Los Fuzzys @ StreeTech 2021

Los Fuzzys, an IAIK-supported team of students, pupils and professionals alike, presented their ideas at this year’s online TU Graz StreeTech. Anyone who was interested had the opportunity to partake at IT security challenges, a Capture the Flag event, beginner tutorials, and had the chance to ask questions.
To find out more, click on the links on the right.

360°certification for Artificial Intelligence you can trust

New strategic partnership among Austrian experts for trustworthy and secure AI applications.

In Styria a new initiative is emerging to develop efficient and independent test methods and testing technologies for AI systems. This involves the Know-Center, a leading European research center for Data-driven business and AI, the SGS Group, the world’s leading provider of testing, verification and certification and the Institute for Information Processing and Communication Technology of Graz University of Technology, one of the leading cybersecurity research teams. Ethical and legal aspects are introduced via the Business Analytics and Data Science Center at University of Graz and Austria’s Center for Secure Information Technology (A-SIT) accompanies the activities as a neutral observer.

 

Trust as prerequisite for AI applications

“The potential of AI in Europe will only be exploited if the trustworthiness of data handling as well as fair, reliable and secure algorithms can be demonstrated. With a 360° perspective, we want to ensure that AI applications function in a technically compliant, reliable and unbiased manner. The focus is on all areas that are essential for the high quality and trustworthiness of AI: data, algorithms, cybersecurity, processes, ethics and law”, explains Stefanie Lindstaedt, CEO of the Know-Center.

Barbara Eibinger-Miedl, Provincial Councilor of Economic Affairs and Research welcomes the initiative: “Trustworthy AI systems and a high level of data protection are essential to reduce barriers when it comes to the use of AI applications. We are pleased the global corporation SGS is relying on Styrian know-how in this regard, which is a confirmation of the excellent work provided by the stakeholders involved. In Styria we have succeeded in building up comprehensive competencies in this field and have taken on a global pioneering role by numerous research projects and digitization initiatives.”

Independent testing and certification of AI solutions

Currently, AI is one of the fastest growing topics. Most AI systems are data-driven, that is, they learn about desired behaviors from large amounts of data. This cutting-edge technology enables extraordinary innovation but, if not used properly, can have unintentional, negative effects, for example biases in human resource processes or unsafe recommendations by AI in the critical healthcare sector.

“A cornerstone of trust in AI is compliance with standards and regulations, demonstrated through conformity assessments, carried out by accredited third parties like SGS. In our partnership, we will develop new multi-disciplinary tools and techniques to enable these assessments, to include cybersecurity, safety and ethics as examples,” explains Siddi Wouters, Senior Vice President of Digital & Innovation at SGS, “which brings value to customers across the world.”

Cybercrime – a major challenge

Despite the enormous technological potential, the use of AI applications also involves uncertainties and risks. There are a variety of ways to attack AI systems. A major challenge in the evaluation of AI systems is therefore cybercrime. For example, a driverless vehicle could make fatal decisions if data processed by the AI system used in the vehicle is wrongly programmed by criminals.

“At this point conventional static testing is not sufficient. Research in terms of fundamentally new safety engineering concepts is needed to obtain continuous attestation of AI system’s resilience against cyberattacks. TU Graz introduces its expertise to the strategic partnership. For us, the initiative represents the logical deepening of an already successfully existing cooperation in the field of computer science, software engineering and cybersecurity with SGS, Know-Center and the University of Graz. In addition, it will benefit university research and teaching, which the new and current content will incorporate,” explains Harald Kainz, Rector of Graz University of Technology.

Increasing acceptance of AI applications

Despite increasing AI applications across all sectors of industry in recent years, companies are still feeling uncertain when it comes to data protection and legal requirements. The regulation on AI intended by the European Union could induce additional overburdening for companies and reduce or even prevent the adding value of AI. Overall, missing auditing certificates are one major barrier for AI adoption and reducing business potentials.

“Missing auditing procedures are one of the major adoption barriers for AI. It is not only a legal or compliance prerequisite it also leads to confidence-building and positively influences societal acceptance. Our studies in recruiting, e.g. show that people who are feeling discriminated, are most likely to prefer the assessment of their qualifications by AI in contrast to human recruiters. It particularly applies if carried out by certified AI applications with an explainability component,” Stefan Thalmann, Head of Business Analytics and Data Science Center at University Graz, states.

Herbert Leitold, Secretary General A-SIT also emphasizes: “The complex challenges of AI certification will be easier to accomplish by bundling a variety of expertise. Austria is on the right track by presenting providers and users of AI application with better orientation and certainty in regards to the quality of applications.”

Cooperation with further partners

Energie Steiermark AG, Leftshift One, NXP and Redwave will participate with use cases. The initiative is open to further partners from industry and science who are interested in working together on AI testing methods. Know-Center’s extensive international partner network also ensures cutting edge research, testing tools and the continuous further development of methods.

 

More information about the initiative: http://sichere-ki.at/en

Samuel Weiser graduates sub auspiciis praesidentis

On 23 June, IAIK graduate Samuel Weiser  has received his doctorate “sub auspiciis” at TU Graz. Along with two other TU graduates, Michael Kalcher and Thomas Ulz, he was awarded this highest honor in Austrian education, bestowed for exclusively top performances up to the doctorate.
The three graduates received honorary rings from govenor Hermann Schützenhöfer. 

In his dissertation, Samuel Weiser analysed so-called enclaves, special security technologies for computer processors that are able to protect sensitive programmes from malware and untrustworthy system operators.

Read the full article here (in German)

TU Graz: data register and data protection very well compatible

New encryption methods ensure the pooling of sensitive income and health data at a very high level of data protection. It is precisely for such cases that research has developed technologies that are ripe for practical use.
In the course of the current discussion about a planned data register for times of crisis such as pandemics, which is considered critical by data protection experts, cybersecurity expert Christian Rechberger from TU Graz is taking notice: “Pandemic management by means of merged income and health data is very much possible with the necessary level of data protection. Together with international colleagues, we have developed new cryptographic methods since the beginning of the pandemic that will be used for such applications, among others”.


Picture: © Lunghammer – TU Graz

Finalists in NIST Lightweight Crypto Competition

The US National Institute of Science and Technology (NIST) has announced the 10 finalists for the last round of the Lightweight Crypto (LWC) Competition.
The goal of this competition is to standardize a lightweight authenticated encryption algorithm suitable for constrained environments.
It started in 2019 with 56 Round-1 candidates and is expected to select a winner for standardization in 2022.

We are very proud that the finalists include all our 3 submissions:

  • Ascon, previously selected as primary choice for lightweight cryptography by the CAESAR committee, designed by Christoph Dobraunig, Maria Eichlseder, Florian Mendel, and Martin Schläffer

  • ISAP, a design with inherent robustness against certain implementation attacks, designed by Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Bart Mennink, Robert Primas, and Thomas Unterluggauer

  • Elephant, a parallel design by Tim Beyne, Yu Long Chen, Christoph Dobraunig, and Bart Mennink.

For the full list of 10 finalists, see NIST.

The title image shows a marine sponge, the namesake of the cryptographic sponge construction adapted in Ascon and ISAP.

More Privacy when Using WhatsApp, Signal and Co.

Cryptography experts at TU Graz, together with their colleagues at TU Darmstadt, have developed a privacy-protecting security software for mobile messaging services.


Find out more and read the full article HERE!

Picture © Lunghammer – TU Graz/TU Darmstadt

Podcast – Safe Reinforcement Learning via Shielding

Listen to the Technical AI Safety podcast on Safe Reinforcement Learning via Shielding with Bettina Könighofer of IAIK and Rüdiger Ehlers of Clausthal University of Technology, Germany.
More details on the episode can also be found here.

Best Paper Award at CANS 2020

We are happy to announce that the paper “An Attack on Some Signature Schemes Constructed from Five-Pass Identification Schemes” by Daniel Kales and Greg Zaverucha has won a Best Paper Award at the 19th International Conference on Cryptology and Network Security (CANS 2020). Check out the paper (eprint) and the presentation on YouTube.

IAIK Christmas Special 2020

The “IAIK Christmas Special” is a yearly unique show that reviews what happened in InfoSec in 2020 and showcases recent hacks and exploits. With 300-500 viewers in a packed lecture hall, it cannot take place offline this year – now it takes place online and we will make it a better and greater show than any year before.

We invited 5 InfoSec guests, a music live act, and of course, most importantly: exciting hacks, exploits, and demos.

This special lecture is part of the TU Graz SSD and InfoSec courses.

Join on Youtube!

Jakob Heher is awarded WKO research stipend

Jakob Heher is currently working on his master’s thesis on the security of online learning platforms, for which he has now received the WKO Forschungsstipendium 2020/21! The stipend will be awarded in an award ceremony in 2021. The WKO Steiermark annually awards 20 students, who are honoured with a grant of €2100 for the development of master’s theses with high economic relevance. Congratulations!

In his thesis, Jakob is investigating the security of several online learning platforms recommended for schools. These platforms are currently experiencing a sharp increase in users due to the COVID-19 pandemic. He has already reported several critical issues to software vendors in responsible disclosure processes.

Further details on the grant are provided by WKO.