Lotfi ben Othmane
Iowa State University, USA

Keynote : On the security of connected vehicles

Abstract: On newer vehicles, Electronic Control Units (ECUs) communicate using in-vehicle networks to control their behaviors. Several Intelligent Transportation Systems (ITS) applications that communicate with the in-vehicle network have been proposed and implemented to improve drivers experience and road safety. Examples of these applications include fleet management systems, cooperative adaptive cruise control, and autonomous cars. Unfortunately, these applications impact the security of the vehicles. We discuss in the talk the injection of messages into the in-vehicle networks. Then, we report about the results of a security analysis of a vehicle-to-vehicle (V2V) device and discuss the limitation of the threat modeling of autonomous vehicles. We report afterwards about our work on the use of machine learning to detect injection of speed and RPM readings messages in the in-vehicle network.

Bio: Dr. Lotfi ben Othmane is Teaching Assistant Professor at the Department of Electrical and Computer Engineering and is leading the Engineering Secure Smart Cyber-Physical Systems Lab at Iowa State University, Ames, Iowa. Previously, he was a Research Scientist and then Head of the Secure Software Engineering department at Fraunhofer SIT, Germany. Lotfi received his Ph.D. from Western Michigan University (WMU), USA, in 2010; the M.S. in computer science from University of Sherbrooke, Canada, in 2000; and the B.S in information systems from University of Economics and Management of Sfax, Tunisia, in 1995. He works on software security for cyber-physical systems. Dr. Ben Othmane is an IEEE Cybersecurity Ambassador.

Takoua Abdellatif
University of Sousse, Tunisia

Keynote : : GDPR compliance in IoT systems

Abstract: General Data Protection Regulation (GDPR) targets personal data protection of the European Union citizens with a strong input on the rights of people to control their data. Current GDPR implementations are ad-hoc and are still challenging in scalable and heterogeneous systems like Internet of Things (IoT). Indeed, the majority of connected devices fail to adequately explain to customers how their personal data is processed. Furthermore, IoT services involve significantly more parties than traditional services (for example, sensor manufacturers, IoT operating systems vendors, IoT software vendors, mobile operators, third party applications’ developers). Concepts of transparency, fairness, purpose limitation, data minimization, data accuracy and the ability to deliver on data subject rights should be provided bydesign in IoT systems. All of these features should be documented and evidenced as part of the GDPR principle of Accountability. This talk presents the main challenges for implementing and verifying GDPR compliance in IoT. It also presents state of the art in the domain and illustrates some recent approaches in modern IoT applications.

Bio: Takoua Abdellatif is currently associate professor at the University of Sousse in Tunisia. She is leading a research group called 3S (Secure and Scalable Systems) at SERCOM laboratory in Polytechnic School of Tunisia. Her team is currently working in many projects related to data protection and IoT systems such as surveillance systems, smart agriculture and smart grids. She collaborates with many IT companies like Proxym Group and Euranova to work on Big Data Analytics and GDPR compliance. Takoua is graduated from ENSIMAG engineering school in France in 1998.She obtained her PHD in Distributed Computing from INPG (Grenoble) and her HDR from Carthage University (Tunisia). Before joining Sousse University as associate professor since 2007, she worked for 5 years as R&D engineer in Hewlett Packard (HP) and as research engineer in Bull SA during 3 years in Grenoble (France). She is certified as BIG Data instructor from IBM.