Prof. Srdjan Capkun

Srdjan Capkun has been an Assistant Professor for System and Network Security at the Department of Computer Science at ETH Zurich since September 2006. He got the Dipl. Ing. Degree in Electrical Engineering/Computer Science from the University of Split, Croatia, in 1998. After obtaining the Ph.D. degree in Communication Systems from EPFL in 2004, he worked as a postdoctoral researcher in the Networked & Embedded Systems Laboratory (NESL), University of California Los Angeles. From August 2005 till September 2006 he was an Assistant Professor in the Informatics and Mathematical Modeling Department (IMM), Technical University of Denmark (DTU). An interview with Katja Abrahams.

July 2007

Your research area includes security protocols for wireless and wireline networks. What does that actually mean?

Our main research focus is the following: we take existing security protocols, analyze them, find attacks, and propose countermeasures; we further design protocols for new emerging networks and systems, such as all-wireless (e.g., ad-hoc), pervasive and sensor networks. These wireless networks have broad applications; they are currently heavily used in military applications, but are, in the recent years strongly becoming present in civilian applications as well (e.g., for environmental monitoring: early detection of avalanches, quality of air detection, etc). Our goal is to secure protocols for those networks, starting from data and location privacy to the security of basic networking and system functions. Current research projects of our System Security Group include secure localization and location privacy, secure time synchronization, device identification, anti-jamming communication and the development of new authentication mechanisms for wireless networks with a strong focus on usability and security.

How important will wireless communication become in the future and where will it be used?

The future is bright and gray at the same time. It brings a lot of exciting opportunities and new technologies but accompanied with a high potential for misuse. Our every-day-life will certainly change: (wireless) networks will be deployed in our cars and houses, along the roads, monitoring critical infrastructures and facilities and will be used to facilitate our lives, but will also be used for our security and protection. Wireless networks will bring more convenience to our lives, but convenience comes with associated risks. If mobile robots/sensors/tags/vehicles sense our environment, communicate, coordinate and act in our environment, we have to be absolutely sure that they cannot be misused. If such misuses range from common theft to terrorism, the stakes are potentially high. Therefore, besides focusing on performance and user experience, future networks have to be properly designed from the start to provide highest security where and when necessary. A posteriori patching is neither efficient nor effective. This, we can witness today through all the problems that the Internet is facing due to its (initial) security-agnostic design.

Why is wireless technology currently so vulnerable to attacks?

It is vulnerable to attacks because everything is "in the air". If you throw a bunch of feathers out of a bag into the air, a lot of people can catch them. However, if you push them through a tube, only the person at the other end of the tube will be able to get them. This example gives you an idea about why wireless networks are so accessible to everybody. Who ever is around and has a good antenna can start interacting with your network, be it a sensor network in your kitchen or one doing military surveillance. If you have wires, you are safer because somebody would have to physically enter your building to have access to your network. Unfortunately, we cannot use wires for the large distributed networks that we need, especially for mobile networks. Therefore, manipulations and blocking (jamming) of the signals you transmit are possible, affecting not only the content of messages but also the properties of the transmitted signals (e.g., their strength).

In your inaugural lecture you pointed out that your research group developed SecNav, a secure localization system, to prevent attacks. How does it work?

SecNav is a secure localization and time synchronization system we developed, enabling people holding a wireless device to be sure about the location of the device, in the presence of the attacker. SecNav is based on the idea that certain wireless signals cannot be "removed from the air". Based on this observation, we developed a method called integrity coding which detects attackers trying to modify the localization signal. We encode different elements of the signal in such a way that it is possible to notice whether the attacker added elements to it. This prevents the attacker to falsify transmitted data and signals without being detected.

SecNav is only one of the secure localization and time synchronization proposals that we developed. Others can be found on our project pages (http://www.securelocalization.com).

Which courses will you teach next semester?

Next fall semester I will teach a course called Security of Wireless Networks. The course is a mix between more traditional topics and latest research results in this field and covers all aspects of wireless network security from WiFi and cellular networks to new technologies, such as sensor networks and radio frequency identifiers. In the spring semester, I will also teach in the System Security course; this year, we partially revised this course to include more aspects related to hardware security (smartcards, crypto-processors, etc). We now intend to introduce practical exercises related to this part of the course – we are hoping to show to the students what kind of attacks they can launch using oscilloscopes, some probing equipment (and a bit of imagination).

All students with interest in security should also check our Information Security Master track webpage – we currently offer 13 courses related to information security here at ETH. What we offer is probably one of the most comprehensive information security programs in the world. In this program we also rely on a number of researchers from industrial research labs; this collaboration enriches and strengthens our program. Within our Zurich Information Security Center (ZISC) (http://www.zisc.ethz.ch) we also provide public lectures and organize workshops; this enables students, researchers and industry to get further insight into this field. This year, on 27 and 28 September, ZISC will be hosting a workshop on Wireless Security.

What do you like about teaching?

What I like most about teaching is interaction. When presented topics provoke new questions and new questions lead to new ideas – that is simply amazing. The research-based education is therefore very rewarding. It is a very enriching experience from which both students and teachers benefit.

Why did you become a computer scientist?

I studied Electrical Engineering and Computer Science in Split, Croatia. Both gave me the opportunity to develop ideas and to build systems. That is also why I chose to do research. It is very fulfilling to have the freedom to express yourself, to free your mind and explore something new. You can experiment until you get relevant results and then you can "reveal them to the world" for evaluation. That is a very creative process which makes you feel a bit like an artist! There are a lot of research ideas floating around and you can find interesting solutions to difficult problems. Moreover, you meet very knowledgeable and inspiring people. For me research is the best profession in the world!

Is there anything special you would like to say to our students or future students?

To all our current and future students I would say to make the best of this excellent research and educational environment that our department and ETH provide. If you are studying here, feel free to explore, contact teachers, their assistants - experiment and learn. That is the beauty of CS – it is easy to experiment. Computer Science is an excitingly broad field and it has repeatedly revolutionized our society in all its segments – and it will continue to do so. From security to visual computing to bio-informatics, to ..., CS has certainly a lot to offer no matter what you want to do after your finish your degree. My message: if you did not already – join us and welcome!

More information:

System Security Group: http://www.syssec.ethz.ch

Master in Information Security: http://www.infsecmaster.ethz.ch

NZZ article on Srdjan Capkun’s inaugural lecture and SecNav:

http://www.nzz.ch/2007/05/16/ft/articleF6ABV.html

ZISC Workshop on Wireless Security: http://www.zisc.ethz.ch/events/workshop2007

Secure Localization Project: http://www.securelocalization.com