Date: 1-Jun (Sat) Time: 9:45am – 5:30pm Venue: HKU SPACE, ADC 304, 3/F, Admiralty Centre (海富中心), Admiralty Language: Cantonese Fee: FREE Register: https://bit.ly/pisajam2024reg (Open to the Public, Priority for PISA members)
Highlight
Let’s have a Security Jam! Securing Our Digital Frontiers: Empowering Minds, Protecting Data
Agenda: AM Session – Room ADC 304 [09:45-10:00] Check-in [10:00-10:15] PISA Chairman’s speech. [10:15-10:50] Topic 1 – A multifaceted security analysis of Enterprise Wi-Fi and VPNs – Prof. CHAU Sze Yiu, CUHK *Note [10:50-11:25] Topic 2 – AI Use Cases and Associated Risks in Banking – Mr. Chison Cai, Security participator in banking [11:25-12:00] Topic 3 – Hacking CCTV by changing time – Mr. Andy Kong, HKU PhD student [12:00-12:30] Topic 4 – Proactive Threat Hunting with ATT&CK – Mr. Frankie Li, Dragon Advance Tech [12:30] Lunch break
PM Track A – Room ADC 310 (Note: Bring your own laptop.) [14:15-14:30] Check-in [14:30-16:00] Proactive Threat Hunting with ATT&CK Hands-on Workshop – Mr. Frankie Li, Dragon Advance Tech *Readme [16:00-17:30] Lifehack guides for DevSecOps with Hands-on Exercise – Mr. Bill Ho, Palo Alto Networks Note: Limited to 20 seats. First come, first served.
PM Track B – Room ADC 203 (Note: Bring your own laptop.) [14:15-14:30] Check-in [14:30-17:30] Blue Team Defence Workshop: Web Vulnerability Detection and Response – Mr. Paul Chow, UDS Data Systems *Readme Note: Limited to 12 seats. First come, first served.
** If the preferred PM session is full when you do the registration, you can still attend as a walk-in and participate as an observer.
Gifts is ready for PISA JAM joiners
For any question, please send an email to info@pisa.org.hk or send a message via m.me/pisahkg to seek our support, thanks.
Date: 29-Apr (Mon) Time: 7:15pm – 8:30pm Venue: HKU SPACE, ADC 314, 3/F, Admiralty Centre (海富中心), Admiralty Language: Cantonese Fee: FREE Register: https://bit.ly/pisa240429 (PISA and supporting members only)
Highlight
Speaker: Professor Wing C. Lau, Department of Information Engineering and the Director of the Mobile Technologies Centre (MobiTeC), The Chinese University of Hong Kong.
Abstract: Mobile apps are embracing facial recognition technology to streamline the identity verification procedure for security-critical activities such as opening online bank accounts. To ensure the security of the system, liveness detection plays a vital role as an anti-spoofing component, verifying that a selfie provided is from a live individual. Emerging facial recognition companies offer convenient integration services through mobile Software Development Kits (SDKs) / libraries that are widely utilized by numerous apps in practice. By analyzing 18 mobile facial recognition SDKs in the market, we reveal the protocol design and implementation intricacies of various systems.
Our investigation leads to the discovery of several system security issues in over half of the libraries, predominantly linked to the liveness detection module. These vulnerabilities can be exploited for low-cost identity forgery attacks without relying on media synthesizing technologies like Deepfake. We scan over 18,000 apps from an app market and identify 800+ of them incorporating recognized facial recognition libraries, with over 100 million total downloads. More than half of the libraries under study exhibit weak security, with about 40% downstream mobile apps being affected. Our study emphasizes the importance of system security in mobile facial recognition services, as the practical impact can be on par with or even surpass the extensively studied Machine Learning-based attacks.
With this talk, we hope to draw the security community’s attention back on to the system security in the era of AI.
Biography: Wing C. Lau is a Professor in the Department of Information Engineering and the Director of the Mobile Technologies Centre (MobiTeC) at The Chinese University of Hong Kong. Wing received his B.S.(Eng) degree from the University of Hong Kong and M.S. and Ph.D. degrees in Electrical and Computer Engineering from the University of Texas at Austin. Before returning to academia, Wing worked in the US industry for a decade. He was a Member of the Technical Staff with the Performance Analysis Department, Bell Laboratories, Holmdel, New Jersey, where he conducted research in high-speed networking protocols and systems. Wing also had a stint with Qualcomm, San Diego, California where he designed the architecture and protocols for Next Generation Wireless services and actively contributed to their standardization in the Internet Engineering Task Force (IETF) and 3GPPs. Wing holds 19 U.S. patents and his research findings have culminated in more than 130 publications in major international conferences and journals. His recent research interests include: Security and Privacy of Online Social Networks, Single-Sign-On protocols and Mobile Payment Systems; Graph Neural Networks and their applications; Online Machine Learning algorithms; Resource allocation and Optimization for Cloud Computing/ Big Data Processing Systems; High-capacity Authenticated 2D barcodes. Dr. Lau is/ has been a Technical Program Committee member of ACM Sigmetrics, MobiHoc, IEEE INFOCOM, SECON, WiOpt, ICC, GLOBECOM, WCNC, VTC and the International Teletraffic Congress, etc. He also served as a Guest Editor for the Special Issue on High-speed Network Security of IEEE Journal of Selected Areas in Communications (JSAC). For their work on Single-Sign-On SDK security, Wing and his team received the Internet Defense Prize from USENIX and Facebook in 2018.
For any question, please send an email to info@pisa.org.hk or send a message via m.me/pisahkg to seek our support, thanks.
Highlight: The Tram Body Design Contest – “Together, We Create a Safe Cyberworld” (“the Contest”) is jointly organised by the Office of the Government Chief Information Officer, the Hong Kong Police Force and the Hong Kong Computer Emergency Response Team Coordination Centre. The Contest aims to arouse public awareness of cybersecurity, so as to prevent them from falling into online traps, and strengthen city-wide defence against cyberattacks. The winning entry may be adopted as a promotional advertisement displaying on trams.
Important Notice: PISA email service maintenance and upgrade
Dear PISA members,
We would like to inform you about an upcoming maintenance and upgrade of our email service. On 29th December, 18:00 - 22:00 HKT, our email service will undergo scheduled maintenance, which will result in a temporary termination of the service during the designated period.
This maintenance is crucial to ensure the continued reliability and optimal performance of our email platform. During the maintenance period, you will not be able to send or receive emails. We apologize for any inconvenience this may cause and kindly request your patience and understanding as we work to complete this important upgrade as quickly as possible.
We anticipate that the maintenance window will be from 18:00 HKT to 22:00 HKT. Please note that these times are approximate, and the duration may vary depending on the complexity of the upgrades and any unforeseen circumstances.
We apologize for any inconvenience caused by the temporary service interruption and appreciate your cooperation during this maintenance period. If you have any urgent inquiries or concerns, please don't hesitate to reach out to our support team at PISA WhatsApp Enquiry (https://bit.ly/pisawa) or Facebook Messager (https://m.me/pisahkg)
