---Keynote Talks---
Liqun Chen, University of Surrey, UK
Title: Post-Quantum Group-Oriented Anonymous Signatures from Symmetric Primitives
Abstract: Group-oriented anonymous digital signatures, including group signatures, direct anonymous attestation (DAA) and enhanced privacy ID (EPID), have become important cryptographic primitives in information and communications security. Schemes using RSA and elliptic curve cryptography have been integrated into real-world applications and international standards. However, these standardised schemes are insecure against quantum attackers. Research into post-quantum (PQ) anonymous signatures has led to several schemes across various PQ cryptographic families. In this talk, we will focus on designing anonymous signature schemes based on symmetric techniques. For instance, we utilise a hash-based signature as a group membership credential. An anonymous signature is a non-interactive zero-knowledge proof of such a credential. We will also discuss robust design, strong security properties and efficient performance, particularly in relation to accommodating large group sizes, which is essential for rapidly developing applications.
Short Bio: Liqun Chen is a Professor in Secure Systems at the University of Surrey. Before taking up this position in 2016, she was a principal research scientist at Hewlett-Packard Laboratories in Bristol, UK. Her 19 years working for the company led to 79 granted US patents. She developed several cryptographic schemes that were adopted by international standards bodies, such as ISO/IEC, IEEE and TCG (Trusted Computing Group). Notably, she co-designed several cryptographic algorithms, including direct anonymous attestation, which are used in the Trusted Platform Module (TPM). She was the technical leader and principal investigator in the EU H2020 FutureTPM project, which identified and developed algorithms for a TPM that would be secure against quantum computer attacks. Additionally, she has served as a principal investigator in six other EU Horizon projects that utilise post-quantum cryptography, trusted computing and distributed ledger technologies to achieve security, privacy and trust in real-world applications. She has acted as an editor or co-editor for 11 ISO/IEC documents and assisted with TCG's TPM specifications. Her current research interests include applied cryptography, post-quantum cryptography, trusted computing, and security standardisation.
Sokratis Katsikas, Norwegian University of Science and Technology, Norway
Title: Cyber Ranges and Cyber-Physical Ranges: Progress, Potential, and Future Directions
Abstract: A Cyber Range (CR) serves as a specialized environment designed to provide dedicated testbeds and infrastructures for executing immersive training scenarios. Its primary goal is to enhance cybersecurity knowledge among security practitioners and awareness among non-security professionals and the public, while offering a hands-on learning experience for trainees. Over time, CRs have become an indispensable tool, offering a multifaceted approach to strengthening cybersecurity postures. On the other hand, Cyber-Physical Systems (CPSs) are advanced, intelligent systems that integrate physical processes with computational elements. These encompass diverse applications such as smart grids, autonomous vehicles, medical devices, process control systems, and autopilot avionics. As a fundamental pillar of Industry 4.0, CPSs drive the convergence of formerly distinct operational technology and modern information systems. Within this evolving technological landscape, Cyber-Physical Ranges (C-PRs) have emerged as an innovative and cost-effective solution that enable researchers and practitioners to explore vulnerabilities and devise robust defense mechanisms—without compromising real-world systems. This talk will first introduce a comprehensive taxonomy of CR systems, followed by an analysis of existing literature focusing on architecture, scenario development, capabilities, roles, tools, and evaluation criteria. Subsequently, we will present a fine-grained reference architecture for CRs, built upon a rigorous three-step methodology. Additionally, we will propose an evaluation framework that quantifies the alignment of a CR with state-of-the-art practices, offering a standardized method to identify optimal components for implementing the structural, functional, and informational facets of a CR. Finally, we will explore the latest advancements in C-PRs through real-world case studies, uncovering the challenges associated with designing, deploying, and managing these environments. We will also discuss their seamless integration with emerging technologies, illustrating their pivotal role in the future of cybersecurity research and innovation.
Short Bio: Sokratis K. Katsikas was born in Athens, Greece, in 1960. He is the Director of the Norwegian Centre for Cybersecurity in Critical Sectors and Professor with the Department of Information Security and Communication Technology, Norwegian University of Science and Technology. He is also Professor Emeritus of the Department of Digital Systems, University of Piraeus, Greece, and Member of the Board of the University of Patras, Greece. In 2019 he was awarded a Doctorate Honoris Causa from the Department of Production and Management Engineering, Democritus University of Thrace, Greece. In May-June 2023 he served as Minister of Digital Governance in the interim (caretaking) government of the Hellenic Republic. Among others, he has been the Rector of the Open University of Cyprus; the Rector and Vice-Rector of the University of the Aegean, Greece; President of the National Education Council of Greece; State Secretary of Telecommunications and Posts of the Hellenic Republic; Member of the Board of the Hellenic Authority for Communication Security and Privacy (ADAE); and Member of the Board of the Hellenic Authority for Higher Education (HAHE). In 2023 and in 2024 he was listed in the Stanford University list of the top 2% most cited scientists worldwide and in 2024 he was listed in the ScholarGPS Top Scholars list of the top 0.5% of all scholars worldwide. In 2025 he received the IEEE SMC TC on Homeland Security Research and Innovation Award. He has authored or co-authored more than 300 journal papers, book chapters and conference proceedings papers. He is serving on the editorial board of several scientific journals, he has co-authored/edited 52 books and conference proceedings and has served on/chaired the technical programme committee of more than 1000 international scientific conferences. He is a member of the Steering Committee of the ESORICS Conference (chair 2017-2023) and of several other international conferences and he is the Editor-in-Chief of the International Journal of Information Security (Springer).
Gene Tsudik, University of California, Irvine, USA
Title: Device Awareness and User Privacy in the IoT Ecosystem
Abstract: As many types of IoT devices worm their way into numerous settings in our daily lives, awareness of their presence and functionality becomes a source of major concern. Hidden IoT devices can snoop (via sensing) on unsuspecting nearby users, and impact the environment where unaware users are present, via actuation. This prompts, respectively, privacy and security/safety issues. The dangers of hidden IoT devices have been recognized and prior research suggested some means of mitigation, mostly based on traffic analysis or using specialized hardware to uncover devices. While such approaches are partially effective, there is currently no comprehensive approach to IoT device transparency. Prompted in part by recent privacy regulations (GDPR and CCPA), this work constructs a privacy-agile Root-of-Trust architecture for IoT devices called PAISA: Privacy-Agile IoT Sensing and Actuation. It guarantees timely and secure announcements of nearby IoT devices’ presence and capabilities. PAISA has two components: one on the IoT device that guarantees periodic announcements of its presence even if all device software is compromised, and the other on the user device, which captures and processes announcements. PAISA requires no hardware modifications; it uses a popular off-the-shelf Trusted Execution Environment (TEE) – ARM TrustZone. A follow-on work, DB-PAISA, complements PAISA by offering request-based discovery of IoT devices via BlueTooth. To demonstrate viability, both PAISA and DB-PAISA are available as open-source prototypes. We also address their security properties and performance factors.
Short Bio: Gene Tsudik is a Distinguished Professor of Computer Science at the University of California, Irvine (UCI). He obtained his PhD in Computer Science from USC in 1991. Before coming to UCI in 2000, he was at IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). His research interests include many topics in security, privacy and applied cryptography. Gene Tsudik is a Fulbright Scholar, a fellow of ACM, IEEE, AAAS, and IFIP, as well as a foreign member of Academia Europaea. From 2009 to 2015 he served as Editor-in-Chief of ACM TOPS. He was the recipient of the 2017 ACM SIGSAC Outstanding Contribution Award, the 2020 IFIP Jean-Claude Laprie Award,the 2023 ACM SIGSAC Outstanding Innovation Award, the 2024 NDSS Test-of-Time Award, and a 2024 Guggenheim Fellowship. He authored the first rhyming crypto-poem published as a refereed paper. He has no social media presence.