CPSIoTSec 2023
November 26 (Sunday), 2023
Copenhagen, Denmark
Queries: magnus.almgren[at]chalmers.se
NEWS! CPSIoTSec 2024 in Salt Lake City
The 5th Joint Workshop on
CPS & IoT Security and Privacy
In conjunction with the
ACM Conference on Computer and Communications Security 2023
Background
The Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec) is the result of the merger of the Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC) and Workshop on the Internet of Things Security and Privacy (IoTS&P) previously organized annually in conjunction with ACM Conference on Computer and Communications Security.
Scope
The Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2023) invites academia, industry, and governmental entities to submit:
- Original research papers on the security and privacy of CPS&IoT
- Systematization of Knowledge (SoK) papers on the security and privacy of CPS&IoT
- Demos (hands-on or videos) of testbeds/experiences of CPS&IoT security and privacy research
We seek submissions from multiple interdisciplinary backgrounds tackling security and privacy issues in CPS&IoT, including but not limited to:
- Mathematical foundations for secure CPS/IoT
- Control-theoretic approaches
- High assurance security architectures
- Security and resilience metrics
- Metrics and risk assessment approaches
- Identity and access management
- Privacy and trust
- Network security
- Game theory applied to CPS/IoT security
- Human factors, humans in the loop, and usable security
- Understanding dependencies among security, reliability and safety in CPS/IoT
- Economics of security and privacy
- Intrusion and anomaly detection
- Model-based security systems engineering
- Sensor and actuator attacks
- CPS/IoT malware analysis
- CPS/IoT firmware analysis
- Hardware-assisted CPS/IoT security
Also of interest will be papers that can point the research community to new research directions, and those that can set research agendas and priorities in CPS/IoT security and privacy. There will be a best paper award.
Program
Best paper award 2023:
Brain-Hack: Remotely Injecting False Brain-Waves with RF to Take Control of a Brain-Computer Interface. Alexandre Armengol-Urpi, Reid Kovacs, and Sanjay E. Sarma https://dl.acm.org/doi/10.1145/3605758.3623497
- Short paper: 20 minutes
- Regular paper: 30 minutes
- Demo/Abstract: 20 minutes
| 9:00 - 9:15 | Opening Remarks (Magnus Almgren) | |
| 9:15 - 10:00 | Keynote 1: Security and privacy challenges for next generation communication and computational infrastructures and applications, Maria Kihl (Lund University, Sweden) | |
| 10:00 - 10:30 | Break | |
| 10:30 - 12:20 | Session 1: Assessment and Mitigation Strategies. Session Chair: Shahid Raza | |
| (full paper) | Firmulti Fuzzer: Discovering Multi-process Vulnerabilities in IoT Devices with Full System Emulation and VMI | |
| (full paper) | Water Risk-Proofed: Risk Assessment in Water Desalination | |
| (full paper) | Remote Attestation of IoT Devices using Physically Unclonable Functions: Recent Advancements and Open Research Challenges | |
| (demo) | From DDoSim to DDoSimQ: Enhancing DDoS Attack Simulation Through Full System Emulation | |
| 12:20 - 13:30 | Lunch Break | |
| 13:30 - 15:30 | Session 2: Adversarial Exploitation and Compiler Insights in Real-World Systems. Session Chair: Charalambos Konstantinou |
|
| (full paper) | Towards Adversarial Process Control on Inertial Sensor Systems with Physical Feedback Side Channels | |
| (full paper) | Brain-Hack: Remotely Injecting False Brain-Waves with RF to Take Control of a Brain-Computer Interface | |
| (short paper) | The Internet of Insecure Cows - A security analysis of wireless smart devices used for dairy farming | |
| (short paper) | SweetCam: an IP Camera Honeypot | |
| (short paper) | Towards PLC-specific Binary Analysis Tools: An Investigation of Codesys-compiled PLC Software Applications | |
| 15:30 - 16:00 | Break | |
| 16:00 - 16:45 | Keynote 2: IoT and Web, Friend or Foe? Security and Privacy of Internet of Things Apps, Musard Balliu (KTH, Sweden) | |
| 16:45 - 16:50 | Short Break | |
| 16:50 - 17:30 | Session 3: Device Identification and Anonymization. Session Chair: Emil C. Lupu | |
| (short paper) | Granular IoT Device Identification Using TF-IDF and Cosine Similarity | |
| (short paper) | Privacy through Diffusion: A White-listing Approach to Sensor Data Anonymization | |
| 17:30 - 17:45 | Finish best paper voting process | |
| 17:45 - 18:00 | Best paper announcement, Closing Remarks (Magnus Almgren) | |
Submission Guidelines
Submissions include long papers (12 pages), short papers (6 pages), or 1-page abstracts:
- Long papers include a) Original research on a CPS/IoT security and privacy topic, b) Systematization of Knowledge of CPS/IoT security and privacy;
- Short papers include original work-in-progress research on a CPS/IoT security and privacy topic;
- 1-page abstracts include demos/interesting findings/insights on CPS/IoT security and privacy, which will be accompanied by a hands-on demo during the workshop.
Submitted papers can be up to 12 or 6 pages excluding appendices and references, and should provide enough details to enable reproducibility. All submitted papers must be anonymous, with no author names, affiliations, acknowledgements, or obvious references, for double blind reviews. Submissions must use the ACM SIG Proceedings Templates (see https://www.acm.org/publications/proceedings-template, with a simpler version here: https://github.com/acmccs/format). Only PDF files will be accepted.
Accepted papers will be published by the ACM Press and/or the ACM Digital Library. We expect all authors to consider diversity and inclusion, especially when preparing their own submission (see https://www.acm.org/diversity-inclusion/about). Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Each accepted paper must be presented by a registered author. Submissions not meeting these guidelines risk immediate rejection. For questions about these policies, please contact the chairs.
- Paper Submission Site: https://cpsiotsec23.hotcrp.com/
Important Dates
- Submission deadline:
June 29, 2023 (23:59 Anywhere on Earth)July 13, AoEJuly, 18 AoE (firm) - Notification of acceptance/rejection (tentative): August 18, 2023
- Deadline for submission of camera-ready papers: September 8, 2023
- Workshop date: November 26, 2023
Program Chairs
- Magnus Almgren, Chalmers University of Technology, Sweden
- Earlence Fernandes, University of California, San Diego, USA
Technical Program Committee
- Alessandro Brighente University of Padua
- Álvaro Cárdenas UC Santa Cruz
- Amir Rahmati Stony Brook University
- Awais Rashid University of Bristol
- Charalambos Konstantinou KAUST
- Cristina Alcaraz University of Malaga
- Ebelechukwu Nwafor Villanova
- Emil Lupu Imperial College London
- Gang Tan Penn State
- George Stergiopoulos University of the Aegean
- Gerhard Hancke City University of Hong Kong
- Habiba Farrukh Purdue University
- Hervé Debar Telecom SudParis
- Le Guan University of Georgia
- Luis Garcia University of Southern California, Information Sciences Institute
- Marina Krotofil Hamburg University of Technology
- Marios Anagnostopoulos Aalborg University
- Mauro Conti University of Padua
- Mikael Asplund Linköping University
- Monowar Hasan Washington State University
- Muslum Ozgur Ozmen Purdue University
- Nils Ole Tippenhauer CISPA Helmholtz Center for Information Security
- Pablo Picazo-Sanchez Halmstad University
- Peng Liu The Pennsylvania State University
- Saman Zonouz Georgia Institute of Technology
- Shahid Raza RISE Research Institutes of Sweden
- Sokratis Katsikas Norwegian University of Science & Technology
- Sridhar Adepu University of Bristol
- Stefano Longari Politecnico di Milano
- Takami Sato University of California Irvine
- Vasileios Gkioulos Norwegian University of Science and Technology
- Weizhi Meng Technical University of Denmark
- Yongkai Fan State Key Laboratory of Media Convergence and Communication, China University of Communication
- Yuqing Zhang National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences
Steering Committee
- Rakesh Bobba, Oregon State University
- Alvaro Cardenas, University of California, Santa Cruz
- Peng Liu, Penn State University
- Sibin Mohan, University of Illinois at Urbana-Champaign
- Awais Rashid, University of Bristol
- Gang Tan, Penn State University
- Nils Ole Tippenhauer, CISPA
- Roshan Thomas, MITRE
- Yuqing Zhang, University of CAS
Publicity Chair
- Pablo Picazo-Sanchez, Halmstad University