To authors: Both regular and dataset/tool paper presentations would be 20 mins in total (including 5 mins Q&A).

To attendees: All times in the main program are in Western European Summer Time (UTC+01:00).

June 19 - June 20 - June 21

June 19

Room: Main Auditorium


08:00AM - 09:00AM

Welcome Session

08:40AM - 09:10AM

Keynote I

09:10AM - 10:10AM


The Encryption Debate: An Enduring Struggle

Bart Preneel (KU Leuven)


In the 1970s, there was suppression of cryptography research. In the US, intimidating letters were sent to researchers. In the EU, confidentiality protection was removed from the scope of a collaborative project (that then was called the RIPE project, RACE Integrity Primitives Evaluation). At EU level, this was only settled in the late 1990s. Strict export restrictions, and sometimes also import and usage restrictions, were put in place; the Wassenaar arrangement (1996) formalized those. There was never an open war, but there were quite some skirmishes in the background.

Short Bio

Prof. Bart Preneel is a full professor at the KU Leuven, where he leads the renowned COSIC research group, which has 100 members. With an extensive academic career, he has held visiting professor positions at five universities across Europe. His primary areas of expertise encompass cryptography, cybersecurity, and privacy. Prof. Preneel has been invited speaker at more than 150 conferences in 50 countries. He received the prestigious RSA Award for Excellence in the Field of Mathematics (2014), the ESORICS Outstanding Research Award (2017) and the Kristian Beckman award from IFIP TC11 (2016). He has served as president of the IACR (International Association for Cryptologic Research) and he is a fellow and Director of the IACR. Bart Preneel frequently consults for industry and government about cybersecurity and privacy technologies. His commitment to innovation extends to his roles as a co-founder and Board Member of the start-up nextAuth, a Board Member of the scale-up Approach Belgium, and an Advisory Board Member for Tioga Capital Partners and Nym Technologies. Additionally, Professor Preneel has actively participated in cybersecurity policy discussions, and is offering his expertise as a member of the Advisory Group for the European Union Agency for Cybersecurity (ENISA).

Coffee Break (20 Minutes)

10:10AM - 10:30AM

Session 1: Measuring Privacy & Security Deployments

10:30AM - 12:10PM

Estimating the Runtime and Global Network Traffic of SMPC Protocols
Andreas Klinger, Vincent Ehrmanntraut and Ulrike Meyer.
A Unified Time Series Analytics based Intrusion Detection Framework for CAN BUS Attacks
Maisha Maliha and Shameek Bhattacharjee.
Investigating TLS Version Downgrade in Enterprise Software
Ka Fun Tang, Ka Lok Wu and Sze Yiu Chau.
Examining Cryptography and Randomness Failures in Open-Source Cellular Cores
K. Virgil English, Nathaniel Bennett, Seaver Thorn, Kevin Butler, William Enck and Patrick Traynor.
Nothing Personal: Understanding the Theft, Spread, and Use of Personally Identifiable Information in the Financial Ecosystem
Mehrnoosh Zaeifi, Faezeh Kalantari, Adam Oest, Zhibo Sun, Gail-Joon Ahn, Yan Shoshitaishvili, Tiffany Bao, Ruoyu Wang and Adam Doupe.

Lunch (70 Minutes)

12:10PM - 01:20PM

Session 2: Network, IoT, & Embedded Security

01:20PM - 02:20PM

Leveraging Generative Models for Covert Messaging: Challenges and Tradeoffs for “Dead-Drop" Deployments
Luke Bauer, James K. Howes IV, Sam A. Markelon, Vincent Bindschaedler and Thomas Shrimpton.
CCSM: Building Cross-Cluster Security Models for Edge-Core Environments Involving Multiple Kubernetes Clusters
Mahmood Gholipourchoubeh, Hugo Kermabon-Bobinnec, Suryadipta Majumdar, Yosr Jarraya, Lingyu Wang, Boubakr Nour and Makan Pourzandi.
Process-Aware Intrusion Detection in MQTT Networks
Philip Empl, Fabian Böhm and Günther Pernul.

Break (30 Minutes)

02:20PM - 02:50PM

Session 3: Security of Cryptographic Protocols and Implementations

02:50PM - 03:50PM

Accelerating Performance of Bilinear Map Cryptography using FPGA
Andrei Ouatu, Gabriel Ghinita and Razvan Rughinis.
Exploiting Update Leakage in Searchable Symmetric Encryption
Jacob Haltiwanger and Thang Hoang.
The Avg-Act Swap and Plaintext Overflow Detection in Fully Homomorphic Operations Over Deep Circuits
Ihyun Nam.

Awards Ceremony (40 Minutes)

03:50PM - 04:30PM

Coffee Break & Poster Session

04:30PM - 05:30PM

Networking Reception and Musical Event

06:00PM - 07:30PM

June 20

Room: Main Auditorium


08:30AM - 09:00AM

Keynote II

09:00AM - 10:00AM


Malware Research: History, Milestones, and Open Questions

Davide Balzarotti (Eurecom)


Researchers have worked on the analysis, detection, and classification of malicious software since the first early viruses in the 1980s. After more than 40 years of academic research and thousands of papers published on this topic, what have we learned about malware? Which problems and questions have attracted the interest of researchers? And for which of those did we find some answers so far? In this talk, I will go through some of these past achievements (shamelessly using some of my research as an example) and discuss past findings as well as open questions for the future.

Short Bio

Davide Balzarotti is a full Professor and the head of the Digital Security Department at EURECOM. He received his Ph.D. from Politecnico di Milano in 2006 and his research interests include most aspects of software and system security and in particular the areas of binary and malware analysis, fuzzing and vulnerability discovery, computer forensics, and web security. Davide authored more than 100 publications in leading conferences and journals. He has been the Program Chair Usenix Security 2024, ACSAC 2017, RAID 2012, and Eurosec 2014. Davide received in an ERC Consolidator and an ERC PoC Grants for his research in the analysis of compromised systems. Davide is also member of the "Order of the Overflow" team, which organized the DEF CON CTF competition between 2018 and 2021.

Coffee Break (30 Minutes)

10:00AM - 10:30AM

Session 4: Data Privacy & Privacy in Computation I

10:30AM - 11:50AM

CoCoT: Collaborative Contact Tracing
Trevor Kann, Lujo Bauer and Robert Cunningham.
Understanding Information Disclosure from Secure Computation Output: A Study of Average Salary Computation
Alessandro Baccarini, Marina Blanton and Shaofeng Zou.
Crypto’Graph: Leveraging Privacy-Preserving Distributed Link Prediction for Robust Graph Learning
Zelma Aubin Birba, Marc-Olivier Killijian, Sébastien Gambs and Sofiane Azogagh.
Stop Stealing My Data: Sanitizing Stego Channels in 3D Printing Design Files
Aleksandr Dolgavin, Mark Yampolskiy and Moti Yung.

Lunch (80 Minutes)

11:50AM - 01:10PM

Session 5: Data Privacy & Privacy in Computation II

01:10PM - 02:10PM

From Theory to Comprehension: A Comparative Study of Differential Privacy and k-Anonymity
Saskia Nuñez von Voigt, Luise Mehner and Florian Tschorsch.
Precision Guided Approach to Mitigate Data Poisoning Attacks in Federated Learning
Naveen Kumar K, Krishna Mohan C and Aravind Machiry.
Coherent Multi-Table Data Synthesis for Tabular and Time-Series Data with GANs
Clement Elliker, Emeric Tonnelier and Aymen Shabou.

Break (10 Minutes)

02:10PM - 02:20PM

Session 6: Web & Mobile Application Security

02:20PM - 03:40PM

Risky Cohabitation: Understanding and Addressing Over-privilege Risks of Commodity Application Virtualization Platforms in Android
Shou-Ching Hsiao, Shih-Wei Li and Hsu-Chun Hsiao.
FSPDE: A Full Stack Plausibly Deniable Encryption System for Mobile Devices
Jinghui Liao, Niusen Chen, Lichen Xia, Bo Chen and Weisong Shi.
Automating Key Fingerprint Comparisons in Secure Mobile Messaging Apps: A Case Study of Signal
Mashari Alatawi and Nitesh Saxena.
(Dataset/Tool) Smishing Dataset I: Phishing SMS Dataset from
Daniel Timko and Muhammad Lutfor Rahman.

Coffee Break (20 Minutes)

03:40PM - 04:10PM

Session 7: Data Privacy & Privacy in Computation III

04:10PM - 05:10PM

Re-pseudonymization strategies for smart-meter are not robust to deep learning-based profiling attacks
Ana-Maria Cretu, Miruna Rusu and Yves-Alexandre de Montjoye.
Towards Accurate and Stronger Local Differential Privacy for Federated Learning with Staircase Randomized Response
Matta Varun, Shuya Feng, Han Wang, Shamik Sural and Yuan Hong.
(Dataset/Tool) Privkit: A Toolkit of Privacy-Preserving Mechanisms for Heterogeneous Data Types
Mariana Cunha, Guilherme Duarte, Ricardo Andrade, Ricardo Mendes and João P. Vilela.

Social event: gala dinner on a cruise at Douro river (with bus transportation at 6.00 PM from the conference site and back)

07:00PM - 10:00PM

June 21

Room: Main Auditorium


08:30AM - 09:00AM

Session 8: Attack & Malware

09:00AM - 10:20AM

AutoRed: Automating Red Team Assessment via Strategic Thinking Using Reinforcement Learning
Kento Hasegawa, Seira Hidano and Kazuhide Fukushima.
CrashTalk: Automated Generation of Precise, Human Readable, Descriptions of Software Security Bugs
Kedrian James, Kevin Valakuzhy, Kevin Snow and Fabian Monrose.
TIPCE: A Longitudinal Threat Intelligence Platform Comprehensiveness Analysis
Kiavash Satvat, Rigel Gjomemo and Vn Venkatakrishnan.
(Dataset/Tool) WikiPhish: A Diverse Wikipedia-Based Dataset for Phishing Website Detection
Gabriel Loiseau, Valentin Lefils, Maxime Meyer and Damien Riquet.

Coffee Break (30 Minutes)

10:20AM - 10:50AM

Session 9: Secure Access Control & Privacy Preserving Authentication

10:50AM - 12:10PM

Privacy Preserving Biometric Authentication
Marina Blanton and Dennis Murphy.
Remote Registration of Multiple Authenticators
Yongqi Wang, Thalia Laing, José Moreira and Mark D. Ryan.
SLIM-View: Sampling and Private Publishing of Multidimensional Databases
Ala Eddine Laouir and Abdessamad Imine.
Mining Domain-Based Policies
Si Zhang and Philip W.L. Fong.

Closing Remarks & Lunch