IMSc Conference on IT Security

We organize a conference for collecting IMSc points in the context of the IT Security BSc course in the spring semester of the 2023/24 academic year at BME. Beyond IMSc point collection, the goal of the conference is to encourage students to deep-dive into some hot topics of IT security, to get familiar with the challenges and recent research results, and to share knowledge with other students in the form of short presentations. We do hope that the conference will shed light on the beauty of the field of IT security and some of its exciting research areas, and it will stimulate both the active participants of the conference and all other students enrolled in the IT security course to engage in further studies in the domain of IT security.

The Call for Papers (CfP) for the conference is available here.

Conference topics

all, uav, cyber-physical-system, vehicle, network-security, power grid, machine-learning, data-evaluation, privacy, economics, malware, binary-similarity, cryptography, machine-learning-security, LLM-security, LLM, copilot, federated-learning, poisoning, password-manager, AAA, OAuth, web-security, Kerberos

UAV security challenges

Unmanned aerial vehicles (UAVs) are unmanned aircrafts operated by radio remote control and programmed control equipment. Due to their small size, low cost, and high flexibility, UAVs are widely used in military and civilian fields, such as geological detection, film shooting, traffic control, homeland security, and reconnaissance in battlefield. With the rapid increase of UAVs and the success of their related technologies, they also face many security problems, such as jamming, man-in-the-middle, and false message injection attacks. The security of UAVs has become a hot research topic. However, most UAV-related surveys are analyzed and summarized from a single perspective, there are few surveys about UAV cybersecurity.

Tags: uav, cyber-physical-system


Vehicle security challenges

The last decades of the automotive industry have seen a significant change with the adoption of embedded controllers. Digital circuits and software components have taken control of processes previously controlled by analog methods. In addition to supporting more integrated functions and services, the primary motivation for this change was to reduce manufacturing costs. While delivering the expected results, this shift also created an undesirable problem: vehicles inherited the cybersecurity weaknesses of computers. If an attacker can take control of a computer-controlled physical process in an attack, it can cause physical damage by logical means. In the transportation industry, such an attack could endanger human lives or cause significant financial loss.

Tags: vehicle, cyber-physical-system, network-security


Cybersecurity of electrical substations

Substations are responsible for distributing and transmitting electrical energy between power stations and consumers. The instrumentation and control of each substation is done by a digital system consisting of everyday (like PCs and switches) and special devices like feeder protection and control devices. The topic covers the introduction of special devices and protocols with their special vulnerabilities and countermeasures.

Tags: power grid, cyber-physical-system, network-security


Cybersecurity of SCADA networks

SCADA networks are controlling the electrical systems of all countries. A cyber attack on a SCADA system may create a blackout for wide regions and millions of people. Many attack vectors and vulnerabilites are present in these networks with different risk. The topic covers the general problem of cyber security of SCADA systems with a special attention on the security of a widely used protocol, the IEC 60870-5-104.

Tags: power grid, cyber-physical-system, network-security


Data Quality Evaluation

How to determine which features are the most important? How to measure which data samples are the highest quality? How to identify which datasets (aka participants) in a collaboraton are the most crutial? Contributions Score Computation schemes aim to answer these questions. Without such techniques to allocate the rewards amongst participants, the collaboration could even collapse. Without such mechanisms to find bad-quality data points, the final model could have inferior performance. Without such methods, the best features could remain hidden.

Tags: machine-learning, data-evaluation


Membership Inference Attack

Membership inference attacks aim to determine if a specific data point was part of a machine learning model's training set, which could pose privacy risks in sensitive domains like healthcare. It is the de-facto attack to asses the privacy leakage, so it is regularly used to audit machine learning models. However, its narrow scope and reliance on numerous assumptions raise questions about its ability to provide a comprehensive view, so its results may be misleading by creating a false sense of privacy protection.

Tags: machine-learning, privacy


The State of Cyber-Insurance

Cyber-insurance has been hailed as the ultimate tool for both i) efficient risk transfer in cyber environments and b) providing strong incentives for enhanced security levels. Part of this promise has been fulfilled, but there exist signifcant challenges standing in the way of total success. These include (but are not limited to): the lack of historical data, interdependent security, correlated risk, and information asymmetries. However, there is light at the end of the tunnel...

Tags: economics


IoT Security Economics

The Internet of Things is both a successful technological trend and a cybersecurity nightmare. The huge market for cheap IoT gadgets make manufacturers forget about (even basic, no-brainer) security measures. With historical evidence (e.g., the Mirai botnet) and current and predicted proliferation of IoT, this has to change. Current regulatory and standardization efforts propose several mechanisms to improve the state of affairs including security labels (a la energy labels) and the Software Bill of Materials (SBOM). Will they be successful?

Tags: economics, cyber-physical-system


Malware for embedded devices

Embedded computers (e.g., IoT devices, controllers in vehicles and in industrial facilities) can also be infected by malware, just like other computers. The landscape of malware for such embedded devices is already rich, including infamous families like Mirai, and many others...

Tags: malware, cyber-physical-system


Malware detection on resource constrained embedded devices

Embedded computers (e.g., IoT devices, controllers in vehicles and in industrial facilities) can also be infected by malware, just like other computers. However, these devices are typically resource constrained and cannot run anti-virus solutions developed for desktop PCs. So researchers started to design new malware detection mechanisms tailored for them.

Tags: malware, cyber-physical-system


Binary code similarity

Binary code similarity approaches compare two or more pieces of binary code to identify their similarities and differences. This is useful in many applications, including malware detection and analysis. There are many binary code similarity approaches with varying properties, notably with different levels of robustness against attacks. TLSH is a popular hash function that is designed for quantifying binary similarity, but its robustness has been recently challenged.

Tags: binary-similarity


Post-quantum cryptography and transition to it

Cryptography is essential for solving many information security problems. However, many commonly used cryptosystems will be completely broken once large quantum computers are built. Post-quantum cryptography is cryptography that resists quantum attackers, while still running on traditional computers. Although quantum computers may look like a future risk, they are not due to "harvest now and decrypt later" attacks. So cryptographers have started to design new quantum safe algorithms and practitionaiers are about to integrate them into systems that we use in practice.

Tags: cryptography


Trusted Execution Environments

A Trusted Execution Environment is an environment, where code can have a higher level of trust in the surronding environment. For example, its integrity is verified before it gets executed, it can store data in a confidential and integrity protected way, and it even has access to hardware components, that are off limits for ordinary software, even the operating system kernel. TEEs are ideal for implementing security critical solutions, even if we assume that an attacker has physical access to a system, or if not even the operating system kernel is to be trusted. Applications using TEEs can include mobile payment solutions, digital rights management-related software, cryptographic primitives or antivirus products.

Tags: cyber-physical-system


Prompt Injection in LLM

Large Language Models (LLMs) are a new class of machine learning models that are trained on large text corpora. They are capable of generating text that is indistinguishable from human-written text. The increasing reliance on Large Language Models (LLMs) across academia and industry necessitates a comprehensive understanding of their robustness to prompts. There exist several attacks that create adversarial prompts against LLMs.

Tags: machine-learning, machine-learning-security, LLM-security, LLM


Poisoning Code Completion Models (CoPilot)

Large Language Models (LLMs) are a new class of machine learning models that are trained on large text corpora. They are capable of generating text that is indistinguishable from human-written text. One of their most popular application is code completion, where the model completes the source code written by a developer. Developers are found to code up to 55% faster while using such tools. Among these tools, GitHub Copilot is by far the most popular. GitHub Copilot leverages context from the code and comments you write to suggest code instantly. With GitHub Copilot, you can convert comments to code autofill repetitive code, and show alternative suggestions. However, GitHub Copilot is trained on public repositories, and therefore, it is vulnerable to data poisoning; a bad actor may intentionally contaminate the training dataset with malicious code that may trick the model into suggesting similar patterns in your code editor.

Tags: machine-learning, machine-learning-security, copilot, LLM-security


Misbehaving Detection in Federated Learning

Learning systems that require all the data to be fed into a learning model running on a central server pose serious privacy concerns. For example, the transmission of health data across certain organizational boundaries may violate security and privacy rules. Federated Learning (FL) was proposed by Google to mitigate this issue by enabling a group of clients (e.g, different stakeholders) to jointly learn a model while keeping their private data at their local devices. However, FL has been shown vulnerable to model and data poisoning attacks, where one or more malicious clients try to poison the global model by sending carefully crafted local model updates to the central parameter server. These attacks may cause the central model to underperform, more costly to train, or misclassify certain testing samples. There are several schemes that attempt to detect and eliminate such misbehaving clients.

Tags: machine-learning, machine-learning-security, federated-learning, poisoning


The Security of Password Managers

Passwords are still the most commonly used means of authentication. Some people use the very same password for every website, some reuse a couple different passwords, while the more paranoid use a different password for each site... stored in a text file aptly named passwords.txt. Those who follow security best practices (or at least pay attention on our lectures) know that the most secure way of generating, storing, and managing passwords is using a password manager. But are these as secure as they are claimed to be? Discover the aspects of the evaluation of the security of password managers and see for yourself!

Tags: password-manager, AAA


OAuth and (In)Security

OAuth is one of the most widely used authorization frameworks. Despite all the recommendations of not merely using it as a means of authentication, it is also commonly leveraged as such. Over the years, we have seen a multitude of security breaches related to OAuth, and while OAuth itself includes some questionable design choices (such as the now deprecated Impicit Grant flow), most security issues stem from improper use of the framework, incorrect knowledge of its workings, or simply implementation errors. Explore the history of OAuth and some of the most baffling blunders leading to hacks and breaches!

Tags: OAuth, web-security, AAA


Attacking Kerberos

Kerberos is one of the most frequently used authentication protocols in enterprise environments. Enabling single sign-on and providing mutual authentication for the communicating parties, it is a cornerstone of not only Microsoft's Active Directory, but also Linux-based Samba deployments. While the protocol itself is generally considered to be secure, implementations may be flawed or otherwise vulnerable to exploitation...

Tags: Kerberos, AAA