The Joint Workshop on
CPS & IoT Security and Privacy

In conjunction with the
ACM Conference on Computer and Communications Security 2020

Background

The Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec) is the result of the merger of the Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC) and Workshop on the Internet of Things Security and Privacy (IoTS&P) previously organized annually in conjunction with ACM Conference on Computer and Communications Security.

Program

The Best Paper award winner for CPSIoTSec 2020 is:
Catch Me If You Can: An In-Depth Study of CVE Discovery Time and Inconsistencies for Managing Risks in Critical Infrastructures [Talk]

NEW! Table of contents available! [Link]

**<NEW [Nov. 9, 2020]!** **Zoom link available! Join the Workshop here:**
https://nyu.zoom.us/j/93222935467?pwd=SnJxcjhTSFpzTllvTlBVVzFYRlJidz09

All times are U.S. Eastern time.
Presenter’s names are marked by asterisks.

10:00-10:15
Opening Session

10:15-11:00
Keynote: Optimize Your Efforts: How to Tailor PhD Research to Real-World Needs – Industrial Perspective on Academic CPS/IoT Research, by Marina Krotofil

11:00-11:30
Breakout Session

11:30-13:00
Session 1: CPS&IoT Security
Session Chair: Charalambos Konstantinou

• [25 min] Towards a High-Fidelity Network Emulation of IEC 104 SCADA Systems [Talk]
  Luis Salazar*, Xi Qin, Neil Ortiz and Alvaro Cardenas

• [25 min] Hazard driven threat modelling for Cyber Physical Systems [Talk]
  Luca Maria Castiglione* and Emil C. Lupu

• [15 min] A Statistical Analysis Framework for ICS Process Datasets [Talk]
  Federico Turrin*, Alessandro Erba, Nils Ole Tippenhauer and Mauro Conti

• [15 min] Towards Robust Power Grid Attack Protection using LightGBM with Concept Drift Detection and Retraining [Talk]
  Anand Agrawal*, Marios Sazos, Michail Maniatakos and Ahmed Al Durra

13:00-14:00 Lunch break - Breakout session

14:00-15:30
Session 2: Real Case Studies and Demos
Session Chair: Avishai Wool

• [25 min] A (in)Secure-by-Design IoT Protocol: The ESP Touch Protocol and a Case Study Analysis from the Real Market [Talk]
  Giovanni Salzillo* and Massimiliano Rak

• [25 min] Catch Me If You Can: An In-Depth Study of CVE Discovery Time and Inconsistencies for Managing Risks in Critical Infrastructures
  [Talk]
  Richard J. Thomas*, Joe Gardiner, Tom Chothia, Awais Rashid, Emmanouil Samanis and Joshua Perrett

• [15 min] Privacy in the Mobile World: An Analysis of Bluetooth Contact Traces [Talk]
  Heng Zhang*, Amiya K. Maji and Saurabh Bagchi

• [10 min] DEMO: Gone in 20 Seconds - Overview of a Password Vulnerability in Siemens HMIs [Talk]
  Joseph Gardiner* and Awais Rashid

• [10 min] DEMO: Trustworthy Cyberphysical Energy Systems: Time-Delay Attacks in a Real-Time Co-Simulation Environment [Talk]
  Juan Ospina*, Ioannis Zografopoulos, XiaoRui Liu and Charalambos Konstantinou

15:30-16:00
Breakout Session

16:00-17:00
Session 3: CPS&IoT Robustness
Session Chair: Sibin Mohan

• [25 min] MAC-Layer Spoofing Detection and Prevention in IoT Systems: Randomized Moving Target Approach [Talk]
  Pooria Madani*, Natalija Vlajic and Shadi Sadeghpour

• [15 min] Skip to Secure: Securing Cyber-physical Control Loops with Intentionally Skipped Executions [Talk]
  Sunandan Adhikary*, Ipsita Koley, Saurav Kr. Ghosh, Sumana Ghosh, Soumyajit Dey and Debdeep Mukhopadhyay

• [15 min] Voice Command Fingerprinting with Locality Sensitive Hashes [Talk]
  Batyr Charyyev* and Mehmet Gunes

17:00-17:30
Closing Session - Best paper award announcement

Scope

The Joint Workshop on CPS&IoT Security and Privacy invites academia, industry, and governmental entities to submit:

• Original research papers on the security and privacy of CPS and IoT
• Systematization of Knowledge (SoK) papers on the security and privacy of CPS and IoT
• Demos (hands-on or videos) of testbeds/experiences of CPS and IoT security and privacy research

We seek submissions from multiple interdisciplinary backgrounds tackling security and privacy issues in CPS and IoT, including but not limited to:

• Mathematical foundations for secure CPS/IoT
• Control-theoretic approaches
• High assurance security architectures
• Security and resilience metrics
• Metrics and risk assessment approaches
• Identity and access management
• Privacy and trust
• Network security
• Game theory applied to CPS/IoT security
• Human factors, humans in the loop, and usable security
• Understanding dependencies among security, reliability and safety in CPS/IoT
• Economics of security and privacy
• Intrusion and anomaly detection
• Model-based security systems engineering
• Sensor and actuator attacks
• CPS/IoT malware analysis
• CPS/IoT firmware analysis
• Hardware-assisted CPS/IoT security

Also, of interest will be papers that can point the research community to new research directions, and those that can set research agendas and priorities in CPS/IoT security and privacy. There will be a best paper award. The best paper will be invited for extended paper submission to the Special Issue on Cyber-Physical System Security @ Cybersecurity (Springer), with a September 30th deadline.

Submission Guidelines

Submissions include long papers (12 pages) and short papers (6 pages).

Long papers include:

1. Original research on a CPS/IoT security and privacy topic
2. Systematization of Knowledge of CPS/IoT security and privacy

Short papers include:

1. Original preliminary research on a CPS/IoT security and privacy topic
2. Demos/interesting findings/insights on CPS/IoT security and privacy

Submitted papers can be up to 12 or 6 pages including appendices and references (except for SoK papers where references are excluded). Submissions must use the format defined by CCS (https://www.sigsac.org/ccs/CCS2020/call-for-papers.html). Only PDF files will be accepted. There is no requirement to anonymize the submissions; Authors may choose to submit anonymously or not. Accepted papers will be published by the ACM Press and/or the ACM Digital Library. Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Each accepted paper must be presented by a registered author. Submissions not meeting these guidelines risk immediate rejection. For questions about these policies, please contact the chairs.

Please submit your work at https://easychair.org/conferences/?conf=cpsiotsec2020

Important Dates

• NEW Title/Abstract Submission Deadline: July 23, 2020 (23:59 Anywhere on Earth time - HARD deadline)
• NEW PDF Update Deadline: July 27, 2020 (23:59 Anywhere on Earth time - HARD deadline)
• Notification of Acceptance/Rejection: August 24, 2020
• Camera Ready Papers Due: (hard deadline): September 2, 2020 (same as CCS)

Program Chairs

• Michail Maniatakos, New York University Abu Dhabi, UAE
• Yunqing Zhang, University of Chinese Academy of Sciences, China

Technical Program Committee

• Cristina Alcaraz, University of Malaga, Spain
• Magnus Almgren, Chalmers University, Sweden
• Gedare Bloom, University of Colorado, USA
• Rakesh Bobba, Oregon State University, USA
• Ferdinand Brasser, TU Darmstadt, Germany
• Chunjie Cao, Hainan University, China
• Alvaro Cardenas, UC Santa Cruz, USA
• Benhui Chen, Dali University, China
• Kai Chen, Institute of Information Engineering of CAS, China
• Yongkai Fan, Communication University of China, China
• Jingyu Feng, Xi’an University of Posts and Telecommunications, China
• Anmin Fu, Nanjing University of Science and Technology, China
• Ben Green, Lancaster University, UK
• Dawu Gu, Shanghai Jiao Tong University, China
• Le Guan, University of Georgia, USA
• Gerhard Hancke, City University of Hong Kong
• Charalambos Konstantinou, Florida State University, USA
• Marina Krotofil, Honeywell Industrial Cyber Security Lab, USA
• Hui Li, Xidian University, China
• Peng Liu, Pennsylvania State University, USA
• Yanxiao Liu, XI’AN University of Technology, China
• Xiaofeng Lu, Beijing University of Posts and Telecommunications, China
• Emil Lupu, Imperial College, UK
• Sibin Mohan, University of Illinois at Urbana-Champaign
• Habeeb Olufowobi, Howard University, USA
• Miroslav Pajic, Duke University, USA
• Awais Rashid, University of Bristol, UK
• Limin Sun, Institute of Information Engineering of CAS, China
• Gang Tan, Pennsylvania State University, USA
• Nils Ole Tippenhauer, CISPA Helmholtz Center for Information Security, Germany
• Nektarios Georgios Tsoutsos, University of Delaware, USA
• Claire Vishik, Intel, USA
• Avishai Wool, Tel Aviv University, Israel
• Min Yang, Fudan Fudan University
• Stefano Zanero, Politecnico di Milano, Italy
• Guanghua Zhang, Hebei University of Science and Technology, China
• Jianying Zhou, Singapore University of Technology and Design, Singapore
• Saman Zonouz, Rutgers University, USA

Steering Committee

• Rakesh Bobba, Oregon State University
• Alvaro Cardenas, University of California, Santa Cruz
• Peng Liu, Penn State University
• Sibin Mohan, University of Illinois at Urbana-Champaign
• Awais Rashid, University of Bristol
• Gang Tan, Penn State University
• Nils Ole Tippenhauer, CISPA
• Roshan Thomas, MITRE
• Yuqing Zhang, University of CAS

Web Chair

• Monowar Hasan, University of Illinois at Urbana-Champaign