Events & News

ZISC organizes a number events. The annual ZISC Workshop brings together leading experts to present and discuss their latest research results on a chosen information security and privacy topics. The weekly ZISC Lunch Seminar presentations illustrate the research done at the affiliated research groups and invite exciting speakers from other research institutes and companies.

Latest News

ZISC Report 2022 is published


During the year 2022, the ZISC center continued to deliver excellent results on both of its main mandates: applied research projects that are jointly defined and customized to the needs of our industry partners, and long-term basic research.

We worked on multiple topics with our partners, addressed fundamental challenges and made substantial contributions to projects that have societal importance beyond academia. The ZISC researchers won numerous awards for their outstanding work,

In 2022, Prof. Florian Tramèr joined the ZISC Faculty as an Assistant Professor in August. His research focuses on the safety and privacy of machine learning which is a highly topical and exciting research area. We warmly welcome Florian to the center and look forward to working with him in the years to come.

You can read the full report here.

The ZISC center wishes all its partners and collaborators a relaxing holiday season and we are looking forward to working with you again in 2023!

 

 

 

 

 

 

 

 

 

ZISC Chair Prof. Srdjan Capkun named IEEE fellow

The IEEE Fellow Committee announced the newly elevated IEEE Fellows of 2022 — amongst them is ZISC Chair and ETHZ Professor Srdjan Capkun.

This distinction is reserved for selected IEEE members with extraordinary accomplishments.

During his career, Prof. Capkun has made numerous significant research contributions in the areas of wireless security and systems security. His ground-breaking research on distance bounding and proximity verification have helped to shape an exciting new research area. These results have also been commercialised by the 3bd. In addition, the research of Prof. Capkun examined cellular systems, such as LET and 5G networks, and identified important security and privacy issues. He was also a part of a team of researchers who designer a privacy-preserving contact tracing system that became the basis for the Swiss Covid App and the Exposure Notification framework adapted by Google and Apple. Prof. Capkun’s research on authentication technologies formed the basis for the Futurae start-up that specialises on secure and user-friendly authentication solutions. He has also created numerous research results related to trusted execution environments, security of microarchitectures, blockchain technology and digital currencies.

The ZISC center congratulates Prof. Capkun on this amazing achievement!

Applied Crypto Group wins Distinguished Paper Award at ACM CCS

The paper “Victory by KO: Attacking OpenPGP Using Key Overwriting” by Lara Bruseghini (ETH Zurich & Proton AG), Daniel Huigens  (Proton AG) and Kenny Paterson (ETH Zurich) won a distinguished paper award at ACM CCS 2022 this week.

The annual conference is one of the top four security conferences and was held this year in Los Angeles, where Lara accepted the award on behalf of the team. The paper has already had a substantial impact on the use of OpenPGP in practice: multiple libraries have updated their code and the OpenPGP standard under development at the IETF now includes the countermeasures recommended in the paper. In addition, the “key overwriting” or “KO” attack vector is proving to be very useful in the group’s follow-up work on cloud storage systems.

To read more about the paper, please visit https://www.kopenpgp.com/

 

Digital emblem for International Red Cross

 

For over 150 years, three distinctive emblems, the red cross, red crescent, and more recently the red crystal, have been used in times of armed conflict. International law protects people who wear them, and also the facilities (for instance buildings or transport) which use them.

In the context of a cyberwar, is it possible to have a digital version of these emblems? For instance, servers, laptops, mobile phones and other equipment of a hospital could be victims of a cyberattack launched by a state, causing damage not only to the equipment but also to their operations and impacting the people under their care. A digital emblem would allow to signal protection to state-based cyber-operations and thus permit attackers to recognise such systems as protected under international law . Naturally in this context several challenges arise: A digital emblem should be easy to embed in current systems and easy to recognise by attackers, but at the same time it should be hard to abuse in order to claim protection over assets not covered by international law.

In order to tackle this challenge, the International Committee of the Red Cross (ICRC) in Geneva is working with Johns Hopkins University, the ITMO University of St. Petersburg, Russia, and the Center for Cyber Trust, a joint research center of ETH Zurich and Germany’s University of Bonn, to develop a technological solution. One of the proposals, designed within the Center for Cyber Trust is called ADEM (Authenticated Digital EMblem). ADEM uses public key cryptography to create robust machine-readable certificates to be used by protected entities in network communications, allowing attackers to read them anonymously. Prof. Basin and Felix Linker explain this design in an article of the ICRC’s blog. ADEM has been included in an official report of the ICRC together with other digital emblem solutions. This report has been recently featured by several media outlets, including The Washington Post, The Lieber Institute at West Point, AP News and The Record.

Distinguished Artifact Award at USENIX Security 2022

The paper  “Automating Cook Consent and GDPR Violation Detection” by Dino Bollinger, Karel Kubicek, Carlos Cotrini, and David Basin received the Distinguished Artifact Award at USENIX Security 2022. Congratulations!

The European Union’s General Data Protection Regulation (GDPR) requires websites to inform users about personal data collection and request consent for cookies. Yet the majority of websites do not give users any choices, and others attempt to deceive them into accepting all cookies. The paper’s authors document the severity of this situation through an analysis of potential GDPR violations in cookie banners in almost 30k websites. They identify six novel violation types, such as incorrect category assignments and misleading expiration times, and we find at least one potential violation in a surprising 94.7% of the analyzed websites.

The authors address this issue by giving users the power to protect their privacy. They develop a browser extension, called CookieBlock, that uses machine learning to enforce GDPR cookie consent at the client. It automatically categorizes cookies by usage purpose using only the information provided in the cookie itself. At a mean validation accuracy of 84.4%, their model attains a prediction quality competitive with expert knowledge in the field. Additionally, their approach differs from prior work by not relying on the cooperation of websites themselves. The four authors empirically evaluate CookieBlock on a set of 100 randomly sampled websites, on which it filters roughly 90% of the privacy-invasive cookies without significantly impairing website functionality.

Read the whole paper here.