This September, the ARCADIAN-IoT Summer School will open its doors in Stockholm to offer PhD students and young researchers an in-depth exploration of the ever-evolving landscape of IoT cybersecurity.

IoT Cybersecurity: Tackling Challenges and Opportunities

4 – 8 September 2023

Stockholm, Sweden @RISE – Research Institute of Sweden

The PhD Summer School on IoT Cybersecurity is aimed at PhD students and young researchers in the field of computer science and engineering. The goal of the summer school is to provide participants with a comprehensive understanding of the challenges and opportunities in the field of IoT cybersecurity and to equip them with the knowledge and skills required to tackle current and future security challenges in IoT.

The school will cover a wide range of topics related to IoT cybersecurity, including IoT architecture and protocols, security challenges in IoT, privacy and security in IoT, security mechanisms in IoT, security in cloud-based IoT, and emerging trends in IoT cybersecurity. The lectures will be delivered by renowned experts in the field of IoT cybersecurity and will provide participants with an opportunity to learn about the latest research, developments, and best practices in the field.

The school will provide a platform for participants to network with international experts, exchange ideas and knowledge, and also the opportunity to present their own research and receive feedback and guidance.

The School will issue a participation certificate that can be used to get ETCS from universities.

The school is free of charge. The school is primarily aimed at PhD students; however, we also welcome registrations from young researchers who have obtained their PhD degree within the last two years. Attendees should be either working in the cybersecurity domain or adjacent areas to ensure maximum relevance and value of the knowledge shared during the event.
The registration deadline is 30 June 2023.*
Please note that we have a limited capacity of attendees, registration forms should be submitted as early as possible, as the students will be prioritized on a first come first served basis.

To apply to the School, please fill out this form and send it to

Once you have submitted your registration form, our team will review your data before confirming the successful registration. If all looks good, you will receive an email from us requesting proof of your flight/train reservation that must be provided within 5 calendar days. Failure to do so will result in your registration being cancelled and your priority being given to the next person on the list.**
If we have already reached the maximum number of participants, new requests of registration will be put on hold in case of any spot gets available.
If you have any questions, please send an email to:
* If you are not a PhD student or young researcher, we welcome you to send us an email with a motivation letter explaining why you would like to take part. We will revise your request and get back to you.
** Students living in Stockholm or in the surrounding areas are exempt from providing proof of reservation.


Andrei Sabelfeld
Andrei Sabelfeld
Andrei Sabelfeld, Professor at Chalmers University, specializes in cybersecurity and privacy, encompassing software, web, and IoT security, as well as applied cryptography. Previously a Research Associate at Cornell, his work has earned numerous prestigious accolades from entities like ERC, SSF, VR, WASP, Chalmers, Google, Amazon, and Meta.
Maria Eichlseder
Maria Eichlseder, Assistant Professor of Cryptography at Graz University of Technology, focuses on the design and cryptanalysis of symmetric cryptographic algorithms. Co-designer of Ascon, a lightweight authenticated cipher selected as a 2023 NIST standard, she completed her Ph.D. sub auspiciis praesidentis in 2018, visiting Ruhr-Universität Bochum and Radboud University as a guest researcher.
Shahid-raza copy
Shahid Raza
Shahid Raza, Director of RISE Sweden’s Cybersecurity Unit and Associate Professor of Cybersecurity at Uppsala University, leads 15 cybersecurity projects primarily focused on IoT security. His IoT security research is acclaimed and heavily cited, earning him recognition at top EU IoT events. He earned an Industrial PhD from Mälardalen University and supervises 3 PhD students and 2 postdocs.
João Casal
João Casal
João Casal, Head of R&D at Truphone, pioneers research on utilizing SIMs as ubiquitous secure elements for IoT cybersecurity and using core network functions for security. He also explored AI and Blockchain applications for mobile marketplace security. Truphone leads in smart connectivity services and subscriber identity modules like eSIM and iSIM.
Marco Tiloca
Marco Tiloca, Ph.D., is a Senior Researcher in Cybersecurity at RISE Research Institutes of Sweden, focusing on network and IoT security, secure group communication, key management, and access control. Experienced in R&D projects, he has held positions as National Coordinator, Technical Coordinator, and Work Package Leader. Marco also chairs the IETF Working Group “Constrained RESTful Environments.”
Nicolas Tsiftes
Nicolas Tsiftes, a Senior Researcher at RISE Research Institutes of Sweden, specializes in software systems and cybersecurity for low-power wireless devices. Earning an M.S. from Stockholm University and a Ph.D. from Uppsala University, he has extensively published and contributed to open-source IoT projects, including the Contiki-NG operating system.
Joakim Eriksson
Joakim Eriksson, Senior Researcher and Manager of the Connected Intelligence unit at RISE Research Institutes of Sweden, focuses on low-power networking, edge AI, and secure environments for constrained devices. A Computer Science M.Sc. graduate from Uppsala University, he’s contributed extensively to research papers and the development of Contiki-NG.
Keynote Talks
Speaker: Andrei Sabelfeld
Title: Security and Privacy of IoT Apps

Abstract: IoT apps empower users by connecting a variety of otherwise unconnected services. IoT apps often run on Trigger-Action Platforms (TAPs) that receive app input from trigger services and send app output to action services. With the convenience and interoperability of TAPs comes the concern that the TAP is effectively a “person-in-the-middle”, acting on behalf of the user with respect to trigger and action services. This poses security and privacy challenges since in the event of a compromised TAP, the users’ sensitive input data is also compromised. We demonstrate that popular TAPs are susceptible to several classes of attacks that violate user privacy, integrity, and availability. We suggest countermeasures, discuss the formal guarantees they provide, and evaluate their effectiveness on practical benchmarks. Finally, we discuss how data access minimization can be enforced automatically on TAPs so that excessive amounts of sensitive data is not sent to the TAPs in the first place.

Speaker: Maria Eichlseder
Title: Lightweight Cryptography: Security under Challenging Conditions

Abstract: Integrating cryptographic algorithms in IoT systems and other constrained environments is often difficult due to limited resources and additional security challenges. Driven by this demand, NIST has initiated a lightweight cryptography competition between 2019 and 2023. Among 57 submissions, Ascon has been selected as the new standard for authenticated encryption and hashing. In this talk, we show how Ascon was designed to address the specific challenges in the IoT, including security, performance, and footprint. Since ciphers are not used in an ideal world, we show how Ascon also improves robustness against certain implementation attacks and mistakes.

Speaker: Shahid Raza
Title: Public Key Infrastructure (PKI) and automated re-certification for IoT

Abstract: Asymmetric cryptography has long been considered infeasible for resource-constrained devices. However, since the new IoT devices are equipped with sufficient RAM, flash, a standard 32-bit CPU and crypto hardware it is possible to bring internet-grade security to IoT. This talk will present PKI building blocks for resource-constrained IoT devices and highlight current standardization efforts around this. However, availability of security protocols is not enough, it is also important that IoT manufacture must enable and continuously test state-of-the-art security solutions, which is covered by the new EU Cybersecurity Act though cybersecurity certification. Traditional methods for one-off and manual certification are not scalable to millions of heterogeneous IoT devices. This is particularly important when regular software updates are necessary, which may break the certificate seal. It is therefore necessary that automated, lightweight, and cost-effective initial- and re- certification techniques should be available for modern IoT devices. This talk will also present such an automated re-certification solution for IoT and its integration with state-of-the-art standardized security solutions for IoT devices.

Speaker: João Casal
Title: Using eSIM and Programmable Networks for IoT cybersecurity

Abstract: With the rise of devices connected to the internet, increasing the robustness of security frameworks for IoT is an urgent demand. In this sense, SIMs are ubiquitous technologies used for over 30 years for security processes (e.g subscriber identification and authentication in cellular networks). Extending the security features of those well-accepted secure elements for IoT seems like a natural step. Furthermore, the programmatic control of network functions according to security knowledge and needs is quite promising – these functions are positioned between the devices and the internet and have ability to control communications. This keynote will focus on these 2 aspects: the use of eSIM and of Programmable Networks for IoT cybersecurity.

Speaker: Kai Rannenberg

Title: To be announced

Abstract: To be announced

Speaker: Nicolas Tsiftes and Joakim Eriksson
Title: Contiki-NG Cybersecurity – Trusted Execution and Secure Connectivity

Abstract: This tutorial provides an overview of cybersecurity features in Contiki-NG, an open-source operating system for resource-constrained IoT devices. The tutorial contains both presentations and hands-on exercises covering two main topics: secure connectivity and trusted execution environments. First, we will show the participants how to set up an application with secure connectivity using CoAP and DTLS. Second, we will show how to use Arm TrustZone in Contiki-NG. During the exercises, the participants will get the opportunity to work with both the Cooja simulator and a real IoT platform (Nordic Semiconductor nRF5340), and use a Docker-based development environment. Through this tutorial, participants will gain practical experience of using Contiki-NG’s cybersecurity features in a resource-constrained IoT environment.

Speaker: Marco Tiloca
Title: Lightweight Security Protocols for the Internet of Things

Abstract: To be announced

The ARCADIAN-IoT Summer School will take place in person at RISE – Drottning Kristinas väg 61, 114 28 Stockholm.

How to get here from the airport
  • Arlanda Express train: Fast & eco-friendly between Airport & Stockholm Central Station. No stops, 20 min to Centre. Leaves every 15 min. The round-trip ticket costs 600 SEK. Buy tickets at airport/central station or online:  From Central Station, take metro red line nr 14 towards Mörby centrum, get off at Tekniska Högskolan (KTH).
  • Airport coaches: 40 minutes to Centre. Leaves every 5-10. The round-trip ticket costs 209-239 SEK.  Buy tickets at the airport/City terminal or via the Airport coaches’ app. From City terminal, walk to Central Station and take metro red line nr 14 towards Mörby centrum, get off at Tekniska Högskolan (KTH). For more information, visit
  • Stockholm Public Transport (SL): Commuter trains between Uppsala and Stockholm. 40 min to the centre. Every 15 min. Visit for details. There is a fee of 132 SEK for passing between the train and the airport terminal at Arlanda. From Central Station, take metro red line nr 14 towards Mörby centrum, get off at Tekniska Högskolan (KTH).
  • Taxi: Make sure to choose a properly certified company such as
How to get here from Central Station
  • Metro: Take red line nr 14 towards Mörby centrum and get off at Tekniska Högskolan (KTH).
Local transport in Stockholm
Plan your journey with Stockholm Public transport, SL. For maps, timetables and additional info, please refer to:
Buy bus and metro tickets in advance from SL Centers at designated locations. Bus drivers do not sell tickets on board. Choose from single tickets or travel cards for 24h, 72h, and 7/30/90 days. With a travel card, you can travel unlimited during the duration of the card on metro, train, bus, and ferry. The travel card is the best buy for a visitors who plan to use public transport regularly during the stay.

Organizing Committee:

  • Shahid Raza
  • Alfonso Iacovazzi
  • Sérgio Figueiredo

Publicity Chair:

  • Valentin Popescu

For further information please send an email to the ARCADIAN-IoT Summer School organising committee:

We have made arrangements with Elite Hotel Arcadia to offer our students accommodation at a fixed price (1372 SEK/per night). Due to limited availability, we encourage you to make your reservation as soon as possible.

Link to the booking page

The last day to book a room is on 12 August.

The reservation can be canceled free of charge until 7 days before arrival.