|Keynote 1: Bhasin Shivam (Nanyang Technological University, Singapore)|
|Title: “Leaking AI: On Side-Channel Vulnerabilities (and more) on EdgeML Devices”|
|Date : August 24, 09:30|
EdgeML combines the power of machine (deep) learning and edge (IoT) devices. Owing to its capability of solving difficult problems in sensor nodes and other resource constrained devices, EdgeML has seen adoption in a variety of domains like smart manufacturing, remote monitoring, smart homes etc. However, deployment on edge devices exposes machine/deep learning algorithms to a range of new attacks, especially physical attacks. In this talk, we explore the landscape of practical physical attacks on EdgeML. First, we show how side-channel attacks can be used to reverse engineer architectures and parameters of deep learning models. These models are often proprietary with commercial value and contain information on sensitive training data. The feasibility of these attacks is shown both on standalone microcontrollers as well as commercial ML accelerators. Further, we demonstrate practical and low-cost cold boot-based model recovery attacks on Intel Neural Compute Sticks 2 (NCS2) to recover the model architecture and weights, loaded from the Raspberry Pi with high accuracy. The proposed attack remains unaffected by the model encryption features of the NCS2 framework.
Dr. Shivam Bhasin is a Principal Research Scientist and Programme Manager (Cryptographic Engineering) at Centre for Hardware Assurance, Temasek Laboratories, Nanyang Technological University Singapore. He received his PhD in Electronics & Communication from Telecom Paristech in 2011, Advanced Master in Security of Integrated Systems & Applications from Mines Saint-Etienne, France in 2008. Before NTU, Shivam held the position of Research Engineer in Institut Mines-Telecom, France. He was also a visiting researcher at UCL, Belgium (2011) and Kobe University (2013). His research interests include embedded security, trusted computing and secure designs. He has co-authored several publications at recognized journals and conferences. Some of his research now also forms a part of ISO/IEC 17825 standard.
Keynote 2: Bo-Yin Yang (Academia Sinica, Taiwan)
|Title: “Post-Quantum Cryptography: Now and Onwards”|
|Date : August 24, 13:40|
NIST has recently selected a first group of candidates for standardization in its PQC (Post-Quantum Cryptography) standardization process. However, we have not come close to achieving or even thoroughly preparing for the migration to PQC, yet. We will discuss what has transpired in PQC, what is the state-of-the-art in PQC, what topics do remain in PQC, and what needs to be done in the upcoming post-quantum migration. Finally, we will summarize what is happening around the world in regards to PQC, particularly to the ongoing standardization process(es).
Born February 14, 1969, in Princeton, New Jersey, Bo-Yin Yang graduated from National Taiwan University, Taipei, with a B.S. in Physics in 1987. In 1991, he completed his graduate studies at the Massachusetts Institute of Technology and earned a Ph.D. in Mathematics. He then returned to Taiwan and taught at Tamkang University. In 2002, he started working in cryptography, and in 2006, he moved to Academia Sinica, a leading academic institution in Taipei, Taiwan, serving as a Research Fellow (Professor).
His specialties are cryptographic implementations, algebraic cryptanalysis, and post-quantum cryptography – which will not be much affected by the existence of large-scale quantum computers – especially multivariate public-key cryptography.
Bo-Yin Yang has received numerous honors and awards, authored and co-authored multiple highly influential papers on cryptography, and has been invited as a speaker in various cryptographic-related seminars and events. Moreover, he has also been actively involved in the cryptographic standardization and community by submitting two candidates to the NIST post-quantum algorithms competition, contributing to the third round alternate candidate of NTRU Prime, and is a co-inventor of the Ed25519 digital signature scheme.