Biometric authentication is more secure than using regular passwords, as biometrics cannot be "forgotten" and allegedly contain high entropy. Thus, many constructions rely on biometric features for authentication, and use them as a source for "good" cryptographic keys. At the same time, biometric systems carry with them many privacy concerns. Unlike regular passwords, which can be easily changed if compromised, changing biometric traits is far from being easy. Hence, we need to protect the privacy of the system's users in case of a leakage of the systems internal "password file".
In this talk we describe our proof-of-concept (PoC) system which transforms facial attributes from a single image into keys in a consistent, discriminative, and privacy-aware manner. The outcome is a user-specific string that cannot be guessed, and reveals no information concerning the users of the system, even when the system's secrets are revealed.

This is a joint work with Margarita Osadchy and Mahmood Sharif.

Orr Dunkelman is an associate professor in the Computer Science department at the University of Haifa. His research focuses on cryptanalysis, cryptography, security, and privacy. Prior to joining the University of Haifa, Orr was a post-doctoral researcher at Weizmann Institute, Ecole Normale Superieure (Paris, France), and KU Leuven (Belgium). He is a recipient of the Krill prize (2014), and served as porgram chair of FSE 2009, CT-RSA 2012, SAC 2015. He holds a Ph.D. and B.A. in Computer Science from the Technion.

As the Internet-of-Things (IoT) enjoys its position at the top of the hype cycle, a lot of attention is paid to IoT security. We try to avoid making the usual mistake of neglecting security now and paying dearly for it later. Realistically, however, there is no such thing as "IoT Security" per se. There is just the usual security engineering that is applied to IoT. Security engineering is about determining assets, threats to assets, and cost-effective means of mitigation. Such security analysis applies to networks, it applies to servers, it applies to cars, and it also applies to IoT. Notwithstanding, security engineering in IoT does pose a few unique challenges, which we will discuss, such as: diversity, lack of industry know-how, the need for future proofing, and the element of the unknown that prevents us from taking short-cuts.

Hagai Bar-El is an information security architect with 18 years of experience in security engineering. Hagai Bar-El serves as the CTO of Sansa Security (formerly known as Discretix Technologies). Sansa Security delivers embedded security solutions to the Internet of Things (IoT) industry, providing hardware and software security solutions to some of the world’s best-known semiconductor and device manufacturers. Hagai Bar-El works with Sansa Security since its day of establishment, more than a decade ago, and has been managing processes of system security definition, innovation and intellectual property protection, and security review.

בשנים האחרונות, עם גידול הפוקוס על אבטחת מערכות מחשב, אנו נתקלים בבעיה שהולכת ומחריפה ככל שסיבוכיות המערכות הולכת וגדלה; איך לאפשר למערכת פתוחה כמו PC לשמור סודות בביטחה? טכנולוגית Intel® SGX באה לתת מענה לשאלה זאת ע"י יצירת תשתית חומרתית למובלעות (enclaves) שמגנות על סודותיהן מפני התקפות תוכנה וחומרה באופן אינטגרטיבי לסביבות העבודה והפיתוח הרגילות לPC. ההרצאה תתן טעימה של טכנולוגית Intel® SGX ושל האפשרויות הגלומות בשימוש בטכנולוגיה.

איתי ענתי הוא Senior Principal Engineer באינטל בתחום האבטחה בקבוצת הארכיטקטורה של המעבדים. איתי היה שותף בקבוצת העבודה שהגדירה את Intel® SGX והוא גם הארכיטקט המוביל של המימוש של SGX במעבדי אינטל ממשפחת ה-Core. לאיתי נסיון נרחב בארכיטקטורת מעבדי אינטל ובאבטחת מעבדים. איתי הינו בעל תואר B.Sc בהנדסת חשמל מהטכניון.

Part II of the introduction to SGX. Part II of the introduction discusses the security model defined for the system, detailing adversaries and security objectives and expanding on elements in the security of the design and challenges involved in validation of SGX security properties.

Neer is a security researcher at the Software and Services Group (SSG) at Intel Corporation, focusing on software security aspects in the latest generation of Intel microprocessors. In particular, Neer led an internal security evaluation of components of Intel® Software Guard Extensions (SGX). Neer earned his M.Sc. in Computer Science from the Technion, Israel Institute of Technology, with a dissertation on the topic of anonymity. Previously, Neer worked for the Israeli National Information Security Authority on safeguarding the security of critical infrastructure, engaging in penetration testing, product evaluation and, briefly, incident response.

Single root I/O virtualization (SRIOV) is a hardware/software interface that allows devices to "self virtualize" and thereby remove the host from the critical I/O path. SRIOV thus brings near bare-metal performance to untrusted guest virtual machines (VMs) in public clouds, enterprise data centers, and high-performance computing setups. We identify a design flaw in current Ethernet SRIOV NIC deployments that enables untrusted VMs to completely control the throughput and latency of other, unrelated VMs. The attack exploits Ethernet "pause" frames, which enable network flow control functionality. We experimentally launch the attack across several NIC models and find that it is effective and highly accurate, with substantial consequences if left unmitigated: (1) to be safe, NIC vendors will have to modify their NICs so as to filter pause frames originating from SRIOV instances; (2) in the meantime, administrators will have to either trust their VMs, or configure their switches to ignore pause frames, thus relinquishing flow control, which might severely degrade networking performance. We present the Virtualization-Aware Network Flow Controller (VANFC), a software-based SRIOV NIC prototype that overcomes the attack. VANFC filters pause frames from malicious virtual machines without any loss of performance, while keeping SRIOV and Ethernet flow control hardware/software interfaces intact.

Joint work with Igor Smolyar and Dan Tsafrir.

Muli Ben-Yehuda is a systems researcher and an expert in the area of machine and I/O virtualization. He holds a B.A. (cum laude) from the Open University of Israel and an M.Sc. in Computer Science from the Technion. From 2002 until 2012 he held senior research and managerial positions at IBM Research, where he was also an IBM Master Inventor. He is currently solving hard startup problems as Stratoscale's Chief Scientist. Muli has co-authored over forty academic publications and holds over twenty-five US patents in such areas as machine and I/O virtualization, cloud computing, and operating system and hypervisor design and implementation. His code and ideas are included in many operating systems and hypervisors, including the Linux kernel and the Xen and KVM hypervisors. His work on The Turtles Project: Design and Implementation of Nested Virtualization has won the prestigious OSDI Jay Lepreau Best Paper Award and the IBM Research Pat Goldberg Memorial Best Paper Award.

מאגרי מידע דיגיטליים, המשופעים במידע פרטי אודות ישראליים נפוצים בעידן הנוכחי בכל מגזרי המשק: הציבורי, הפרטי וכן אצל יחידים. רמו"ט עוסקת ברגולציה ואכיפה של תחום המידע האישי. לפתחה של רמו"ט מונחים אתגרים נוכח מרכזיותו של המידע בחיים השוטפים, קלות ההשגה הדיגיטלית של המידע, תוצאות חשיפת המידע או שימוש לא חוקי בו והשפעת תאוצת הטכנולוגיה על הסיכון בכל אחת מחוליות שרשרת המידע- איסופו, עיבודו, החזקתו והפצתו.
בהרצאה יינתן מבט מזווית אכיפת החוק על העבריין הדיגיטלי, סוגי ההתנהגויות הלא חוקיות, אפיון האכיפה וכן הדגמה מתיקי חקירה שנוהלו ברמו"ט בתחום זה.

מילי בך היא מנהלת מחלקת אכיפה וחקירות ברשות למשפט, טכנולוגיה ומידע (רמו"ט) במשרד המשפטים. מילי הקימה את המחלקה העוסקת בניהול חקירות בתחום עבריינות מידע במרחב הסייבר. המחלקה מתמודדת עם אתגרים חקירתיים-טכנולוגיים. אתגרי הפעילות כוללים את חשיפת הזהות האמיתית העומדת מאחורי זהות וירטואלית של עבריין דיגיטלי וניתוח, עיבוד וחקירת תיקים מורכבים של עבריינים בפרופיל מתוחכם וייחודי. מילי וצוות החקירות שניהלה אחראים לפיצוח פרשת ה"אגרון" - גניבת מרשם האוכלוסין של מדינת ישראל והפצתו באינטרנט. כמו כן, מילי הובילה את חקירת פרשת "ההאקר הסעודי " בגינה נתקבל פרס "צוות מצטיין" ממשלתי על פעילות חקירתית פורצת דרך. מילי מחזיקה בתואר ראשון במשפטים, הפקולטה למשפטים, אוניברסיטת תל אביב; תואר ראשון במתמטיקה, הפקולטה למדעים מדוייקים, אוניברסיטת תל אביב; ותואר שני במנהל עסקים בתוכנית למנהלים (Executive MBA), הפקולטה לניהול, אוניברסיטת תל אביב.

There's a discussion going on in offices, plants and factories that may result in crossed arms between information and operations technology teams because one team just "doesn't get it" when it comes to understanding the other's security issues. Aren't all computer and processing systems the same? The answer is, Absolutely not! As Tim Conway, technical director of industrial control systems security for the SANS Institute, noted in an August 2013 interview with Computer Engineering magazine: "When you take people with an IT background and bring them into an industrial control system environment there's a lack of understanding from operations [as to] why they're there, and there is a lack of understanding of the specific controls environment needs from IT."
As systems based on TCP/IP, Ethernet, Linux and Windows have moved into industrial control systems and supervisory control and data acquisitions (SCADA) networks, operations technology faces IT security challenges.
The lecture will describe these challenges and the shortcomings of existing solutions, as well as Indegy's approach.

Mille Gandelsman, Co-Founder & CTO, Indegy. Mille leads Indegy’s technology research and product management after several years of cyber security research in Israel’s elite intelligence corps. Mille is an IDF Talpiot graduate and holds a Masters degree with honors in Computer Science from Tel Aviv University.

The most demanding tenants of shared clouds require complete isolation from their neighbors, in order to guarantee that their application performance is not affected by other tenants. Unfortunately, shared clouds do not offer this service today.
In this talk, we introduce a new abstraction for cloud service that provides physical isolation of network links. Each tenant gets an exclusive set of links forming a virtual fat tree, and is guaranteed to receive the same bandwidth as in a private cloud. We show how this prevents the performance degradation and security pitfalls caused by traffic from concurrent tenants on shared links.

Eitan Zahavi is a Ph.D. candidate at the Technion Electrical Engineering department. He is also a senior principal engineer in Mellanox Technologies. Eitan earned his B.Sc. and M.Sc. in Electrical Engineering from the Technion, Israel in 1987 and 2012 respectively. During twenty years in the industry worked in Intel as a Circuit designer, EDA developer and architect. Co-founder of Mellanox at 1999 and since then leads the company Design Automation group and architects InfiniBand networks with focus on their management aspects. His recent research interests include High Performance Computing interconnects and Data Center Networks. Serves as a co-chair of the InfiniBand trade association Manage- ment Working Group.