CfP: CPS-SPC

I am co-chairing the ACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC) this year, together with Avishai Wool. CPS-SPC aims to be the premier workshop for research on security of Cyber-Physical Systems (such as medical devices, manufacturing and industrial control, robotics and autonomous vehicles). The workshop will run for the fifth time, co-located with CCS (11 November, London, UK). We just released the website (cps-spc.org) and the full CfP.

Submitted papers can be up to 12 pages including appendices and references. Submissions must use the ACM SIG Proceedings Templates.

Important Dates

  • Paper Submission Deadline: June 21, 2019 (23:59 Anywhere on Earth time)
  • Notification of Acceptance/Rejection: Aug 7, 2019
  • Camera Ready Papers Due: August 30, 2019 (hard deadline, see notification mails)

Cyber-Physical System Security School

I will be teaching one day of classes at the Cyber-Physical System Security School at the University of Padova in July 2019. My classes will provide an overview of current approaches to security in practical Industrial Control Systems, and recent research directions to improve the state of the art. More information can be found at the website of the event. Regular registration is still open until June 21st.

2018 in numbers

As a follow-up to last year’s post, a quick personal note on my scholar profile. As of now, second week of January 2019, my publications reached ~1400 citations according to Google scholar (vs. ~1000 at this time last year/ 700 two years ago/ 500 three years ago). Google scholar currently lists 60 publications (vs. 53 last year, most peer-reviewed), and one US patent. Our first GPS paper currently has 257 cites. My h-index has increased to 19 (from 15), my i10-index is currently 32, from 18 last year.

Semantic scholar stopped listing citation numbers for profiles. They still indicate how many papers were strongly influenced by my work (69), compared to 54 in previous year.

Scopus lists generally lower numbers (e.g. only 49 publications, ~683 citations), but they provide a number of co-authors: 106 (66 last year).

Other numbers for 2018: Github lists 96 commits to repositories (after 500 in 2017), as we shifted most collaborations to use Overleaf (and I don't develop for NSE any more). I received 5,898+1,319=7217 mails on my university accounts (after removal of spam). Per working day, that would make around 36 (previous years: 64) mails. I sent 1,240+498=1738 mails (~9 per working day, last year 19). Both numbers are around half of my 2016/2015 statistics. This is likely due to my transition to CISPA, during which I lost access to the old account (and the end of major projects such as the NSE).

Google’s Security Conference/Journal ranking 2018

As a follow up to the three previous posts on the topic, here is the version with the newly released 2018 metrics data. It provides a ranking of journals and conferences in different fields, and uses the h5 metric, “the number n of papers that were released in the last 5 years, and had at least n citations”. Google also now added a “Classic Papers” category for papers (link) – but there was essentially nothing in that which I recognized. This list of Normalized Top-100 Security Papers seems to be much more appropriate.

Based on the h5 metric, the following ranking for security conferences and journals is generated here:

  1. ACM Symposium on Computer and Communications Security (77)
  2. IEEE Symposium on Security and Privacy (74)
  3. IEEE Transactions on Information Forensics and Security (73)
  4. USENIX Conference on Security (70)
  5. International Conference on Cryptology (CRYPTO) (62, +1 position)
  6. Network and Distributed System Security Symposium (NDSS) (60,-1 position)
  7. Annual International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT) (53)
  8. Computers & Security (48)
  9. IEEE Transactions on Dependable and Secure Computing (40)
  10. International Conference on Financial Cryptography and Data Security (37, +1 position)
  11. International Conference on The Theory and Application of Cryptology and Information Security (ASIACRYPT) (37, -1 position)
  12. Workshop on Cryptographic Hardware and Embedded Systems (CHES) (36, +1 position)
  13. ACM Symposium on Information, Computer and Communications Security (ASIACCS) (36, +1 position)
  14. Theory of cryptography (34, -2 positions)
  15. Symposium On Usable Privacy and Security (31)
  16. IEEE Security & Privacy (31)
  17. International Conference on Practice and Theory in Public Key Cryptography (29)
  18. Journal of Cryptology (29)
  19. Fast Software Encryption (FSE) (29)
  20. Security and Communication Networks (29)

Some other honourable mentions where I published before, am involved, or consider submitting:

  1. Conference of the IEEE Computer and Communications Societies (INFOCOM) (76, -4)
  2. Computer Networks (58)
  3. Annual International Conference on Mobile computing and networking (Mobicom) (49, +1 position)
  4. International Conference on Mobile systems, applications, and services (MOBISYS) (45, -1 position)
  5. International Conference on Dependable Systems and Networks (DSN) (33)
  6. ACM Symposium on Applied Computing (SAC) (30, but only small security track)
  7. Annual Computer Security Applications Conference (ACSAC) (28)
  8. European Conference on Research in Computer Security (ESORICS) (28)
  9. ACM conference on Data and Application Security and Privacy (CODASPY) (28)
  10. International Conference on Cyber-Physical Systems (ICCPS) (25)
  11. IEEE Computer Security Foundations Symposium (CSF) (24)
  12. Wireless Network Security (WISEC) (22)
  13. Symposium on Research in Attacks, Intrusions and Defenses (RAID) (20)
  14. International Conference on Availability, Reliability and Security (ARES) (19)
  15. IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection (IFIP Sec) (16)
  16. Network and Systems Security (NSS) (16)
  17. Conference on Cryptology and Network Security (CANS) (15)
  18. Conference on Security and Privacy in Communication Networks (SecureComm) (13)
  19. IEEE High Assurance Systems Engineering Symposium, (HASE) (12)
  20. IEEE International Conferences on Internet of Things, and Cyber, Physical and Social Computing (CPSCom) (11)
  21. Conference on Formal Engineering Methods (ICFEM) (11)

There are some interesting observations I made from the ranking (updated from last iteration):

  1. The h5 index of the top venues increased by about 5-9 points, without major changes in order (Crypto and NDSS swapped places). For these tier 1 venues, this is definitely expected, as the number of submissions/accepted papers has increased significantly in the last 5 years.
  2. Financial Cryptography and Data Security only increased the h5 by 1, after steep rise in the year before.
  3. ArXiv is not on Google's list any more (I assume due to lack of peer review).
  4. The list was extended to 20 venues now.
  5. 8 of the top 20 venues have a strong crypto focus, further limiting the options for general security papers to be published at.
  6. Google also publishes a h5-median score, which indicates the median citation count of the publications included in the h5 computation. This somewhat gives a nice indication on how many citations you could expect for your publications in the conference, after five years. For the top 10 venues, this is between 60 and 130 (+20 compared to last year), for top 10-20 between 45 and 60 (like last year).
  7. Clearly, for h5 it helps to accept more papers (see Infocom rank, the journals on the list, CCS's rising score). It would be great to award selectivity somehow, for example by dividing by number of accepted papers. Unfortunately, that information is not directly available (see here).

See also: aminer conference ranking, CORE2014 conference ranking

Joining CISPA in August

In August 2018, I will leave SUTD and join CISPA as faculty member. CISPA is a German research center focusing on world-class security research, headed by Michael Backes. CISPA is currently in process to become a member of the Helmholtz Association and is planned to grow quickly in the upcoming years, aiming to become the leading security research center in Europe. CISPA is co-located with the University of Saarbrucken, which is recognized to be one of the best places (top 5, according to CHE) in Germany for computer science degrees (both graduate and undergrad). In particular, it has a dedicated undergrad program in cybersecurity!

I will continue to work on security topics related to Cyber-Physical systems in general, and Industrial Control Systems, Internet of Things, and physical layer wireless in particular. I have funding for several PhD students with attractive salary. I am now looking for interested candidates with strong undergrad GPA (or ideally a MSc) in computer science/engineering or related fields. If you are interested, please send me a short statement about your motivation, and a CV.

I am sad to leave my fellow faculty members at SUTD and Singapore, but look forward to this excellent opportunity in Germany!

CfP: CPS-SPC

I am co-chairing the ACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC) this year, together with Awais Rashid. CPS-SPC aims to be the premier workshop for research on security of Cyber-Physical Systems (such as medical devices, manufacturing and industrial control, robotics and autonomous vehicles). The workshop will run for the fourth time, co-located with CCS (19 October, Toronto, Canada). We just released the website (cps-spc.org) and the full CfP.

Submitted papers can be up to 12 pages including appendices and references. Submissions must use the ACM SIG Proceedings Templates.

Important Dates

  • Paper Submission Deadline: July 1, 2018 (23:59 Anywhere on Earth time)
  • Notification of Acceptance/Rejection: July 30, 2018
  • Camera Ready Papers Due: August 19, 2018

Accepted: CPS-SPC 2018

This year, I will be Co-Chair for the workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC), together with Awais Rashid. Our proposal for the workshop is now accepted at CCS, and we will send out the CfP soon. Tentative date of the workshop: 19 October 2018, Toronto, Canada.

Meetup of TUHH Alumni Singapore Chapter + Guests from TUHH

We plan to have another meetup of the local TUHH Alumni chapter on March 27th, 7 pm at Restaurant Brotzeit at Harbourfront! Keep in touch with your alma mater and former fellow students. Several visiting TUHH staff members will also attend this event and report about developments at the Hamburg University of Technology.

To register, please send a message to Vera Lindenlaub at tuandyou@tuhh.de with your full name, your contact details, and your connection to TUHH (e.g. study, work).

March 27th 2018, 7pm
Restaurant Brotzeit
VivoCity Singapore 098585

Hope to see you all soon!

TPC Service in 2018

In 2018, I was asked to serve as TPC member for three security conferences that are quite important to me: CCS, Esorics, and Wisec. I’m looking forward to reviewing the interesting submissions! I’m also reviewing for the relevant CPS security workshops co-located with AsiaCCS and CCS.

2017 in numbers

As a follow-up to last year’s post, a quick personal note on my scholar profile. As of now, second week of January 2018, my publications reached 1001 citations according to Google scholar (vs. 700 at this time last year/ 500 two years ago). Google scholar currently lists 53 publications (vs. 43 last year, most peer-reviewed), and one US patent. Our first GPS paper currently has 203 cites. My h-index has increased to 15 (from 11), my i10-index is currently 18, from ~12 last year.

Semantic scholar stopped listing total citation numbers for profiles. I noted they revised/reduced my citation estimate for 2016 quite a bit, down to 111 (was >200 before). They still indicate how many papers were strongly influenced by my work (54), compared to 7 in previous year.

Scopus lists generally lower numbers (e.g. only 39 publications, ~450 citations), but they provide a number of co-authors: 66.

Other numbers for 2017: Github lists 450 commits to repositories (after 807 in 2016). I received 16,285 mails on my university account (after removal of spam). Per working day, that would make around 64 mails. I sent 4,733 mails (~19 per working day). Both numbers are quite close to my 2016/2015 statistics.

CfP: Workshop on Industrial Internet of Things Security (WIIoTS)

I am on the TPC of the Workshop on Industrial Internet of Things Security, and the CfP was just released.

The Industrial Internet of Things (IIoT) is an emerging paradigm in today’s (control) industry, comprising Internet-enabled cyber-physical devices with the ability to couple to the new interconnection technologies such as cloud/fog computing. Under this perspective, the new industrial cyber-physical “things” can be accessible and available from remote locations, the information of which can be processed and stored in distributed locations, favouring the cooperation, the performance in field, and the achievement of operational tasks working at optimal times. However, the incorporation of the IIoT in the new scenarios of the fourth industrial revolution, also known as Industry 4.0, entails having to consider the new security and privacy issues that can threaten the wellbeing of the new IIoT ecosystem and its coexistence with the existing industrial technologies, with a high risk of impact on the end-users.

Date/Location: Bilbao, Spain, June 4-7, 2018

More info at: http://globaliotsummit.org

Submission due: Feb 16, 2018 (GMT)

Visit by Ralph Holz

Prof. Ralph Holz from Syndey University will visit SUTD on 7 Nov. At 3pm in LT3, he will give a public talk on the following topic.

Title: Consensus, security and the network – measuring Blockchain

Over the last years, blockchains have developed into a mainstream technology that entire industry sectors are talking about.
The latest generation even supports smart contracts – programs that are executed by all participants and that may govern everything from simple transactions to the setup of organisations. Beyond the hype, however, we find that there is little deployment beyond the two most prominent examples, Bitcoin and Ethereum.
In this talk, we are going to explore some of the reasons. In particular, we show that the P2P networks that underlie blockchains impact their functionality in decisive ways. We look at dependability and abortion of transactions, both of which are crucial for enterprises, and we inspect the network structure and its influence on transaction execution. We present some early numbers from more than 2,500 scans
of a blockchain network. Finally, we discuss some research directions that could prove fruitful in a number of systems, blockchains or beyond.

Meetup of TUHH Alumni Singapore Chapter + Special Guest


I’m organizing a meetup of TUHH’s Singapore Alumni chapter on Nov 8, 4:30pm-6pm at SUTD. The plan is to give TUHH Alumni a chance to get to know each other, briefly show them the campus, and present research projects we do (e.g. www.nse.sg, and security research). Afterwards, we can have dinner nearby for everyone interested (self paid).

For everyone interested: please write me a quick mail, so I can make sure to keep you updated.

As a special guest, we will be joined by Prof. Ed Brinksma, who was just elected as next President of TUHH! So don’t miss this opportunity to connect back to TUHH.

Hope to see you all soon!

Visit by Debdeep Mukhopadhyay

We are hosting Prof. Debdeep Mukhopadhyay on Oct 12 at SUTD. He will give a public talk with the title Break one link and the whole chain falls apart!: Embedding Security in Things to Cloud.

Abstract:
With the advent of Internet of Things (IoT) the need and challenges of security have increased manifold. Starting from the miniature devices, which are often resource constrained, to the pervasive omni-present cloud, all avenues for a potential attack need to be mitigated. In this talk, we discuss the research activities in this direction, starting from physical security of the “things” in an IoT framework to developing dedicated cryptographic techniques for delegating data in the cloud. The talk also summarizes the research activities at the Secured Embedded Architecture Laboratory (SEAL), IIT Kharagpur, India.

Bio:
Debdeep is currently an Associate Professor at the Department of Computer Science and Engineering, IIT-Kharagpur, India and a visiting scientist
at School of Computer Science and Engineering at NTU-Singapore. At IIT Kharagpur he initiated the Secured Embedded Architecture Laboratory (SEAL), with a focus on Embedded Security and Side Channel Attacks. Prior to this he worked as a visiting Associate Professor of NYU-Shanghai, Assistant Professor at IIT-Madras, and as Visiting Researcher at NYU Tandon-School-of-Engineering, USA. He holds a PhD, MS, and B. Tech from IIT-Kharagpur. His research interests are Cryptography, Hardware Security, and VLSI. He is in the Program Committee of several top-tier conferences in his area like CHES, DATE, etc. and is the Associate Editor of Journal of Hardware and Systems Security, Springer.
He is the recipient of the prestigious Swarnajayanti DST Fellowship, Young Scientist award from the Indian National Science Academy, Young Engineer award from the Indian National Academy of Engineers, and is Young Associate of the Indian Academy of Science. He has incubated a start-up, ESP Pvt Ltd at IIT Kharagpur (http://esp-research.com/).