Dr. Henry B. Wolfe
Associate Professor – Computer Security & Forensics
Information Science Department, Otago School of Business.
“Mobile Phone and General ICT Security Issues”
We take for granted every day that we are safe from any given risk because we are protected by various standards, statutes, and laws. The mobile phone has become ubiquitous and there are currently more
than 8 billion connections and almost 5 billion mobile phones in use around the world. It is really nothing more than a small computer with a radio transmitter and receiver and other communications devices (Wi/Fi,
Bluetooth, etc) integrated into it. Smart phones may also have the ability to record photos, videos and sound. Most have a built in Global Positioning Satellite System capability.
Some phones may also have Near Field Communications (NFC). Each of these capabilities may result in various risks. Every generation of mobile phone has expanded its capabilities and we are now able
to communicate with the Internet in addition to normal telephone activity.
A long with these capabilities come a number of risks. Some of these are normally associated with using the Internet, so mobile users are exposed to malware of various kinds from that source. However,
there are other more insidious risks that are less known. The purpose of this presentation is to discuss the current risks associated with mobile phone use including malware; loss, theft, seizure; communications
interception, loss of privacy; location logging and tracking; and bugging. Most people are not aware of these threats. They assume that their service provider has put in place measures to eliminate any risks
as well as protect their privacy (by the use of cryptography). 100% safe mobile phone use will unlikely ever be possible. This presentation will cover mitigating alternatives that can be put in place to reduce
the identified mobile phone risks. These will be graphically portrayed and clearly described and defined in terms and language that non-technical people will understand.
Dr. Wolfe has been an active ICT professional for more than 58 years. He has earned a number of university ICT degrees culminating with a Doctor of Philosophy from the University of Otago (Virus Defenses in
the MS/DOS Environment). The first ten years of his career were spent programming and designing systems in the manufacturing environment; the most notable was one of the first fully automated accounting systems
in the U.S. The next ten years of ever increasing responsibility was devoted to serving in the U.S. Federal Government rising to the position of Director of Management Information Systems for the Overseas Private
In 1979 Dr. Wolfe took up an academic post at the University of Otago and for the past thirty-five or so years has specialized in computer security. During that period he has earned an international
reputation in the field of electronic forensics, encryption, surveillance, privacy and computer virus defenses.
Dr. Wolfe writes about a wide range of security and privacy issues for Computers & Security, Digital Investigation (where he is also an Editorial Board Member), Network Security, the Cato Institute,
Cryptologia, and the Telecommunications Reports. He is a Fellow of the Institute of IT Professionals New Zealand. He was on the Board of Directors of the International Association of Cryptologic Research finishing
up in January 2003.
Over the years he has provided advice on security matters to major government bodies within New Zealand as well as government organizations in Australia, Panama, Singapore and the U.S.; and additionally
to New Zealand businesses and the major New Zealand Internet Service Providers. He has advised the New Zealand Law Commission in preparation for their publication of the Computer Misuse Report – Report No. 54,
Electronic Commerce Part Two – Report No. 58, and Electronic Commerce Part Three – Report No. 68. He has been commissioned to provide training in electronic forensics for law enforcement organizations (New Zealand,
Australia, Singapore, etc.). Since 1988 he has supervised and conducted more than one hundred and seventy-five (175) computer security audits of New Zealand businesses and government bodies in and around Dunedin.
His opinions are regularly sought by the various media organizations (newspaper, radio and television).
Dr. Wolfe is a regular invited and keynote speaker at international conferences having spoken at over 60 conferences, in more than 20 countries, during the past 30 years. He addresses security and
privacy issues – both technical and policy. He recently addressed all of New Zealand’s High, Appeal and Supreme Courts Justices and also separately addressed 80 Justices from the Australian Federal and Supreme
Courts. During this time Dr. Wolfe has also spoken nearly 60 times at non-conference venues. The most recent being the University of the Third Age, for a third time, and previously, for example, at the US Military
Academy at West Point amongst many others.
His primary research interest is centered around the discipline of mobile phone security, electronic forensics, surveillance, and private communications techniques. These all involve the implementation
of various cryptographic algorithms and other techniques that are currently available, and the associated hardware and software necessary to implement such systems. He has a long history and association with
both the cryptographic and the technical surveillance counter-measures communities.
Prof. Paul S. Pang
Professor – High Tech Transdisciplinary Research Network and Department of Computer Science,Unitec Institute of Technology, New Zealand.
“UniteCloud: A Resilient Private Cloud Platform for Education and Research Service”
UniteCloud is a cloud-computing platform developed in Unitec Institute of Technology to provide a solution to resilient infrastructure and data services. UniteCloud has been constructed using OpenStack with its peak computational capability up to 500 virtual machines and maximum storage allocation 64 tera-bytes per virtual machine. The resiliency of UniteCloud is achieved by three novel components. CloudViz-3D is a top-level interactive cloud monitoring system that monitors the running status of cloud and notifies users before any disaster occurs. rRVM is a low latency and high consistency high availability system that generates real time backup and disaster recovery. CRaaSH is an offline disaster recovery system that provides decentralized service checkpoint/restart over commodity networks. In addition, the platform supports group collaborative working, editing, big data processing and machine learning algorithmic experiments with its open source implementation of Gitlab, ShareLatex, HadoopDataCenter and TensorFlow. With all its resilient service features, UniteCloud is specializing in supplying eLearning and eResearch services for New Zealand tertiary students and staffs.
Dr Paul Pang is a Professor of Data Analytics with Unitec Institute of Technology, the Deputy Director of High Tech Transdisciplinary Research Network and the Director of Center for Computational Intelligence for Cybersecurity. Professor Pang is the Science Leader of the Unitec team for an ongoing Ministry of Business, Innovation and Employment (MBIE) funded Security Technologies Returning Accountability, Trust and User-Centric Services in the Cloud (STRATUS) project. Also, He is the Event Editor of Neural Networks journal Elsevier, Senior Member of IEEE. He has served Chair, Co-chair and Committee Member/Track Chair of numerous international conferences, including recently as a program member of the 2017 Thirty-First AAAI Conference on Artificial Intelligence (AAAI2017).
Dr. Ian Welch
Associate Professor – Network Engineering, School of Engineering and Computer Science,Victoria University of Wellington, New Zealand
“Software defined networking as a security enabler for enterprises”
Industry commentators have raised concerns about software-defined networking (SDN) as looking "like a nice squishy target to spies and crooks" and a "nightmare" from a risk assessment point-of-view. Security concerns include worries that it will be impossible to secure the perimeter because the network architecture is no longer fixed, the controller managing the control plane is centralised, and a single point of failure and the software-centric approach is highly vulnerable to exploitation as opposed to current hardware-based approaches.
We argue that some of these concerns are not new and software defined network provides an approach to implementing secure enterprise networks that can lead to better enforcement and greater assurance. This talk will address concerns and explain how we are working with other academics and commercial partners on the development of a software defined security platform that leverages these advantages over traditional approaches.
Associate Professor Ian Welch leads the security group at Victoria University of Wellington, New Zealand. The security group at Victoria has been established since 2006 and has focused on the delivery of malware via the web. More recently the focus has been on software defined networking and security.
Since 2015, he and Dr Bryan Ng have led a Google-supported software defined network research centre at Victoria University. Members work on software defined networking security, performance measurement, inter domain routing and are contributors the the Faucet open source software defined controller.
Previously he was leader of the New Zealand honeynet project chapter, co-investigator on an Australian govt ARC-funded grant ($AU 186,000), was principal investigator on a NZ govt DIA-funded grant ($156,000) working with the Porirua Pacific Islands Forum and a lead researcher on workpackage of a three year multi-institutional EU-funded grant investigating intrusion-tolerant middleware.
Dr. Dongxi Liu
Senior Research Scientist,Data61 CSIRO, Australia.
“Compact-LWE for Lightweight Public Key Encryption and Leveled IoT Authentication”
Leveled authentication allows resource-constrained IoT devices to be authenticated at different strength levels according to the particular types of communication. To achieve efficient leveled authentication, a lightweight public key encryption scheme is introduced in this talk, which can produce very short ciphertexts without sacrificing its security.
The semantic security of this scheme is based on the Learning With Secretly Scaled Errors in Dense Lattice (referred to as Compact-LWE) problem designed in CSIRO. This problem is a variant of the Learning With Errors (LWE) problem, but with two improvements (i.e., secretly scaled errors, which can be very big, and dense lattice, which has small fundamental parallelepiped) that make Compact-LWE resistant against well-known lattice-based attacks to LWE. In addition to the security proof, we verify, with a public attack tool, that the lattice-based attacks, which are successful on LWE, cannot succeed on Compact-LWE even for a small dimension parameter (e.g., a lattice of dimension 13).
The evaluation of our scheme and a leveled Needham-Schroeder-Lowe public key authentication protocol on the Contiki operating system and Sky motes will also be introduced.
Dongxi Liu is a Senior Research Scientist in CSIRO since 2008. Before joining CSIRO, he was a researcher in University of Tokyo. His research interests include light weight encryption, IoT device authentication, encrypted data processing, and system security. He got his PhD in computer engineering from Shanghai Jiao Tong University in 2003, and his Master and Bachelor degrees from Taiyuan University of Technology in 1999 and 1996, respectively.
Dr. Dong Seong (Dan) Kim
Senior Lecturer – Computer Science and Software Engineering,University of Canterbury, New Zealand.
“Graphical Security Models”
Graphical security models can be used to assess the network security. Purely graph based (e.g., Attack Graphs) security models have a state-space explosion problem. Tree-based models (e.g., Attack Trees) cannot capture the attack paths information explicitly. In this talk, we briefly introduce a scalable security model named hierarchical attack representation models (HARM) to deal with the above mentioned issues. First, I present how the HARM with other methods to evaluate the effectiveness of Moving Target Defenses. Second, I present how the HARM can be used to evaluate the security of Internet of Things. Finally, research revenues in the graphical security modeling and assessment will be discussed in brief.
Dr. Dong-Seong "Dan" Kim is the Director of Cyber Security Lab at the University of Canterbury (UC), Christchurch, New Zealand. He is a Senior Lecturer in Cyber Security in the Department of Computer Science and Software Engineering at UC. He was a visiting scholar at the University of Maryland, College Park, Maryland in the US in 2007. From June 2008 to July 2011, he was a postdoc at Duke University, Durham, North Carolina in the US.
His research interests are in cyber security and dependability for various systems and networks; in particular, Intrusion Detection using Machine/Deep Learning Techniques, Security and Survivability for Wireless Ad Hoc and Sensor Networks and Internet of Things, Security and Performability modeling and analysis of Cloud computing, and Reliability and Resilience modeling and analysis of Smart (Power) Grid, and Blockchain technologies.
Dr. Surya Nepal
Principal Research Scientist,Data61 CSIRO, Australia.
“Orchestration and Automation of Cybersecurity: Issues and Challenges”
Almost all present cybersecurity expenditure and activities (85%) focuses on designing solutions to prevent known cybersecurity threats. No matter how much efforts are put in preparation and prevention, these solutions are not working and cyberattacks and data breaches are inevitable. Current compromise-to-discovery time can be 30 to 60 days. One the one hand, the number of incidents of cyberattacks and data breaches are increasing every year; the increase in time required to detect cyberattacks and data breaches is causing higher reputational, operational and economic loss due to the impact on the continuity of the business. On the other hand, we have a limited pool of security experts who can focus on human-intensive tasks such as analysing programs/protocols, designing patches, understanding a compromise and responding/recovering from a compromise. Current approaches are mostly manual, signature base, reactive and not robust and resilient. Furthermore, the increasing complexity of the cyberspace and its dynamic nature makes it impossible for humans to effectively secure and protect the cyber system. These space requires a paradigm shift towards more orchestrated and automated cybersecurity solutions so security experts could be more efficiently utilised and small-to-medium businesses can have access to more advanced cybersecurity capabilities through software-as-a-service.
A number of organisations have already started taking some actions to automate and orchestrate incident response processes, while researchers have started to explore the coordinated response of the human bodys immune system towards building autonomic, resilient cyber systems. This talk explores the potential opportunities and issues to automate and orchestrate cybersecurity solutions.
Dr Surya Nepal is a Principal Research Scientist at CSIRO Data61 and leads a distributed systems security research group with 10 staff and over 30 PhD students. His main research interest is in the development and implementation of technologies in the area of distributed systems and social networks, with a specific focus on security, privacy and trust. He obtained his BE from National Institute of Technology (NIT) Surat, India; ME from Asian Institute of Technology (AIT), Thailand; and PhD from RMIT University, Australia. He has more than 170 peer-reviewed publications to his credit; his papers are published in international journals such as IEEE Trans. Parallel and Distributed Systems, IEEE Trans. on Service Computing, ACM Trans. on Internet Technologies, and IEEE Trans. on Computers. He has co-edited three books including security, privacy and trust in cloud systems by Springer. He currently serves as an associate editor in an editorial board of IEEE Transactions on Service Computing.