Professor Michel van Eeten, Delft University of Technology
Economics of dark markets: Observations on criminal services via anonymous marketplaces
In the past decade, we have witnessed the rise of anonymous criminal market places -- often called "dark markets" -- providing "cybercrime-as-a-service" offerings (CaaS). Law enforcement agencies predicted that CaaS would lead to an explosion of cybercrime. Criminals would be able to outsource complex cybercrime operations to service providers, rather than having to acquire sophisticated technical expertise by themselves. This lowers the entry barrier for criminals entrepreneurs to launching business models. Has this prediction come true? We explore three empirical studies into dark market and answer three questions: (1) Is the supply of cybercrime-as-a-service increasing? (2) What factors predict who will be a successful dark market vendor? And: (3) How robust are the security practices of criminal vendors on dark markets? We conclude by reflecting on how these findings support more effective law enforcement actions against CaaS.
Professor Michel van Eeten is professor at Delft University of Technology and his chair focuses on the Governance of Cybersecurity. He studies the interplay between technological design and economic incentives in Internet security. His team analyses large-scale Internet measurement and incident data to identify how the markets for Internet services deal with security risks. He has conducted empirical studies funded by NWO, the ITU, the OECD, the Department of Homeland Security, the European Commission, the Dutch National Police, the General Intelligence and Security Service, Fox-IT, banks, and various ministries within the Dutch government. Topics range from botnet mitigation, threat intelligence and abuse reporting, network measurements, information sharing, security metrics, to cybercrime markets.
Invited Talks #1
Professor Raylin Tso, National Chengchi University
Implicit Certificates and Their Extended Applications
In public key infrastructure, a certificate establishes a cryptographic binding between a user and her/his public key. Certificates can be divided into two types: explicit certificates and implicit certificates. In this talk, we will focus on the type of implicit certificates. We will first use elliptic curve Qu–Vanstone implicit certificate scheme (ECQV) as an example to show the advantages of implicit certificates and its use cases. Then, based on ECQV, we will introduce how to extend ECQV certificates into new certificates with different public/private key pairs. Two types of extensions will be introduced in this talk. The first type, called M-ECQV I, allows an ECQV holder to generate multiple new key pairs based on the original ECQV certificate. There is no restriction on the user of the new key pairs and it may be a problem in some applications. To address this problem, we introduce M-ECQV II. M-ECQV II guarantees that all the new generated key pairs are belonging to and used by the original ECQV holder. We will show how the two schemes can be used in IoT and blockchain applications. Security proofs and performance will also be discussed at this talk.
RAYLIN TSO is currently the Distinguished Professor in the Department of Computer Science, National Chengchi University, Taiwan. He obtained his B.Eng. degree from National Tsing Hua University, Taiwan, in 1995. He received his M.Eng. and PhD degrees in Systems and Information Engineering from Tsukuba University, Japan, in 2004 and 2006, respectively. He has authored or co-authored over 200 papers in referred journals and conferences in the area of information security. His research interests are mainly in the areas of applied cryptography, PQC, FinTech security, privacy preserving data analysis, and blockchain technology. Raylin Tso has received many academic awards including, IPSJ Digital Courier Award for Young Researcher (2006), Dean’s Award of the Graduate School of Systems and Information Engineering, University of Tsukuba, Japan (2006), Research Award of College of Science (NCCU) for Early Career Researchers (2015) and Award of WITC 2015 Outstanding Researcher (2015). He has served as the Executive Editor of Internal Journal of Information and Computer Security until 2020 and currently served as the Associate Editor of the Journal of Information Science and Engineering.
Invited Talks #2
Professor Chen Yang, Beijing Institute of Technology
Cloud-Edge-End Computing with Security Challenges
In this talk, we mainly introduce how the collaboration and synergy of cloud, edge, and device computing paradigms is essential to support various computational and industrial applications. First, we present the cloud-edge-device computational framework in the Internet of Things and several industrial applications. Second, we analyze the cloud-edge-device collaborative deep learning mechanisms for decision-making from the perspectives of model, computing power, data and operation modes. Third, we point out the security challenges in Cloud-Edge-End Computing framework for further study and investigation.
Chen Yang, Tenured Associate Professor, Doctoral Supervisor, with the School of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing, China. He has published more than 30 SCI papers, acts as a principal investigator of the National Key R&D Program, an Associate Editor of IET CIM, and an editorial board member of JMS. He received CSCWD 2023 Best Application Paper Award and was ranked as the World’s Top 2% most-cited scientists (2022) by Stanford University. His research interests include Cloud-edge-device Computing, Industrial IoT, and Secure Artificial Intelligence System.
Invited Talks #3
Professor Kouichi SAKURAI, Kyushu University (also with ATR)
Power and limitations of cryptography for securing non-fungible tokens
We discuss possible applications and limitations of NFTs (Non Fungible Tokens), which is a non-fungible digital token that records ownership certificates on the blockchain on unique and irreplaceable digital assets such as art, music, and collector's items, and gives them unique value. NFT s are now attracting attention as a technology that creates new trading markets and businesses. Whereas, in contrast to NFT, digital tokens of substitutable assets such as virtual currencies and security tokens are called FTs (Fungible Tokens). This talk investigates technical issues of NFT, especially on its trust and security from the view of cryptographic points. The speaker has been studied e-provenance from the last 20 years, which was before blockchain, and reports what is new of NFT comparing to e-provenance from technical perspective.
Dr. Kouichi Sakurai is a Full Professor in the Department of Informatics at Kyushu University. Dr. Sakurai directs the Laboratory for Information Technology and Multimedia Security and he is working also with CyberSecurity Center. He had been working also with the Institute of Systems & Information Technologies and Nanotechnologies, as the chief of Information Security laboratory, for promoting research cooporations among the industry, university and government under the theme "Enhancing IT-security in social systems". He has been successful in generating such cooperation between Japan, China and Korea for security technologies as the leader of a Cooperative International Research Project supported by the National Institute of Information and Communications Technology (NICT) during 2005-2006. Moreover, in March 2006, he established research cooporations under a Memorandum of Understanding in the field of information security with Professor Bimal Kumar Roy, the first time Japan has partnered with The Cryptology Research Society of India (CRSI). He is working also with Department of Advanced security of Advanced Telecommunications Research Institute International and was involved in a NEDO-SIP-project on supply chain security. Professor Sakurai has published more than 400 academic papers around cryptography and cybersecurity (See http://dblp.uni-trier.de/db/indices/a-tree/s/Sakurai:Kouichi.html)