Finals of NSE Data Challenge 2017

We held our finals for the National Science Experiment Data Challenge 2017 at SUTD on September 13. 11 finalist teams from secondary and post-secondary schools came to present their projects. Our guest of honour, Minister Yaacob Ibrahim, gave out the awards together with our sponsors. I served as on of the 6 Jury members for the selection of the winners. Overall, the event went great and it was amazing to see all the excited students discussing their science projects. Some impressions were shared on the minister’s facebook page, and in local media.

SUTD’s FIRST Industry Workshop 2017

I am happy to announce that my PhD students Hamid and Daniele both won an award each at the FIRST industry workshop, held at SUTD. In particular, they won:

  • Daniele Antonioli:  ST Electronics Poster Award
  • Hamid Reza:  Kulicke & Soffa Poster Award

Hamid presented our ongoing work on IDS for ICS, and Daniele presented our Honeypot for ICS. Congratulations to both of them!

Google’s Security Conference/Journal ranking 2017

As a follow up to the two previous posts on the topic, here is the version with the newly released 2017 metrics data. It provides a ranking of journals and conferences in different fields, and uses the h5 metric, “the number n of papers that were released in the last 5 years, and had at least n citations”. Google also now added a “Classic Papers” category for papers (link) – but there was essentially nothing in that which I recognized.

Based on the h5 metric, the following ranking for security conferences and journals is generated here:

  1. ACM Symposium on Computer and Communications Security (71)
  2. IEEE Symposium on Security and Privacy (68, +1 position)
  3. IEEE Transactions on Information Forensics and Security (67, -1 position)
  4. USENIX Conference on Security (61)
  5. Network and Distributed System Security Symposium (NDSS) (56)
  6. International Conference on Cryptology (CRYPTO) (53)
  7. Annual International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT) (53)
  8. ArXiv (see discussion)
  9. Computers & Security (40,+4 positions)
  10. IEEE Transactions on Dependable and Secure Computing (38)
  11. International Conference on The Theory and Application of Cryptology and Information Security (ASIACRYPT) (36)
  12. International Conference on Financial Cryptography and Data Security (35, not in top 15 last year)
  13. Theory of cryptography (34)
  14. Workshop on Cryptographic Hardware and Embedded Systems (CHES) (33)
  15. ACM Symposium on Information, Computer and Communications Security (ASIACCS) (31)

Some other honourable mentions where I published before, am involved, or consider submitting:

  1. Conference of the IEEE Computer and Communications Societies (INFOCOM) (80)
  2. Computer Networks (54)
  3. International Conference on Mobile systems, applications, and services (MOBISYS) (47)
  4. Annual International Conference on Mobile computing and networking (Mobicom) (45)
  5. International Conference on Dependable Systems and Networks (DSN) (32)
  6. ACM Symposium on Applied Computing (SAC) (32, but only small security track)
  7. Annual Computer Security Applications Conference (ACSAC) (29)
  8. European Conference on Research in Computer Security (ESORICS) (28)
  9. ACM conference on Data and Application Security and Privacy (CODASPY) (25)
  10. International Conference on Cyber-Physical Systems (ICCPS) (23)
  11. Wireless Network Security (WISEC) (21)
  12. Symposium on Research in Attacks, Intrusions and Defenses (RAID) (19)
  13. IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection (IFIP Sec) (18)
  14. IEEE High Assurance Systems Engineering Symposium, (HASE) (14)
  15. Network and Systems Security (NSS) (13)
  16. IEEE International Conferences on Internet of Things, and Cyber, Physical and Social Computing (CPSCom) (13)
  17. Conference on Cryptology and Network Security (CANS) (13)
  18. Conference on Formal Engineering Methods (ICFEM) (12)
  19. Conference on Security and Privacy in Communication Networks (SecureComm) (10)

There are some interesting observations I made from the ranking (updated from last iteration):

  1. The h5 index of the top venues increased by about 5-9 points, with S&P returning to place 2. For CCS, this is definitely expected, as the number of submissions/accepted papers has increased significantly in the last 5 years.
  2. Computer & Security joined the other two journals in the top ten list
  3. Financial Cryptography and Data Security makes its first entry into top 15, probably due to Bitcoin/blockchain/smart contract related content and FinTec
  4. ArXiv is in the list, but can hardly be counted as “peer reviewed”.
  5. 5 of the top 14 venues (w/o Arxiv) have a strong crypto focus, further limiting the options for general security papers to be published at.
  6. Google also publishes a h5-median score, which indicates the median citation count of the publications included in the h5 computation. This somewhat gives a nice indication on how many citations you could expect for your publications in the conference, after five years. For the top 10 venues, this is between 60 and 110, for top 10-20 between 40 and 65
  7. Clearly, for h5 it helps to accept more papers (see ArXiv and Infocom rank). It would be great to award selectivity somehow, for example by dividing by number of accepted papers. Unfortunately, that information is not directly available (see here).

See also: aminer conference ranking, CORE2014 conference ranking

SCy-Phy Systems Week 2017 completed

We just concluded our main event for this year, the Secure Cyber-Physical Systems Week at SUTD. This year, I was leading the organization for the event. We had about 160 registered attendants, 5 panels with total of 15 panelists, a keynote by Neil Hershfield, Deputy Director of ICS-CERT, and 4 invited talks. We also had another S3 event, in which invited teams attack our testbeds to test our detection mechanisms. Overall, the event was quite successful! More info here.

Think-In event at SCy-Phy Systems Week

We have finalized our selection of panelists for the 2-day Think-In event at next week’s SCy-Phy Systems week. We were fortunate to find a set of excellent speakers, for in total 5 panels

  • Keynote: Neil Hershfield, Deputy Director, ICS-CERT
  • Threats Panel: Neil Hershfield, Marina Krotofil, and Soon Chia Lim
  • Interconnected Systems Panel: David Nicol, Sahra Sarvestani, and Robert Kooij
  • Models Panel: Sjouke Mauw, Alvaro Cardenas, and Dieter Gollmann
  • Defences Panel: Mauro Conti, Gerhard Hancke, and Biplab Sikdar
  • Translating to Industry Panel: Jorge Cuellar, Matthieu Lec’Hvien, and David Ong

In addition, we will have invited talks by Marina, Dieter, Sjouke, and Sahra on Wednesday and Thursday.

The program sheet can be found here.

Best Paper award at CPSS’17

Our paper “SIPHON: Towards Scalable High-Interaction Physical Honeypots” won the best paper award at the 3rd ACM Cyber-Physical System Security Workshop (CPSS), co-located with AsiaCCS. The paper was co-authored by Juan Guarnizo, Amit Tambe, Suman Sankar Bhunia, Martín Ochoa, Asaf Shabtai, Yuval Elovici. The paper is available here, and as pre-print on arxiv.

From the abstract:

In recent years, the emerging Internet-of-Things (IoT) has led to rising concerns about the security of networked embedded devices. In this work, we propose the SIPHON architecture—a Scalable high-Interaction Honeypot platform for IoT devices. Our architecture leverages IoT devices that are physically at one location and are connected to the Internet through so-called wormholes distributed around the world. The resulting architecture allows exposing few physical devices over a large number of geographically distributed IP addresses. We demonstrate the proposed architecture in a large scale experiment with 39 wormhole instances in 16 cities in 9 countries. Based on this setup, five physical IP cameras, one NVR and one IP printer are presented as 85 real IoT devices on the Internet, attracting a daily traffic of 700MB for a period of two months. A preliminary analysis of the collected traffic indicates that devices in some cities attracted significantly more traffic than others (ranging from 600 000 incoming TCP connections for the most popular destination to less than 50 000 for the least popular). We recorded over 400 brute-force login attempts to the web-interface of our devices using a total of 1826 distinct credentials, from which 11 attempts were successful. Moreover, we noted login attempts to Telnet and SSH ports some of which used credentials found in the recently disclosed Mirai malware.

SCy-Phy Systems Week 2017

We will organize the third SCy-Phy systems week in June, from 5 June 2017 to 9 June 2017. As part of the event, we will have a 2 day Think-In session with panelists and interactive discussions, and another iteration of the S3 event (this year’s name: S317). At the S317, international teams from academia and industry will try to attack our Industrial Control System testbeds. More information here.

Visit by Ahmad-Reza Sadeghi

We are hosting Professor Ahmad-Reza Sadeghi from TU Darmstadt at SUTD on March 23. He will give a talk at 3:30 in LT3, titled Things, Trouble, Trust: On Building Trust in IoT Systems.


The emerging and much-touted Internet of Things (IoT) under the slogan “connecting the unconnected” presents a variety of security and privacy challenges in a broad spectrum of application domains, ranging from large-scale smart energy grids to smart vehicles, homes and personal wearable devices. Prominent among these challenges is the establishment of trust in remote IoT devices typically attained via remote attestation, a distinct security service that aims to ascertain the current state of potentially compromised remote devices.
However, recent studies have revealed many security vulnerabilities in embedded devices that are core components of the IoT. On the other hand, established protection measures for traditional computing platforms and networks may not always directly apply to IoT due to their diversity, resource constrains and large scale.
In this talk we survey the landscape of the recent research on security architectures and particularly scalable remote attestation schemes for IoT devices. We also discuss their effectiveness and related tradeoffs as well as future research challenges and directions.