National Workshop On Data Security and Cryptology at IIT Bhilai (May 27-29, 2019)

Finally it saw the light of day. To organize a workshop on data security has been on our mind for quite some time. There was a sustained enthusiasm and a demand as well, among both the students and the faculty members, to make that happen. Fortunately for us, IIT Bhilai is replete with people with long experience of working in diverse branches of information security, and of organizing workshops.

So the stage was already set. 

If you are short of time, here is a digest of the workshop in numbers: 3 days, 8 keynotes, 3 tutorials, and 70 attendees from around the country (including 28 faculty members). Enthusiastic participation was especially observed from the engineering colleges in and around the region of Raipur, Bhilai and Durg — IIIT Naya-Raipur, NIT Raipur, Pandit Ravi Shankar Shukla University, Bhilai Institute of Technology to name a few. 

We are pleased and thankful. 

Let’s now have a quick glance at the technical content of the event. 

Various cutting-edge cryptographic techniques, namely, data obfuscation and zero-knowledge proofs were discussed at length. The audience was thrilled to see the sheer magic that cryptography was able to create — compute using without seeing the data, or prove without disclosing the proof ! 

Security policies and frameworks — and how they impact the governance and economic parameters of the country — were also put on the table. This is a subject which is often not accorded its due importance, especially in academic conferences and workshops. We are especially happy to have such a talk on the agenda. 

The workshop witnessed a lively discussion on one of the hottest topics of the present time: the Indian EVM machine and how it functions. Apart from delving into the interplay of various cryptographic techniques, the lecture included a discussion on the deployment of the EVM machine through a host of meticulously planned administrative steps: starting out at the strongroom, leaving behind many intermediary steps to arrive at the polling booth — while along the way surviving innumerable verifications and examinations — continuing up until the time when the results were finally declared by the Election Commission, it was an incredible and arduous journey for the EVM machine, that completes the full cycle when returned back to its starting place to be used again in the next election. We also came to know how each and every administrative step, just discussed, painstakingly takes into account all the issues and concerns raised by representatives of the various stakeholders — the electorate, the polling officials, the candidates, the polling agents and many more. Excitement reached the zenith, as many participants became privy to these EVM details for the first time in their life. 

Another topic, hotly debated, dealt with determining the true nature of the digital revolution the nation is going through, its pitfalls, and the future challenges. The focus was laid particularly on the economic aspects of this digital transformation, in terms of the GDP growth, creation of new jobs, FinTech undertakings, etc. When combined with the emergence (and the fast adoption) of some of the very powerful technologies — IoT, Cloud, Blockchain, artificial intelligence, analytics — its impact on the society could be mind-boggling.

A considerable amount of time was spent on the trustworthiness of cyberphysical systems that were gradually replacing the human-controlled physical systems.

The workshop also featured an elaborate and comprehensive discussion on the endpoint security (which virtually covers all types nodes in a computer network), drawing on the knowledge of many real-life cyber attacks of recent times; Code Red Worm, WannaCry Ransomware, Mirai bot, etc. are some of them.

On to the above list of lectures, loosely tacked was a unique presentation, which was like holding up a mirror to the community of cryptography researchers, reminding them — with plenty of examples from the published literature — to be more careful and restrained while making tall claims, that often fly way off a reasonable practicality.

In addition to keynotes, there were tutorials also, on the following topics: Differential Cryptanalysis, Blockchains and Fault Attacks.

Miscellaneous links on the workshop are below.

A new form of malware: the Volkswagen case

A new era has perhaps arrived where companies can employ engineers for writing cheating software to deceive the customers, the regulatory bodies as well as the testing agencies.

“The cars’ computers were able to detect when they were being tested, and temporarily alter how their engines worked so they looked much cleaner than they actually were. When they weren’t being tested, they belched out 40 times the pollutants.

The Bruce Schneier article on this issue published on CNN. 

I have heard that the Indian government took cognizance of this automobile scandal, and have promised to take appropriate steps to see whether the Volkswagen cars sold to the Indian customers are safe or not.  Feel free  to write in the comments section on Indian government’s action on the issue.