511 episodes

The weekly CERIAS security seminar has been held every semester since spring of 1992. We invite personnel at Purdue and visitors from outside to present on topics of particular interest to them in the areas of computer and network security, computer crime investigation, information warfare, information ethics, public policy for computing and security, the computing "underground," and other related topics.

CERIAS Security Seminar Podcast CERIAS

    • Technology
    • 4.0 • 6 Ratings

The weekly CERIAS security seminar has been held every semester since spring of 1992. We invite personnel at Purdue and visitors from outside to present on topics of particular interest to them in the areas of computer and network security, computer crime investigation, information warfare, information ethics, public policy for computing and security, the computing "underground," and other related topics.

    • video
    Kacper Gradon, "Future Trends in Cyber Crime and Hybrid Warfare"

    Kacper Gradon, "Future Trends in Cyber Crime and Hybrid Warfare"

      “Do Criminals Dream of Electric Sheep?” Such issue is no longer a domain of futurologists and science-fiction writers, but a serious question asked by the EUROPOL alarmed by how emerging Information Technologies shape the future of crime and law-enforcement. Apart from its obviously positive effects, the technology also impacts and affects the way criminal offenders, terrorists and rogue governments operate at the stages of know-how gathering, planning, preparation and execution of their attacks. The progress in the development of IT and its accessibility is so unprecedentedly high, that– in order not to lag behind – the law-enforcement and intelligence communities need to research and analyze the further and potential advances (and design the potential preventive measures) promptly. The presentation addresses the problem of a lack of forecasting/analytical approach to the study of an impact of emerging and disruptive technologies on the criminal, terrorist and information warfare landscape. The author aims to deliver the most up-to-date analysis of the threats to come, together with a set of plausible solutions on how to deter and mitigate the risk. The presentation will characterize the dangers posed by the potential abuse of Information Technologies by the criminal/terrorist/state actors. The author will deliver an analysis articulating the key factors implicated in events related to the technology abuse, across all stages of the event. The presentation will cover such areas as e.g.: 1) abuse of the open source information for planning, preparation & execution of the attack; 2) hazards associated with the abuse of wearable devices; 3) use of mobile technologies to profile, select and groom potential activists or extremists or to enable human trafficking and sexual exploitation of children; 4) attacks on Internet of Things networks for targeting specific individual/entity or to create mass-level disruption incl. attacks on critical national infrastructure; 5)hijacking of autonomous vehicles; 6) use of drones (aerial, ground operating, hydroid) for surveillance, as weapons, for drugs delivery, as burglary bots, as tools to disrupt civil aviation or military systems; 7) attacks on IP-enabled medical devices; 8) the use of (semi)autonomous robots; 9) the use of the Artificial Intelligence, machine-learning, deep-learning and reinforcement learning techniques for various criminal/terrorist objectives; 10) abuse of blockchain technologies and crypto-currencies (financing of terrorism, money laundering, bribery, financing of illegal activities, extortion/ransomware); 11)abuse of 3D printing technologies; 12) risk associated with Quantum Computing and 5G telecom networks (increased capabilities of criminal/terrorist/cyber-warfare operations).  A special focus will be put on Information Warfare (hybrid and asymmetric threats), where disinformation, misinformation and propaganda are used by nation states in a general scheme of malign foreign influence to disrupt the situation abroad.

    • video
    Lesley Carhart, "You Are The Future of Industrial Cybersecurity"

    Lesley Carhart, "You Are The Future of Industrial Cybersecurity"

    Securing industrial networks has never been more crucial, but it's not as simple as just patching legacy computers or installing commercial tools. Responding to cybersecurity incidents in critical infrastructure environments poses unique challenges and requires a very unusual set of skills. This lecture will cover key terminology, operational differences, and technology differences between industrial and enterprise environments. Attendees will leave with an essential understanding of the challenges in the space and the skills they will need to develop to make a difference.

    • video
    Helen Patton, "Navigating the Cybersecurity Profession: Essential Elements for a Satisfying Career"

    Helen Patton, "Navigating the Cybersecurity Profession: Essential Elements for a Satisfying Career"

     Having a satisfying cybersecurity career can feel elusive, even for a seasoned cybersecurity professional.  In this session, we’ll talk about things that all security professionals, of all levels and backgrounds, need to know and do, in order to achieve professional success.  We will cover: The importance of networking, and how to leverage them to achieve your career goals Continuous learning - when, how, and when is it too much? Self-awareness, and why this is the basis for everything you do Managing yourself vs. managing others - when to be a single contributor and when to run a team Handling Security Stress - why does it happen, and what can be done about it Leaving a legacy, what to do if you want to be remembered for more than the immediate job  

    • video
    Jeremiah Blocki, "Password Strength Signaling: A Counter-Intuitive Defense Against Password Cracking"

    Jeremiah Blocki, "Password Strength Signaling: A Counter-Intuitive Defense Against Password Cracking"

    We introduce password strength information signaling as a novel, yet counter-intuitive, defense mechanism against password cracking attacks. Recent breaches have exposed billions of user passwords to the dangerous threat of offline password cracking attacks. An offline attacker can quickly check millions (or sometimes billions/trillions) of password guesses by comparing their hash value with the stolen hash from a breached authentication server. The attacker is limited only by the resources he is willing to invest. Our key idea is to have the authentication server store a (noisy) signal about the strength of each user password for an offline attacker to find. Surprisingly, we show that the noise distribution for the signal can often be tuned so that a rational (profit-maximizing) attacker will crack fewer passwords. The signaling scheme exploits the fact that password cracking is not a zero-sum game i.e., the attacker's profit is given by the value of the cracked passwords minus the total guessing cost. Thus, a well-defined signaling strategy will encourage the attacker to reduce his guessing costs by cracking fewer passwords. We use an evolutionary algorithm to compute the optimal signaling scheme for the defender. As a proof-of-concept, we evaluate our mechanism on several password datasets and show that it can reduce the total number of cracked passwords by up to 12% (resp. 5%) of all users in defending against offline (resp. online) attacks. Joint work with Wenjie Bai and Ben Harsha

    • video
    Amit Yoran, "Symposium Closing Keynote"

    Amit Yoran, "Symposium Closing Keynote"

    • video
    Jordan Mauriello, "Understanding Attackers and Motivations"

    Jordan Mauriello, "Understanding Attackers and Motivations"

    Understanding the evolution of attacker motivations, and the impact to managing risk in enterprise environments is a key to successfully building cyber security programs in today’s IT enterprise. Over the last decade both attacks, and attacker motivations have evolved dramatically. From Hacktivism to Nation State Actors, from Identity Theft Rings to Ransomware-as-a-Service, the motivations, timing, determination, and discipline of attackers has changed dramatically. This presentation will discuss this evolution from early cyber espionage and hacktivism to evolving nation state threats and how motivations drive behavior and risk decision making in enterprise cyber security programs.

Customer Reviews

4.0 out of 5
6 Ratings

6 Ratings

Top Podcasts In Technology