Tag Archives: Arnis Paršovs

Cyber Security master’s theses defense in TalTech/UT (August 2020)

Defences of master theses of Cyber Security curriculum on August 17th 2020. The defences will take place online.

Time: 9:30
Student: Tarmo Oja
Supervisor: Ahto Buldas, Mari Seeba
Reviewer: Aleksandr Lenin

Time: 10:10
Student: Nikita Snetkov
Supervisor: Ahto Buldas
Reviewer: Aleksandr Lenin

Time: 10:50
Student: Liubomyr Kushnir
Supervisor: Hayretdin Bahsi, Sven Nõmm
Reviewer: Pavel Tšikul

Time: 12:00
Student: Timm Jeff E Luyten
Supervisor: Birgy Lorenz
Reviewer: Sten Mäses

Time: 12:40
Student: Andrew J Roberts
Title: Development of a cybersecurity evaluation test bed for autonomous self-driving vehicles
Supervisor: Olaf Maennel
Reviewer: Tobias Eggendorfer

Time: 13:20
Student: Ilkin Huseynov
Supervisor: Mika Kerttunen
Reviewer: Adrian Venables

Time: 14:15
Student: Andres Pihlak
Supervisor: Mauno Pihelgas
Reviewer: Kristian Kivimägi

Time: 14:55
Student: Eduard Iltšuk
Title: Two-Party ECDSA Protocol for Smart-ID
Supervisor: Arnis Paršovs
Reviewer: Jan Villemson

Time: 15:35
Student: Aivo Toots
Title: Zero-Knowledge Proofs for Business Processes
Supervisor: Peeter Laud
Reviewer: Marlon Dumas, Janno Siim

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2020 (June)

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2020 (June)

The defences are taking place on the first and second week of June.

Student: Eric Cornelissen (Computer Science MSc)
Title: Cryptographic Analysis of the Message Layer Security Protocol in the Static Corruption Model
Supervisor: Chris Brzuska, Dominique Unruh
Reviewer: Behzad Abdolmaleki

Student: Risto Pärnapuu (Computer Science MSc)
Title: Verifiable Photo Snapshots
Supervisor: Sven Laur, Ahto Truu
Reviewer: Arnis Paršovs

Student: Anita Onyinye Nwaokolo (Cyber Security MSc)
Title: A Comparison of Privacy Enhancing Technologies in Internet of Vehicle Systems
Supervisor: Raimundas Matulevicius, Abasi-amefon Obot Affia
Reviewer: Pille Pullonen

Student: Rando Tõnisson (Software Engineering MSc)
Title: Security Risk Management in Autonomous Driving Vehicles: Architecture Perspective
Supervisor: Raimundas Matulevičius, Abasi-Amefon O. Affia
Reviewer: Danielle Morgan

Student: Silver Maala (Computer Science BSc)
Title: A Proof of Concept Malware for Interacting with the Smart-ID Android Application
Supervisor: Arnis Paršovs
Reviewer: Mart Oruaas

Student: Kärt Ilja (Computer Science BSc)
Title: Intercepting Network Traffic of the Smart-ID Android Application
Supervisor: Arnis Paršovs
Reviewer: Mart Oruaas

Student: Siim-Alexander Kütt (Computer Science BSc)
Title: Security Analysis of Tartu Smart Bike Share Android Application
Supervisor: Arnis Paršovs
Reviewer: Kristjan Krips

Student: Gregor Eesmaa (Computer Science BSc)
Title: Authorization of Web Requests Based on Merkle Trees
Supervisor: Kristjan Krips
Reviewer: Arnis Paršovs

Student: Hendrik Eerikson (Computer Science BSc)
Title: Privacy Preserving Fingerprint Idenfication
Supervisor: Riivo Talviste, Kristjan Krips
Reviewer: Jan Villemson

Student: Sergei Kuštšenko (Computer Science BSc)
Title: Implementation of election bulletin board using HyperLedger Fabric
Supervisor: Ivo Kubjas
Reviewer: Jan Villemson

Student: Markus Punnar (Computer Science BSc)
Title: Cryptosystem for Post-Quantum Age Based on Moderate-Density Parity Check (MDPC) Codes
Supervisor: Vitaly Skachek, Irina Bocharova
Reviewer: Raul Martin Rebane


Cybersecurity related bachelor’s and master’s theses in University of Tartu 2018/2019 (June)

The defences are taking place on the first and second week of June.

Student: Ivo Pure (Cyber Security MSc)
Title: An Automated Methodology for Validating Web Related Cyber Threat Intelligence by Implementing a Honeyclient
Supervisor: Risto Vaarandi, Raimundas Matulevicius
Reviewer: Alejandro Manzanares

Student: Bruno Didier Produit (Cyber Security MSc)
Title: Optimization of the ROCA (CVE-2017-15361) Attack
Supervisor: Arnis Paršovs
Reviewer: Jan Villemson

Student: Kärt Padur (Cyber Security MSc)
Title: Information Security Risk Assessment in the Context of Outsourcing in a Financial Institution
Supervisor: Raimundas Matulevičius, Liis Rebane, Toomas Vaks
Reviewer: Andro Kull

Student: Marek Matsalu (Cyber Security MSc)
Title: The Development of Digital Forensics Workforce Competency on the Example of Estonian Defence League
Supervisor: Raimundas Matulevičius, Hillar Põldmaa
Reviewer: Hayretdin Bahsi

Student: Pubudini Gayanjalie Dissanayake (Cyber Security MSc)
Title: A Comparison of Security Risk Analysis in the In-house IT Infrastructure and Cloud Infrastructure for the Payment Gateway System
Supervisor: Hayretdin Bahsi, Raimundas Matulevičius
Reviewer: Alexander Horst Norta

Student: Lukáš Bortník (Cyber Security MSc)
Title: Mobile Phone Digital Evidence Providers to Investigate Driver’s Distraction
Supervisor: Pavel Laptev, Satish Narayana Srirama
Reviewer: Matthew Sorell

Student: Mari Seeba (Conversion Master in IT)
Title: A Specification of Layer-Based Information Security Management System for the Issue Tracking System
Supervisor: Raimundas Matulevičius, Ahto Buldas
Reviewer: Meelis Roos

Student: Doris Sarapuu (Conversion Master in IT)
Title: Penetration Testing of Glia’s Web Application
Supervisor: Kristjan Krips, Carlos Paniagua
Reviewer: Riivo Talviste

Student: Kaspar Kala (Conversion Master in IT)
Title: Refinement of the General Data Protection Regulation (GDPR) Model: Administrative Fines Perspective
Supervisor: Raimundas Matulevičius, Jake Tom
Reviewer: Eneken Tikk

Student: Maksym Yerokhin (Software Engineering MSc)
Title: Multi-level Policy-aware Privacy Analysis
Supervisor: Pille Pullonen, Luciano García-Bañuelos
Reviewer: Sara Belluccini

Student: Reelika Tõnisson (Computer Science MSc)
Title: Tighter Post-quantum Secure Encryption Schemes Using Semi-classical Oracles
Supervisor: Dominique Peer Ghislain Unruh
Reviewer: Sven Laur

Student: Helen Tera (Computer Science BSc)
Title: Introduction to Post-Quantum Cryptography in Scope of NIST’s Post-Quantum Competition
Supervisor: Dominique Unruh
Reviewer: Raul-Martin Rebane

Student: Omar Purik (Computer Science BSc)
Title: Creation of Practical Assignments on Information Security for High School Students
Supervisor: Kristjan Krips, Tauno Palts


Interdisciplinary Cyber Research (ICR) workshop 2018

9th of June, 2018 — Tallinn, Estonia

The aim of the workshop is to bring together young as well as established scholars undertaking research in various disciplines related to information and communication technologies such as computer sciences, political and social sciences, and law.

8:30 Registration
9:00 Opening words, Dr Anna-Maria Osula & Prof Olaf Maennel on behalf of Tallinn University of Technology (SOC-209)
9:10 Keynote presentation, “Maximising Cyber Resilience”, Mr Luc Dandurand, Head of Cyber Operations at Guardtime (SOC-209)
10:05 Keynote presentation, “Command, Control & Communications within Cyber Incidents”, Mr Kieren Nicolas Lovell, Head of Computer Emergency Response at University of Cambridge (SOC-209)

SESSION 1: eID (ROOM 1 / SOC-209)
Session moderated by Dr Anna-Maria Osula, NATO CCD COE
Ms Liisa Past, “ROCA Vulnerability and eID: Lessons Learned”, Information System Authority
Mr Arnis Parsovs, “Legal Issues in Solving the Estonian ID Card Crisis”, University of Tartu
Ms Liisa Tallinn, “Estonian eID Vulnerability: a PR Problem?”, SpectX
Mr Arne Koitmäe, “Internet Voting and ID Card Crisis: Elections Manager’s Perspective”, State Electoral Office

SESSION 2: Tech 1 (ROOM 2 / SOC-211)
Session moderated by Dr Hayretdin Bahsi, Tallinn University of Technology
Mr Raymond Yin & Mr Isaac Burgess, “Dual IP Stack Exfiltration – Methods and Defences”, University of Adelaide
Mr Andrei Perapiolkin, “Time Lock Puzzles for Distributed Systems”, Tallinn University of Technology
Mr Alexander Manariotis, “Private but Public on the Blockchain”, University of Adelaide
Ms Kristiina Renel, “Public Sector Logging & Compliance with GDPR“, Tallinn University of Technology

13:00 Lunch
SESSION 3: State & Cyber (ROOM 1 / SOC-209)
Session moderated by Prof Tobias Eggendorfer, University of Applied Sciences Ravensburg-Weingarten
Dr Kristan Stoddart, “Cyber Espionage: Anarchy in Cyberspace”, Aberystwyth University
Ms Kateryna Gorbanova, “International Normative Framework of Cyber Espionage”, Tallinn University of Technology
Mr Siim Alatalu, “Cyber Commands – Universal Solution to a Universal Cyber Security Problem?”, NATO CCD COE
Mr Roman Müller, “Manipulation Resistant Opinion Forming in Online Communities”, Tallinn University of Technology

SESSION 4: Tech 2 (ROOM 2 / SOC-211)
Session moderated by Prof Olaf Maennel, Tallinn University of Technology
Ms Tiiu Mamers, “The Information Security Investment Problem for Small Enterprises and the RORPI Model”, Tallinn University of Technology
Mr Alvaro Schuller, “Exploiting Spectre: Reading Kernel Memory from a User Process”, Tallinn University of Technology
Mr Michael Pfeiffer & Mr Lazarus Lai De Oliveira, “The Challenges of Building a Universal CAN Bus Emulation Testbed Environment for Security and Vulnerability Analysis of Internal Networks in Vehicles”, University of Adelaide
Mr Richard Matthews, “Thermal Effects of Dark Current on Blind Source Camera Identification”, University of Adelaide

15:30 Coffee break

SESSION 5: Data & Privacy (ROOM 1 / SOC-209)
Session moderated by Dr Agnes Kasper, Tallinn University of Technology
Ms Isabella Oldani, “Technology as an Alternative to Geography in Protecting Personal Data”, University of Trento
Ms Kärt Salumaa, “Risks and Incidents Deriving from Breaching Data Protection Regulation”, KPMG Law Firm
Ms Munirah DeVries, “Biometric Profiling of Wearable Devices for Medical Monitoring and Authentication”, University of Adelaide
Mr Raul Nugis, “Forensic Data Properties of Digital Signature BDOC and ASICE Files”, Tallinn University of Technology

SESSION 6: Tracking Watches (ROOM 2 / SOC-211)
Session moderated by Dr Matthew Sorell, University of Adelaide
Ms Sasha de Vries & Mr Brent Williams, “Penetration Testing of the SpaceTalk Tracking Watch”, University of Adelaide
Mr Narayan Shanmuganathan & Mr Nooragha Sharifi, “Security Framework for Children’s Safety Watches”, University of Adelaide
Mr Luke Jennings & Mr Inderbir Singh, “Improving the Technical Functionality of Children’s Tracking Watches”, University of Adelaide
Ms Kristine Hovhannisyan, “Arkangel: Investigation of Children’s Tracking Smartwatch Ecosystem. Forensic Value and Privacy Implications”, Tallinn University of Technology

18:00 Social event at Pipedrive office, Paldiski maantee 80


Using the Estonian Electronic Identity Card for Authentication to a Machine

Abstract: The electronic chip of the Estonian ID card is widely used in Estonia to identify the cardholder to a machine. For example, the electronic ID card can be used to collect rewards in customer loyalty programs, authenticate to public printers and self-checkout machines in libraries, and even unlock doors and gain access to restricted areas.
This paper studies the security aspects of using the Estonian ID card for this purpose. The paper shows that the way the ID card is currently being used provides little to no assurance to the terminal about the identity of the cardholder. To demonstrate this, an ID card emulator is built, which emulates the electronic chip of the Estonian ID card as much as possible and is able to successfully impersonate the real ID card to the terminals deployed in practice. The exact mechanisms used by the terminals to authenticate the ID card are studied and possible security improvements for the Estonian ID card are discussed.

The TLDR; of the paper is that when the ID card is used to authenticate to a machine (unless PIN1/PIN2 is involved), the ID card does not provide additional authentication factor. This is not a surprise to anyone who is familiar with the technology, but some still believe that ID card provides some security over the magnetic-stripe card.

The paper describes proof-of-concept implementation of non-cryptographic “ID card emulator” and demonstrates transplantation of the fake chip to a real ID card.


Cybersecurity related bachelor’s and master’s theses in University of Tartu 2016/2017

Managing Security Risks Using Attack-Defense Trees
Abstract: The In this thesis, we have addressed risk management using Attack Tree. The contribution to resolve the problem in this thesis includes three steps. Obtaining an alignment from Attack-Defense trees to ISSRM. Measurement of the metrics of the nodes of tree using historical data.
Student: Salman Lashkarara
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Meelis Roos
Defense: 01.06.2017, Tartu, J.Liivi 2-404

On Secure Bulletin Boards for E-Voting
Abstract: In this thesis, we propose a formal model for analysis of security and functionality of a bulletin board system motivated by the security requirements Culnane and Schneider introduced in Computer Security Foundations Symposium 2014.
Student: Annabell Kuldmaa
Curriculum: Computer Science (MSc)
Supervisor: Helger Lipmaa
Reviewer: Ahto Buldas
Defense: 01.06.2017, Tartu, J.Liivi 2-404

Research and Proof of Concept of Selected ISKE Highest Level Integrity Requirements
Abstract: This work takes integrity domain under detail research to meet ISKE requirements and security objectives demanded for data with highest integrity needs.
Student: Deivis Treier
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevičius
Reviewer: Andrey Sergeev
Defense: 02.06.2017, Tartu, J.Liivi 2-404

Method for Effective PDF Files Manipulation Detection
Abstract: The aim of this thesis is to ease the process of detecting manipulations in PDF files by addressing its source code, before having to use other methods such as image processing or text-line examination.  The result is the construction of a solid and effective method for PDF file investigation and analysis to determine its integrity.
Student: Gema Fernández Bascuñana
Curriculum: Cyber Security (MSc)
Supervisor: Pavel Laptev, Inna Ivask, Raimundas Matulevičius
Reviewer: Hayretdin Bahsi
Defense: 02.06.2017, Tartu, J.Liivi 2-404

Establishing, Implementing and Auditing Linux Operating System Hardening Standard for Security Compliance
Abstract: This paper provides a proof-of-concept solution for being compliant with operating system hardening requirements of the company by establishing, implementing and auditing Linux (Debian) operating system hardening standard.
Student: Martin Jõgi
Curriculum: Cyber Security (MSc)
Supervisor: Truls Tuxen Ringkjob, Raimundas Matulevičius
Reviewer: Marko Kääramees
Defense: 02.06.2017, Tartu, J.Liivi 2-404

A Prototype For Learning Privacy-Preserving Data Publising
Abstract:  This master thesis will discuss different threats to privacy, discuss and compare different privacy-preserving methods to mitigate these threats. The thesis will give an overview of different possible implementations for these privacy-preserving methods. The other output of this thesis is educational purpose software that allows students to learn and practice privacy-preserving methods.
Student: Rain Oksvort
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevičius
Reviewer: Benson Muite
Defense: 05.06.2017, Tartu, J.Liivi 2-404

Filesystem Fuzz Testing Framework
Abstract: In the present thesis a fuzz testing framework was built, which can be used for finding time-of-check-to-time-of-use type bugs in Linux filesystems.
Student: Vladislav Alenitsev
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos, Kristjan Krips
Reviewer: Karl Tarbe
Defense: 07.06.2017, Tartu, J.Liivi 2-404

Performance Testing Bulletin Board Implementations for Online Voting
Abstract: This work takes a look at two software solutions that can be used for such purpose and analyses their performance in testing environment imitating real election workload.
Student: Marek Pagel
Curriculum: Computer Science (BSc)
Supervisor: Sven Heiberg, Janno Siim
Reviewer: Ivo Kubjas
Defense: 07.06.2017, Tartu, J.Liivi 2-404

Cybersecurity theses defence on June 9, 2017 in Tartu J. Liivi 2-403 at 10.00 AM.
Defence Committee: Raimundas Matulevičius (chairman), Olaf Manuel Maennel, Vitaly Skachek, Meelis Roos, Hayretdin Bahsi.
Grades received (random order): A, B, C, C, D.

Improving and Measuring Learning at Cyber Defence Exercises
Abstract:  This thesis takes a fresh look at learning in Cyber Defence Exercises (CDXs) and focuses on measuring learning outcomes. As such exercises come in a variety of formats, this thesis focuses on technical CDXs with Red and Blue teaming elements.
Student: Kaie Maennel
Curriculum: Cyber Security (MSc)
Supervisor: Rain Ottis, Liina Randmann, Raimundas Matulevičius
Reviewer: Sten Mäses
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Federation of Cyber Ranges
Abstract: This study compares two cyber ranges and looks into possibilities of pooling and sharing of national facilities and to the establishment of a logical federation of interconnected cyber ranges. The thesis gives recommendations on information flow, proof of concept, guide-lines and prerequisites to achieve an initial interconnection with pooling and sharing capabilities.
Student: Allar Vallaots
Curriculum: Cyber Security (MSc)
Supervisor: Jaan Priisalu, Uko Valtenberg, Raimundas Matulevičius
Reviewer: Rain Ottis
Defense: 09.06.2017, Tartu, J.Liivi 2-403

A New Heuristic Based Phishing Detection Approach Utilizing Selenium Webdriver
Abstract: In this paper, we focus on detecting login phishing pages, pages that contain forms with email and password fields to allow for authorization to personal/restricted content. We present the design, implementation, and evaluation of our phishing detection tool “SeleniumPhishGuard”, a novel heuristic-based approach to detect phishing login pages.
Student: Ahmed Nafies Okasha Mohamed
Curriculum: Cyber Security (MSc)
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius
Reviewer: Hayretdin Bahsi
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Analysis of Exploit-kit Incidents and Campaigns Through a Graph Database Framework
Abstract: A great deal of automation can be achieved here by using public APIs such as VirusTotal, whois databases, IP blacklists, etc during the analysis and a first part of our work is dedicated to that. We will then show that this approach reveals patterns and clusters from which decisions can be made from a defensive perspective.
Student: Guillaume Brodar
Curriculum: Cyber Security (MSc)
Supervisor: Toomas Lepik, Raimundas Matulevicius
Reviewer: Arnis Paršovs
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Investigation of JTAG and ISP Techniques for Forensic Procedures
Abstract: This thesis is focusing on JTAG and ISP physical acquisitions techniques. The aim is to give an overview of these techniques from a forensic point of view and in addition to some other tests will try to prove that are forensically equivalent to any other method.
Student: Stefanos Pappas
Curriculum: Cyber Security (MSc)
Supervisor: Pavel Laptev, Raimundas Matulevičius
Reviewer: Emin Caliskan
Defense: 09.06.2017, Tartu, J.Liivi 2-403


Cyber Security master’s theses defense in Tallinn University of Technology (May 2017)

Monday, May 29, 2017, Akadeemia Tee 15a, Room ICT-315.

Grades received (random order): 5, 4, 4, 3, 3, 3, 2, 2.

Time: 10:00
Student: Kristjan Oja
Title: Cyber Security Awareness For IT Students Through Practical Assignments
Supervisor: Sten Mäses
Reviewer: Tiia Sõmer

Time: 10:40
Student: Sander Arnus
Title: Providing guaranteed log delivery and proof value of logs
Supervisor: Risto Vaarandi
Reviewer: Tiit Hallas

Time: 11:20
Student: Bolaji Ayoola Ladokun
Title: An Analytical Approach to Characterization of Targeted and Untargeted Attack in Critical Infrastructure Honeypot
Supervisor: Hayretdin Bahsi
Reviewer: Risto Vaarandi

Time: 12:00-13:00 – Lunch

Time: 13:00
Student: Iryna Bondar
Title: LUDROID: Evaluation of Android Malware Detection Tools and Techniques and Development of a First Line of Defense For the User
Supervisor: Emin Caliskan
Reviewer: Toomas Lepik

Time: 13:40
Student:  Seifollah Akbari
Title: A New Method for the SYNful Knock Attack Implementation
Supervisor: Truls Ringkjob
Reviewer: Bernhards Blumbergs

Time: 14:20
Student: Safak Tarazan
Title: GPS Spoofing/Jamming Resilient Mini UAV Implementation Strategy
Supervisor: Truls Ringkjob
Reviewer: Juhan Ernits

Time: 15:20
Student: Danielle Morgan
Title: Security of Loyalty Cards Used in Estonia
Supervisor: Rain Ottis, Arnis Paršovs
Reviewer: Aleksandr Lenin

Time: 16:00
Student: Katrin Kukk
Title: Ensuring the digital continuity of e-Estonia in different crisis scenarios
Supervisor: Rain Ottis
Reviewer: Jaan Priisalu

Tuesday, May 30, 2017, Akadeemia Tee 15a, Room ICT-315.

Grades received (random order): 4, 4, 3, 3, 2, 1.

Time: 10:00
Student: Christopher David Raastad
Title: Euro 2.0 – Securing an Ethereum Crypto Fiat Currency System
Supervisor: Alex Norta
Reviewer: Raimundas Matulevicius

Time: 10:40
Student: Mobolarinwa Taofeek Balogun
Title: Comparative Analysis of Industrial IoT and HealthCare System IoT for Cyberterrorism
Supervisor: Hayretdin Bahsi
Reviewer: Ahto Buldas

Time: 11:20
Student: Chengxiang Wang
Title: Classification of Black-Box Security Reductions and Oracle Separation Techniques
Supervisor: Ahto Buldas
Reviewer: Peeter Laud

Time: 12:00-13:00 – Lunch

Time: 13:00
Student: Celik Neslisah
Title: Anomaly Detection Using Locked Shields Logs
Supervisor: Olaf Maennel
Reviewer: Mauno Pihelgas

Time: 13:30
Student: Sophio Sakhokia
Title: Developing a Cyber Security Master Programme for Georgia
Supervisor: Tiia Sõmer
Reviewer: Olaf Maennel

Time: 14:20
Student: Zaghum Awan
Title: Analytical Comprehensive Approach to Cyber Laundering and its Solutions
Supervisor: Tiia Sõmer
Reviewer: Andro Kull

Homomorphic Tallying for the Estonian Internet Voting System


Abstract. In this paper we study the feasibility of using homomorphic tallying in the Estonian Internet voting system. The paper analyzes the security benefits provided by homomorphic tallying, the costs introduced and the required changes to the voting system. We find that homomorphic tallying has several security benefits, such as improved ballot secrecy, public verifiability of the vote tallying server and the possibility for observers to recalculate the tally without compromising ballot secrecy. The use of modern elliptic curve cryptography allows homomorphic tallying to be implemented without a significant loss of performance.
The homomorphic tallying scheme described above is not new. The scheme was introduced in 1997 by Cramer et al. [6] and has been used in the Helios open-audit voting system [1] for years. The contribution of this paper is an analysis of the deployment of homomorphic tallying in the context of Estonian Internet voting, where the performance of the protocol is improved by the use of elliptic curve cryptography.

In the new tender specification published by National Electoral Committee (NEC) we can read that there is a plan to use some kind of mix-net-based technology to provide counted-as-cast verifiability for the local government elections in October 2017. While mix-nets cryptographically are more complicated than homomorphic tallying, the mix-nets are more universal and thus can be used also in elections abroad, where the ballot style is not as simple as in Estonia (e.g., elections where the voter can vote for more than one candidate).


Interdisciplinary Cyber Research (ICR) workshop 2016


2nd of July, 2016 — Tallinn, Estonia

The aim of the workshop is to bring together young as well as established scholars undertaking research in various disciplines related to information and communication technologies such as computer sciences, political and social sciences, and law.

09:00 – Opening words, Ms Anna-Maria Osula & Prof Olaf Maennel
09:10 – Keynote, “On Artificial Intelligence and Steering the Future”, Mr Jaan Tallinn
10:05 – Keynote, “Artificial Intelligence: Will Judges and Lawyers Ever Enter the 20th Century (Never Mind the 21st Century)?”, Mr Stephen Mason
11:00 – Coffee Break

11:30 – 13:00 SESSION 1: Use and Abuse of the Internet
Maarja Pild, “Liability for Posting, Liking, Tagging, Sharing or Doing Nothing at All on Facebook”
Lolita Berzina, “Application of the Right to Be Forgotten and the Jurisdiction in Internet”
Eva Vīksna, “Taming the Online Environment – Protection of Copyright on the Internet”
Mari Kert-Saint Aubyn, “Case Study: Ukrainian Electrical Grid Hack”

11:30 – 13:00 SESSION 2: Technology and Emerging Threats
Hayretdin Bahsi, “Mission Impact Assessment of Cyber Threats”
Ismail Melih Tas, Basak Gencer Unsalver, “Our Proposed SIP – Based Distributed Reflection Denial of Service (DRDoS) Attacks & Effective Defense Mechanism”
Johann David Krister Andersson, “Using Internet Protocol Packet Visualization to Support Defence Exercise Debriefing”
Huishi Yin, “Implementation and Evaluation of Kano-like Models Using Data from Online Sources”

13:00 – Lunch
14:00 – 15:30 SESSION 3: Crime and Digital Technologies
Andra Siibak, “”People Who Defend Their Homeland”: Reasons and Motivations for Joining an Anti-Immigration Group on Facebook”
Tõnu Mets, “Admissibility of Digital Evidence”
Tiia Sõmer, “Visualising Cyber Crime based on the E-Crime Project: Mapping the Journeys of Cyber Criminals”
Margus Ernits, “How to Educate the Defenders of Cyberspace”

14:00 – 15:30 SESSION 4: Internet of Things
Michael Hua, “Security Analysis: NFC Tags and Signature RTD”
Petko Stefanov, “An Analysis of Security Flaws in the NFC Communication Protocol of Modern Mobile Devices”
Prescient Kannampuzha, “Security Investigation of a CAN Bus IoT Network Implementation and its Interface to the Internet”
Michael Bassi, “Engineering Change Management for Industrial Control System Security”

15:30 – Coffee break
15:50 – 17:00 SESSION 5: E-Governance
Gerli Aavik, “The Electronic Identification and Trust Service Regulation (EIDAS): An Analysis of its Compatibility with the Estonian E-Government System (EES)”
Sandra Särav, “E-Residency as the Estonian E-Government Éclat: How More Security Can Result in Less Privacy”
Nenin Hadzic, “Determining Specifications of Secure Database Architecture for Use within Australian Online Government”
Osura Jayasundara, “Recommendation of a Unified ID System for E-Government of Australia”

15:50 – 17:00 SESSION 6: Identity Theft and Verification
Torsten Schmickler, “Biometrics: the Future of Identity Verification”
Adrian Daniele, “Ethernet Device Anomaly Detection Using a Digital Fingerprint”
Olga Rodionova, “Medical Data Security of Wearable Fitness Devices”
Arnis Paršovs, “Security Analysis of Instant Messenger TorChat”

Registration deadline for non-authors is 27th of June 2016.


Cyber Security master’s theses defense in Tallinn University of Technology (June 2016)


Monday, June 6th 2016, Akadeemia Tee 15a, Room ICT-315.

Defense committee: Rain Ottis (chairman), Hayretdin Bahsi, Ahto Buldas, Andro Kull, Risto Vaarandi, Raimundas Matulevicius.
The grades received (in random order): 4,4,4,3,3,3,3,3,2,1,0.

Time: 09:00
Student: Ferenc Szalai
Title: Does Cyber Security Exercise Information Sharing Work?
Supervisor: Olaf Manuel Maennel
Reviewer: Lauri Palkmets

Time: 09:40
Student: Taavi Sonets
Title: Improving User Simulation Team Workflow in the Context of Cyber Defense Exercise
Supervisor: Elar Lang, Rain Ottis
Reviewer: Priit Raspel

Time: 10:20
Student: Karl Kristjan Raik
Title: Improving Web Attack Campaign Overview in Cyber Defense Exercises
Supervisor: Elar Lang, Rain Ottis
Reviewer: Jaan Priisalu

Break 11:00 – 11:10

Time: 11:10
Student: Eve N Hunter
Title: A Comparative Analysis of Cybersecurity Guidelines and Standards for Nuclear Power Plants
Supervisor: Rain Ottis, Harry Kantola
Reviewer: Sten Mäses

Time: 11:40
Student: Alvar Ristikivi
Title: Failover test measurements of load balanced infrastructure
Supervisor: Toomas Lepik
Reviewer: Risto Vaarandi

Break 12:20 – 13:00

Time: 13:00
Student: Kristo Kapten
Title: Threat Modeling framework for Home Gaming Consoles
Supervisor: Hayretdin Bahsi
Reviewer: Emin Caliskan

Time: 13:40
Student: Sho Yano
Title: Security Analysis on Healthcare IoT Project
Supervisor: Olaf Manuel Maennel
Reviewer: Andro Kull

Time: 14:20
Student: Juan Manuel Rodríguez López
Title: Security Risk Assessment To The Use Of Digital Charting In Colombia
Supervisor: Alexander Horst Norta
Reviewer: Olaf Manuel Maennel

Break 15:00 – 15:10

Time: 15:10
Student: Florian Gasteiger
Title: R3AD an architecture to include UAVs in National Airspace
Supervisor: Olaf Manuel Maennel
Reviewer: Toomas Lepik

Time: 15:50
Student: Nisham Kizhakkedathil
Title: A Study Into the Prospects of Implementing End-to-End Verifiability in Estonian I-Voting
Supervisor: Tanel Tammet, Vadims Žuravļovs
Reviewer: Arnis Paršovs

Time: 16:30
Student: Rando Kulla
Title: Migrating PDF signing to New KSI Format
Supervisor: Jaan Priisalu, Ahto Truu
Reviewer: Ahto Buldas

Tuesday, June 7th 2016, Akadeemia Tee 15a, Room ICT-315.

The grades received (in random order): 5,5,4,0,?,?,?,?,?,?,?

Time: 09:00
Student: Teet Laeks
Title: Raising the Awareness of Cyber Security Based on Estonian Defence Forces
Supervisor: Tiia Sõmer, Danel Apse
Reviewer: Andri Rebane

Time: 09:40
Student: Andres Sumin
Title: Evaluation method for cyber awareness course
Supervisor: Sten Mäses, Liina Randmann
Reviewer: Sten Mäses

Time: 10:20
Student: Kevin Lwakatare
Title: Contributions of Understanding and Defending Against Social Engineering Attacks
Supervisor: Anton Vedeshin
Reviewer: Alexander Horst Norta

Break 11:00 – 11:10

Time: 11:10
Student: Alexandria Elaine Farár
Title: A Deceptive Methodology Towards Early Detection of Advanced Cyber Threats
Supervisor: Hayretdin Bahsi, Bernhards Blumbergs
Reviewer: Risto Vaarandi

Time: 11:40
Student: Onur Aydin Korkmaz
Title: Comprehensive Analysis of Cyber Attacks and Malware Using Low- and High-Interaction Honeypot
Supervisor: Truls Ringkjob
Reviewer: Mauno Pihelgas

Break 12:20 – 13:00

Time: 13:00
Student: Mina Gerges
Title: Log Monitoring and Event Correlation on Microsoft® Windows™ Using Simple Event Correlator
Supervisor: Risto Vaarandi
Reviewer: Tiit Hallas

Time: 13:40
Student: Chen Zhuge
Title: C-Based Implementation of Logcluster, a Data Clustering and Pattern Mining Algorithm for Event Logs
Supervisor: Risto Vaarandi
Reviewer: Innar Liiv

Time: 14:20
Student: Morteza Fakoorrad
Title: Application Layer of Software Defined Networking: pros and cons in terms of security
Supervisor: Olaf Manuel Maennel
Reviewer: Truls Ringkjob

Break 15:00 – 15:10

Time: 15:10
Student: Zaghum Wahab Awan
Title: A GUI Simulator For WSNs Based Protocols with Energy Harvesting and Proposed Hash Based Mathematical Modelling for the Security
Supervisor: Truls Ringkjob
Reviewer: Hayretdin Bahsi

Time: 15:50
Student: Jaan Vahtre
Title: Detection of ransomware on Windows operating systems
Supervisor: Jaan Priisalu
Reviewer: Toomas Lepik

Time: 16:30
Student: Vjatšeslav Panov
Title: Implementation of a Hash Function for Portable Executable Based on Structural Information
Supervisor: Truls Ringkob
Reviewer: Toomas Lepik

Wednesday, June 8th 2016, Akadeemia Tee 15a, Room ICT-315.

Defense committee: Raimundas Matulevicius (chairman), Hayretdin Bahsi, Rain Ottis, Meelis Roos, Vitaly Skachek.

Time: 09:00
Student: Luis Carlos Herrera Velasquez
Title: A Comprehensive Instrument for Identifying Critical Information Infrastructure Services
Supervisor: Olaf Manuel Maennel
Reviewer: Hayretdin Bahsi

Time: 09:40
Student: Camilo Andres Pantoja Viveros
Title: Analysis of the Cyber Attacks against ADS-B Perspective of Aviation Experts
Abstract: The present paper has a profound literature review of the relation between cyber security, aviation and the vulnerabilities prone by the increasing use of information systems in aviation realm.
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius
Reviewer: Sten Mäses

Time: 10:20
Student: Santiago Andres Sarmiento Bernal
Title: Detection solution analysis for simplistic spoofing attacks in commercial mini and micro UAVs
Abstract: This work analysis several spoofing detection methods found in the open literature, and selects the ones which can be suitable for mini and micro UAV technical specifications and operational scenario, for proposing a GPS spoofing detection solution developed in the application layer of an open source code Ground Control Station software SDK.
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius
Reviewer: Juhan-Peep Ernits

Break 11:00 – 11:10

Time: 11:10
Student: Allyson Ivy Hauptman
Title: Designing Digital Forensics Challenges for Multinational Cyber Defense Exercises
Supervisor: Patrycjusz Zdzichowski, Rain Ottis
Reviewer: Toomas Lepik

Time: 11:50
Student: Luis Alejandro Velasquez Hurtado
Title: Colombia and the intelligence cycle in the 21st century, the digital age
Supervisor: Olaf Manuel Maennel
Reviewer: Rain Ottis

Break 12:30 – 13:20

Time: 13:20
Student: Didier Dubey Suarez Medina
Title: Assessment of Web-based Information Security Awareness Courses
Supervisor: Maria Claudia Solarte Vasquez
Reviewer: Rain Ottis

Time: 14:00
Student: Yuri Andrea Pinto Rojas
Title: Development of National Cyber Security Strategies (NCSSs), and an Application of Perspective to the Colombian Case
Supervisor: Maria Claudia Solarte Vasquez
Reviewer: Hayretdin Bahsi

Break 14:40 – 14:50

Time: 14:50
Student: Alex Uriel Duran Santos
Title: Organizational Interaction Mechanisms Affecting Strategic Decision-Making During Cybercrime Investigations
Supervisor: Maria Claudia Solarte Vasquez
Reviewer: Jaan Priisalu

Time: 15:30
Student: Carlos Arturo Martinez Forero
Title: Tabletop Exercise For Cybersecurity Educational Training; Theoretical Grounding And Development
Abstract: The purpose of this thesis is to suggest the improvement of potential and perceived weaknesses on the educational components of cyber security strategies, discussing awareness-training models with significant impact on the participants, focusing on strategic decision-making level personnel that could partake of cyber related incidents.
Supervisor: Maria Claudia Solarte Vasquez, Raimundas Matulevicius
Reviewer: Uko Valtenberg, Tarmo Tuisk