Keynotes

Main Conference Keynotes

Malicious Cryptography: Repurposing Cryptographic Mechanisms for Unintended Tasks
Moti Yung (Google/Columbia University)

Abstract: Since the mid 1970s till mid 1990s, foundations of Cryptography and its initial adoption in practice (defining, constructing, proving/ or showing them secure, and implementing practical systems based on it).
Around then, in my own research, I realized that a young field of about 20 years is just moving smoothly and speedily into its full success and it cannot be done without any criticism or scrutiny!
Since cryptography is an area where specifications are implemented, the question that needed an answer is the following: When logic is implemented in a programming language, there are side effects in the implementation that do not appear in the specification(!) Hence what are the side effects of Cryptographic Implementations. This thought gave rise to “Malicious (or Repurposed) Cryptography” where the application, use, or added goals can be shown to be a side effect of the implemented systems.

This, over the years gave rise to: Kleptography (i.e., ransomware attacks), Subverted Cryptosystems (Kleptography), and more recently to “Anamorphic Encryption”. I will start with the “pre-history” of the area (subliminal channels, escrow encryption) and will then cover examples of its development over the last 30 years.

About the speaker: Dr. Moti Yung is a Distinguished Research Scientist with Google and an Adjunct Senior research Research Faculty at Columbia University. He got his PhD from Columbia University in 1988. Previously, he was with IBM Research, Certco, RSA Laboratories, and Snap. Yung is a fellow of the IEEE, the ACM, the International Association for Cryptologic Research (IACR), and the European Association for Theoretical Computer Science (EATCS). Among his awards is the IEEE-CS W. Wallace McDowell Award and the IEEE-CS Computer Pioneer Award, the ACM SIGSAC outstanding innovation award, the IEEE 2006 Innovation in Societal Infrastructure Award, as well as a number of test-of-time awards and industry awards. Yung is a member of the American Academy of Arts and Sciences.

The Double-Edged Sword of Facial and Voice Recognition: Analyzing Risks and Solutions
Wenyuan Xu (Zhejiang University)

Abstract: The proliferation of facial recognition and voiceprint verification offer compelling convenience for personal identity verification yet introduce potential vulnerabilities. This keynote explores the evolving threat landscape associated with these biometric systems. To assess their security, we analyze the unique signal processing characteristics of facial images and speech signals, evaluating the robustness of voiceprints and faceprints against sophisticated attacks. Our findings reveal that risks permeate the entire lifecycle of biometrics, extending beyond the initial enrollment phase to include ongoing authentication processes. To address these challenges, a comprehensive set of practical countermeasures is necessary to enhance the security of biometric identities. For instance, the problem of oversensing arises, wherein general-purpose sensors collect more biometric information than applications require, thereby raising significant privacy concerns. We propose the development of privacy-savvy sensors that limit the amount of information gathered, and we will discuss future directions for exploration in this field.

About the speaker: Wenyuan Xu is a professor in the College of Electrical Engineering at Zhejiang University, where she also serves as the Chair of the Systems Science and Engineering Department. Previously, she held the positions of Associate Professor in the Department of Computer Science and Engineering at the University of South Carolina. Her research primarily focuses on IoT security, specifically in the realm of analog cybersecurity. She has received the NSF Career Award, the Best Paper Award at ACM CCS in 2017, an ACM AsiaCCS Best Paper Award in 2018, and a Distinguished Paper Award at NDSS 2025. Additionally, she contributes to the academic community as an Associate Editor for the IEEE Transactions on Mobile Computing and co-chaired NDSS 2022-2023 and USENIX Security 2024.

virtCCA and CoDA: An Industrial Practice in Advancing AI Confidential Computing on ARM Platforms
Yier Jin (Huawei)

Abstract: The rapid advancement of artificial intelligence (AI), especially the recent trend of LLM development, has fundamentally transformed computing infrastructure, shifting from a traditional CPU-centric architecture to a GPU/NPU-centric paradigm. As a result, the focus of confidential computing-which ensures data security and privacy during processing-has also evolved. No longer confined to CPU-bound environments, confidential computing now extends to heterogeneous computing systems that integrated not only CPUs but also devices such as AI accelerators. This shift necessitates new security frameworks to protect sensitive data across diverse processing units, ensuring end-to-end security in AI-drive, multi-accelerator environments.
Expanding Trusted Execution Environments (TEEs) from CPUs to devices can be achieved through various methods, with device assignment emerging as a promising approach that delivers high performance without compromising security. This technique, proposed by ARM, is associated with ARM’s latest Confidential Compute Architecture (CCA) with the hardware support of TEE Device Interface Security Protocol (TDISP), restricting compatibility with legacy devices.
In this talk, we will present an industry-driven solution to overcome these challenges and enable confidential computing for AI paradigm. We first introduce virtCCA, an innovative implementation of the ARM CCA software stack leveraging ARM TrustZone Secure-EL2. Next, we detail the design and implementation of device assignment in virtCCA, which extends support to both modern and legacy PCIe devices within CVMs. This is made possible through Confidential Device Assignment (CoDA), enabled by a dedicated hardware component called the PCI Protection Controller (PCIPC). Our experiments on various devices including NVMe, NIC, GPU and NPU workloads demonstrate that CVMs achieve I/O performance comparable to normal VMs.

About the speaker: Yier Jin is the Chief Scientist on Trusted Computing in Huawei. He is an adjunct professor in the University of Science and Technology of China (USTC). He was the Endowed IoT Term Professor in the Warren B. Nelms Institute for the Connected World in the University of Florida (UF). He received his PhD degree in Electrical Engineering in 2012 from Yale University after he got the B.S. and M.S. degrees in Electrical Engineering from Zhejiang University, China, in 2005 and 2007, respectively.
His research focuses on the areas of trusted computing, hardware security, trusted hardware intellectual property (IP) cores and AI infrastructure security. Dr. Jin is a recipient of the DoE Early CAREER Award in 2016 and ONR Young Investigator Award in 2019. He received Best Paper Award at DAC’15, ASP-DAC’16, HOST’17, ACM TODAES’18, GLSVLSI’18, DATE’19, AsianHOST’20, IEEE S&P’22, and ACM CCS’23. He was the IEEE Council on Electronic Design Automation (CEDA) Distinguished Lecturer.