Author Archives: user469294

Cyber Security master’s theses defense in Tallinn University of Technology (June 2015)

Leave a reply

TTU_peamine_logo_ENG

Thursday, 4 June 2015, Akadeemia Tee 15a, Room ICT-411:

Time: 09:00
Student: Vladimeri Tskhakaia
Supervisor: Jüri Kivimaa
Reviewer: Rain Ottis
Title: IT Security Cost Optimization Model for ProVoice Holding AB

Time: 09:40
Student: Sten Mäses
Title: Evaluation Method for Human Aspects in Information Security
Supervisor: Aare Klooser
Supervisor: Liina Randmann
Supervisor: Rain Ottis
Reviewer: Tiia Sõmer

Break: 10:20-10:30

Time: 10:30
Student: Olga Dalton
Supervisor: Roger Kerse
Supervisor: Rain Ottis
Reviewer: Olaf Maennel
Title: An Automated Framework for Securing iOS Applications

Time: 11:10
Student: Anti Räis
Supervisor: Elar Lang
Supervisor: Rain Ottis
Reviewer: Kaur Kasak
Title: Hands-on Laboratory on Web Content Injection Attacks

Break: 11:50-12:30

Time: 12:30
Student: Triin Muulmann
Supervisor: Silver Püvi
Supervisor: Rain Ottis
Reviewer: Truls Ringkjob
Title: Information Security Management Learning Object for Vocational Schools

Time: 13:10
Student: Onur Aydin Korkmaz
Title: Discovering And Analyzing New Malware

Friday, 5 June 2015, Akadeemia Tee 15a, Room ICT-411:

Time: 09:00
Student: Kevin Kamugisha Lwakatare
Title: A proposed IT security risk management policy and guidance for University of Dar es Salaam

Time: 09:40
Student: Ragnar Kreis
Supervisor: Olaf Maennel
Reviewer: Jaan Priisalu
Title: Smart Contracts and Digital Identities

Break: 10:20-10:30

Time: 10:30
Student: Sergei Komarov
Supervisor: Risto Vaarandi
Reviewer: Teemu Väisänen
Title: Choosing Open-Source Flow-Based Network Monitoring Solution

Time: 11:10
Student: Artur Tychina
Supervisor: Truls Ringkjob
Reviewer: Mauno Pihelgas
Title: Implementation of Corporate Data Leakage Prevention in Estonia

Break: 11:50-12:30

Time: 12:30
Student: Rainer Aavik
Supervisor: Jüri Kivimaa
Reviewer: Andro Kull
Title: Optimization of information technology security costs of Enterprise Estonia based on ISKE and the Graded Security Model

Time: 13:10
Student: Recai Adar
Supervisor: Jüri Kivimaa
Reviewer: Rain Ottis
Title: Software Development of a Web Portal and Research and Solution of Security Problems on it

Time: 14:00
Student: M. A. A. Mohamed Ali
Supervisor: Truls Ringkjob
Reviewer: Indrek Rokk
Title: Analysis of Malware Protection Solutions in a Bring Your Own Device (BYOD) Environment

Defense committee: Risto Vaarandi, Rain Ottis, Ahto Buldas, Olaf Maennel, Raimundas Matulevicius

The theses of Olga Dalton (An Automated Framework for securing iOS Applications) and Sten Mäses (Evaluation Method for Human Aspects of Information Security) received the highest grade “5” and participated in ICT thesis contest 2015. Congratulations!

US Embassy collects personal data about people in Tallinn

Leave a reply

U.S._surveillance_map

Postimees possesses a document proving that a secret unit at US Embassy has for years been surveying people on streets of Tallinn, collecting personal data citing security, and entering those whose behaviour causes suspicion into global terror database. All this is approved by Estonian interior ministry and happens with help by police.

The rules regarding reporting suspicious behaviour are so strict that it seemingly takes trivialities to get reported. As an example of that, there is this Tallinn housewife included who often waits long for her child at the Südalinna School. Or take the old lady walking her dog in Lembitu Park. Need some more? A report has also been filed on a man who attends Alcoholics Anonymous close by.

The activity of the unit is okayed by Estonian government. Its information reaches the police, as agreed between the two countries. Automatic inquiry reaches Central Criminal Police which, as requested by the embassy, discloses personal data – such as background of the owner of a car, the person on the picture and his/her background. These data are added to the SIMAS report. Depending on the behaviour of the people concerned, entries may remain active for 5 to 20 years – or permanently. Getting entered may affect decision by USA whether or not to grant visa for entry.

Erkki Koort of the Ministry of the Interior comments:

Why and on what basis does Estonian police hand personal data of our citizens to US Embassy as soon as they apply for it?
State agencies share data with third parties strictly pursuant to law. Suspected attack against a diplomatic representation or danger towards human lives or health is reason enough, doubtless, to exchange data. The question leaves one with the impression like Estonian state agencies would submit data upon initial request. This definitely is not the case.

Links:
http://news.postimees.ee/3206887/us-embassy-secretly-surveys-people-in-tallinn
http://news.postimees.ee/3206893/estonian-official-this-is-a-specific-issue
http://news.postimees.ee/3209457/erkki-bahovski-estonian-and-us-reputations-on-the-line
http://news.postimees.ee/3213479/riigikogu-backs-off-from-us-embassy-issue

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2014/2015

Leave a reply

university_of_tartu_logo

An Empirical Comparison of Approaches for Security Requirements Elicitation
Abstract: Security Quality Requirements Engineering (SQUARE) and Security Requirements Elicitation from Business Processes (SREBP). This thesis compares the two methods based on an empirical case study of the Estonian Football Association. The elicited security requirements are categorized and the completeness of their coverage is compared.
Student: Karl Kolk
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Fredrik Payman Milani
Defense: 26.02.2015

The Analysis and Design of a Privacy-Preserving Survey System
Abstract: This master’s thesis describes the design and business processes of the prototype of a secure survey system using secure multi-party computation. The design of the system is also described in this paper and is illustrated with a deployment model.
Student: Meril Vaht
Curriculum: Cyber Security (MSc)
Supervisor: Dan Bogdanov
Reviewer: Raimundas Matulevicius
Defense: 04.06.2015, 09:00, Liivi 2-405

Pattern Based Security Requirement Derivation with Security Risk-aware Secure Tropos
Abstract: In this master thesis we investigate the integration of a pattern based security requirement elicitation process in the goal-oriented IS development. By performing this integration we aim at providing a process that enables the elicitation of security requirements from Security Risk-aware Secure Tropos (RAST) models. The contribution of this thesis are five Security Risk-aware Patterns expressed using RAST.
Student: Atilio Rrenja
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Peep Küngas
Defense: 04.06.2015, 09:00, Liivi 2-405.

Comparing Security Risk-oriented Modelling Languages to Manage Social Engineering Risks
Abstract: The paper applies structured approach in identification of one security risk management standard that can be applied with different modelling languages. For a more in-depth analysis in this paper considered several modelling languages as BPMN, Secure Tropos and Misuse case.
Student: Sarbar Tursunova
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevicius
Defense: 04.06.2015, 09:00, Liivi 2-405.
Reviewer: Olga Altuhhova

Analysis and Mitigation of Recent Attacks on Mobile Communication Backend
Abstract: This thesis presents a broad and thorough overview and analysis of the known attacks against mobile network signaling protocols and the possible mitigation strategies. The attacks are presented in a uniform way, in relation to the mobile network protocol standards and signaling scenarios. Moreover, this thesis also presents a new attack that enables a malicious party with access to the signaling network to remove lost or stolen phones from the blacklist that is intended to prevent their use.
Student: Siddharth Prakash Rao
Curriculum: NordSecMob (MSc)
Supervisor: Tuomas Aura
Supervisor: Dominique Unruh
Supervisor: Silke Holtmanns
Supervisor: Ian Oliver
Reviewer: Arnis Paršovs
Defense: 09.06.2015, 09:00, Liivi 2-405.

Entropy Based Robust Watermarking Algorithm
Abstract: In this work, multiple robust watermarking algorithms are introduced. They embed watermark image into singular values of host image’s blocks with low entropy values. The quantitative and qualitative experimental results are indicating that the proposed algorithms are imperceptible and robust against many signal processing attacks.
Student: Lauri Laur
Curriculum: Software Engineering (MSc)
Supervisor: Gholamreza Anbarjafari
Supervisor: Mary Agoyi
Reviewer: Kaveh Khoshkhah
Defense: 09.06.2015, 09:00, Liivi 2-405.

NFC Security Solution for Web Applications
Abstract: This thesis compares existing and possible security solutions for web applications, analyses NFC compatibility for security solutions and proposes a new NFC authentication and signing solution using Google Cloud Messaging service and NFC Java Card. This new proposed solution enables authentication and signing via NFC enabled mobile phone and NFC Java Card without any additional readers or efforts to be made.
Student: Jonas Kiiver
Curriculum: Software Engineering (MSc)
Supervisor: Eero Vainikko
Reviewer: Meelis Roos
Defense: 09.06.2015, 09:00, Liivi 2-404.

Applying Estonian Internet Voting Individual Verification System to Other Electoral Systems
The current paper gives an overview of the Estonian internet voting individual verification system and introduces different ballot styles. It proposes and describes modifications to the Estonian system, so it could be used for individual verification with the introduced ballot styles and multiple elections.
Student: Joonas Lõmps
Curriculum: Informatics (BSc)
Supervisor: Sven Heiberg
Reviewer: Arnis Paršovs
Defense: 12.06.2015, 09:00, Liivi 2-404

Secure Bitcoin Wallet
This report outlines various methods and solutions targeting security concerns and aims to understand their effectiveness. It also describes Secure Bitcoin Wallet, standard Bitcoin transactions client, enhanced with various security features and services.
Student: Sevil Guler
Curriculum: NordSecMob (MSc)
Supervisor: Sead Muftic, Vitaly Skachek
Reviewer: Arnis Paršovs
Defense: 27.08.2015

Links:
http://comserv.cs.ut.ee/forms/ati_report/index.php?language=en
http://www.cs.ut.ee/en/msc/theses/deadlines

Cyber Security Summer School 2015

Leave a reply

Print

13-17 July 2015, Laulasmaa Spa and Conference Hotel.

Topics:
* How to live securely in a digital society?
* E-Estonia, a role model for the future? On implementation, challenges and limitations
* Privacy and other concerns of a digital society
* Anonymisation and deanonymisation techniques
* Internet measurements and routing: big data and network mathematics
* Examples and hands-on activities from experts
* Lots of fun and insights into controversial topics

Tentative Program:
Sunday, July 12: 18.30 Welcome Reception

Monday, July 13:  Living in a digital society, securely?
09.30 – 13.00 Steven M. Bellovin
13.00 – 14.00 Lunch
14.00 – 17.30 Jaan Priisalu & Kristjan Vassil
18.30 Dinner

Tuesday, July 14: Privacy and concerns about a digital society
09.00 – 12.30 Ben Zevenbergen
12.30 – 13.30 Lunch
13.30 – 17.00 George Danezis
18.30 Dinner

Wednesday, July 15: Security Ecosystems
09.00 – 12.30 Vern Paxson
12.30 – 13.30 Lunch
13.30 – 17.00 Richard Kemmerer
18.30 Dinner
20.00 – 22.00 Mehis Hakkaja (Hacking Demo)

Thursday, July 16: Internet measurements and routing: big data and mobile networks
09.00 – 12.30 Tristan Henderson
12.30 – 13.30 Lunch
13.30 – 17.00 Walter Willinger
18.00 Transport to the gala dinner location
19.00 Gala dinner

Friday, July 17: Student presentations
09.00 – 12.30 Students presentations
12.30 – 13.30 Lunch
13.30 – 14.30 Students presentations
14.30 Closing remarks
15.00 Transport to Tallinn and departure

The registration to summer school has already ended.

Links:
http://studyitin.ee/c3s/program

Failure at card payment processor Nets Estonia causes inconveniences

Leave a reply

card_payments

There was congestion situation when some of the requests went through, but some did not and at some point card payments did not work at all. This was when the system was taken down to make changes. Banks urged customers to equip themselves with cash.

The company managing terminals Nets Estonia has confirmed that the failure resulting in overloaded card payments was caused by old data erasure process which has become too bulky. In the coming night the maintenance operation will take place which is expected to eliminate the problem permanently.

Comment from EISA:

According to head of EISA Vital Services Protection Division Urmo Sutermäe, Nets Estonia is not itself a vital service, but if their services are disrupted for any reason, it prevents banks to offer a vital service. In his opinion, it would help to reduce such disruptions in the future, if services continuously evaluate the extent of cross-dependencies and their impact and reduce the associated risks by having alternative solutions.

Not clear what merchants should do. Should they have a backup PoS terminal serviced by different card payment processor?

Links:
http://tarbija24.postimees.ee/3196937/ria-kaardimaksetega-seotud-riske-saab-vahendada
http://uudised.err.ee/v/majandus/61eb0173-1457-4edf-b4f7-c5aca3c7cc5a

Two Estonian companies received Bitcoin extortion letters

1 Reply

dd4bc_extortion_letter

According to the Police and Border Guard Board, at least two Estonian companies have become victims of the latest cyber-attack, in which they also received an email demanding Bitcoins. The cyber-criminals threatened in the emails that should they not received Bitcoins, more serious attacks will follow.

In both cases, the denial-of-service (DoS) attack was first committed against the official web pages of the respective companies. The businessmen then got an email which specified the account and deadline for transferring the Bitcoins – to avoid a more deadly ambush. According to police representative, the cyber-attack lasted for about an hour. However, the attackers have not carried through their threats, despite the entrepreneurs not giving in to Bitcoin demands. The police have started a criminal investigation.

Took a year for Estonian criminals to try out the business plan.

Its not yet known who is behind the attack and extortion. Similar cases in Estonia have not been seen before, but the rest of the world is familiar and law enforcement agencies in various countries cooperate to apprehend the criminals. The extortion letters are sent by organized criminals who call themselves “DD4BC”.

Searching by “DD4BC” shows that in the last months several organizations in various countries have received Bitcoin extortion letters from group calling themselves DD4BC. However, these might as well be Estonian criminals going under DD4BC handle.

Links:
http://news.err.ee/v/scitech/09f4d9ae-dd8e-499f-aaf1-f56d9e9188b9
http://epl.delfi.ee/news/eesti/hakkerid-noudsid-runnakutega-ahvardades-bitcoine?id=71475581
https://www.politsei.ee/et/uudised/uudis.dot?id=446825

Concerns about European Commission’s plans to backdoor Estonian ID card

Leave a reply

idcard_backdoor

The European Commission presented a new plan for internal security, which is driven by the concern that powerful encryption is helpful to crime and terrorism. The initiative will not leave Estonia untouched as currently ID card provides encrypted communication ability.

Prime Minister Taavi Rõivas announced that Estonia should not give up to pressure by allowing to create a backdoor in ID card. Taavi Rõivas confirmed to Eesti Päevaleht and Delfi that cybersecurity and data confidentiality is fundamentally important.

He added that the law enforcement authority will have to find other ways to control crime, “Estonia is of the view that the fight against crime will have to find other means and not at the expense of ID card security“.

While the ID card software package includes utility that can be used to encrypt files, average Estonian does not use ID card to encrypt his communications, but merely use it as an authentication tool. Unless this significantly changes, the encryption ability provided by ID card will not be of significant interest to law enforcement authorities.

Even today, If a law enforcement authority would want to decrypt files encrypted with ID card, they could use official feature built into the ID card which lets ID card manufacturer to reset PIN code and gain authorization to private key operations (i.e., decryption).

Anto_Veldre_RIA

Anto Veldre: This it is not very likely that some criminal would like to go to migration authority, give biometrics to the government and start to encrypt. Isn’t there any easier way to do it? Western world do not like that terrorist can send encrypted emails.
Interviewer: Is Estonian ID card in danger on the background of Europol requirements/thoughts?
Anto Veldre: I don’t think so. Estonian representatives in EU can handle this problem on political level (show the danger and peoples’ trust in current system). Police have their own techniques and they can handle their work.

Links:
http://epl.delfi.ee/news/eesti/politseile-oigus-id-kaardi-koodi-murda-euroopas-tahetakse-krupteerimisele-ametlikke-tagauksi?id=71438223
http://epl.delfi.ee/news/eesti/roivas-id-kaarti-kompromiteerida-ei-tohi-kuritegevusega-voitlemiseks-tuleb-leida-teised-viisid?id=71443761
http://etv.err.ee/v/meelelahutus/terevisioon/saated/4d030bd7-c496-476c-9f21-551007d89c06 (39:32 – 46:43)
http://uus.minut.ee/tagauksed-kruptos-ja-id-kaart/

Estonian Internal Security Service (KaPo) Yearbook 2014

Leave a reply

Estonian_phishing

In its work to provide cyber security, the Internal Security Service focuses on cyber threats and attacks initiated by a foreign state or those that can threaten national security. Cyber intelligence operations of foreign states directed at Estonia are persistent, streamlined and techno logically advanced. This type of cyber threat is internationally known as APT – advanced persistent threat.

The cyber security section of the report is mostly a compilation of best practices on how to protect information. This seem to be very much EISA’s field of work. The new bits of information are names of malware seen in the attacks:

In 2014, there were repeated attempts by foreign states to penetrate the computer networks of Estonian government departments and access the information therein. Such attack campaigns as CosmicDuke and Ke3Chang can be mentioned as particular examples of malware that found their targets in Estonia in 2014.

Links:
http://news.err.ee/v/politics/59fbf1a3-99c5-4352-8000-c56dbd43290a
https://www.kapo.ee/cms-data/_text/138/124/files/kapo-aastaraamat-2014-en.pdf

EISA Cyber Security Report 2014

Leave a reply

RIA-Kyberturbe-aruanne-2014_ENG

Interesting quotes from the report:

In 2014, RIA aggregated its functions related to guaranteeing cyber security in the cyber security branch. Incident response, risk control and regulation supervision, as well as research and development activities are now determined more clearly, which also allows for a more efficient use of resources.

Skilful phishing of cloud service accounts (e.g. Gmail, Hotmail), which has continued at unprecedented levels at the beginning of 2015 as well. E-mails seem to be coming from a seemingly trustworthy source and have significantly improved in quality both content and Estonian language wise, which means that the receiver of the e-mail has to be even more attentive and critical in order to detect the fraud.

Intrusion into websites is more difficult to identify. It is becoming more common that the infector uploads the malware for a very short time period and takes into consideration, which IP-address is used to visit the site. For instance, if users visit the website from Estonia, they receive a different type of malware than the users who access the website from the USA.

In 2014, there was a slight increase in the percentage of incidents that had actual consequences for the institutions and users. For instance, the use of document management system was disabled or, in more severe cases, digital prescription or Schengen information systems were down.

The incidents at the end of the year were mainly virus outbreaks and well-aimed phishing letters, but also distributed denial of service attacks, many of which did not last for a very long time, but according to RIA’s estimate, seemed to be mapping the resilience of systems.

As the life cycle of all algorithms is limited, the time to act in order to update all the cryptographic methods of services is even more limited. At some point, it might appear that smooth transition period has not been sufficient; e.g., when powerful quantum computers are used to break the cryptography. We need to have an action plan for the scenario when any of the algorithms important for some Estonian e-service has been broken. RIA sees a clear need to have such plans and to rehearse them.

The results of the Eurobarometer 2014 survey showed that Estonians trust the state as the guard of personal data more than in Europe on the average. Estonians are also less worried about the consequences of cyber-attacks and claim to be good at identifying fake e-mails.

On 1 July 2014, the Act for the Amendment and Application of the Law Enforcement Act entered into force. Pursuant to this act, starting from summer 2014, RIA is a law enforcement body. According to the changes, the Technical Regulatory Authority’s supervisory competency of guaranteeing the security and integrity of communication networks and services set in the Electronic Communications Act was transferred to RIA. The same draft also established RIA’s supervisory competency in the Emergency Act and the Public Information Act.

On 11 September, the government approved the “Cyber Security Strategy for 2014–2017” and its implementation plan. The strategy continues to target several goals set in the previous cyber security strategy, but there have also been new risks and requirements added. The dependency of the functioning of the state on information technology has increased and cross-dependencies have also increased, meaning that the provision of several critical services is no longer dependent on the functioning of Estonian IT-systems but also on the infrastructure and e-services in other countries.

In 2014, RIA, in cooperation with its partner organisations, developed common principles of readiness for emergency and cooperation in case of large-scale cyber incidents. An interagency working group lead by RIA prepared the draft for the Government of the Republic’s order “Plan for solving a large-scale cyber incident emergency”.

In addition to reacting to everyday vulnerabilities and risks, the key words for RIA in 2015 are improving the monitoring and resilience of the government network, cooperation with the field of medicine and solutions and risks related to the e-residents programme.

Links:
https://www.ria.ee/public/Kuberturvalisus/RIA-Kyberturbe-aruanne-2014_ENG.pdf
http://news.err.ee/v/scitech/1c0f2c7b-8f3d-49cf-9cf3-c04b4f0a4171

BSA Report: Estonia one of most cyber-secure countries in EU

Leave a reply

BSA_cybersecurity_dashboard

According to the recently published Business Software Alliance (BSA) report, Estonia, Austria and Netherlands are the most cyber-secure countries in Europe.

Although there are no overall rankings or scores in the study, Estonia comes out on top in terms of having in place the legal foundations and operational entities for tackling cyber-security issues. What it could do next is create sector specific cyber-security plans.

The report also found that while no formalized public-private partnerships exist, public entities do work closely with relevant private sector organisations.

Links:
http://news.err.ee/v/scitech/eab19675-680b-48c3-ba0b-e9296c4ad5ce