University of Waterloo
Securing Internet-of-Things (IoT)
University at Albany, SUNY
Sanjay Goel is a Professor and Chair of the Information Technology Management Department in the School of Business, Director of the Center for Forensics Analytics Complexity Energy Transportation and Security, and the Director of Research at the NYS Center for Information Forensics and Assurance at UAlbany. He is also the Director of the Digital Forensics Program at the University. Dr. Goel received his Ph.D. in Mechanical Engineering from RPI. His research interests include information security, cyber warfare, music piracy, complex systems, security behavior, and cyber physical systems. His research on self-organizing systems includes traffic light coordination, smart grid and social networks. He is lead author of Smart Grid Vision prepared by IEEE Communications Society and the IEEE Standards Association. He won the promising Inventor’s Award in 2005 from the SUNY Research Foundation. In 2006, he was awarded the SUNY Chancellor’s Award for Excellence in Teaching, the UAlbany Excellence in Teaching Award, and the Graduate Student Organization Award for Faculty Mentoring. In 2010 he was awarded the UAlbany Excellence in Research Award. In 2015, he was also awarded the SUNY Chancellors’ Excellence in Academic Service, UAlbany Presidents’ Excellence in University Service, and School of Business Excellence in Research Award. He was named one of the three AT&T Industrial Ecology Faculty Fellows for 2009-2010. He has received grant funding from multiple sources including: National Institute of Justice, U.S. Department of Education, U.S. Department of Commerce, National Science Foundation, Intelligence Advanced Research Project Activity, Region II University Transportation Research Center, New York State Energy Research and Development Agency (NYSERDA), Blackstone Foundation, AT&T Foundation and James S. McDonnell Foundation. He recently received a $800,000 grant to establish a Blackstone Launchpad to foster entrepreneurship and innovation among students at UAlbany, a 1.6 M dollar award to develop strategies for detection of inside threat actors, and $800,000 from NIST and Department of Commerce for understanding and fostering the ecosystem of cybersecurity in the capital district of New York and adjoining areas. He has over 100 articles in refereed journals and conference publications including top journals such as the IEEE Journal of Selected Areas in Communication, Journal of the AIS, IEEE Transactions on Dependable Computing, California Management Review, Decision Support Systems, Journal of the AIS, Communications of the AIS, Communications of the ACM and the Information & Management Journal. In addition, he has been invited to present at 50 conferences including over 15 keynotes and plenary talks. He is a recognized international expert in information security, cyber warfare, and smart grid and has given plenary talks in events across several countries including, U.S., Germany, Russia, Serbia, Croatia, and India that have been sponsored by NATO, OSCE, and other professional organizations. He established the Annual Symposium on Information Assurance as an academic symposium held in conjunction with the NYS Cyber Security Conference and has served as its chair. In its tenth year now; the joint event attracts over 1200 participants. He also initiated and served as the general chair for the International Conference on Digital Forensics and Cyber Crime (ICDF2C) which is a popular forensics conference.
Emergence of Digital Forensics: Current Challenges and Future Research Directions
There have been multiple phases in the evolution of the Internet and with each phase the complexity has grown by an order of magnitude. It is clear that our ability to defend our networks and data has diminished significantly. Despite the extensive security infrastructure in place, hackers have exploited vulnerabilities, such as human errors, carelessness, contractor computers, and insider knowledge to bypass all security. Once inside they carefully probed and navigated their way until they reached their target treasure trove.
Given enough time, a determined attacker is able to bypass an organization’s perimeter. As part of an Advanced Persistent Threat attack, motivated attackers can spend months or even years targeting a specific organization and lurking in its fringes until they break into it. Using techniques from “spear phishing” (targeted phishing/email attacks) to exploiting zero-day vulnerabilities where patches do not yet exist, an advanced attacker will breach a target network’s perimeter. When this occurs, the outsider becomes, in effect, an insider. To address this challenged, security paradigm needs to move beyond perimeter defense into gaining visibility into networks. Forensics has the ability to provide visibility into the networks. Consequently, security and forensics are starting to blend with each other and digital forensics is becoming inextricably linked to an organization’s information security.
In this talk, I will take a long view of the broader challenges and security threats that we face today and talk about emerging trends and threats. I am also going to talk about how the future Internet is projected to evolve and the challenges that we face especially as we embrace the new incarnation of the Internet – Internet of things. The Internet is no longer only about information exchange and processing. Internet will now be able to control the physical world! In this context, I will attempt to try to paint a picture of the future Internet, the role of security and forensics, emerging security technologies, and open challenge problems in forensics and security.
Université du Québec à Montréal (UQAM)
Sébastien Gambs currently holds the Canada Research Chair (Tier 2) in Privacy-preserving and Ethical Analysis of Big Data since December 2017. He has joined the Computer Science Department of the Université du Québec à Montréal (UQAM) in January 2016, after having held a joint Research chair in Security of Information Systems between Université de Rennes 1 and Inria from September 2009 to December 2015. His research interests encompass subjects such as location privacy, privacy-preserving data mining as well privacy-enhancing technologies in general. He is also interested to solve long-term scientific questions such as addressing the tension between privacy and the analysis of Big Data as well as the fairness, accountability and transparency issues raised by personalized systems. He has co-authored over 45 refereed publications (mostly international), including 9 journal articles and more than 35 conference and workshop papers. He is also the co-author of two patents that are related to the protection of privacy. He has supervised or co-supervised 6 PhD students and 15 MSc students that have successfully graduated. He is currently the holder of an NSERC Discovery Grant (2016-2021) as well as a Discovery Accelerator Supplement grant (2016-2019) for his research program titled “Protection location privacy in online and offline contexts”.
Privacy and Ethical Issues in Big Data: Current Trends and Future Challenges
In our Information Society, the profiling of users has become the norm, which has lead to the development of services that are highly personalized based on the specific needs of individuals, but also raise fundamental privacy and ethical issues. In particular, the absence of transparency on the profiling and personalization processes has lead to the loss of control of individuals on the collection and use on their personal information while making it impossible for an individual to question the decision taken by the algorithm and to make it accountable for it. Moreover, transparency is only a prerequisite to be able to analyze the possible biases that personalized algorithms could have (e.g., discriminating against a particular group in the population) and then potentially correct them. In this talk, I will review the main challenges in terms of privacy and ethics that have recently emerged before presenting the main approaches that are currently investigated to answer to these challenges. Finally, I will conclude by discussing some open problems.