Cyber Security master’s theses defense in TalTech (May 2019)

May 27th, 2019, Akadeemia Tee 15a, Room ICT-411.

Time: 10:00
Student: Olesia Yaremenko
Title: Skills Evaluation of Participants of Cybersecurity Exercises on the Example of a Virtual Hands-on Forensic Lab
Supervisor: Sten Mäses
Reviewer: Kaie Maennel

Time: 10:40
Student: Saber Yari
Title: Creating Cyber Security Exercises for Open Source Intelligence and Reverse Engineering
Supervisor: Sten Mäses
Reviewer: Birgy Lorenz

Time: 11:20
Student: Heleri Aitsam
Title: Teaching Cyberethics and Measuring Cyberethical Behavior in a Classroom Setting
Supervisor: Sten Mäses
Reviewer: Birgy Lorenz

LUNCH 12:00-12:40

Time: 12:40
Student: Jaana Metsamaa
Title: Framework for Measuring and Maximizing Security Feature Impact in Business to Business SaaS Products
Supervisor: Andro Kull
Reviewer: Erwin Orye

Time: 13:20
Student: Bitchiko Kodua
Title: Creating Labs for Web Application Security and Methods of Defining Difficulty Levels
Supervisor: Hayretdin Bahsi
Reviewer: Kaie Maennel

BREAK 14:00-14:30

Time: 14:30
Student: Jorge Alberto Medina Galinda
Title: Generation of Malware Behavioral Datasets in a Medium Scale IoT Networks
Supervisor: Hayretdin Bahsi
Reviewer: Olaf Maennel

Time: 15:10
Student: Roman Kononov
Title: Macintosh Operating System Exploitation and Intrusion Prevention
Supervisor: Toomas Lepik
Reviewer: Olaf Maennel

Time: 15:50
Student: Kristine Hovhannisyan
Title: Applying Confidence-Building Measures to Cyber Conflict: Computer Emergency Response Cooperation and Cyber Espionage
Supervisor: Eneken Tikk; Olaf Maennel
Reviewer: Anna-Maria Osula

May 28th, 2019, Akadeemia Tee 15a, Room ICT-315.

Time: 10:00
Student: Alberto Zorrilla Garza
Title: Beaconleak: Use and Detection of 802.11 Beacon Stuffing as a Covert Channel
Supervisor: Olaf Maennel
Reviewer: Hayretdin Bahsi

Time: 10:40
Student: Krishna Vaishnav
Title: Analysis of WhatsApp Data Obtained before the General Election (Lok Sabha) 2019 in India
Supervisor: Olaf Maennel
Reviewer: Adrian Venables

Time: 11:20
Student: Alessandro Mirani
Title: Unintentional Cybercrime
Supervisor: Tiia Sõmer
Reviewer: Sten Mäses

LUNCH 12:00-12:40

Time: 12:40
Student: Abenezer Berhanu Weldegiorgis
Title: Developing National Cybersecurity Strategy for Ethiopia
Supervisor: Mika Kerttunen
Reviewer: Tiia Sõmer

Time: 13:20
Student: Tambet Paljasma
Title: Validating Docker Image and Container Security Using Best Practices and Company Policies
Supervisor: Margus Ernits
Reviewer: Alejandro Guerra Manzanares

BREAK 14:00-14:20

Time: 14:20
Student: Kirke Pralla
Title: Creation of Freely Accessible Interactive Training Materials for Secure Android Development
Supervisor: Margus Ernits
Reviewer: Alejandro Guerra Manzanares

Time: 15:00
Student: Annika Aavaste
Title: How to Improve Data Protection and Information Security in Local Governments Using GDPR compliant training
Supervisor: Eneken Tikk
Reviewer: Matthew Sorell

Time: 15:40
Student: Randel Raidmets
Title: A Comparative Analysis of Open-Source Full Packet Capture Software Solutions
Supervisor: Mauno Pihelgas
Reviewer: Risto Vaarandi

May 29th, 2019, Akadeemia Tee 15a, Room ICT-315.

Time: 10:00
Student: Nikita Kuznietsov
Title: Researching Underground Forums to Improve Fraud Detection at TransferWise [RESTRICTED defense]
Supervisor: Jaan Priisalu; Sandra Horma
Reviewer: Aleksandr Lenin

Time: 10:40
Student: Kristopher Ryan Price
Title: Analysis of the Impact of Poisoned Data within Twitter Classification Models
Supervisor: Jaan Priisalu; Sven Nõmm
Reviewer: Kieren Lovell

Time: 11:20
Student: Andreas Jürimäe
Title: The Security Implications of DMARC in Estonian Goverment Institutions Based on Phishing Attacks in Cambridge University
Supervisor: Kieren Lovell
Reviewer: Hayretdin Bahsi

LUNCH 12:00-12:40

Time: 12:40
Student: Vita Krainik
Title: Distributed Consensus Problems and Protocols: a Systematic Literature Review
Supervisor: Ahto Buldas
Reviewer: Alex Norta

Time: 13:20
Student: Deniz Basar
Title: Uniqueness Criteria for Blockchain Type Distributed Ledgers
Supervisor: Ahto Buldas
Reviewer: Jaan Priisalu

BREAK 14:00-14:20

Time: 14:20
Student: Henry Okere
Title: Analysis of a Node-based Integrity Attack on Networked SCADA Power Plant
Supervisor: Hayretdin Bahsi
Reviewer: Ahto Buldas

Time: 15:00
Student: Mostafa Hadi
Title: Making the shift from DevOps to DevSecOps at Distribusion Technologies GmbH
Supervisor: Hayretdin Bahsi
Reviewer: Kieren Lovell

Time: 15:40
Student: Joanna Rose Castillon Del Mar
Title: Automated Photo Categorization for Digital Forensic Analysis Using a Machine Learning-Based Classifier
Supervisor: Hayretdin Bahşi; Leo Mršić; Krešimir Hausknecht
Reviewer: Matthew Sorell

May 30th, 2019, Akadeemia Tee 15a, Room ICT-315.

Time: 10:00
Student: Kayla Marie Cannon
Title: America’s Panopticon: Privacy Implications of Facial Recognition By Law Enforcement
Supervisor: Mika Kerttunen
Reviewer: Hayretdin Bahsi

Time: 10:40
Student: Andres Antonen
Title: Securing an Automated Code Testing System
Supervisor: Ago Luberg
Reviewer: Toomas Lepik

Time: 11:20
Student: Jessica Ai Truong
Title: Evaluating the Detection Accuracy of JA3 and JA3S in Security Monitoring of SSL Communication
Supervisor: Hayretdin Bahsi
Reviewer: Toomas Lepik

LUNCH 12:00-12:40

Time: 12:40
Student: Tornike Nanobashvili
Title: Improving the Use of a Cyber-Insurance Product in Georgia: the Example of Commercial Banks
Supervisor: Eneken Tikk; Mika Kerttunen
Reviewer: Hayretdin Bahsi

Time: 13:20
Student: Arefeh Fathollahi Kalkhoran
Title: Data Breach: NIST and GDPR
Supervisor: Eneken Tikk
Reviewer: Mika Kerttunen

BREAK 14:00-14:20

Time: 14:20
Student: Chinmay Khandekar
Title: Cookie Security and its Implementation in the Light of GDPR and E-Privacy Regulation
Supervisor: Eneken Tikk
Reviewer: Rain Ottis

Time: 15:00
Student: Nurbanu Konayeva
Title: Application of Active Learning for Botnet Detection
Supervisor: Hayretdin Bahsi; Sven Nõmm
Reviewer: Risto Vaarandi

Time: 15:40
Student: Raul Ezequiel Jimenez Haro
Title: Forensic Tool to Study and Carve Virtual Machine Hard Disk Files
Supervisor: Pavel Laptev
Reviewer: Hayretdin Bahsi

May 31th, 2019, Akadeemia Tee 15a, Room ICT-315.

Time: 10:00
Student: Maarja Heinsoo
Title: Implications of Information Security Culture on Risk Management – Case of a Technology Company
Supervisor: Hayretdin Bahsi
Reviewer: Kaie Maennel

Time: 10:40
Student: Prabin Krishna Subedi
Title: Forensics Analysis of Client-Side Artifacts in Cloud-Based Applications
Supervisor: Hayretdin Bahsi
Reviewer: Matthew Sorell

Time: 11:20
Student: John Chukwufumnanya George
Title: Analysis of the Impact of Bank Verification Number on Financial Security in Nigeria and Potential Cyber Threat Through Social Engineering
Supervisor: Andro Kull
Reviewer: Sten Mäses

LUNCH 12:00-12:40

Time: 12:40
Student: Roman Müller
Title: Analysis of the Estonian X-tee network based on centralized log data [RESTRICTED defence]
Supervisor: Jaan Priisalu; Sven Nõmm
Reviewer: Peeter Laud

Time: 13:20
Student: Ragnar Kobin
Title: A Model for Evaluating State Cyber Security Exercises
Supervisor: Rain Ottis; Kim Joonsoo
Reviewer: Tiia Sõmer

Time: 14:20
Student: Sasan Rezaeifars
Title: Hands-on Lab for Teaching Security Misconfiguration and Broken Authentication
Supervisor: Sten Mäses
Reviewer: Andro Kull

Cyber Security master’s theses defense in Tallinn University of Technology (January 2019)

Leave a reply

January 14th, 2019, Akadeemia Tee 15a, Room ICT-315.

Time: 10:00
Student: Ephrem Demesa
Title: Implementation of a Hands-on Attack and Defense Lab on Insecure Direct Object References
Supervisor: Margus Ernits
Reviewer: Tiia Sõmer

Time: 10:40
Student: Mikk Romulus
Title: Security Testing Estonian Contactless Bank Cards
Supervisor: Olaf Maennel; Tiit Hallas
Reviewer: Hayretdin Bahsi

Time: 11:20
Student: Silver Saks
Title: Towards Building a Covert Cyberspace Operations Infrastructure
Supervisor: Bernhards Blumbergs
Reviewer: Hayretdin Bahsi

LUNCH 12:00-13:00

Time: 13:00
Student: Pavel Tšikul
Title: Encrypted Data Identification by Information Entropy Fingerprinting
Supervisor: Pavel Laptev
Reviewer: Matthew Sorell

Time: 13:40
Student: Randel Raidmets
Title: Data Center Network Traffic Visibility with Open-Source Tools
Supervisor: Hannes Aavaste; Mauno Pihelgas
Reviewer: Risto Vaarandi

Time: 14:20
Student: Annika Aavaste
Title: How to Improve Data Protection in Local Governments by Complying to GDPR
Supervisor: Eneken Tikk
Reviewer: Kaie Maennel

Cyber Security Newsletter 2018-12-31

Leave a reply

[2018-12-21] Estonian criminal police has once again published job advertisement that requires to solve some puzzle. This time there is a cryptic MySQL database published.
https://geenius.ee/uudis/kui-suudad-selle-kruptilise-kuber-moistatuse-ara-lahenda-ootab-sind-eestis-ainulaadne-tookoht/
[2018-12-20] Martin Paljak discovered that PIN envelopes for the new generation Estonian ID cards (issued by IDEMIA) have a security flaw which allows to see through the envelope with flashlight.
https://news.err.ee/886313/new-id-card-issue-codes-can-be-read-using-torch-without-opening-envelope
https://tehnika.postimees.ee/6481827/ekspert-avastas-eesti-uue-id-kaardiga-seotud-turvaprohmaka
https://tehnika.postimees.ee/6486878/id-kaardi-turvaumbrik-ei-paista-enam-labi
[2018-12-19] Due to some human error, several confidential contracts were available publicly on the Ministry of the Environment file management system.
https://tehnika.postimees.ee/6481004/keskkonnaministeeriumist-lekkisid-arisaladused
[2018-12-12] RIA has announced EUR 315k procurement to create SIGa (Signature and Signature Validation Service) which will enable public authorities to add digital signature support to their e-services with minimal development costs. RIA has already created a federated authentication system (supports ID card, Mobile-ID and bank link authentication) which can be used by the public sector.
https://tehnika.postimees.ee/6475645/riik-loob-uhise-digiallkirjastamise-teenuse
[2018-12-04] Cryptography professor Dominique Unruh (UT) has been awarded a 1.7 million grant by ERC to develop quantum cryptography solutions and their computer-based control methods.
https://www.ut.ee/en/news/ut-researcher-awarded-significant-grant-e-estonia
[2018-12-03] The new generation ID cards are being issued by IDEMIA. The cards have color photo and new physical security features. Contact-less interface is disabled by default – requires security analysis before enabling. New cards uses different API (IAS ECC standard), therefore software has to be updated. In the new specification the “Card Management Key” has been renamed to “Police Key”. This has raised suspicion about possible backdoor key in the ID card.
https://news.err.ee/883962/estonia-s-first-new-id-cards-to-be-issued-this-week
https://geenius.ee/uudis/uute-id-kaartide-tootja-lubab-kaartide-isikustamine-toimub-rangelt-ainult-eestis/
https://geenius.ee/uudis/uutele-id-kaartidele-paaseb-ligi-politsei-votmega-milleks-see-moeldud-on/
[2018-11-28] Estonian Defence Forces Cyber Command (military unit performing also offensive cyber operations) is hiring. The competitive advantage for work in Cyber Command is that people are given quite free hands (because there is no money to be made) and access to exclusive weapon systems not seen in the private sector. The unit has been assembled from the existing staff and communications battalion. The primary recruitment point is the conscripts.
https://geenius.ee/uudis/uus-joud-eesti-it-tooturul-meelitab-helgemaid-paid/
https://geenius.ee/uudis/kuberajateenija-voib-juhtuda-et-tuleb-kirjutada-koodi-ka-lahingvarustuses/
[2018-11-28] The head of the Institute of Estonian Academy of Security Sciences (SKA) wants to hold a debate about making the state’s work easier by allowing it to analyze masses of cell phone data. There is an opinion that the state is already using far more cell phone data than is admissible for ensuring privacy.
https://news.postimees.ee/6464646/estonia-s-cyber-reputation-owed-to-putin
[2018-11-09] RIA’s Director General Taimar Peterkop has been appointed by the Prime Minister Jüri Ratas as Secretary of State. Peterkop played a key role in solving the 2017 ID card crisis. New head of RIA is to be appointed.
https://geenius.ee/uudis/ria-juht-taimar-peterkop-saab-uueks-riigisekretariks/
https://news.err.ee/875809/taimar-peterkop-named-new-secretary-of-state
[2018-11-08] Smart-ID solution has been certified by German TUViT as a qualified signature creation device (SSCD), hence Smart-ID signatures now are legally equivalent to handwritten signature. From service provider’s perspective, however, the transaction cost for Smart-ID is double the cost of Mobile-ID. Smart-ID still cannot be used for I-voting, because currently the law requires electronic voter identification using a document issued by the Estonian state.
https://news.err.ee/875538/smart-id-signatures-now-legally-equivalent-to-handwritten-signature
https://sk.ee/en/News/smart-ids-security-was-recognized-on-the-highest-possible-level/
https://geenius.ee/uudis/smart-id-arendaja-jargmise-sammu-peab-tegema-riik-et-smart-id-ga-avalikele-teenustele-ligi-paaseda/
https://geenius.ee/uudis/suur-uudis-smart-id-saab-vordseks-omakaelise-allkirja-ja-id-kaardiga/
https://geenius.ee/uudis/smart-id-vordsustamine-omakaelise-allkirjaga-tuli-eesti-riigile-ullatusena/
https://geenius.ee/uudis/elisa-smart-id-uuendus-on-tervitatav-aga-ei-paku-otseseid-eeliseid-vana-ees/
https://geenius.ee/uudis/telia-mobiil-id-on-endiselt-vajalik-ega-kao-kuskile/
https://geenius.ee/uudis/riigikogu-valimistel-e-haalt-smart-id-abil-anda-ei-saa-kull-tulevad-aga-mitmed-muud-vaiksemad-muudatused/
[2018-11-07] Estonians working in airports and airplanes must fill out a ten-page KAPO form, which requires them to specify, among other things, the names of Facebook, Twitter, Instagram and other social accounts, all telephone numbers, and even the current place of residence and contact details of “previous spouse or person similar to marriage”. It is estimated that up to 3,000 people may be subject to a such background check required by the Minister of the Interior from October 30.
https://ekspress.delfi.ee/kohver/reisiuudised-eesti-alustas-lennundustootajate-radikaalse-taustakontrolliga?id=84238029
[2018-11-07] Personal identification code for the woman was updated due to the change of date of birth. The state information systems were not ready for such change. Around 300 persons will get new personal identification code because of updated date of birth.
https://news.err.ee/875268/birth-date-mismatches-mean-nearly-300-getting-new-id-code
https://www.postimees.ee/6401054/87-aastase-oilme-taassund-raputas-e-riiki
[2018-11-06] PPA submitted one more claim against Gemalto asking 300k EUR for not informing PPA about the ID card ROCA vulnerability.
https://news.err.ee/874973/ppa-seeking-300-000-from-gemalto
[2018-11-06] RIA plans to create few 2-3 minutes long educational videos showing how cyber attacks happen.
https://geenius.ee/uudis/riik-tahab-hakata-demovideotega-naitama-kuidas-kuberrunnakud-tootavad/
[2018-11-06] Criminals took over transaction partners’ email accounts and phished out from Estonian company 80k EUR.
https://tehnika.postimees.ee/6446437/eesti-ettevote-langes-erakordse-kuberpettuse-ohvriks-ja-maksis-hakkeritele-kopsaka-summa
[2018-10-31] Owners of 3-year valid digital ID cards can remotely extend their Digi-ID validity to 5 years.
https://www.ria.ee/et/uudised/ppa-digi-id-kaartide-kehtivusaega-saab-kahe-aasta-vorra-pikendada.html
https://www.id.ee/index.php?id=39010
https://medium.com/e-residency-blog/estonia-is-extending-the-validity-period-of-32-000-digital-id-cards-810d6dbaf73b
[2018-10-25] Gemalto has submitted counter-claim against PPA for PPA being in bad faith (whatever it means) in the compromise negotiations in September.
https://news.err.ee/871871/former-id-card-manufacturer-gemalto-files-against-ppa
[2018-10-19] CERT.LV organized international cybersecurity conference “Cyberchess 2018”. Webapp pentester from Estonia Silvia Väli (Clarified Security) talked about the vulnerabilities she found in the Electron framework.
https://cert.lv/en/2018/09/cybersecurity-conference-cyberchess-2018
https://www.youtube.com/watch?v=NXq1uVyBbkU
[2018-10-18] SilverTicket system had a flaw which allowed to buy tickets without paying for them. The user had to simply access the return URL visible in the bank link request.
https://geenius.ee/uudis/turvaauk-eesti-piletiportaalist-sai-endale-tasuta-pileteid-valjastada/
[2018-10-15] Due to unknown error, for years sensitive personal data of children was publicly available in the Estonian Schools Information System (EKIS) document register.
https://news.postimees.ee/6431380/personal-information-of-children-publicly-available-for-years
https://geenius.ee/uudis/koolide-infosusteemist-lekkisid-opilaste-iseloomustused/
[2018-10-10] Interview in jail with Russian student Aleksei Vasilev accused of penetrating state systems on the orders of FSB. According to him, he wrote a code to access the internal wireless network of an unnamed state agency. He is disappointed that Russian authorities show no interest to help him in his situation.
https://news.postimees.ee/6426230/spy-left-out-in-the-cold-my-homeland-forgot-about-me
[2018-10-10] In the Riigikogu scientific policy conference Professor of Information Security Ahto Buldas (TalTech) in his presentation “E-government base-technologies as a secure protector” stated that current e-government information systems have not been built with the knowledge of engineering based on scientific worldview and attack resistance of systems and components has not been measured. He invited the state to cooperate with universities.
https://novaator.err.ee/867961/teadlane-eesti-e-riigi-kui-susteemi-rundekindlust-ei-tahetagi-moota
[2018-10-05] Starting from November it is possible to buy tickets in Tallinn public transport using contact-less bank cards.
http://forte.delfi.ee/news/digi/uus-valideerimissusteem-toob-kaasa-muudatused-opilastele-ja-mitme-kaardiga-viipajatele?id=83891613
http://forte.delfi.ee/news/digi/video-puust-ja-punaseks-kuidas-toimib-uus-viipemaksetega-validaator?id=83902919
[2018-10-01] Estonian police is using license plate recognition cameras on the Estonian roads (scale not known). Large part of cameras used by police have known security vulnerabilities.
https://geenius.ee/uudis/eesti-politsei-kasutab-kahtlaseid-hiina-kaameraid-mis-on-usas-turvakaalutlustel-keelatud/
[2018-09-27] Police (PPA) sued Gemalto claiming 152 million for generating keys outside Estonian ID card.
https://news.err.ee/864523/police-claim-152-million-from-id-card-producer-gemalto
[2018-09-21] Last year Estonian security authorities eavesdropped on a total of 4,596 calls made in Telia’s network. This is ten times that of Sweden (taking into account countries’ population). Judges sign off on an average of 90% of the wiretap requests. Of all wiretaps 30% concern drug crime investigations, and another 30% suspected corruption cases. Number of wiretaps has stayed the same in recent years. For the purpose of counterintelligence the Office of the Prosecutor General does not need to suspect someone of having committed a crime to order a wiretap. Frequently the information obtained is in turn used to open actual criminal proceedings against individuals.
https://news.err.ee/862992/estonian-state-taps-ten-times-as-many-phones-as-sweden-finland
https://news.err.ee/866369/prosecutor-sees-no-problem-with-high-number-of-wiretaps-lawyers-disagree
[2018-09-20] Professor of eGovernment Robert Krimmer (TalTech) calculated price for voting, i-vote being the cheapest (2.32 EUR) compared to voting on election day (4.37 EUR).
https://tehnika.postimees.ee/6409689/hinnalipik-sai-kulge-kui-palju-maksab-uks-haal-eesti-valimistel
[2018-09-19] eID Forum 2018 was held on 19-20 September. ID card 2017 crisis was among the discussed topics.
https://www.eidforum.org/agenda
https://novaator.err.ee/862756/oppetund-id-kaardi-kriisist-me-ei-peaks-ootama-tehnoloogialt-taiuslikkust
[2018-09-18] In the context of upcoming elections, RIA will provide personalized cybersecurity counseling to political parties and will pentest their websites. RIA has also significantly contributed to the ENISA handbook on election security “Compendium on Cyber Security of Election Technology”.
https://geenius.ee/uudis/riik-hakkab-otsima-erakondade-veebide-norkusi-ja-koolitama-kandidaate/
https://www.ria.ee/en/news/european-union-members-share-advice-cyber-security-elections.html
https://www.err.ee/851275/ria-euroopa-parlamendi-valimised-voivad-saada-kuberrunnakute-marklauaks
[2018-09-17] Cybernetica AS and TalTech organizes Second Workshop on the Protection of Long-Lived Systems (17-18 September, Pärnu, Estonia).
http://plls2018.ttu.ee/
[2018-09-12] Draft regulation has been prepared for allowing the face recognition robots to identify people who apply for Mobile-ID. The purpose is to enable enrollment for Mobile-ID without the need to confirm the application using the ID-card. It would be necessary to visit the PPA only if identification by robot fails.
https://news.postimees.ee/6403388/estonia-to-have-ai-identify-people
[2018-09-07] Cybernetica AS won the defense ministry’s procurement to prepare study to identify opportunities in the Estonian economy in the field of cryptography and to develop concrete proposals to enable the development of the field at national level.
http://www.ituudised.ee/uudised/2018/09/07/cybernetica-asub-uurima-kruptomajandust
[2018-09-06] Apparently Gemalto leaked to local journalists some internal presentation trying to convince the public that Gemalto informed the Estonian state about the ID card vulnerability (ROCA) already in June 15, 2017. In the response PPA concluded that Gemalto is not interested in compromise and will settle the dispute in court.
https://tehnika.postimees.ee/6277212/miljoneid-maksma-lainud-kuberuimerdamine
https://news.postimees.ee/6399999/police-to-take-gemalto-to-court-postimees
https://geenius.ee/uudis/hans-lougas-kuidas-meile-id-kaardi-kriisi-kohta-dokumendid-lekitati-ja-miks-me-neid-ei-usu/
[2018-09-05] Märt Põder in Civic Tech Stockholm #2 explains Estonian I-voting.
https://youtu.be/nllpriKcmVY?t=2876
[2018-09-04] Article “Key Factors in Coping with Large-scale Security Vulnerabilities in the eID Field” by Silvia Lips, Ingrid Pappel, Valentyna Tsap, Dirk Draheim. Describes few positive and negative effects of the vulnerability and key factors that helped to cope with the Estonian ID-card crisis 2017.
https://link.springer.com/chapter/10.1007%2F978-3-319-98349-3_5
[2018-09-04] Heli Tiirmaa-Klaar has been appointed cybersecurity ambassador (Ambassador at Large for Cyber Diplomacy), being responsible for developing Estonia’s foreign policy on cyber security, ensuring its coordinated implementation, representing Estonia in international organisations and contributing to international cooperation in the field.
https://vm.ee/en/news/estonia-appoints-heli-tiirmaa-klaar-its-first-ambassador-large-cyber-security
[2018-09-01] Jaak Tarien takes over as director of NATO CCDCOE. The current director Merle Maigre will go to work for CybExer Technologies.
https://news.err.ee/853814/col-jaak-tarien-to-take-over-as-director-of-nato-ccd-coe
[2018-08-31] Significant DDoS attack by unknown actors for half an hour hit news portals owned by Express Group (Delfi, EPL, Eesti Ekspress, Õhtuleht) and PPA website.
http://forte.delfi.ee/news/digi/eesti-asutusi-ja-ettevotteid-tabasid-eile-kuberrunnakud?id=83515931
https://geenius.ee/uudis/eestit-rasib-ddos-runnakute-laine-mis-see-on-kust-see-tuleb-ja-kuidas-ennast-kaitsta/
[2018-08-08] There are ideas for the next generation ID card to replace PIN-based cardholder verification with fingerprint verification.
https://geenius.ee/uudis/plaani-id-kaart-saab-pin-koodide-asemele-sormejalje-ning-dokumentide-saaks-iseteeninduskioskitest/
[2018-08-06] Tele2 could not provide roaming service for its customers due to faulty software update by Comfone. The failure lasted for several hours. As a compensation Tele2 will cancel the monthly bill for the affected customers.
https://geenius.ee/uudis/tele2-tuhistab-pea-20-000-eestlasel-randlusteenuse-rikke-tottu-augusti-arved/
[2018-07-22] Card payments and ATMs for two hours were down on Sunday due to malfunction on Nets Estonia side.
https://majandus24.postimees.ee/5904349/kaardimakseterminalid-ule-eesti-lakkasid-tootamast
[2018-07-06] Smart-ID is soon to be certified as qualified signature creation device (QSCD). This will require change from 4096-bit to 6144-bit RSA keys (providing 3072-bit RSA security).
https://github.com/SK-EID/smart-id-documentation/wiki/Smart-ID-service-will-start-to-use-6K-RSA-keys

Cyber Security Newsletter 2018-07-06

Leave a reply

[2018-07-06] There are plans to simplify application for Mobile-ID. Currently, to enable Mobile-ID the person has to authenticate in PPA web environment. In the future this security feature will be implemented using face recognition. The solution is developed with MindTitan.
https://www.err.ee/844674/mobiil-id-taotlemine-lihtsustub
[2018-07-06] RIA temporary removed banklink authentication from eesti.ee due to some vulnerability being found in the implementation of authentication mechanism.
https://www.err.ee/844496/ria-on-tanavu-avastanud-mitu-tosist-turvanorkust
[2018-07-03] New version of DigiDoc 4 client has been released. The changes are mainly in the frontend. The functionality of DigiDoc3 Client, DigiDoc Crypto and ID card utility is now merged in a single application.
https://www.err.ee/843839/uus-id-kaardi-rakendus-digidoc-4-jouab-arvutitesse
[2018-06-29] It is now possible to order test cards of new generation ID card chips. New generation will be introduced in identity documents in the end of 2018. While the software and drivers are available, the technical documentation is not yet public. The card will also have a contactless interface, but not clear yet what functionality will be accessible over it.
https://www.ria.ee/ee/rialt-saab-susteemide-testimiseks-tellida-uue-id-kaardi-testkaardi.html
https://www.err.ee/843133/tanavuse-aasta-lopus-tuleb-valja-kontaktivaba-liidesega-id-kaart
[2018-06-27] The maintenance of ID card helpline moves from AS SK ID Solution to Tieto Estonia AS. The new helpline will have new number, but will not provide support 24/7.
The certificates can be suspended 24/7 calling SK ID Solutions using the current number.
https://www.ria.ee/en/the-id-card-helpline-number-will-be-changed-on-sunday.html
https://news.err.ee/842614/ria-changing-id-card-helpline-number-scaling-down-user-support
[2018-06-22] Government discussed the results of implementing cybersecurity strategy 2014-2017. The report shows that 70% of the activities were completed, 16% of the activities were completed in the next period, and 14% of the activities were either not completed mainly due to lack of financial or human resources.
http://www.ituudised.ee/uudised/2018/06/22/kuberturvalisuse-edendamisel-mitmeid-kitsaskohti
[2018-06-22] CyberSpike 2018 has finished and winners are known: 1st place – Artur Luik (TUT), 2nd place – Georg Kahest (TUT), 3rd place – Martin Širokov (Tallinn Technical Gymnasium).
https://geenius.ee/rubriik/teadus-ja-tulevik/eesti-noored-panid-oma-kuberkaitseoskused-proovile-kaitstes-lumemaad/
[2018-06-18] Tõnu Tammer is the head of Estonian CERT from the beginning of June 2018. Interview (in Estonian):
https://geenius.ee/uudis/certi-uus-juht-mullu-kollitas-lunavara-tanavu-pannakse-ohver-oma-teadmata-kruptoraha-kaevandama/
https://geenius.ee/uudis/eesti-cert-sai-uue-juhi/
[2018-06-15] Geenius has analyzed transparency reports of biggest service providers for information requests from Estonian state authorities. Google has received requests about 85 user accounts, delivered data 75% of cases. No requests received by Apple. Microsoft has received requests for five user accounts. Facebook received request for 143 users, delivered data in 67% cases. No data requested from Twitter.
https://geenius.ee/uudis/suur-ulevaade-tehnoloogiafirmadelt-noutakse-endiselt-palju-eestlaste-andmeid/
[2018-06-14] CyCon 2018 videos of keynotes and panels are online:
https://www.youtube.com/watch?v=G0SRPC0Etv0&list=PLV8RTnZwQxcmJQGPlyxknrsVArsUNx1oE
[2018-06-13] National Audit Office has done some audits in Estonia’s local governments and have found that IT security requirements still aren’t implemented.
https://news.err.ee/839106/local-councils-it-security-entirely-inadequate-national-audit-office-finds
https://www.riigikontroll.ee/Riigikontrollipublikatsioonid/Auditiaruanded/tabid/206/Audit/2466/Area/1/language/et-EE/Default.aspx
[2018-06-11] Estonian man arrested for stealing Bitcoin wallets by accessing victim’s e-mail accounts. Large database of user account credentials found on the suspect’s computer.
https://geenius.ee/uudis/kahtlus-eesti-mees-teenis-bitcoine-varastades-mitu-miljonit-eurot/
[2018-06-11] Estonian criminal police has added databases of compromised user accounts found in their investigations to the publicly searchable service “Have I Been Pwned” which will help the victims to get informed.
https://geenius.ee/uudis/politsei-kontrollige-ega-teie-kontot-pole-ule-voetud-ega-bitcoine-varastatud/
https://www.troyhunt.com/data-provided-by-the-estonian-central-criminal-police-is-now-searchable-on-have-i-been-pwned/
[2018-06-08] The state supports UT and TUT cyber security studies with 1.5 millions. The universities are expected to open up research teams for cryptography, digital expertise and cyber defense.
http://www.ituudised.ee/uudised/2018/06/08/riik-toetab-tu-ja-ttu-kuberkaitse-opet-15-miljoniga
[2018-06-08] Swedbank implements limitations for code card use in internet banking. From February 2019 code cards will be abandoned. Currently around 200 000 users are using password card.
https://tehnika.postimees.ee/4501277/swedbank-asus-paroolikaarte-kaotama
https://tarbija24.postimees.ee/4486778/paroolikaardi-kasutajate-arv-vaheneb-visalt-200-000-swedbanki-klienti-jatkuvalt-kasutab-seda
[2018-06-06] RIA’s “Annual Cyber Security Assessment 2018” has been translated to English. Section about ROCA flaw and Internet voting included.
https://www.ria.ee/en/head-of-ria-last-year-was-proof-that-securing-the-digital-lifestyle-requires-investing.html
https://www.ria.ee/public/Kuberturvalisus/RIA-CSA-2018.pdf
https://www.ria.ee/ee/ria-esitles-kuberturvalisuse-aastaraamatut.html
[2018-06-01] Vulnerability has been found in AS Ühisteenused self-service portal parkimine.ee. The flaw allows to browse parking tickets issued to other persons by changing ID in the URL.
https://geenius.ee/uudis/turvaauk-uhisteenuste-veebist-sai-igauks-naha-teiste-inimeste-ja-soidukite-andmeid/
https://geenius.ee/uudis/anto-veldre-uhisteenuste-trahviveebist-leitud-turvaauk-on-muldvana-nii-et-kuidas-see-sinna-sattus/
[2018-05-24] National Audit Office has identified problems with critical state databases: they lack risk analysis, action plan, only minimum needed audits are conducted, backups have not been tested, but no reason to panic.
https://news.err.ee/834127/national-audit-office-identifies-weaknesses-in-critical-database-care
[2018-05-24] Anto Veldre published harsh opinion article in the response to the seminar held by National Electoral Committee about the possibility to introduce i-voting using mobile device.
https://geenius.ee/uudis/anto-veldre-mobiilihaaletamine-saab-tulla-ainult-ule-minu-laiba/
[2018-05-23] RIA is performing security assessment of Smart-ID to decide whether it should be allowed for authentication to state services.
https://www.err.ee/833840/turvatesti-labimisel-voib-ka-smart-id-st-saada-riigiteenuste-autentimisviis
[2018-05-17] It has been found that ID card manufacturer Gemalto has generated private keys outside the chip. As a result, PPA is recalling 12’500 ID cards and revoking the affected certificates on 2018-06-01. Gemalto denies accusations.
https://news.postimees.ee/4490059/estonia-replacing-12-500-unsecure-id-cards-for-free
https://news.postimees.ee/4491312/new-id-card-fault-could-have-been-intentional
https://news.err.ee/832236/police-12-500-id-card-certificates-to-be-deleted-due-to-security-issue
[2018-05-10] RIA has published TUT study about lessons learned from the ID card case. The translation to English is in progress.
https://www.ria.ee/public/PKI/ID-kaardi_oppetunnid.pdf
https://news.err.ee/822819/ttu-cybersecurity-center-director-estonia-needs-more-specialists
https://geenius.ee/uudis/uuring-id-kaardi-kriisile-oleks-olnud-kiire-lahendus-kui-info-selle-kohta-eestisse-oleks-joudnud/
https://www.err.ee/822535/rain-ottis-id-kaardi-kriisist-eestis-on-vaja-spetsialistide-reservi
https://www.err.ee/822452/ttu-raport-kritiseerib-id-kaardi-kriisi-valguses-eesti-hadaolukordade-plaane
[2018-04-25] State will allocate 1.1 million to RIA to cover expenses due to ID card crisis.
https://majandus24.postimees.ee/4478455/valitsus-plaanib-id-kaardi-kriisi-tottu-ria-le-eraldada-ule-miljoni-euro
[2018-04-19] RIA managed to factor one vulnerable RSA authentication key to prove that the ROCA flaw was not only a theoretical threat and the steps taken to eliminate the risk were justified. The factorizing software was provided by Cybernetica AS. Not known how much processing resources the attack required.
http://epl.delfi.ee/news/eesti/id-kaart-murti-lahti-ria-toestas-et-kara-id-kaardi-turvanorkuse-parast-polnud-asjata?id=81807683
[2018-04-11] Digi-ID validity term will be extended from 3 to 5 years.
https://geenius.ee/uudis/digiisikutunnistus-ehk-digi-id-kehtib-nuud-varasemast-kauem/
https://tarbija24.postimees.ee/4481983/digi-id-kehtivusaeg-pikenes-viiele-aastale
[2018-03-26] Police has posted a job offer which involves solving puzzle of cat GIF.
https://geenius.ee/uudis/kui-suudad-selle-kassi-gifi-moistatuse-lahendada-ootab-sind-eestis-haruldane-toopakkumine/
[2018-03-23] RIA has announced EUR 150k worth procurement for design of new eID logos.
https://geenius.ee/uudis/ria-tellib-150-000-euroga-e-id-visuaalse-segapudru-asemele-uue-valimuse/
[2018-03-23] Geenius has listed what data by law the law enforcement agencies in Estonia can ask from mobile operators and Internet service providers:
https://geenius.ee/uudis/millised-sinu-kohta-kaivad-andmed-politsei-su-telefonioperaatori-kaest-katte-saab/
[2018-03-20] The videos from Nordic-Baltic Security Summit 2018 are online. Some selected presentations:
Andres Elliku – CERT-EE S4A: an Open-Source Solution for Distributed Network Security Monitoring
Merike Käo – Estonian 2007 and 2017 Incidents – Have We Learned to Respond Better?
Elsa Neeme – Estonian Cyber Security Act – Ensuring Public Order In Cyber Domain
Rain Ottis – Selected lessons from the 2017 ID-Card case
Oskar Gross – What are the Challenges of Handling Cyber Crime?
https://tehnika.postimees.ee/4444549/otse-kaljurand-koppel-keskkriminaalpolitsei-ja-teised-kogu-tode-kuberturvalisusest
https://summit.confent.com/summary18/
[2018-03-05] According to the head of cybercrime bureau Oskar Gross, secure encryption capability improves the security for ordinary users. The technological environment has not caused a particular headache for PPA in solving crimes.
https://novaator.err.ee/687558/ppa-kruptorakendustest-krupteeritud-sideta-oleks-internet-ohtlikum-koht
[2018-02-13] Due to human error on mobile operator Elisa side, emergency line 112 could not be reached for several hours. In total 151 persons were affected. SMIT discovered the error and Elisa fixed it in 20 minutes. Elisa as a provider of vital service failed to report the fault to RIA.
https://geenius.ee/uudis/elisa-vea-tottu-ei-saanud-paev-otsa-112-helistada-firma-jattis-sellest-teavitamata/

TUT Cyber Conference 2018

Leave a reply

Conference agenda:
10:00-10:30 Registration, cofee and cookies
10:30 Opening words by TUT rector Jaak Aaviksoo;
Kusti Salm, Ministry of Defense and Maarja Kirtsi, Estonian Internet Foundation
10:45-13:00 “Does Estonia needs cyberinsurance?”

Moderator: Anto Veldre

10:45 Cybersecurity Challenges. Lauri Luht, RIA
11:15 In the feature everything will be better? or more horrible? Aare Reintam, NATO CCD COE
11:45 Kalev’s active and professional activities with technological means to preserve health
12:00 Is self-driving cars a real danger to society? Krister Kalda, TUT Mektory
12:20 Cybercrime does not cry on arrival! Karen K Burns, CGI
12:40 To buy cyber insurance or not? Helen Evert, IIZI Kindlustusmaakler AS

13:00-14:00 Lunch
13:10-13:35 CyberSecurity TV-game show at American corner with Ralph Echemendia, Seguru and Marily Hendrikson, Startup Estonia (ENG)
13:40-13:55 MWB LAB Launch@TTÜMektory
14:00-15:10 Parallel sessions on various topics:
• Main hall: Human factors & OSINT by Jenny Radcliffe, Host of The Human Factor Podcast, UK & Lisa Forte, Red Goat Cyber Security, UK (Cyber Security SummerSchool) (ENG)
• How to build a cyber defense plan for your institution? Raido Orumets, BCS Training. Room: 108 Labor Market for Business Models.
• How to learn to think in the way rafter thinks and protect yourself from evil eyes? Peeter “Technocrat” Marvet, Zone Media resident hacker. Room 111 “Learning to Play”.
• Failure of one rafter due to the digital forensics, Toomas Lepik, TUT and How to hack contactless cards? Kadri Lenk, Eesti Energia and Raido Roben, Datanor. Room 125 Logistics.
• Ransomware simulation and MWB LAB launch@TTÜMektory, Malwarebytes (ENG). Room 109 and 209 – MWB Labs.

15:10-15:20 Kalev Kahoot game (ENG) (please be ready! https://kahoot.it/)
15:20-16:00 Main hall: Panel Discussion on Maritime Cyber Security (ENG).
Moderator: Kieren Nicolas Lovell, University of Cambridge, UK. Panelists: Adrian ‘Tel’ Venables, Lancaster University; Jenny Radcliffe, Host of The Human Factor Podcast, UK; Jeff Moulton, Stephenson’s National Center for Security Research and Training and the Transformation Technologies and Cyber Research Center at Louisiana State University, USA; Marina Martinez (TBC), The Spanish Office for Science and Technology (SOST), Spain.

16:00
• CyberSpike Competition Award Ceremony (EST / ENG)
• Cake

Links:
https://ttu.ee/ttu-korraldab-12-juunil-esimest-kuberkonverentsi-eestis
https://sites.google.com/view/kyberolympia/reeglid-2018/konverents-2018

Interdisciplinary Cyber Research (ICR) workshop 2018

Leave a reply

9th of June, 2018 — Tallinn, Estonia

The aim of the workshop is to bring together young as well as established scholars undertaking research in various disciplines related to information and communication technologies such as computer sciences, political and social sciences, and law.

Agenda:
8:30 Registration
9:00 Opening words, Dr Anna-Maria Osula & Prof Olaf Maennel on behalf of Tallinn University of Technology (SOC-209)
9:10 Keynote presentation, “Maximising Cyber Resilience”, Mr Luc Dandurand, Head of Cyber Operations at Guardtime (SOC-209)
10:05 Keynote presentation, “Command, Control & Communications within Cyber Incidents”, Mr Kieren Nicolas Lovell, Head of Computer Emergency Response at University of Cambridge (SOC-209)

11:30–13:00
SESSION 1: eID (ROOM 1 / SOC-209)
Session moderated by Dr Anna-Maria Osula, NATO CCD COE
Ms Liisa Past, “ROCA Vulnerability and eID: Lessons Learned”, Information System Authority
Mr Arnis Parsovs, “Legal Issues in Solving the Estonian ID Card Crisis”, University of Tartu
Ms Liisa Tallinn, “Estonian eID Vulnerability: a PR Problem?”, SpectX
Mr Arne Koitmäe, “Internet Voting and ID Card Crisis: Elections Manager’s Perspective”, State Electoral Office

SESSION 2: Tech 1 (ROOM 2 / SOC-211)
Session moderated by Dr Hayretdin Bahsi, Tallinn University of Technology
Mr Raymond Yin & Mr Isaac Burgess, “Dual IP Stack Exfiltration – Methods and Defences”, University of Adelaide
Mr Andrei Perapiolkin, “Time Lock Puzzles for Distributed Systems”, Tallinn University of Technology
Mr Alexander Manariotis, “Private but Public on the Blockchain”, University of Adelaide
Ms Kristiina Renel, “Public Sector Logging & Compliance with GDPR“, Tallinn University of Technology

13:00 Lunch
14:00–15:30
SESSION 3: State & Cyber (ROOM 1 / SOC-209)
Session moderated by Prof Tobias Eggendorfer, University of Applied Sciences Ravensburg-Weingarten
Dr Kristan Stoddart, “Cyber Espionage: Anarchy in Cyberspace”, Aberystwyth University
Ms Kateryna Gorbanova, “International Normative Framework of Cyber Espionage”, Tallinn University of Technology
Mr Siim Alatalu, “Cyber Commands – Universal Solution to a Universal Cyber Security Problem?”, NATO CCD COE
Mr Roman Müller, “Manipulation Resistant Opinion Forming in Online Communities”, Tallinn University of Technology

SESSION 4: Tech 2 (ROOM 2 / SOC-211)
Session moderated by Prof Olaf Maennel, Tallinn University of Technology
Ms Tiiu Mamers, “The Information Security Investment Problem for Small Enterprises and the RORPI Model”, Tallinn University of Technology
Mr Alvaro Schuller, “Exploiting Spectre: Reading Kernel Memory from a User Process”, Tallinn University of Technology
Mr Michael Pfeiffer & Mr Lazarus Lai De Oliveira, “The Challenges of Building a Universal CAN Bus Emulation Testbed Environment for Security and Vulnerability Analysis of Internal Networks in Vehicles”, University of Adelaide
Mr Richard Matthews, “Thermal Effects of Dark Current on Blind Source Camera Identification”, University of Adelaide

15:30 Coffee break

15:50–17:00
SESSION 5: Data & Privacy (ROOM 1 / SOC-209)
Session moderated by Dr Agnes Kasper, Tallinn University of Technology
Ms Isabella Oldani, “Technology as an Alternative to Geography in Protecting Personal Data”, University of Trento
Ms Kärt Salumaa, “Risks and Incidents Deriving from Breaching Data Protection Regulation”, KPMG Law Firm
Ms Munirah DeVries, “Biometric Profiling of Wearable Devices for Medical Monitoring and Authentication”, University of Adelaide
Mr Raul Nugis, “Forensic Data Properties of Digital Signature BDOC and ASICE Files”, Tallinn University of Technology

SESSION 6: Tracking Watches (ROOM 2 / SOC-211)
Session moderated by Dr Matthew Sorell, University of Adelaide
Ms Sasha de Vries & Mr Brent Williams, “Penetration Testing of the SpaceTalk Tracking Watch”, University of Adelaide
Mr Narayan Shanmuganathan & Mr Nooragha Sharifi, “Security Framework for Children’s Safety Watches”, University of Adelaide
Mr Luke Jennings & Mr Inderbir Singh, “Improving the Technical Functionality of Children’s Tracking Watches”, University of Adelaide
Ms Kristine Hovhannisyan, “Arkangel: Investigation of Children’s Tracking Smartwatch Ecosystem. Forensic Value and Privacy Implications”, Tallinn University of Technology

18:00 Social event at Pipedrive office, Paldiski maantee 80

Links:
http://cybercentre.cs.ttu.ee/icr2018/

Defence of Cyber Security Engineering Diploma Theses at TUT IT College

1 Reply

Tuesday, 5 June at 9.00-12.00, room 217, for the first time defence of diploma theses on English language based curriculum Cyber Security Engineering:

Chairman of the Defence Committee: Valdo Praust
The Defence Committee: Aleksei Talisainen, Kaido Kikkas, Toomas Lepikult

Title: Security Monitoring Solutions by the Example of Baltic Computer Systems AS
Student: Mohanad Aly Hassan Ali Elsafty

Title: Extendable Botnet for IT College Lab
Student: Etienne Iotefa Marie Barrier

Title: A Cyber Security Training Module for Healthcare Workers
Student: Sheela Gowry Sumathi Raju

Title: Protecting Windows Privileged Accounts
Student: Lộc Phan Văn

Grades (in random order): 5, 5, 4, 2

Links:
http://www.itcollege.ee/en/blog/2018/06/01/defence-of-diploma-theses-at-ttu-it-college-4-7-june-2018/

Estonian teenager rewarded $1000 for finding UI spoofing vulnerability in Chrome

Leave a reply

Jasper Rebane, a 16-year-old Estonian computer enthusiast, found vulnerability in the Chrome browser. Google has now fixed the security bug and has rewarded him with $1000.

A security vulnerability found by Rebane was corrected in Chrome version 67.0.3396.62 where the changelog just states that he found an error CVE-2018-6135: UI spoofing in Blink. However, Rebane still can not share more precise details about the security error. In his response to Geenius, he said that in the interests of security, it is not allowed to disclose this information so that malicious people could not attack Chrome’s non-upgraded versions.

Currently, the 16-year-old Rebane is haunting plans for the future. In the near future, he plans to participate in the KüberNaaskli competition, where the best will be sent to the European Cyber Security Challenge to represent Estonia. “There is also a plan to learn about things and improve skills, and to take part in the team at many of the CTF’s (Capture the Flag) competitions,” he added. There is also a plan to move on to the YouTube platform where Rebane wants to create educational cyber-security videos.

Links:
https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
https://bugs.chromium.org/p/chromium/issues/detail?id=823353
https://geenius.ee/uudis/16-aastane-eesti-arvutientusiast-leidis-google-chromeist-vea-ja-sai-selle-eest-heldelt-premeeritud/

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2017/2018

Leave a reply

Cyber Security Msc thesis:

Cost-Benefit Analysis of a Hybrid Terrorist Attack on a Power Plant
Student: Avramenko Valeriia
Supervisor: Hayretdin Bahşi, Raimundas Matulevičius

HoneyProxy Implementation in Cloud Environment with Docker HoneyFarm
Student: Ahmed Elazazy
Supervisor: Anton Vedeshin, Truls Tuxen Ringkjob, Raimundas Matulevicius

Testing the Security Awareness Using Open-Source Tools – Spear Phishing
Student: Karina Filipczak
Supervisor: Sten Mäses, Raimundas Matulevičius

Assessing Generational Differences in Susceptibility to Social Engineering Attacks. A Comparison Between Millennial and Baby Boomer Generations
Student: Lejla Islami
Supervisor: Olaf Manuel Maennel, PhD Raimundas Matulevicius, PhD

How to Conduct Email Phishing Experiments
Student: Kaspar Jüristo
Supervisor: Sten Mäses, Olaf M. Maennel, Raimundas Matulevičius

Evaluation of Efficiency of Cybersecurity
Student: Mikko Luomala
Supervisor: Yannick Le Moullec, Jyri Paasonen, Meelis Roos

Fingerprinting a Organization Using Metadata of Public Documents
Student: Karl Mendelman
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius

Detecting Social Spamming on Facebook Platform
Student: Ghada Zakaria Mohamed
Supervisor: Innar Liiv , Raimundas Matulevičius

Forensic Data Properties of Digital Signature BDOC and ASiC-E Files on Classic Disk Drives
Student: Raul Nugis
Supervisor: Pavel Laptev, Raimundas Matulevičius

Online Cyber Security Exercise to Evaluate and Improve Individual Technical Specialists’ Cyber Incident Reporting Skills
Student: Andres Oras
Supervisor: Sten Mäses, Margus Ernits, Raimundas Matulevicius

Ensuring the Integrity of Electronic Health Records
Student: Alvar Ristikivi
Supervisor: MSc Jaan Priisalu, PhD Raimundas Matulevičius

Related thesis from other curricula:

A Tool for Supporting Multi-Perspective System Development Through Security Risk Management
Student: Madis Kaasik
Supervisor: Raimundas Matulevičius
Master – Software Engineering

Post-Quantum Secure Time-Stamping
Student: Raul-Martin Rebane
Supervisor: Dominique Peer Ghislain Unruh
Master – Computer Science

Prediction Model for Tendencies in Cybersecurity
Student: Erik Räni
Supervisor: Justinas Janulevičius, Raimundas Matulevičius
Master – Software Engineering

Quantum-Secure Coin Toss Protocol Using Collapse-Binding Commitments
Student: Kristiine Saarmann
Supervisor: Dominique Unruh
Bachelor – Computer Science

Tool Support for Privacy-Enhanced Business Process Model and Notation
Student: Aivo Toots
Supervisor: Pille Pullonen, Luciano García-Bañuelos
Bachelor – Computer Science

Dangers of Phishing Based on a Tech-Company
Student: Lauri Välja
Supervisor: Kristjan Krips
Bachelor – Computer Science

Finding Java Security Vulnerabilities Using Static Analysis: Whence the Problem?
Student: Harald Astok
Supervisor: Vesal Vojdani
Bachelor – Computer Science

Links:
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2018

Cyber Security master’s theses defense in Tallinn University of Technology (May 2018)

Leave a reply

Monday, May 28th 2018, Akadeemia Tee 15a, Room ICT-315.

Time: 09:30
Student: Kristiina Renel
Title: Compliance with EU Personal Data Protection Framework in the Context of Public Sector Logging
Supervisor: Kaie Maennel
Supervisor: Kristjan Kikerpill
Reviewer: Andro Kull

Time: 10:10
Student: Belgin Tastan
Title: Securing Systems and Networks Using Deceptions With Cyber Kill Chain Methodology
Supervisor: Ahmed Tauseef
Reviewer: Risto Vaarandi

Time: 11:00
Student: Raquel Tabuyo Benito
Title: Forensic Analysis of a Steam Based Online Game
Supervisor: Hayretdin Bahsi
Reviewer: Jens Getreu

Time: 11:40
Student: Kim Vahturov
Title: Using Indicators of Compromise to Automate Incident Triage. Proof of Concept
Supervisor: Toomas Lepik
Supervisor: Lauri Palkmets
Reviewer: Hayretdin Bahsi

Time: 13:00
Student: Alejandro Guerra Manzanares
Title: Application of Full Machine Learning Workflow for Malware Detection in Android on the Basis of System Calls And Permissions
Supervisor: Hayretdin Bahsi
Supervisor: Sven Nõmm
Reviewer: Toomas Lepik

Time: 13:40
Student: Romet Saaliste
Title: Estonian Government Related Challenges in Protection of Personal Data
Supervisor: Olaf Maennel
Reviewer: Birgy Lorenz

Time: 14:20
Student: Moira Gabriella Nguegaum
Title: A Structured Approach to the Identification of IPV6 Vulnerabilities in IPV4-only Local Area Networks
Supervisor: Olaf Maennel
Reviewer: Bernhards Blumbergs

Time: 15:20
Student: Stefano Panarese
Title: Nessuno: A Friend-to-Friend Anonymous Communication Protocol
Supervisor: Olaf Maennel
Reviewer: Ahto Buldas

Time: 16:00
Student: Amirhossein Akbari
Title: A Novel Approach for Securing HTML5 Client-Side Database, INDEXEDDB
Supervisor: Olaf Maennel
Reviewer: Aleksander Lenin

Tuesday, May 29th 2018, Akadeemia Tee 15a, Room ICT-315.

Time: 09:30
Student: Andres Rauschecker
Title: User-Oriented Privacy Enhancements for Web-Browsers
Supervisor: Olaf Maennel
Reviewer: Hayretdin Bahsi

Time: 10:10
Student: Artur Luik
Title: The Design and Implementation of Automated Vulnerability Application Framework
Supervisor: Tanel Tetlov
Reviewer: Toomas Lepik

Time: 11:00
Student: Daniele Mucci
Title: TED – The ELF Doctor. A Container Based Tool to Perform Security Risk Assessment for ELF Binaries
Supervisor: Bernhards Blumbergs
Reviewer: Toomas Lepik

Time: 11:40
Student: Aleks Koha
Title: Impact Assessment of an EU GDPR Self-Assessment Qestionnaire on Entrepreneurs
Supervisor: Sten Mäses
Supervisor: Anu Baum
Reviewer: Tiia Sõmer

Time: 13:00
Student: Kayode Olaitan Omotoye
Title: Business Process-Based Cyber Risk Assessment Using Healthcare System as Case Study
Supervisor: Hayretdin Bahsi
Reviewer: Alexander Norta

Time: 13:40
Student: Mari Jääger
Title: Developing Records of Processing Activities in a Small Enterprise
Supervisor: Priit Raspel
Reviewer: Raimundas Matulevicius

Time: 14:20
Student: Simo Antero Hurttila
Title: From Information Security to Cyber Security Management – ISO 27001 & 27032 Approach
Supervisor: Andro Kull
Reviewer: Kaie Maennel

Time: 15:20
Student: Aditya Raj Das
Title: Comparing Battery Consumption of Malware Scanning Applications
Supervisor: Hayretdin Bahsi
Reviewer: Sten Mäses

Time: 16:00
Student: Danny Lopez Murillo
Title: A Balanced Lab for Teaching Ethical Hacking to Undergraduate and Graduate Students
Supervisor: Hayretdin Bahsi
Reviewer: Sten Mäses

Wednesday, May 30th 2018, Akadeemia Tee 15a, Room ICT-315.

Time: 09:30
Student: Sille Laks
Title: Basic cyber security awareness training in a paramilitary organization (RESTRICTED)
Supervisor: Sten Mäses
Supervisor: Markko Liutkevičius
Reviewer: Rain Ottis

Time: 10:10
Student: Andres Elliku
Title: Scalable Course on Cyber Attack Detection
Supervisor: Margus Ernits
Reviewer: Mauno Pihelgas

Time: 11:00
Student: Javid Asadli
Title: Proposing Action Plan in Cyber Security Capacity Building for Azerbaijan
Supervisor: Tiia Sõmer
Supervisor: Leyla Aliyeva
Reviewer: Sten Mäses

Time: 11:40
Student: Even Langfeldt Friberg
Title: The Cyber-Insurance Market in Norway: An Empirical Study of the Supply-Side and a Small Sample of the Maritime Demand-Side
Supervisor: Hayretdin Bahsi
Supervisor: Ulrik Franke
Reviewer: Birgy Lorenz

Time: 13:00
Student: Nishaant Verma
Title: Comparative Analysis of Online Privacy and Security Concerns Between Generation Y and Generation Z in North India: A Pilot Study
Supervisor: Hayretdin Bahsi
Supervisor: Mare Teichmann
Reviewer: Maria Claudia Solarte Vasquez

Time: 13:40
Student: Taimur Tufail
Title: Comparing the National Cyber Security Framework of Pakistan with India and United Kingdom
Supervisor: Hayretdin Bahsi
Reviewer: Tiia Sõmer

Time: 14:40
Student: Fernando Rafael Garcia-Granado
Title: Cybersecurity Knowledge Requirements for Non-IT Strategic Level Decision Makers
Supervisor: Hayretdin Bahsi
Reviewer: Andro Kull

Time: 15:20
Student: Hindrek Baum
Title: Detection of VLAN Hopping Attacks Using Switch’s Monitoring Options
Supervisor: Jaan Priisalu
Reviewer: Aleksander Lenin