סמינר מחלקתי

Electrical Engineering-Systems Department

סמינר מחלקתי

You are invited to attend a lecture by

Dr. Yossef Oren

(Columbia University, Department of Computer Science)

on the subject:

A Cyber-Physical Security Salami Sandwich

Cyber-physical systems are computing devices which interact with the physical world. Examples of such devices include wireless sensor networks, augmented reality glasses, mobile phones and even nuclear power plants. The differing security assumptions and expectations between the physical and the logical domains make securing these systems a unique and interesting challenge.

The bottom slice of the talk will discuss our experience in securing radio-frequency identification (RFID) tags. These tags are minuscule transponders which are produced by the billions and attached to physical items, forming the backbone of the “Internet of Things”. Despite the incredibly constrained power, area and price budgets of these tags, we have shown that public-key cryptography makes it is possible to make the RFID ecosystem both secure and respectful of its users’ privacy.

The “meat” of the talk will discuss security issues related to one of world’s most common cyber-physical systems: the television. A new specification was recently introduced to allow broadcast television channels to include embedded HTML content. We show that the broadband and broadcast domains are combined insecurely, enabling a large-scale exploitation technique which requires a minimal budget and infrastructure and is remarkably difficult to detect. A unique aspect of this attack is that, in contrast to most cyber-physical threat scenarios, our attack uses the physical broadcast network to attack the data network and not vice-versa.

The top slice of the talk, as time allows, I will describe a surprisingly effective side-channel which exists in modern Javascript implementations, and discuss its potential offensive and defensive applications.

Bio: Yossef Oren ( http://iss.oy.ne.ro/#TAU-EE ) is a postdoc at Columbia University’s Department of Computer Science and a member of the Columbia University Network Security Lab , working with Angelos D. Keromytis. He holds a Ph.D. in Electrical Engineering from Tel-Aviv University and an M.Sc. in Computer Science from the Weizmann Institute of Science. His main research interests are hardware and architectural security (low-resource cryptographic constructions, power analysis and other hardware attacks and countermeasures) and Network Security (cyber-physical system security, consumer and voter privacy, web application security).