The Network and Distributed Systems Security (NDSS) Symposium reaches an important milestone this year, with the 30th edition of the event taking place from 27 February to 3 March 2023 in San Diego, USA. The Internet Society hosted the initial Privacy and Security Research Group (PSRG) Workshop on Network and Distributed System Security 10-12 February 1993. This evolved into the Network and Distributed Systems Security Symposium and has been proudly hosted by the Internet Society in San Diego in the 30 years since.
An incubator of ideas, the NDSS Symposium brings together leading academics, industry researchers, students, and security practitioners to discuss top-tier, peer-reviewed research and exchange ideas. The recordings of every paper presentation and the papers themselves are made available online for anyone to view to support collaborative research.
The Symposium continues to be one of the top conferences for computer and network security research, and more than 560 attendees are expected to participate both in-person and virtually. NDSS 2023 has a full agenda featuring 2 keynotes, 94 accepted papers, 40 posters, and a 30th anniversary retrospective from Tuesday, 28 February to Thursday, 2 March 2023. In addition, there will be eight co-located events on the Monday before, and the Friday after, the main symposium focusing on specific areas of network security research.
Featured Keynotes
The Symposium is honored to have two distinguished speakers providing the keynotes. Richard Ford (Praetorian) will open the symposium on Tuesday with a talk focused on ChatGPT, what this means for machine learning for cybersecurity and privacy, and whether this will benefit defenders or provide new vectors for attackers. Nina Taft (Google) will provide the Wednesday keynote that will discuss the challenges faced by developers with respect to continually evolving privacy laws, policies and user preferences, and the use of Natural Language Processing techniques that can automatically analyze privacy polices to help address this.
Co-Located Events
Throughout the week, there will be eight co-located events:
The inaugural Symposium on Vehicle Security and Privacy (VehicleSec 2023) builds upon the Automotive and Autonomous Vehicle Security (AutoSec) Workshop that has previously been held during the NDSS Symposium for the past four years. The workshop will discuss the security and privacy issues related to the on-board systems of ground, aerial, underwater and space vehicles, their supporting infrastructures, and associated technologies.
The inaugural Workshop on Security of Space and Satellite Systems (SpaceSec 2023) will be the first academic workshop co-located with the NDSS Symposium dedicated to the security of satellite systems. It aims to raise awareness of attack vectors and vulnerabilities in the light of major attacks on the ViaSat network and ongoing disruptions of the Global Navigation Satellite System (GNSS).
The 2nd International Workshop on Ethics in Computer Security (EthiCS 2023) will discuss the increasingly important question of ethics in computer security research. There are often unclear guidelines and review processes, and this workshop aims to provide an international forum for raising awareness and exchanging perspectives to support the development of new guidelines for future ethical security research.
The Usable Security and Privacy Symposium (USEC 2023) has grown out of the Usable Security and Privacy workshop first held alongside the NDSS Symposium in 2014. This co-located symposium considers how users approach and behave with respect to security and privacy, and how systems can be better designed to reflect this.
The Workshop on Security Operation Centers (SOC) Operations and Construction (WOSEC 2023) is another new workshop to co-locate with the NDSS Symposium and provides a forum where the Security Operation Center (SOCs) operational community can interact with the researchers to discuss requirements and development new tools and practices in this young field.
The Workshop on Learning from Authoritative Security Experiment Results (LASER 2023) is the latest in a series of workshops that focus on learning from cybersecurity experiments. This workshop will cover topics that include social media misinformation, privacy considerations of the Hybrid Broadcast Broadband TV (HbbTV) protocol, and tracing user location on instant messaging.
The Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb 2023) evaluates the security aspects of web browsers and apps with the aim of improving browser architectures, security policies, privacy enhancing techniques, and measurements for the purposes of studying illegal activities.
The Workshop on Binary Analysis Research (BAR 2023) aims to bring together research on the growing field of binary code analysis, which is needed to analyze embedded devices and closed-source commercial and legacy software for potential cyberthreats.
Academic Papers
The main NDSS Symposium kicks off on Tuesday and runs until Thursday, mostly being organized into three parallel tracks. With so many high-quality papers being presented, it’s impossible to preview them all, but we’d like to highlight a few that have particularly drawn our attention:
Tuesday, 28 February 2023
Faster Secure Comparisons with Offline Phase for Efficient Private Set Intersection (Session 1C: Privacy and Anonymity) – discussing a new efficient, fast, and private approach to a Private Section Intersection (PSI) protocol.
DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement through Differential Testing (Session 2A: Software Security II) – presenting the first differential testing framework to find Content Security Policy (CSP) enforcement bugs involving JavaScript execution.
Drone Security and the Mysterious Case of DJI’s DroneID (Session 2A: Software Security II) – an analysis of the security and privacy of DJI drones, investigating how an attacker can eavesdrop on over-the-air data traffic.
On the Anonymity of Peer-To-Peer Network Anonymity Schemes Used by Cryptocurrencies (Session 2C: Privacy and Anonymity II) – possible solutions for cryptocurrency systems that can be subjected to de-anonymization attacks by exploiting the network-level communication on their peer-to-peer network, allowing adversaries to observe transactions being exchanged and infer the parties involved.
Thwarting Smartphone SMS Attacks at the Radio Interface Layer (Session 2C: Privacy and Anonymity II) – the short message service (SMS) can be readily exploited to compromise unsuspecting remote victims. An inline defense mechanism called RILDEFENDER has been developed that integrates into the radio interface layer of Android smartphones.
FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities (Session 3A: Fuzzing) – presenting the first fuzzer that focuses on JavaScript just-in-time compiler vulnerabilities.
BARS: Local Robustness Certification for Deep Learning based Traffic Analysis Systems (Session 3B: ML and AI III) – a proposed certification framework for deep learning-based traffic analysis systems based on boundary-adaptive randomized smoothing.
Wednesday, 1 March 2023
Automata-Based Automated Detection of State Machine Bugs in Protocol Implementations (Session 4A: Network Protocols) – an automated black-box technique for detecting state machine bugs in implementations of stateful network protocols.
Real Threshold ECDSA (Session 4B: Blockchains I) – a proposed solution to mitigate denial-of-service vulnerabilities prevalent in existing ECDSA scheme that makes the assumption of honest signatories.
MyTEE: Own the Trusted Execution Environment on Embedded Devices (Session 4C: Mobile Security and Privacy) – MyTEE is a trusted execution environment (TEE) that can be used in worst-case environments where major hardware security primitives are absent.
Parakeet: Practical Key Transparency for End-to-End Encrypted Messaging (Session 5C: Keys and Certification) – a solution for ensuring that key servers honestly serve public keys to users.
OBI: a multi-path oblivious RAM for forward-and-backward-secure searchable encryption (Session 5C: Keys and Certification) – dynamic searchable encryption (DSE) is a user-cloud protocol for searching over outsourced encrypted data, but it can be inefficient to fetch/insert a large set of data blocks which OBI aims to address.
Thursday, 2 March 2023
SoundLock: A Novel User Authentication Scheme for VR Devices Using Auditory-Pupillary Response (Session 6A: Cyber-Physical Systems Security I) – improving the security of virtual reality devices.
Access Your Tesla without Your Awareness: Compromising Keyless Entry System of Model 3 (Session 7A: Cyber-Physical Systems Security II) – a detailed security analysis of Tesla key cards and phone keys, including the possibility of man-in-the-middle attacks.
Tactics, Threats & Targets: Modeling Disinformation and its Mitigation (Session 7B: Web Security II) – development of cybersecurity-inspired framework to characterize the threat of disinformation.
Detecting Unknown Encrypted Malicious Traffic in Real Time via Flow Interaction Graph Analysis (Session 7C: Cyber Attacks) – presents HyperVision, a realtime unsupervised machine learning-based system that can detect malicious traffic within encrypted flows.
A Systematic Study of the Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites (Session 8C: Usable Security and Privacy) – a study of the user experience of two-factor authentication on top-ranked websites, and how this can be improved.
30th Anniversary: An Overview of Achievements and Success
Last but not least, on Wednesday afternoon an NDSS Symposium 30th Anniversary session will celebrate the achievements and successes of NDSS over the years.
Volunteer Led
The Internet Society would also like to take this opportunity to thank all the volunteer members of the 2023 Program Committee, the Organizing Committee, and the Steering Group, who have worked hard to pull together another high-quality event. We look forward to seeing you all in San Diego!
0 Comments