Events & News

ZISC organizes a number events. The annual ZISC Workshop brings together leading experts to present and discuss their latest research results on a chosen information security and privacy topics. The weekly ZISC Lunch Seminar presentations illustrate the research done at the affiliated research groups and invite exciting speakers from other research institutes and companies.

Latest News

Sustainable Internet Routing with SCION

With today’s widespread Internet usage, the total electricity consumption of its infrastructure (networks and data centres, but not consumer devices) is significant, namely around 500 TWh per year or 2.5% of worldwide electricity consumption. Moreover, as Internet traffic volume is steadily growing, this energy consumption could experience an eight-fold increase by 2030. Since electricity production still emits considerable amounts of greenhouse gases (475g CO2 equivalents per kWh on a global average), the growth of Internet traffic presents a serious concern regarding climate change: If the projections are true, the Internet would be responsible for an additional 1.7 billion tons of GHG emissions per year by 2030, corresponding to Russia’s 2019 CO2 emissions.



How can the ecological footprint of the Internet be reduced?

To tackle this challenge, researchers working on the SCION Internet architecture have recently proposed “green routing” in an article for the World Economic Forum

The fundamental idea behind green routing is to exploit differences between paths regarding the carbon emissions from transmitting data traffic over these paths. On the one hand, these differences can be due to geography: The carbon intensity of electricity differs between countries depending on the used technologies in the national electricity sectors. Interestingly, these differences are not static; many countries have recently ramped up their capacity of variable renewable energy (VRE) sources such as solar and wind, resulting in a much greener electricity mix under favorable conditions for VRE. On the other hand, the carbon differences between paths can be due to active efforts undertaken by the network operators on the path, such as optimizations of equipment energy efficiency or premium purchases of green electricity. If forwarding paths can be augmented with carbon-intensity information and can be selected based on ecological considerations (as would be straightforward to implement in a SCION Internet), this huge potential for emission savings in the Internet’s core network could be unlocked.

Many exciting research questions revolve around the idea of green routing, namely:

  • How high are the expected emission savings from green routing?
  • How much more traffic would green paths attract, especially if these paths might be slower or more expensive?
  • What exactly is the most meaningful form of ecological information that should be integrated into path information?
  • How can ISPs obtain this information and how should it be verified and certified?
  • How strong is the economic incentive for path providers to become greener if a green-routing architecture is in place?

The Network Security Group is currently exploring all these research questions. Finding an answer to them will be instrumental in fulfilling the promise that carbon-oriented path selection offers.

New Network Zoning Architecture

Network zoning has long been recognized as the cornerstone of secure network operation and management, which logically partitions network and information assets into disjoint segments depending on their security requirements and policies. Today, most enterprise networks have built a multi-layered hierarchy realized with thousands of network zones to minimize the attack surface and protect assets from unauthorized access. The sophisticated zone structure and its dynamicity make network administration tedious, time-consuming, and labor-intensive. Furthermore, transferring security-sensitive data between zones in different physical locations over the public Internet remains a great challenge; security information is lost in transit, requiring additional authentication.

Simplified zone structure with a new concept, Transit Zone.

Prof. Adrian Perrig and his research group have introduced a novel network zoning architecture, Mondrian, that secures inter-zone communication while enabling scalable cryptographic-key management and flexible network zone migration. With a new concept called Inter-domain Transit Zone, a large patch panel that allows parallel connection of multiple zones, Mondrian flattens the hierarchically-complex zone structure into a simple horizontal structure, significantly improving manageability. In conjunction with SCION, Mondrian also enables cryptographically protected packet forwarding for inter-domain zone transition thanks to Internet-scale key management empowered by DRKey.

If you are interested, the full paper and the conference video are available online.

Linking Protocol and Code Verification

The formal verification of entire software systems is one of the grand challenges of computer science. Recently, researchers from Prof. David Basin’s and Prof. Peter Müller’s groups have made significant progress on this challenge.

In a paper at this year’s Object-Oriented Programming, Systems, Languages & Applications conference (OOPSLA’20), they propose a new approach, dubbed Igloo, which soundly links protocol verification with software verification. The Igloo methodology provides strong end-to-end guarantees, meaning that pro
perties proven for abstract models also hold for the implemented systems.

The leading researcher, Dr. Christoph Sprenger, says:

“The main novelty of our approach is that it establishes a sound link between protocol verification based on labeled transition systems and code verification based on separation logics. This enables the combination of state-of-the-art tools from each area: interactive theorem proving in higher-order logic for protocol verification and code verification using modern separation logics, which support advanced programming language features needed for efficient and maintainable code such as heap data structures and concurrency. So far, we support Nagini (for Python) and VeriFast (for Java), but code verifiers for other languages can be integrated with only minimal requirements. Our case studies include distributed algorithms, fault-tolerant systems, and security protocols, where the different components are written in different languages and some employ local concurrency to improve efficiency. Our work contributes towards the formal verification of realistic distributed systems.”

Igloo is expressive, versatile and supports modeling of a wide range of distributed systems using state-of-the-art verification tools. The researchers show the feasibility of the Igloo methodology in several case studies. All results are formalized in a theorem prover. This foundational approach yields strong soundness guarantees.

The full paper as well as the artifact are available online. The presentation introducing Igloo will be available on Youtube following the OOPSLA conference on Nov 21st, 2020.

Welcome, Professor Shweta Shinde!

We are very happy to welcome Shweta Shinde in the Department of Computer Science at ETH Zurich in October 2020 as Tenure Track Assistant Professor of Computer Science. Get to know her in this short interview.

Professor Shinde, welcome to ETH Zurich! What are your current research interests?
I work broadly in computer security and privacy. My research is at the intersection of trusted computing, system security, program analysis and formal verification. Specifically, my goal is to lay down the foundations for building large-scale secure systems with long-term impact. A lot of my work furthers this goal by showcasing the practical feasibility of securing existing and emerging software systems.

What is the impact of your research on society?
One of the challenges in security is the ever-growing size and complexity of software systems that are rife with vulnerabilities. Patches and defences are continuously deployed, but the software attack surface is extremely large, and attackers invariably find ways to gain a persistent foothold. Such attacks not only cost billions of dollars in losses but are also life-threatening. Hence it is crucial to find effective ways to end the arms race between potential attacks and corresponding defence tools.

Several deployed as well as upcoming systems such as cloud computing, machine-learning infrastructure, databases, computer networks, and embedded devices such as Internet of Things stand to benefit from fundamental ways of building secure systems from the ground up. We have started seeing wide adoption of secure techniques (e.g. trusted computing, formal verification) in cloud-based confidential computing as well as privacy-preserving analytics. I look forward to continued technology transfer from the prototypes we build in our research lab to fully deployed solutions in real-world use cases.

Where were you working before you came to ETH Zurich?
Before joining ETH Zurich, I was a postdoctoral scholar at the University of California, Berkeley for one and a half years. Before that, I was a PhD student at the National University of Singapore where I was supported by the President’s Graduate Fellowship.

Which courses will you be teaching at ETH?
This autumn, I am co-teaching a Master’s course on Information Security. Going forward, I plan to teach courses such as “Topics in Computer Security” and “Seminar on Trusted Computing”. These courses will first cover the security fundamentals such as cryptography and privacy, then dive into their intersection with areas such as programming languages, systems and formal methods. This will help give students an in-depth understanding of both the theoretical and applied aspects of security.

What are your first impressions of Switzerland and ETH Zurich?
I visited Switzerland a few years ago and I have fond memories of my trip. The scenic beauty, majestic Alps, and the general efficiency certainly left a great impression. Everyone at ETH has been amazing and exceptionally supportive, especially under the unprecedented circumstances of 2020. They have left no stone unturned in making me feel welcome and at home in a new country.

What advice would you give to students who are just starting out in computer science?
Computer science has become so vast that it is impossible to have an in-depth understanding of everything. It can be quite intimidating in the beginning, especially when deciding where to start. My advice is to focus on the fundamentals and gain a solid understanding while you are in the formative years. Once students have enough breadth in their basics, they are more confident and well-informed when it comes to exploring a specific area of interest in depth. Lastly, continued curiosity and knowing how to learn new things on the fly are the most valuable tools that you should hone.

New Results on Anonymous Symmetric-Key Communication

Prof. Ueli Maurer and his PhD student Fabio Banfi , both part of Information Security and Cryptography research group at the ETH Institute of Theoretical Computer Science published a very interesting paper that was presented at this year’s Conference on Security and Cryptography for Networks (SCN 2020). It deals with the anonymity of probabilistic encryption (pE) and probabilistic authenticated encryption (pAE).

When you surf the web and connect to a server, usually both confidentiality and authenticity of the transmitted data is guaranteed by the cryptography implemented in TLS. That is, the underlying authenticated encryption scheme ensures that no bad actor eavesdropping on the traffic between you and the server is able to 1) gain any information about what is sent and 2) modify in any way the exchanged data. But is this enough?

A third crucial security property that is desirable when communicating over the internet is anonymity: If there are more clients communicating with the same server, you might additionally wish that an eavesdropper cannot even tell whether it is you or any other client who is sending the data. Does authenticated encryption guarantee this as well, and if so how and under which conditions? Maurer and Banfi aim at answering this question by mathematically modelling communication between many clients and one server in Constructive Cryptography, a framework which allows to define security from an application-centric perspective.

In more detail, they ask the question whether authenticated encryption preserves anonymity, that is, if it authenticates and secures traffic exchanged over an insecure network, but does not destroy any form of anonymity which is already present. They answer in the positive by giving precise conditions under which this is the case.

For more details, see the full paper or have a look to the conference video: