Sifting: A Privacy-Preserving Reputation System Through Multi-Input Functional Encryption
    Alexandros Bakas, Antonis Michalas (Tampere University of Technology) and Amjad Ullah (Univeristy of Westminster)
  • TLV-to-MUC Express: Post-quantum MACsec in VXLAN
    Joo Yeon Cho and Andrew Sergeev (ADVA Optical Networking)
  • On the Certificate Revocation Problem in the Maritime Sector
    Guillaume Bour, Karin Bernsmed, Per Håkon Meland and Ravishankar Borgaonkar (SINTEF Digital)
12.15-13.15Lunch break
13.15-14.45Session 4: Security mechanisms and training
Session chair: Ville Leppännen, University of Turku
  • HoneyHash: Honeyword Generation Based on Transformed Hashes
    Canyang Shi and Huiping Sun (Peking University)
  • Agent-based file extraction using virtual machine introspection
    Thomas Dangl, Benjamin Taubmann and Hans P. Reiser (University of Passau)
  • Cyber range automation overview with a case study of CRATE
    Tommy Gustafsson and Jonas Almroth (Swedish Defence Research Institute)
14.45-15.15Poster session
Session chair: Felipe Boeira, Linköping University
  • Detecting plagiarism in penetration testing education
    Nikolaos Kakouros, Pontus Johnson and Robert Lagerström (KTH Royal Institute of Technolog)
15.15-16.30Session 5: Applications and privacy
Session chair: Nils Gruschka, University of Oslo
  • Privacy Analysis of COVID-19 Contact Tracing Apps in the EU
    Samuel Wairimu (Karlstad University) and Nurul Momen (Karlstad University, Blekinge Institute of Technology)
  • OnLITE: On-line Label for IoT Transparency Enhancement
    Alexandr Railean and Delphine Reinhardt (Georg-August-Universität Göttingen)
  • An Investigation of Comic-Based Permission Requests
    Katie Watson, Mike Just and Tessa Berg (Heriot-Watt University)
16.30-16.45Closing session

Call for Papers

NordSec is an annual research conference series that has been running since 1996. The NordSec conferences address a broad range of topics on IT security. The events bring together security researchers from the Nordic countries, Northern Europe, and beyond. In addition to being venue for academic publishing, NordSec is an important meeting place for university faculty, students, and industry experts from the region. The proceedings consist of peer-reviewed articles and are published in the Springer Lecture Notes in Computer Science series.

Nordsec 2020 will be arranged as a online conference with virtual participation.

Background, aim and scope

NordSec addresses a broad range of topics within IT security with the aim of bringing together computer security researchers and encouraging interaction between academia and industry. In addition to regular research paper submissions, we invite participants to present their current ideas and work-in-progress in a virtual poster session format.

Possible topics include, but are not limited to:

  • Access control and security models
  • AI for security and security for AI
  • Applied cryptography
  • Blockchains
  • Cloud security
  • Cryptographic protocols
  • Cyber crime, warfare, and forensics
  • Economic, legal, and social aspects of security
  • Formal analysis
  • Hardware and embedded security
  • Information flow security
  • Intrusion detection and mitigation
  • Language-based security
  • Mobile and Internet of Things security
  • Privacy and anonymity
  • Risk assessment
  • Security and machine learning
  • Security education and training
  • Security management and audit
  • Security metrics
  • Security usability
  • Social engineering and phishing
  • Software security and malware
  • Threat modelling
  • Trust and identity management
  • Trusted computing
  • Vulnerability testing
  • Web application security

Contributions should reflect original research, developments, studies and experience. Submitted papers should not exceed 16 pages (including references and appendices) in Springer LNCS format. Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings.

Posters

We welcome poster submissions for Nordsec2020. Work-in-progress, visionary ideas, demonstrations, and practical experience reports that relate to the topics or Nordsec are of interest. Since the conference will be held online, we will hold a virtual poster session with a short presentation of all posters followed by individual presentation rooms where each poster slide is shown and participans can ask questions to the authors. Posters will be selected based on a four-page written summary (LNCS format).

Registration

The registration is now open! Conference registration fees are provided in the table below:

ItemCost
Paper presenter100 EUR*
Poster presenterFree
Attendance onlyFree

* The actual invoice will be in Swedish Krona with the equivalent sum

Registration deadline

In order for us to be able to send you the connection information to the event, we ask you to register no later than Friday November 20. Later registrations will be processed as soon as we have time, but might mean missing large parts of the program.

Registration link

The registration is done in Microsoft Forms using this link. Any personal data that you provide will be used solely for the purpose of conference organization and billing.

VAT on fees - Important information

Please note that delegates representing a company or organization from a country outside of Sweden are NOT required to pay Swedish VAT on the registration fee. If you are from an EU country – a valid VAT number is mandatory, otherwise, VAT will be added. Private persons from Sweden are required to pay VAT on the registration fee (25%).

Method of payment

An invoice will be sent to the billing address that you provide. We are not able to accept credit card payments.

Important dates

Submissions due: 2020-08-25 2020-09-01
Notification of acceptance: 2020-10-12
Poster submission deadline 2020-10-13 2020-10-30
Camera ready copy 2020-10-30
Poster notification 2020-11-10
Author registration deadline 2020-10-30

Submission

Poster submissions

Selection of posters are made based on a four-page summary (LNCS format), and shoud not be anonymous. At the conference posters are presented using a one-slide presentation, followed by a break-out session discussion for each poster. Posters will appear on the conference web page, but will not be published in the proceedings.

Submit here.

Camera ready submission of full papers (deadline October 30)

Authors should consult Springer's authors' guidelines and use their proceedings templates, either for LaTeX or for Word, for the preparation of their papers. Springer encourages authors to include their ORCIDs in their papers. In addition, the corresponding author of each paper, acting on behalf of all of the authors of that paper, must complete and sign a Consent-to-Publish form. The corresponding author signing the copyright form should match the corresponding author marked on the paper. Once the files have been sent to Springer, changes relating to the authorship of the papers cannot be made.

There are two options for the Consent-to-Publish form.

  • Traditional transfer of copyright to Springer, free of charge. Use this form.
  • Open access publishing. Authors retain copyright and gives Springer the right to publish the material under a CC-BY license. To use this option, authors must pay a publishing fee to Springer (see the information at Springer for details). If you wish to take this option, please, in addition to the files below, send an email to mikael.asplund@liu.se with an address for the invoice that will be forwarded to Springer. Use this form.

You need to submit three items.

Full paper submission guidelines (closed)

All submitted papers will be judged based on their quality and relevance through double-blind reviewing, where the identities of the authors are withheld from the reviewers. As an author, you are required to make a good-faith effort to preserve the anonymity of your submission, while at the same time allowing the reader to fully grasp the context of related past work, including your own. Minimally, please take the following steps when preparing your submission:

  • Remove the names and affiliations of authors from the title page.
  • Remove acknowledgment of identifying names and funding sources.
  • Use care in referring to related work, particularly your own. Do not omit references to provide anonymity, as this leaves the reviewer unable to grasp the context. Instead, reference your past work in the third person, just as you would any other piece of related work by another author.
  • Papers must not exceed 16 pages.

All submissions will be peer-reviewed by the program committee listed below.

Papers should be formatted using the Springer LNCS format and must be submitted online, in PDF format, via Easychair.

Committees

Organizing committee

General chair

Mikael Asplund

Program chairs

Simin Nadjm-Tehrani
Mikael Asplund

Poster session chair

Felipe Boeira

Technical program committee

  • Magnus Almgren, Chalmers University of Technology, Sweden
  • Tuomas Aura, Aalto University, Finland
  • Stefan Axelsson, Halmstad University, Sweden
  • Musard Balliu, KTH Royal Institute of Technology, Sweden
  • Billy Brumley, Tampere University, Finland
  • Sonja Buchegger, KTH Royal Institute of Technology, Sweden
  • György Dán, KTH Royal Institute of Technology, Sweden
  • Christian Damsgaard Jensen, DTU, Denmark
  • Nicola Dragoni, Technical University of Denmark, Denmark
  • Mathias Ekstedt, KTH Royal Institute of Technology, Sweden
  • Katrin Franke, Norwegian University of Science and Technology, Norway
  • Ulrik Franke, RISE, Sweden
  • Martin Gilje Jaatun, SINTEF Digital, Norway
  • Nils Gruschka, University of Oslo, Norway
  • Meiko Jensen, Kiel University of Applied Sciences, Germany
  • Thomas Johansson, Lund University, Sweden
  • Kristian Gjøsteen, Norwegian University of Science and Technology, Norway
  • Dieter Gollmann, Hamburg University of Technology, Germany
  • Kimmo Halunen, VTT, Finland
  • Rene Rydhof Hansen, Aalborg University, Denmark
  • Tor Helleseth, University of Bergen, Norway
  • Audun Jøsang, University of Oslo, Norway
  • Marcel Kyas, Reykjavik University, Iceland
  • Martin Hell, Lund University, Sweden
  • Luigi Lo Iacono, Cologne University of Applied Sciences, Germany
  • Ville Leppänen, University of Turku, Finland
  • Stefan Lindskog, Karlstad University, Sweden and SINTEF Digital, Norway
  • Olaf Maennel, Tallinn University of Technology, Estonia
  • Raimundas Matulevicius, University of Tartu, Estonia
  • Per Håkon Meland, Sintef, Norway
  • Nils Nordbotten, FFI, Norway
  • Tomas Olovsson, Chalmers University of Technology, Sweden
  • Hans P. Reiser, University of Passau, Germany
  • Mohit Sethi, Aalto University, Finland
  • Einar Snekkenes, Norwegian University of Science and Technology, Norway
  • Teodor Sommestad, FOI, Sweden
  • Emmanouil Vasilomanolakis, Aalborg University, Denmark
  • Stephen Wolthusen, Norwegian University of Science and Technology, Norway
  • Øyvind Ytrehus, University of Bergen, Norway

Poster committee

  • Mohammad Hamad
  • Ulf Kargén

Supporting Nordsec

Supporting organisations

Previous editions

  • Nordsec 2019, Aalborg, Denmark, LNCS 11875, editors Aslan Askarov, René Rydhof Hansen and Willard Rafnsson
  • NordSec 2018, Oslo, Norway, LNCS 11252, editor Nils Gruschka, general chair Audun Jøsang
  • NordSec 2017, Tartu, Estonia) LNCS 10674, editors Helger Lipmaa, Katerina Mitrokotsa and Raimundas Matulevičius
  • NordSec 2016, Oulu, Finland, LNCS 1014, editors Juha Röning and Billy Brumley
  • NordSec 2015, Stockholm, Sweden, LNCS 9417, editors Sonja Buchegger and Mads Dam
  • NordSec 2014, Tromsø, Norway, LNCS 8788, editors Karin Bernsmed and Simone Fischer-Hübner

All previous conferences can be found here