Resumo: Machine learning (ML) provides us with movie recommendations, self-driving cars, voice recognition and automated medical diagnostics. However, in order to benefit from such services, ML models need to be trained on users' data. Whenever such data is sensitive, one faces a dilemma data privacy or give up the convenience of ML powered services. In this talk we will survey and present recent advances in the field of privacy-preserving machine learning. We will show how advances in differential privacy, federated learning and secure multi-party computations are reconciling the benefits of ML with strong privacy guarantees.
Facebook Research (Statistics & Privacy) and University of Washington (Tacoma) - EUA
Mini Bio: Anderson C A Nascimento obtained his Ph.D. from the university of Tokyo in 2004. He is currently a senior research scientists with Facebook Research (Statistics & Privacy) and is an endowed professor with the University of Washington, Tacoma Campus. Previously, he was a professor with the Universidade de Brasilia and a researcher with the cryptography group of Nippon Telegraph and Telecom, Corp. Dr. Nascimento works in cryptography, information theory and information security. His current main area of research is in privacy enhancing techniques and their applications to machine learning.
Resumo: Advances in quantum computers threaten the security of the public key cryptography currently in use throughout the world. In response to this threat, NIST has been embarked on a project to standardize new "quantum-resistant" cryptography. I will describe our assessment of the threat, our process towards standardization of quantum-secure public-key cryptography, and the current state of affairs.
National Institute of Standards and Technology (NIST) - USA
Mini bio: René Peralta received a B.A. in Economics from Hamilton College in 1978. In 1980 he received a M.S. in Mathematics from the State University of New York at Binghamton. In 1985 he received a Ph.D. in Computer Science from the University of California at Berkeley. For the next 20 years he held various positions in academia, mostly as a professor of cryptology, algorithmics and computational number theory. In 2005 he moved to NIST. He is currently a scientist with the Computer Security Division. Among the projects he is currently involved in are The NIST Randomness Beacon, Circuit Complexity, Privacy Enhancing Cryptography, and Post-Quantum Cryptography.
Resumo: Democracy is a defining feature of civilised societies, but it is delicate and vulnerable. In recent years, we have seen the threats to democratic processes brought into sharp relief, and, arguably, we have witnessed some spectacular failures of democracy. The increasing digitisation of democracy brings with it the potential to enrich democracy but it also brings a raft of novel, highly scalable and poorly understood attack vectors. In this talk I will discuss attempts by the information security and crypto communities to address the challenge making elections secure. It is essential that an election deliver not only the correct outcome, but also sufficient evidence to demonstrate to all, especially the losers, that the announced outcome is indeed the correct. And of course, all this must be achieved without undermining ballot privacy or coercion resistance. Furthermore, it is essential that any solution be not only technically valid but also supremely usable and acceptable to all stakeholders. Most approaches to voter-verifiable elections involve the voter checking the presence of an encryption of her vote on a secure bulletin board (public ledger) in the input to the (verifiable) tabulation process. In this talk, by contrast, I will outline a new voter-verification scheme, Selene, that allows each voter to confirm that her vote is correctly counted in an intuitive, transparent fashion: by identifying the vote in plaintext in the t ally via a private, deniable tracker. In particular, I will present a recent enhancement of Selene, code-name “Hyperion”, that does away with the need for trackers and provides greater privacy and counters the coercer tracker collision threat. Our hope is that this will provide not only trustworthy systems but also ones that will inspire the trust of all stakeholders.
University of Luxembourg
Mini bio: Peter Y A Ryan is full Professor of Applied Security at the University of Luxembourg since 2009. Since joining the University of Luxembourg he has grown the APSIA (Applied Security and Information Assurance) group that is now around 20 strong. He has around 30 years of experience in cryptography, information assurance and formal verification. He pioneered the application of process calculi to modelling and analysis of secure systems, firstly the characterization of non-interference and later to the analysis of crypto protocols. He initiated and led the “Modelling and Analysis of Security Protocols” project, in collaboration with researchers in Oxford an Royal Holloway, that pioneered the application of process algebra (CSP) and model-checking tools (FDR) to the analysis of security protocols. He has published extensively on cryptography, cryptographic protocols, security policies, mathematical models of computer security and, most recently, voter-verifiable election systems. He is the (co-)creator of several innovative, verifiable voting schemes: Prêt à Voter, Pretty Good Democracy, vVote system (based on Prêt à Voter that was used successfully in Victoria State in November 2015), Caveat Coercitor, Selene, Electryo and Hyperion.
Resumo: The corona pandemic is the first major pandemic in times of big data, AI and smart devices. Some nations have deployed these technologies a large scale to support a trace/quarantine/test/isolate strategy in order to contain a pandemic. However, concerns have been raised w.r.t. some solutions that are not compatible with the privacy regimes in some jurisdictions including the European Union. Fortunately, a range of cryptographic techniques allows performing proximity and presence tracing based on data minimization. This talk will compare several protocols including the solutions developed by the DP-3T (Distributed Privacy-Preserving Proximity Tracing) consortium. Apps based on this protocol have been rolled out in more than 40 countries and states, with support of Google and Apple; in the EU, these apps have been interconnected to work as a single virtual app using the European Federated Gateway Service, which at this moment links 19 EU countries and between 50 and 100 million users. The talk will discuss the lessons learned from this large-scale deployment in which the principles of privacy-by-design and data minimization have played a central role.
ESAT/COSIC, KU Leuven and imec
Mini bio: Prof. Bart Preneel is a full professor at the KU Leuven, where he heads the COSIC research group. His main research interests are cryptography, information security and privacy. He has served as president of the IACR (International Association for Cryptologic Research) and is co-founder and chair of the Board of the information security cluster LSEC. He is a member of the Advisory group of ENISA, of the Board of the Cyber Security Coalition Belgium and of the Academia Europaea. He received the RSA Award for Excellence in the Field of Mathematics (2014), the IFIP TC11 Kristian Beckman award (2015) and the ESORICS Outstanding Research Award (2017). In 2015, he was elected as fellow of the IACR. He frequently consults for industry and government about security and privacy technologies.
Resumo: VoteXX is a breakthrough new approach that solves the often repeated security issues with remove voting, whether ballots are mailed out and votes cast online or ballots are mailed out and mailed back in, and in fully online elections as well. The 7th Estate system allows anyone with $1000 dollars worth of stamps and supplies and a mailing list to create a publicly verifiable proof of how the people on the list would vote on an issue.
Mini bio: Em breve.
Resumo: Os últimos anos viram a segurança assumir cada vez mais uma posição de protagonismo, entrando na agenda política de Defesa e Segurança Cibernética, entrando na agenda corporativa com o foco em Gestão deRiscos e Incidentes e, também, priorizada pelos cidadãos, que cada vez mais cobram medidas de Proteção de Dados. Acompanhando essa demanda a indústria de segurança teve um "boom", com a oferta de um enorme leque de produtos e serviços. Ao mesmo tempo, nesse mesmo período, os ataques estão cada vez mais prevalentes, paralisando serviços e expondo dados dos cidadãos, utilizando técnicas nada sofisticadas para obter sucesso. Nessa palestra será feita uma reflexão sobre diversas perguntas em aberto: Por que estamos nessa situação? Por que os investimentos não parecem estar dando frutos? Como sair desse impasse? Quais espaços a Comunidade Acadêmica poderia preencher? Quais áreas de pesquisa poderiam propor soluções que ataquem a causa raiz e não os sintomas dos problemas de segurança?
Mini bio: Cristine Hoepers é Gerente Geral do CERT.br/NIC.br, onde trabalha com Gestão de Incidentes de Segurança desde 1999. É também instrutora dos cursos de Tratamento de Incidentes do CERT Division, da Universidade Carnegie Mellon, e instrutora da Escola de Governança da Internet no Brasil, do CGI.br. Participou do Conselho Diretor do FIRST e da Coordenação dos Fóruns de Boas Práticas sobre Spam e CSIRTs do Internet Governance Forum (IGF), das Nações Unidas. Em 2020 recebeu do M3AAWG, maior organização mundial de combate a abusos online, o prêmio Mary Litynski, por seu trabalho para aumentar a resiliência da Internet. Foi moderadora e palestrante em eventos nacionais e internacionais, incluindo fóruns da OEA, ONU, ITU, LACNIC, FIRST, APWG e M3AAWG, abordando os temas de Gestão de Incidentes, Privacidade, Implantação de CSIRTs, Fraudes na Internet, Spam e Honeypots. É formada em Ciências da Computação pela UFSC e Doutora em Computação Aplicada pelo INPE.
Coordenação das Palestras e Tutoriais
Daniel Macedo (USP)
Ricardo Dahab (Unicamp)
Coordenação Geral do SBSeg 2021
Roberto Samarone Araujo (UFPA)
Antônio Abelém (UFPA)
O SBSeg 2021 é uma iniciativa da Sociedade Brasileira de Computação (SBC).