Dr. Jeol Reardon
Title
Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale.
Abstract
We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps’ compliance with the Children’s Online Privacy Protection Act (COPPA), one of the few stringent privacy laws in the U.S. Based on our automated analysis of popular free children’s apps, we found that a majority perform actions that are possible violations of COPPA, due to their use of third-party SDKs. While most of these SDKs offer configuration options to respect COPPA by disabling tracking and behavioral advertising, our data suggests that a majority of apps do not make use of these options. A further fifth collect data through SDKs whose terms of service outright prohibit their use in child-directed apps. Finally, we show that efforts by Google to limit tracking through the use of a resettable advertising ID have had little success with more than half transmitting other persistent identifiers alongside, negating the intended privacy-preserving properties.
Biography
Prof. Joel Reardon is an assistant professor at the University of Calgary. Prior to starting in Calgary, he did his Master's at the University of Waterloo, doctoral degree at the ETH Zurich, and a post-doctoral year at the UC Berkeley and the International Computer Science Institute (ICSI). His research interests relate to security and privacy including issues for storage and compliance as well as systems to make it easier to use. He also loves mountains, bicycles, and writing poetry.

Dr. Philip W. L. Fong
Title
Research Directions in Access Control for the Internet of Things.
Abstract
Access control is the "traditional center of gravity of computer security" (Anderson, 2008). It is about determining who can access what in which circumstances. Access control technologies have been applied to control the flow of information in military operations, to avoid conflict of interests in the commercial world, to prevent your photo albums from being accessed by people you do not know on Facebook, and to ensure that your medical records are only accessible by the clinicians who provide medical care to you. Then came the next massively distributed computing environment, the Internet of Things, in which physical objects embedded in the physical world are connected to the Internet, objects that are potentially faulty and easily compromised, objects to be accessed by people who are not known quantities within an organization. With this rapid growth in the IoT, we also realize how much our well-being, such as physical safety, will depend on the proper protection of smart devices. How do traditional access control models and technologies cope? Or do we need to completely depart from traditional access control paradigms and rethink new ones? What are truly unique in IoT, and what are simply hypes? In this talk, I would like to wrestle with some of these questions, and identify a few research directions that I find promising.
Biography
Philip Fong is a Tier-2 Canada Research Chair in Software Security and an Associate Professor at the Department of Computer Science, University of Calgary, Canada. He was a faculty member at the Department of Computer Science, University of Regina, Canada, from 2003 to 2008. He received his B.Math. and M.Math. in Computer Science from the University of Waterloo, Canada, and his Ph.D. in Computer Science from Simon Fraser University, Canada. His research interests include access control, security and privacy for Internet of Things (IoT), protection technologies for social computing, and language-based security.

Dr. Sabyasachi Karati
Title
Kummer for Genus One over Prime Order Fields.
Abstract
In this talk, we consider the problem of fast and secure scalar multiplication using curves of genus one defined over a field of prime order. Previous work by Gaudry and Lubicz in 2009 had suggested the use of the associated Kummer line to speed up scalar multiplication. In this talk, we will explore this idea in detail. The first task is to obtain an elliptic curve in Legendre form which satisfies necessary security conditions such that the associated Kummer line has small parameters and a base point with small coordinates. In turns out that the ladder step on the Kummer line supports parallelism and can be implemented very efficiently in constant time using the single-instruction multiple-data (SIMD) operations available in modern processors. For the 128-bit security level, this work presents three Kummer lines denoted as K1:= KL2519(81,20), K2:= KL25519(82,77) and K3:= KL2663(260,139) over the three primes 2^(251)-9, 2^(255)-19 and 2^(266)-3 respectively. Implementations of scalar multiplications for all the three Kummer lines using Intel intrinsics have been done and the code is publicly available. Timing results on the recent Skylake and the earlier Haswell processors of Intel indicate that both fixed base and variable base scalar multiplications for K1 and K2 are faster than those achieved by Sandy2x which is a highly optimised SIMD implementation in assembly of the well known Curve25519; for example, on Skylake, variable base scalar multiplication on K1 is faster than Curve25519 by about 25%. On Skylake, both fixed base and variable base scalar multiplication for K3 are faster than Sandy2x; whereas on Haswell, fixed base scalar multiplication for K3 is faster than Sandy2x while variable base scalar multiplication for both K3 and Sandy2x take roughly the same time. In fact, on Skylake, K3 is both faster and also offers about 5 bits of higher security compared to Curve25519. In practical terms, the particular Kummer lines that are introduced in this work are serious candidates for deployment and standardization.
Biography
I am a Post-Doctoral Fellow of the department of Computer Science of the University of Calgary, Canada. I am also a member of Institute for Security, Privacy and Information Assurance (ISPIA), Calgary. Before joining to UofC, I was a Post-Doctoral Fellow of the Applied Statistics Unit (ASU) of Indian Statistical Institute (ISI) Kolkata, India. I completed my PhD from the Indian Institute of Technology (IIT) Kharagpur, India. My primary research interests include different areas of public-key cryptography like algebraic-curve-based cryptography, Lattice-based and Hash-bash post-quantum cryptography and computational number theory.