- This event has passed.
“Security by Design for Complex Networks and Cyber-Physical Systems” – Syed R. Hussain
February 10 @ 10:00 am - 11:00 am
Title: Security by Design for Complex Networks and Cyber-Physical Systems
If you would like to attend in person or via Zoom, please register using this link so that we can ensure appropriate facilities.
Zoom Link: unc.zoom.us/j/93948285310
Abstract: Security and user privacy for cellular networks are often considered afterthoughts due to their complex functionalities and high-performance requirements. This leads to inadequate security evaluation early on in the development cycle that fails to identify missing security and privacy guarantees in protocol designs. To make matters worse, unsafe practices and operational oversights stemming from unvetted simplifications of complex protocol interactions and third-party vendors further contribute to the deviation of deployments from designs. In this talk, I will highlight how my research addresses these problems by developing principled techniques for analyzing design specifications and deployments of complex networks and cyber-physical systems.
I will first present a new adversarial reasoning technique combining the capabilities of a symbolic model checker and a cryptographic protocol verifier that enabled us to identify 20+ new vulnerabilities in 4G and 5G cellular network design specifications. I will then present a novel cellular protocol non-conformance analysis framework based on automata learning theories and differential testing that uncovered 11 new exploitable non-compliant behavior in a diverse set of 4G LTE cellular basebands. Finally, I will conclude with a discussion on challenges in adapting and scaling our current approaches for a holistic analysis of next-generation cellular networks, IoT, and cyber-physical systems.
Bio: Syed Rafiul Hussain is an Assistant Professor in the Department of Computer Science and Engineering at Pennsylvania State University. Before joining Penn State, he worked as a postdoctoral researcher at Purdue University from where he also received his Ph.D. in December 2018. His research interests broadly lie in network and systems security. He received the NSF CAREER award and the DARPA Young Faculty Award in 2022 for his research on securing next-generation cellular networks. He has been inducted into the Hall of Fame Mobile Security Research by the GSMA for his contribution to uncovering new protocol flaws in 4G and 5G cellular networks that led to several changes in the standards. More details about him and his research group are available at https://syed-rafiul-hussain.github.io/ and https://synsec-den.github.io/.