Ruhr-Uni-Bochum
Cyber Security in the Age of Large-Scale Adversaries

Copyright: CASA

Women in Security and Cryptography Workshop (WISC)

The workshop is aimed at female PhD students and outstanding female students in the field of IT security and offers expert presentations and exchanges of senior and junior female researchers in this field. The long-term goal of WISC is to build a strong international network of junior women researchers and create a valuable academic program. WISC is a sister event to the prestigious Women in Theory (WIT) computer security conference and is held on a biennial basis.

WISC 2023

From June 27 to 29, 2023, the Cluster of Excellence CASA hosted the WISC workshop for the second time, this time in presence. Female graduates and outstanding students from the field of IT security and related areas spent three exciting days in Bochum to learn and network together.

Speakers:

Plus: panel discussions, poster presentations, networking activities and much more!

To the detailed review of WISC 2023

Cyber Security in the Age of Large-Scale Adversaries

Copyright: CASA, Mareen Meyer

Our flyer about WISC 2023 provides further insights into the three exciting workshop days!

Impressions of the WISC 2023

Cyber Security in the Age of Large-Scale Adversaries

Copyright: CASA, Mareen Meyer

Cyber Security in the Age of Large-Scale Adversaries

Copyright: CASA, Mareen Meyer

Cyber Security in the Age of Large-Scale Adversaries

Copyright: CASA, Mareen Meyer

Talks of WISC 2023

Cynthia Sturton

Bringing Symbolic Execution to the Security Verification of Hardware Designs

The verification of hardware designs is a key activity for ensuring the correctness and security of a design early in the hardware lifecycle. In this talk I will discuss our work developing a new point in the hardware verification space: software-style symbolic execution. Symbolic execution generalizes testing by replacing concrete values with symbols, with each symbol representing the set of possible values of the variable. This path-based symbolic analysis allows for deep and precise exploration of the design’s state space. However, symbolic execution infamously suffers from the path explosion problem. In this talk I will first present two strategies we developed to leverage the modular and cyclical nature of hardware designs to manage the path explosion problem: hardware-oriented backward search and piecewise composition. I will then present our results using symbolic execution for the security verification of hardware designs, first for assertion-based verification, in which we find bugs that current state-of-the-art model checking does not, and second for information-flow analysis in which we eliminate many of the false-positive flows that static analysis or taint tracking can produce.

Yixin Zou

Learning from the People: A Human-Centered Approach in Security and Privacy Research

There is an increasing appreciation for human factors in security and privacy research. The knowledge of people’s concerns, needs, and expectations provide valuable insights for improving security and privacy systems. Meanwhile, people often do not use existing tools and strategies to the full extent – and it is not their fault. In this talk, I will draw from my research to demonstrate the value of incorporating human factors in designing security and privacy mechanisms, and the need of considering digital equity in people’s ability to protect themselves. In the first part, I will feature my line of work on data breaches as a case study, showing how examining consumer reactions could inform the design of more effective breach notifications. In the second part, I will feature my work with various marginalized populations–such as survivors of intimate partner violence, older adults, and Muslim-American women–and trauma-informed computing as a unifying framework for creating safer technology experiences for all. Throughout the talk, I will highlight how this human-centered approach can lead to positive impacts on industry practices, public policy, and educational efforts around security and privacy.
CONTENT WARNING: some parts of the talk will include descriptions of physical/emotional violence, harassment, and trauma.

Shruti Tople

Unlocking the Vault: Analyzing Data Leakage in Language Models

Language models have brought remarkable advancements in natural language processing but concerns regarding data leakage and privacy have arisen. In this talk, we delve into analyzing data leakage in language models, unlocking the vault to understand the risks involved. The talk investigates the implementation of language models that have been fine-tuned using private data. The focus is to analyze the leakage of sentence-level information and personally identifiable tokens from these models, all within a black-box setting. Additionally, we delve into the privacy-utility effects of mitigation techniques, such as differential privacy, when applied during the training of these models.  By gaining insights into the risks and understanding the impact of privacy-preserving measures, we can work towards building more secure and privacy-aware language models that preserve user trust while driving innovation in natural language processing.

Maria Eichlseder

Ascon - The new NIST standard for lightweight cryptography

Integrating cryptographic algorithms in IoT systems and other constrained environments is often difficult due to limited resources and additional security challenges. Driven by this demand, NIST has initiated a lightweight cryptography competition between 2019 and 2023. Among 57 submissions, Ascon has been selected as the new standard for authenticated encryption and hashing. In this talk, we show how Ascon was designed to address the specific challenges in the IoT, including security, performance, and footprint. Since ciphers are not used in an ideal world, we show how Ascon also improves robustness against certain implementation attacks and mistakes. Finally, we take a look at the standardization process itself and discuss our experience with different cryptography competitions.

Jade Philipoom

The Joy of Cryptographic Implementation

This talk will focus on how implementers transform cryptographic algorithms from academic papers into production code. I'll draw on real examples from my work developing a low-level cryptographic library for the OpenTitan hardware project. In this context, it's vital to optimize for speed and space without compromising security. We'll also discuss the complexities of considering physically present attackers and interacting with hardware accelerators.

Claudia Diaz

The Nym network: Incentivized mixnets

This talk will introduce the Nym network, a recently deployed system for communication privacy that is based on an incentivized mixnet. We will first review different existing approaches to communication privacy and discuss their tradeoffs, in order to situate mixnets within the solution space. We will then present the Nym system design and its components, which include a Loopix-based mixnet for anonymously routing packets, Coconut-based credentials to enable private access, and an incentive mechanism to reward mixnet nodes for their work while supporting scalability, decentralization, reliability and cost-effectiveness.

Workshops

"Securing your success: Presentation skills for young scientists", by Sandra Schlagheck
Presenting yourself and your research convincingly is essential to your professional success. This workshop aims to encourage reflection on presentations, give tips on preparing for them, and practice using voice and body language. To this end, the workshop includes short inputs and exercises on the foundation (topic, audience, purpose), preparation (collect, structure, formulate), and practice (voice, body language, stage fright).

"Allyship and the Power of Networks", by Louisa van den Bosch and Judith Valceschini
In our workshop “Allyship and the Power of Networks” we will look at the importance of finding and creaVng networks for FLINTA* (Female, Lesbian, Intersexual, Non-Binary, Trans- and A-Gender) to support ourselves and our peers in mainly cis-male dominated spaces and industries. We are looking to empower ourselves and find our strengths in shared experiences. Further we will reflect on how we can use our own advantages and privileges to share space and power with colleagues in our own fields of work who are less privileged and more marginalized than we are ourselves.

Cyber Security in the Age of Large-Scale Adversaries

Cynthia Sturton, University of North Carolina at Chapel Hill.

Cyber Security in the Age of Large-Scale Adversaries

Yixin Zou, Max Planck Institute for Security and Privacy.

Cyber Security in the Age of Large-Scale Adversaries

Shruti Tople, Microsoft Research.

Cyber Security in the Age of Large-Scale Adversaries

Maria Eichlseder, TU Graz.

Cyber Security in the Age of Large-Scale Adversaries

Jade Philipoom, Google/Open Titan.

Cyber Security in the Age of Large-Scale Adversaries

Claudia Diaz, KU Leuven.

Cyber Security in the Age of Large-Scale Adversaries

Podiumsdiskussion der Referentinnen.

Copyright/Fotos: CASA, Mareen Meyer

Review: WISC 2021

The first Women in Security and Cryptography (WISC) workshop of the CASA cluster of excellence took place from 21-23 September 2021. International female* doctoral candidates and outstanding female* students from the field of IT security participated in the digital workshop.

Programme with selected lectures from science and industry

The conference programme focused on top-class lectures by leading female* scientists in the field of IT security. These enabled participants to gain relevant insights into the industry, to get to know role models and to establish lasting connections with important players in the scientific community.

The outstanding speakers at the WISC and their presentation topics

  •  Tal Rabin, University of Pennsylvania & Algorand Foundation, USA
     "MPC in the YOSO (You Only Speak Once) Model".
  •   Elette Boyle, FACT Research Center, IDC Herzliya, Israel 
    "Pseudorandom Correlation Generators"
  • Kenza Ait Si Abbou, Senior Manager for Robotics and Artificial Intelligence
     "Artificial intelligence needs more women!"
  • Michelle Mazurek, Institute for Advanced Computer Studies, University of Maryland, USA 
    "Investigating Secure Development In Practice: A Human-Centered Perspective"
  • Adrienne Porter Felt, Director of Engineering, Google, USA
    "An Industry Career Path, in Security and Beyond"
  • Carmela Troncoso, École polytechnique fédérale de Lausanne, Switzerland
    "Why Synthetic Data Is Not a Solution to Any Machine Learning Problem".

Exchange, training and meeting like-minded people

In addition to the exciting talks by the speakers and the diverse contributions by the participants during the lightning talks, the WISC was dedicated to scientific exchange between all attendees. The aim was not only to create an attractive continuing education programme, but also to bring together women* from the various fields of IT security research and to promote a collaborative exchange within the community. To this purpose, there were targeted opportunities for networking and conversations during social activities.

A review of the WISC in 2021 is also provided in our flyer. Learn more about the lectures, the program and the participants!

Our Graphic Recording of WISC 2021

Stay up to Date

There are a lot of exciting things happening at our Cluster of Excellence: events, lectures, workshops, job opportunities....
If you want to stay up to date, please sign up for our email list. Then you will never miss an update!

E-Mail-List
By submitting this form, you give CASA permission to process your data (name, email address) for the purpose of informing you about events, jobs and other news of the cluster. This consent is voluntary and can be revoked at any time.

Contact

Kirsten

Kirsten Jäger
Equal Opportunities & Diversity,
Quality & Event Management