CSides Canberra

How to implement and compromise physical-layer security

Physical-Layer Security (PLS, not to be confused with physical security) is about making clever use of noise on the electromagnetic channel to make the decoding of bits impossible for eavesdroppers but not for the legitimate receiver. In theory, this provides 100% secrecy: if bits can’t be captured, they can’t be leaked and decrypted. PLS is very hard to implement though. So, instead, encryption is now the default solution for securing data on the move. But with the rise of quantum computing and Software-Defined Networking (SDN) we need to revisit this problem. In this talk I will demonstrate that with SDN effective implementation of PLS has become feasible and can contribute to a quantum-proof multi-layer defence. I will also show how the difference between theory and practice leads to actual vulnerabilities in PLS.

Frank den Hartog

I am currently the Cisco Research Chair in Critical Infrastructure at the University of Canberra, focussing on safeguarding critical infrastructure from cyber threats and disruptions, and doing many fun projects with students in the fields of ZTNA, Private 5G/6G, Digital Twins, Programmable Networks, and PLS. Many of you may know me from an earlier stint at UNSW Canberra at ADFA though, where I taught cyber security into undergrad and postgrad programs, providing students with their first 150 hours of their 10,000 hours journey into becoming a cyber expert. And some of you know may even know me as a proficient singer of classical music. But don’t you worry, I won’t sing today.

Why are we all such weirdos?

The hacker community is a bit... feral. Not in a bad way (like in the way that a cat that learned to open doors is feral). We taught ourselves things nobody asked us to learn, broke things nobody asked us to break, and then told everyone about it for free. For decades, this worked. More than worked, it built the internet, broke the internet, and then helped fix it (now it's broken again). This talk traces the arc of hacker culture from its roots in academic curiosity and people in basements through to the modern infosec industry, and asks a simple question: why does a community that routinely reverse-engineers million-dollar software for fun collectively lose its temper when someone suggests we might need a professional licensing body? The answer, it turns out, lives in anthropology, specifically, in my opinion, in Eric Raymond's observation that the hacker world operates as a gift culture. In a gift culture, status isn't derived from what you accumulate but from what you give away. Knowledge shared freely. Tools built and released. Vulnerabilities disclosed (eventually). The entire economy of respect in our world runs on contribution, not credential. Professionalisation — with its gatekeeping, its fees, its continuing professional development points, and its implicit message that you need permission to do this isn't just a bureaucratic inconvenience. It's a fundamental challenge to the value system the community was built on. It says: your worth comes from a piece of paper, not from what you've shipped, broken, or taught someone in a conference hallway at 2am. This talk is a well-meaning opinion piece that might make some of us in the industry understand why we are the way we are. Sounds spicy? hopefully will be just a laugh. Don't get on LinkedIn right now and start to @ me, listen to the talk first. After all it's free.

Remy Coll

Remy Coll is Director and Principal consultant at Redacted Information Security. He does boring things like IRAP assessments and system security governance, and exciting things like smashing together physical and online CTF challenges. Remy, along with his esteemed colleague Simon, started the current series of Black Bag competitions that have been running at BSides for the last three years, and other places in between. He often teaches and delivers online training, as well as gives less fun talks about like, security planning and strategy and stuff.