GOTO Aarhus 2023

Wednesday May 24
10:50 –
Store Sal

Competence Development Through Capture the Flag and Virtual Hacker Labs

Jens Myrup: Competence Development through Capture The Flag and Virtual Hacker Labs

Capture The Flag is a well known concept in the cyber security community, which is fun and motivating due to the high degree of gamification. On the other hand, the first steps into the CTF world can appear steep. In this talk, Jens Myrup Pedersen will share his experiences in using CTF for education, where he has good experiences from both ordinary education, part-time/continuing education, and company specific trainings - for example by combining mini-lectures with hands-on challenges, and by carefully selecting challenges to support learning objectives. The aim of the talk is to inspire you to improve competence development in your organizations using CTF as motivating and inspiring tool.

Edlira Dushku: Has my IoT device been hacked? Establishing trust with Remote Attestation

IoT devices are becoming more prevalent in our daily lives, with applications ranging from smart homes to industrial automation systems. These devices are often connected to sensitive information and resources and are vulnerable to a wide range of security threats. For example, an adversary can use IoT devices to disrupt their operation, steal sensitive information, or gain unauthorized access to resources, and the consequence could be fatal.

Aimed at providing integrity guarantees, Remote Attestation (RA) has been proposed as a security technique that allows a remote entity to verify the trustworthiness of a potentially compromised device. RA checks the software integrity and detects unexpected modifications in device configuration. In particular, RA allows an untrusted device to generate reliable evidence about the current state and convince a remote Verifier that the device is running legitimate software. RA can be used to respond to security threats to minimize the impact of security breaches and ensure that devices are operating securely.

The RA protocols proposed in the literature make different assumptions regarding device architectures, attack scenarios, and security requirements. This talk first gives a brief introduction to IoT security and Remote Attestation. Then, it presents the most significant RA schemes in the IoT domain, including a three-fold discussion, (1) reviewing the working mechanisms of the state-of-the-art RA techniques in the IoT domain, (2) discussing the attestation mechanisms for IoT swarms, (3) presenting future challenges and promising research directions.