Tag Archives: Dominique Unruh

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2021 (June)

The defences are taking place on the first and second week of June.

June 2, 2021:

Time: 09:45
Student: Toomas Aleksander Veromann (Software Engineering MSc)
Title: WYSIWYS Extensions to the Estonian ID Card Browser Signing Architecture
Supervisor: Arnis Paršovs
Reviewer: Mart Sõmermaa

Time: 10:30
Student: Sébastien René Baptistin Boire (Computer Science MSc)
Title: Credential Provisioning and Peer Configuration with Extensible Authentication Protocol
Supervisor: Tuomas Aura, Dominique Unruh
Reviewer: Arnis Paršovs

Time: 10:30
Student: Mariia Bakhtina (Innovation & Technology Management MA)
Title: Securing Passenger’s Data in Autonomous Vehicles
Supervisor: Raimundas Matulevičius, Mari Seeba
Reviewer: Abasi-Amefon Obot Affia

Time: 11:30
Student: Burak Can Kus (Cyber Security MSc)
Title: Use of Electronic Identity Documents for MultiFactor Authentication
Supervisor: Arnis Paršovs
Reviewer: Inguss Treiguts

Time: 12:15
Student: Priit Põdra (Cyber Security MSc)
Title: Web tracking in the most popular Estonian websites
Supervisor: Arnis Paršovs
Reviewer: Raimundas Matulevičius

Time: 13:00
Student: Mikus Teivens (Cyber Security MSc)
Title: Analysis of Security and Privacy Issues in Common Smart Home Products
Supervisor: Arnis Paršovs
Reviewer: Alo Peets

June 4, 2021:

Time: 11:30
Student: Magnus Valgre (Computer Science BSc)
Title: Tracking And Privacy: The Case of News Site Delfi
Supervisor: Arnis Paršovs
Reviewer: Mari Seeba

June 7, 2021:

Time: 09:00
Student: Hain Luud (Computer Science BSc)
Title: An Analysis of the HID® Indala and Seos™ Protocols
Supervisor: Danielle Morgan
Reviewer: Kristjan Krips

Time: 09:30
Student: Geio Illus (Computer Science BSc)
Title: Wi-Fi Positioning System
Supervisor: Danielle Morgan
Reviewer: Jakob Mass

Time: 11:00
Student: Peeter Vahe (Computer Science BSc)
Title: Tartu Smart Bike Share Access Cards Authentication Analysis
Supervisor: Danielle Morgan
Reviewer: Alo Peets

June 11, 2021:

Time: 09:30
Student: Jan Erik Kriisk (Computer Science BSc)
Title: Security Analysis of RIA’s Authentication Service TARA
Supervisor: Arnis Paršovs
Reviewer: Kristjan Krips

Time: 11:00
Student: Siim Markus Marvet (Computer Science BSc)
Title: Collecting Statistics and Security Data on Estonian Domains
Supervisor: Alo Peets
Reviewer: Kristjan Krips

Links:
https://www.cs.ut.ee/sites/default/files/cs/defence_schedule_01-11.06.2021.pdf
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2021&language=en

Cybersecurity related master’s theses in University of Tartu 2021 (January)

Leave a reply

Student: Jayavarshini Thirumalai (Cyber Security MSc)
Title: An integrated approach for certification and re-certificationbased on the case study
Supervisor: Liina Kamm, Mari Seeba
Reviewer: Raimundas Matulevičius

Student: Valeh Farzaliyev (Computer Science MSc)
Title: Towards Practical Post-Quantum Voting Protocol: Shorter Exact Lattice-Based Proof of a Shuffle
Supervisor: Dominique Unruh, Jan Villemson
Reviewer: Janno Siim

Student: Jamil Gurbanzade (Computer Science MSc)
Title: Malicious Android app for security testing
Supervisor: Alo Peets
Reviewer: Denizalp Kapisiz

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2020 (June)

Leave a reply

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2020 (June)

The defences are taking place on the first and second week of June.

Student: Eric Cornelissen (Computer Science MSc)
Title: Cryptographic Analysis of the Message Layer Security Protocol in the Static Corruption Model
Supervisor: Chris Brzuska, Dominique Unruh
Reviewer: Behzad Abdolmaleki

Student: Risto Pärnapuu (Computer Science MSc)
Title: Verifiable Photo Snapshots
Supervisor: Sven Laur, Ahto Truu
Reviewer: Arnis Paršovs

Student: Anita Onyinye Nwaokolo (Cyber Security MSc)
Title: A Comparison of Privacy Enhancing Technologies in Internet of Vehicle Systems
Supervisor: Raimundas Matulevicius, Abasi-amefon Obot Affia
Reviewer: Pille Pullonen

Student: Rando Tõnisson (Software Engineering MSc)
Title: Security Risk Management in Autonomous Driving Vehicles: Architecture Perspective
Supervisor: Raimundas Matulevičius, Abasi-Amefon O. Affia
Reviewer: Danielle Morgan

Student: Silver Maala (Computer Science BSc)
Title: A Proof of Concept Malware for Interacting with the Smart-ID Android Application
Supervisor: Arnis Paršovs
Reviewer: Mart Oruaas

Student: Kärt Ilja (Computer Science BSc)
Title: Intercepting Network Traffic of the Smart-ID Android Application
Supervisor: Arnis Paršovs
Reviewer: Mart Oruaas

Student: Siim-Alexander Kütt (Computer Science BSc)
Title: Security Analysis of Tartu Smart Bike Share Android Application
Supervisor: Arnis Paršovs
Reviewer: Kristjan Krips

Student: Gregor Eesmaa (Computer Science BSc)
Title: Authorization of Web Requests Based on Merkle Trees
Supervisor: Kristjan Krips
Reviewer: Arnis Paršovs

Student: Hendrik Eerikson (Computer Science BSc)
Title: Privacy Preserving Fingerprint Idenfication
Supervisor: Riivo Talviste, Kristjan Krips
Reviewer: Jan Villemson

Student: Sergei Kuštšenko (Computer Science BSc)
Title: Implementation of election bulletin board using HyperLedger Fabric
Supervisor: Ivo Kubjas
Reviewer: Jan Villemson

Student: Markus Punnar (Computer Science BSc)
Title: Cryptosystem for Post-Quantum Age Based on Moderate-Density Parity Check (MDPC) Codes
Supervisor: Vitaly Skachek, Irina Bocharova
Reviewer: Raul Martin Rebane

Links:
https://www.cs.ut.ee/sites/default/files/cs/kaitsmised_-_defences_ver04-06-20.pdf
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2020

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2018/2019 (August)

Leave a reply

The defences took place on the last week of August.

Student: Aleksandr Tsõganov (Software Engineering MSc)
Title: Integrating User Identity with Ethereum Smart Contract Wallet
Supervisor: Orlenys López Pintado, Aivo Kalu, Kristjan Kuhi
Reviewer: Fredrik Payman Milani

Student: Rahul Puniani (Innovation and Technology Management MSc)
Title: Conceptualization of a Blockchain Based Voting Ecosystem in Estonia
Supervisor: Fredrik Payman Milani, Mihkel Solvak
Reviewer: Orlenys López Pintado

Student: Indrek Purga (Conversion Master in IT)
Title: Detection of forged PDF documents
Supervisor: Kristjan Krips
Reviewer: Alo Peets

Student: Shahla Atapoor (Computer Science MSc)
Title: On Privacy Preserving Blockchains and zk-SNARKs
Supervisor: Helger Lipmaa, Janno Siim, Karim Baghery
Reviewer: Ivo Kubjas

Student: Mart Simisker (Computer Science MSc)
Title: Security of Health Information Databases
Supervisor: Jan Willemson, Dominique Unruh
Reviewer: Meelis Roos

Links:
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2019
https://www.cs.ut.ee/sites/default/files/www_ut/augusti_kaitsmiste_ajakava_28-08-2019.pdf

Cyber Security Newsletter 2018-12-31

Leave a reply

[2018-12-21] Estonian criminal police has once again published job advertisement that requires to solve some puzzle. This time there is a cryptic MySQL database published.
https://geenius.ee/uudis/kui-suudad-selle-kruptilise-kuber-moistatuse-ara-lahenda-ootab-sind-eestis-ainulaadne-tookoht/
[2018-12-20] Martin Paljak discovered that PIN envelopes for the new generation Estonian ID cards (issued by IDEMIA) have a security flaw which allows to see through the envelope with flashlight.
https://news.err.ee/886313/new-id-card-issue-codes-can-be-read-using-torch-without-opening-envelope
https://tehnika.postimees.ee/6481827/ekspert-avastas-eesti-uue-id-kaardiga-seotud-turvaprohmaka
https://tehnika.postimees.ee/6486878/id-kaardi-turvaumbrik-ei-paista-enam-labi
[2018-12-19] Due to some human error, several confidential contracts were available publicly on the Ministry of the Environment file management system.
https://tehnika.postimees.ee/6481004/keskkonnaministeeriumist-lekkisid-arisaladused
[2018-12-12] RIA has announced EUR 315k procurement to create SIGa (Signature and Signature Validation Service) which will enable public authorities to add digital signature support to their e-services with minimal development costs. RIA has already created a federated authentication system (supports ID card, Mobile-ID and bank link authentication) which can be used by the public sector.
https://tehnika.postimees.ee/6475645/riik-loob-uhise-digiallkirjastamise-teenuse
[2018-12-04] Cryptography professor Dominique Unruh (UT) has been awarded a 1.7 million grant by ERC to develop quantum cryptography solutions and their computer-based control methods.
https://www.ut.ee/en/news/ut-researcher-awarded-significant-grant-e-estonia
[2018-12-03] The new generation ID cards are being issued by IDEMIA. The cards have color photo and new physical security features. Contact-less interface is disabled by default – requires security analysis before enabling. New cards uses different API (IAS ECC standard), therefore software has to be updated. In the new specification the “Card Management Key” has been renamed to “Police Key”. This has raised suspicion about possible backdoor key in the ID card.
https://news.err.ee/883962/estonia-s-first-new-id-cards-to-be-issued-this-week
https://geenius.ee/uudis/uute-id-kaartide-tootja-lubab-kaartide-isikustamine-toimub-rangelt-ainult-eestis/
https://geenius.ee/uudis/uutele-id-kaartidele-paaseb-ligi-politsei-votmega-milleks-see-moeldud-on/
[2018-11-28] Estonian Defence Forces Cyber Command (military unit performing also offensive cyber operations) is hiring. The competitive advantage for work in Cyber Command is that people are given quite free hands (because there is no money to be made) and access to exclusive weapon systems not seen in the private sector. The unit has been assembled from the existing staff and communications battalion. The primary recruitment point is the conscripts.
https://geenius.ee/uudis/uus-joud-eesti-it-tooturul-meelitab-helgemaid-paid/
https://geenius.ee/uudis/kuberajateenija-voib-juhtuda-et-tuleb-kirjutada-koodi-ka-lahingvarustuses/
[2018-11-28] The head of the Institute of Estonian Academy of Security Sciences (SKA) wants to hold a debate about making the state’s work easier by allowing it to analyze masses of cell phone data. There is an opinion that the state is already using far more cell phone data than is admissible for ensuring privacy.
https://news.postimees.ee/6464646/estonia-s-cyber-reputation-owed-to-putin
[2018-11-09] RIA’s Director General Taimar Peterkop has been appointed by the Prime Minister Jüri Ratas as Secretary of State. Peterkop played a key role in solving the 2017 ID card crisis. New head of RIA is to be appointed.
https://geenius.ee/uudis/ria-juht-taimar-peterkop-saab-uueks-riigisekretariks/
https://news.err.ee/875809/taimar-peterkop-named-new-secretary-of-state
[2018-11-08] Smart-ID solution has been certified by German TUViT as a qualified signature creation device (SSCD), hence Smart-ID signatures now are legally equivalent to handwritten signature. From service provider’s perspective, however, the transaction cost for Smart-ID is double the cost of Mobile-ID. Smart-ID still cannot be used for I-voting, because currently the law requires electronic voter identification using a document issued by the Estonian state.
https://news.err.ee/875538/smart-id-signatures-now-legally-equivalent-to-handwritten-signature
https://sk.ee/en/News/smart-ids-security-was-recognized-on-the-highest-possible-level/
https://geenius.ee/uudis/smart-id-arendaja-jargmise-sammu-peab-tegema-riik-et-smart-id-ga-avalikele-teenustele-ligi-paaseda/
https://geenius.ee/uudis/suur-uudis-smart-id-saab-vordseks-omakaelise-allkirja-ja-id-kaardiga/
https://geenius.ee/uudis/smart-id-vordsustamine-omakaelise-allkirjaga-tuli-eesti-riigile-ullatusena/
https://geenius.ee/uudis/elisa-smart-id-uuendus-on-tervitatav-aga-ei-paku-otseseid-eeliseid-vana-ees/
https://geenius.ee/uudis/telia-mobiil-id-on-endiselt-vajalik-ega-kao-kuskile/
https://geenius.ee/uudis/riigikogu-valimistel-e-haalt-smart-id-abil-anda-ei-saa-kull-tulevad-aga-mitmed-muud-vaiksemad-muudatused/
[2018-11-07] Estonians working in airports and airplanes must fill out a ten-page KAPO form, which requires them to specify, among other things, the names of Facebook, Twitter, Instagram and other social accounts, all telephone numbers, and even the current place of residence and contact details of “previous spouse or person similar to marriage”. It is estimated that up to 3,000 people may be subject to a such background check required by the Minister of the Interior from October 30.
https://ekspress.delfi.ee/kohver/reisiuudised-eesti-alustas-lennundustootajate-radikaalse-taustakontrolliga?id=84238029
[2018-11-07] Personal identification code for the woman was updated due to the change of date of birth. The state information systems were not ready for such change. Around 300 persons will get new personal identification code because of updated date of birth.
https://news.err.ee/875268/birth-date-mismatches-mean-nearly-300-getting-new-id-code
https://www.postimees.ee/6401054/87-aastase-oilme-taassund-raputas-e-riiki
[2018-11-06] PPA submitted one more claim against Gemalto asking 300k EUR for not informing PPA about the ID card ROCA vulnerability.
https://news.err.ee/874973/ppa-seeking-300-000-from-gemalto
[2018-11-06] RIA plans to create few 2-3 minutes long educational videos showing how cyber attacks happen.
https://geenius.ee/uudis/riik-tahab-hakata-demovideotega-naitama-kuidas-kuberrunnakud-tootavad/
[2018-11-06] Criminals took over transaction partners’ email accounts and phished out from Estonian company 80k EUR.
https://tehnika.postimees.ee/6446437/eesti-ettevote-langes-erakordse-kuberpettuse-ohvriks-ja-maksis-hakkeritele-kopsaka-summa
[2018-10-31] Owners of 3-year valid digital ID cards can remotely extend their Digi-ID validity to 5 years.
https://www.ria.ee/et/uudised/ppa-digi-id-kaartide-kehtivusaega-saab-kahe-aasta-vorra-pikendada.html
https://www.id.ee/index.php?id=39010
https://medium.com/e-residency-blog/estonia-is-extending-the-validity-period-of-32-000-digital-id-cards-810d6dbaf73b
[2018-10-25] Gemalto has submitted counter-claim against PPA for PPA being in bad faith (whatever it means) in the compromise negotiations in September.
https://news.err.ee/871871/former-id-card-manufacturer-gemalto-files-against-ppa
[2018-10-19] CERT.LV organized international cybersecurity conference “Cyberchess 2018”. Webapp pentester from Estonia Silvia Väli (Clarified Security) talked about the vulnerabilities she found in the Electron framework.
https://cert.lv/en/2018/09/cybersecurity-conference-cyberchess-2018
https://www.youtube.com/watch?v=NXq1uVyBbkU
[2018-10-18] SilverTicket system had a flaw which allowed to buy tickets without paying for them. The user had to simply access the return URL visible in the bank link request.
https://geenius.ee/uudis/turvaauk-eesti-piletiportaalist-sai-endale-tasuta-pileteid-valjastada/
[2018-10-15] Due to unknown error, for years sensitive personal data of children was publicly available in the Estonian Schools Information System (EKIS) document register.
https://news.postimees.ee/6431380/personal-information-of-children-publicly-available-for-years
https://geenius.ee/uudis/koolide-infosusteemist-lekkisid-opilaste-iseloomustused/
[2018-10-10] Interview in jail with Russian student Aleksei Vasilev accused of penetrating state systems on the orders of FSB. According to him, he wrote a code to access the internal wireless network of an unnamed state agency. He is disappointed that Russian authorities show no interest to help him in his situation.
https://news.postimees.ee/6426230/spy-left-out-in-the-cold-my-homeland-forgot-about-me
[2018-10-10] In the Riigikogu scientific policy conference Professor of Information Security Ahto Buldas (TalTech) in his presentation “E-government base-technologies as a secure protector” stated that current e-government information systems have not been built with the knowledge of engineering based on scientific worldview and attack resistance of systems and components has not been measured. He invited the state to cooperate with universities.
https://novaator.err.ee/867961/teadlane-eesti-e-riigi-kui-susteemi-rundekindlust-ei-tahetagi-moota
[2018-10-05] Starting from November it is possible to buy tickets in Tallinn public transport using contact-less bank cards.
http://forte.delfi.ee/news/digi/uus-valideerimissusteem-toob-kaasa-muudatused-opilastele-ja-mitme-kaardiga-viipajatele?id=83891613
http://forte.delfi.ee/news/digi/video-puust-ja-punaseks-kuidas-toimib-uus-viipemaksetega-validaator?id=83902919
[2018-10-01] Estonian police is using license plate recognition cameras on the Estonian roads (scale not known). Large part of cameras used by police have known security vulnerabilities.
https://geenius.ee/uudis/eesti-politsei-kasutab-kahtlaseid-hiina-kaameraid-mis-on-usas-turvakaalutlustel-keelatud/
[2018-09-27] Police (PPA) sued Gemalto claiming 152 million for generating keys outside Estonian ID card.
https://news.err.ee/864523/police-claim-152-million-from-id-card-producer-gemalto
[2018-09-21] Last year Estonian security authorities eavesdropped on a total of 4,596 calls made in Telia’s network. This is ten times that of Sweden (taking into account countries’ population). Judges sign off on an average of 90% of the wiretap requests. Of all wiretaps 30% concern drug crime investigations, and another 30% suspected corruption cases. Number of wiretaps has stayed the same in recent years. For the purpose of counterintelligence the Office of the Prosecutor General does not need to suspect someone of having committed a crime to order a wiretap. Frequently the information obtained is in turn used to open actual criminal proceedings against individuals.
https://news.err.ee/862992/estonian-state-taps-ten-times-as-many-phones-as-sweden-finland
https://news.err.ee/866369/prosecutor-sees-no-problem-with-high-number-of-wiretaps-lawyers-disagree
[2018-09-20] Professor of eGovernment Robert Krimmer (TalTech) calculated price for voting, i-vote being the cheapest (2.32 EUR) compared to voting on election day (4.37 EUR).
https://tehnika.postimees.ee/6409689/hinnalipik-sai-kulge-kui-palju-maksab-uks-haal-eesti-valimistel
[2018-09-19] eID Forum 2018 was held on 19-20 September. ID card 2017 crisis was among the discussed topics.
https://www.eidforum.org/agenda
https://novaator.err.ee/862756/oppetund-id-kaardi-kriisist-me-ei-peaks-ootama-tehnoloogialt-taiuslikkust
[2018-09-18] In the context of upcoming elections, RIA will provide personalized cybersecurity counseling to political parties and will pentest their websites. RIA has also significantly contributed to the ENISA handbook on election security “Compendium on Cyber Security of Election Technology”.
https://geenius.ee/uudis/riik-hakkab-otsima-erakondade-veebide-norkusi-ja-koolitama-kandidaate/
https://www.ria.ee/en/news/european-union-members-share-advice-cyber-security-elections.html
https://www.err.ee/851275/ria-euroopa-parlamendi-valimised-voivad-saada-kuberrunnakute-marklauaks
[2018-09-17] Cybernetica AS and TalTech organizes Second Workshop on the Protection of Long-Lived Systems (17-18 September, Pärnu, Estonia).
http://plls2018.ttu.ee/
[2018-09-12] Draft regulation has been prepared for allowing the face recognition robots to identify people who apply for Mobile-ID. The purpose is to enable enrollment for Mobile-ID without the need to confirm the application using the ID-card. It would be necessary to visit the PPA only if identification by robot fails.
https://news.postimees.ee/6403388/estonia-to-have-ai-identify-people
[2018-09-07] Cybernetica AS won the defense ministry’s procurement to prepare study to identify opportunities in the Estonian economy in the field of cryptography and to develop concrete proposals to enable the development of the field at national level.
http://www.ituudised.ee/uudised/2018/09/07/cybernetica-asub-uurima-kruptomajandust
[2018-09-06] Apparently Gemalto leaked to local journalists some internal presentation trying to convince the public that Gemalto informed the Estonian state about the ID card vulnerability (ROCA) already in June 15, 2017. In the response PPA concluded that Gemalto is not interested in compromise and will settle the dispute in court.
https://tehnika.postimees.ee/6277212/miljoneid-maksma-lainud-kuberuimerdamine
https://news.postimees.ee/6399999/police-to-take-gemalto-to-court-postimees
https://geenius.ee/uudis/hans-lougas-kuidas-meile-id-kaardi-kriisi-kohta-dokumendid-lekitati-ja-miks-me-neid-ei-usu/
[2018-09-05] Märt Põder in Civic Tech Stockholm #2 explains Estonian I-voting.
https://youtu.be/nllpriKcmVY?t=2876
[2018-09-04] Article “Key Factors in Coping with Large-scale Security Vulnerabilities in the eID Field” by Silvia Lips, Ingrid Pappel, Valentyna Tsap, Dirk Draheim. Describes few positive and negative effects of the vulnerability and key factors that helped to cope with the Estonian ID-card crisis 2017.
https://link.springer.com/chapter/10.1007%2F978-3-319-98349-3_5
[2018-09-04] Heli Tiirmaa-Klaar has been appointed cybersecurity ambassador (Ambassador at Large for Cyber Diplomacy), being responsible for developing Estonia’s foreign policy on cyber security, ensuring its coordinated implementation, representing Estonia in international organisations and contributing to international cooperation in the field.
https://vm.ee/en/news/estonia-appoints-heli-tiirmaa-klaar-its-first-ambassador-large-cyber-security
[2018-09-01] Jaak Tarien takes over as director of NATO CCDCOE. The current director Merle Maigre will go to work for CybExer Technologies.
https://news.err.ee/853814/col-jaak-tarien-to-take-over-as-director-of-nato-ccd-coe
[2018-08-31] Significant DDoS attack by unknown actors for half an hour hit news portals owned by Express Group (Delfi, EPL, Eesti Ekspress, Õhtuleht) and PPA website.
http://forte.delfi.ee/news/digi/eesti-asutusi-ja-ettevotteid-tabasid-eile-kuberrunnakud?id=83515931
https://geenius.ee/uudis/eestit-rasib-ddos-runnakute-laine-mis-see-on-kust-see-tuleb-ja-kuidas-ennast-kaitsta/
[2018-08-08] There are ideas for the next generation ID card to replace PIN-based cardholder verification with fingerprint verification.
https://geenius.ee/uudis/plaani-id-kaart-saab-pin-koodide-asemele-sormejalje-ning-dokumentide-saaks-iseteeninduskioskitest/
[2018-08-06] Tele2 could not provide roaming service for its customers due to faulty software update by Comfone. The failure lasted for several hours. As a compensation Tele2 will cancel the monthly bill for the affected customers.
https://geenius.ee/uudis/tele2-tuhistab-pea-20-000-eestlasel-randlusteenuse-rikke-tottu-augusti-arved/
[2018-07-22] Card payments and ATMs for two hours were down on Sunday due to malfunction on Nets Estonia side.
https://majandus24.postimees.ee/5904349/kaardimakseterminalid-ule-eesti-lakkasid-tootamast
[2018-07-06] Smart-ID is soon to be certified as qualified signature creation device (QSCD). This will require change from 4096-bit to 6144-bit RSA keys (providing 3072-bit RSA security).
https://github.com/SK-EID/smart-id-documentation/wiki/Smart-ID-service-will-start-to-use-6K-RSA-keys

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2017/2018

Leave a reply

Cyber Security Msc thesis:

Cost-Benefit Analysis of a Hybrid Terrorist Attack on a Power Plant
Student: Avramenko Valeriia
Supervisor: Hayretdin Bahşi, Raimundas Matulevičius

HoneyProxy Implementation in Cloud Environment with Docker HoneyFarm
Student: Ahmed Elazazy
Supervisor: Anton Vedeshin, Truls Tuxen Ringkjob, Raimundas Matulevicius

Testing the Security Awareness Using Open-Source Tools – Spear Phishing
Student: Karina Filipczak
Supervisor: Sten Mäses, Raimundas Matulevičius

Assessing Generational Differences in Susceptibility to Social Engineering Attacks. A Comparison Between Millennial and Baby Boomer Generations
Student: Lejla Islami
Supervisor: Olaf Manuel Maennel, PhD Raimundas Matulevicius, PhD

How to Conduct Email Phishing Experiments
Student: Kaspar Jüristo
Supervisor: Sten Mäses, Olaf M. Maennel, Raimundas Matulevičius

Evaluation of Efficiency of Cybersecurity
Student: Mikko Luomala
Supervisor: Yannick Le Moullec, Jyri Paasonen, Meelis Roos

Fingerprinting a Organization Using Metadata of Public Documents
Student: Karl Mendelman
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius

Detecting Social Spamming on Facebook Platform
Student: Ghada Zakaria Mohamed
Supervisor: Innar Liiv , Raimundas Matulevičius

Forensic Data Properties of Digital Signature BDOC and ASiC-E Files on Classic Disk Drives
Student: Raul Nugis
Supervisor: Pavel Laptev, Raimundas Matulevičius

Online Cyber Security Exercise to Evaluate and Improve Individual Technical Specialists’ Cyber Incident Reporting Skills
Student: Andres Oras
Supervisor: Sten Mäses, Margus Ernits, Raimundas Matulevicius

Ensuring the Integrity of Electronic Health Records
Student: Alvar Ristikivi
Supervisor: MSc Jaan Priisalu, PhD Raimundas Matulevičius

Related thesis from other curricula:

A Tool for Supporting Multi-Perspective System Development Through Security Risk Management
Student: Madis Kaasik
Supervisor: Raimundas Matulevičius
Master – Software Engineering

Post-Quantum Secure Time-Stamping
Student: Raul-Martin Rebane
Supervisor: Dominique Peer Ghislain Unruh
Master – Computer Science

Prediction Model for Tendencies in Cybersecurity
Student: Erik Räni
Supervisor: Justinas Janulevičius, Raimundas Matulevičius
Master – Software Engineering

Quantum-Secure Coin Toss Protocol Using Collapse-Binding Commitments
Student: Kristiine Saarmann
Supervisor: Dominique Unruh
Bachelor – Computer Science

Tool Support for Privacy-Enhanced Business Process Model and Notation
Student: Aivo Toots
Supervisor: Pille Pullonen, Luciano García-Bañuelos
Bachelor – Computer Science

Dangers of Phishing Based on a Tech-Company
Student: Lauri Välja
Supervisor: Kristjan Krips
Bachelor – Computer Science

Finding Java Security Vulnerabilities Using Static Analysis: Whence the Problem?
Student: Harald Astok
Supervisor: Vesal Vojdani
Bachelor – Computer Science

Links:
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2018

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2015/2016

1 Reply

university_of_tartu_logo

Defense committee: Dominique Unruh (chairman), Siim Karus, Vitaly Skachek, Dirk Oliver Theis, Raimundas Matulevicius.

A Cost-Effective Approach to Key Management in Online Voting Scenarios
Abstract: Since smart cards both offer reasonable prices and expose an API for development, this document evaluates different approaches to implement threshold encryption over smart cards to support an electoral process.
Student: Sergio Andrés Figueroa Santos
Curriculum: NordSecMob (MSc)
Supervisor: Sven Heiberg, Helger Lipmaa, Tuomas Aura
Reviewer: Ivo Kubjas
Defense: 02.06.2016, 09:00, Liivi 2-405

Revision of Security Risk-oriented Patterns for Distributed Systems
Abstract: In this thesis, we target the secure system development problem by suggesting application of security risk-oriented patterns. The applicability of these security risk-oriented patterns is validated on business processes from aviation turnaround system.
Student: Silver Samarütel
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Alexander Horst Norta
Defense: 02.06.2016, 09:00, Liivi 2-405

Role Based Access Control as SecureUML Model in Web Applications Development with Spring Security
Abstract: In order to support and simplify the model-driven approach for a web application development with Spring platform, realization of a concept plugin for Eclipse IDE is proposed. This plugin supports the recognition of Spring Security notations with capability to visualize the RBAC model on top of them.
Student: Andrey Sergeev
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Henri Lakk
Defense: 02.06.2016, 09:00, Liivi 2-405

Secure and Efficient Mix-Nets
Abstract: This thesis studies a zero-knowledge shuffle argument proposed by J. Furukawa in 2005. Firstly, we provide a more detailed and easily readable description of the shuffle and shuffle-decryption zero-knowledge protocols than in the original paper. Secondly, we provide two new characterizations of a permutation matrix and two simple modifications of the shuffle protocol that reduce the computational complexity.
Student: Janno Siim
Curriculum: Computer Science (MSc)
Supervisor: Helger Lipmaa
Reviewer: Sven Laur
Defense: 02.06.2016, 09:00, Liivi 2-405

A Comprehensive Protocol Suite for Secure Two-Party Computation
Abstract: In some scenarios, a two-party model is a better fit when no natural third party is involved in the application. In this work, we design and implement a full protocol suite for two-party computations on Sharemind, providing an alternative and viable solution in such cases.
Student: Sander Siim
Curriculum: Computer Science (MSc)
Supervisor: Dan Bogdanov, Pille Pullonen
Reviewer: Dominique Unruh
Defense: 06.06.2016, 09:00, Liivi 2-405

An improved type system for a privacy-aware programming language and its practical applications
Abstract: he goal of this thesis is to make it easier to add protection domain kinds to the SecreC language by allowing the programmer to define the protection domain kind data types, arithmetic operations and type conversions in the SecreC language without changing the compiler.
Student: Ville Sokk
Curriculum: Computer Science (MSc)
Supervisor: Dan Bogdanov, Jaak Randmets
Reviewer: Vesal Vojdani
Defense: 06.06.2016, 09:00, Liivi 2-405

Energy Harvesting in Cooperative Communications
Abstract: Energy harvesting (EH) is a crucial technology for a variety of wireless systems that have limited access to a reliable electricity supply or recharging sources. In this thesis, the design of a multiple access relay system (MARS) using EH is considered.
Student: Akashkumar Rajaram
Curriculum: Cyber Security (MSc)
Supervisor: Nalin Jayakody, Vitaly Skachek
Reviewer: Bin Chen
Defense: 06.06.2016, 09:00, Liivi 2-405

Security of Eduroam Passwords
Abstract: The University of Tartu has decided that the university’s eduroam accounts will share the same user credentials as the rest of the university’s services. This could potentially be abused by exploiting weaknesses in wireless security in order to gain access to a user’s university account. The aim of this research was to uncover any such weaknesses.
Student: Raul-Martin Rebane
Curriculum: Computer Science (BSc)
Supervisor: Dominique Unruh
Reviewer: Meelis Roos
Defense: 06.06.2016, 09:00, Liivi 2-405

Applying a Security Testing Methodology: a Case Study
Abstract: This thesis aims to describe and apply a process necessary to verify the security of a web application. A checklist of security requirements was gathered combining OWASP ASVS web application security standard and OWASP Top Ten project.
Student: Karin Klooster
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos, Margus Freudenthal
Reviewer: Kritjan Krips
Defense: 08.06.2016

Word frequency based log analysis
Abstract: The purpose of this bachelor thesis is to explore if you can use word frequency based analysis for log files and find interesting events without knowing the log structure.
Student: Karl Lääts
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos
Reviewer: Artjom Lind
Defense: 08.06.2016

Randomly Distributed PIN Code Input Layout
Abstract: This thesis examines the possibility of reducing the visual security breach of PIN code input by randomising the input field.
Student: Rain Tõugjas
Curriculum: Computer Science (BSc)
Supervisor: Tauno Palts, Kristjan Krips
Reviewer:
Defense: 08.2016

Smart Home Hacking
Abstract: This work investigates the security and privacy issues found at an emerging smart home technology such as the CoSSMic platform.
Student: Suela Kodra
Curriculum: NordSecMob (MSc)
Supervisor: Danilo Gligoroski, Marie Moe, Dominique Unruh
Reviewer: Raimundas Matulevičius
Defense: 18.08.2016, 09:30, Liivi 2-403

Cache-Timing Techniques: Exploiting the DSA Algorithm
Abstract: This work explains some of the cache-timing techniques commonly used to exploit vulnerable software. Using a particular combination of techniques and exploiting a vulnerability found in the implementation of the DSA signature scheme in the OpenSSL shared library, a cache-timing attack is performed against the DSA’s sliding window exponentiation algorithm.
Student: Cesar Pereida Garcia
Curriculum: NordSecMob (MSc)
Supervisor: Billy Bob Brumley, Dominique Unruh, N. Asokan
Reviewer: Arnis Paršovs
Defense: 26.08.2016, 11:00, Liivi 2-403

Links:
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2016
http://www.cs.ut.ee/sites/default/files/2016/loput88d/Kaitsmiste%20ajakava.pdf

Evaluation of Research in ICT in Estonia 2009–2014: Evaluation Report 5/2015

Leave a reply

ETAG_logo
Tallinn University of Technology:

4.4.15. Research Group: Faculty of Information Technology: Cyber Security
The group is led by Prof. Olaf Maennel. It is a very young and active group, started around 2013. The main interests of the group are in intrusion detection, testing security policies, and security simulation exercises. They have gained a European FP7 project on E-Crime. The group is still establishing itself in research and its activities are promising. The number and quality of publications is still limited and should be increased. This can be done since the leader of the group is well cited. Assessment: The panel judges the research to be of high international level. The overall evaluation of the group is good.

University of Tartu:

4.6.10. Research Group: Institute of Computer Science: Cryptography and Theoretical Computer Science
This group represents a number of subunits, with 6 topics led by 5 lead PIs (Sven Laur, Helger Lipmaa, Vitaly Skachek, Dirk Oliver Theis, Dominique Unruh). The group was restructured in 2011 with the recruitment of Unruh and Lipmaa. The group addresses six key research topics, namely classical cryptography, quantum cryptography, coding theory, combinatorics and algorithms, security, and verification of cryptography. All topics are related to computer security.
The research highlights include quantum proofs of knowledge, privacy-preserving data-mining, efficient non-interactive zero-knowledge proofs, communication complexity and the rank of matrices, and permutation codes. The group claims 8 level 1.1 publications, which seems a bit low. However, it is also a bit misleading since their list of 30 best papers includes 11 articles in top or at least internationally well recognized journals (J Cryptology, European J Combinatorics, IEEE Tr Information Theory, IEEE J selected areas in communication, Theoretical Computer Science, Journal of Computer Security, Bioinformatics, European J. Operations Research), besides 7 papers in the very best conferences (FOCS, Crypto, Eurocrypt, ICALP). Remaining top 30 items are papers in more specialized cryptography and security venues like ACM CCS, PKC, SCN, CSF, Eurocomb. Publication rate of top level papers has increased significantly over the evaluation period.
Many of the students (10+) are working in related industrial SMEs such as Cybernetica. They are contributing to several practical applications such as e-voting. The group is recommended to keep its current high quality and volume of output, and to develop some additional internationally financed projects. Based on the evidence, panel judges the research to be of high international level. Because of the strong upward trend the overall evaluation of the group is excellent.

Links:
http://www.etag.ee/wp-content/uploads/2012/05/Evaluation_raport2015veeb.pdf

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2014/2015

Leave a reply

university_of_tartu_logo

An Empirical Comparison of Approaches for Security Requirements Elicitation
Abstract: Security Quality Requirements Engineering (SQUARE) and Security Requirements Elicitation from Business Processes (SREBP). This thesis compares the two methods based on an empirical case study of the Estonian Football Association. The elicited security requirements are categorized and the completeness of their coverage is compared.
Student: Karl Kolk
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Fredrik Payman Milani
Defense: 26.02.2015

The Analysis and Design of a Privacy-Preserving Survey System
Abstract: This master’s thesis describes the design and business processes of the prototype of a secure survey system using secure multi-party computation. The design of the system is also described in this paper and is illustrated with a deployment model.
Student: Meril Vaht
Curriculum: Cyber Security (MSc)
Supervisor: Dan Bogdanov
Reviewer: Raimundas Matulevicius
Defense: 04.06.2015, 09:00, Liivi 2-405

Pattern Based Security Requirement Derivation with Security Risk-aware Secure Tropos
Abstract: In this master thesis we investigate the integration of a pattern based security requirement elicitation process in the goal-oriented IS development. By performing this integration we aim at providing a process that enables the elicitation of security requirements from Security Risk-aware Secure Tropos (RAST) models. The contribution of this thesis are five Security Risk-aware Patterns expressed using RAST.
Student: Atilio Rrenja
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Peep Küngas
Defense: 04.06.2015, 09:00, Liivi 2-405.

Comparing Security Risk-oriented Modelling Languages to Manage Social Engineering Risks
Abstract: The paper applies structured approach in identification of one security risk management standard that can be applied with different modelling languages. For a more in-depth analysis in this paper considered several modelling languages as BPMN, Secure Tropos and Misuse case.
Student: Sarbar Tursunova
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevicius
Defense: 04.06.2015, 09:00, Liivi 2-405.
Reviewer: Olga Altuhhova

Analysis and Mitigation of Recent Attacks on Mobile Communication Backend
Abstract: This thesis presents a broad and thorough overview and analysis of the known attacks against mobile network signaling protocols and the possible mitigation strategies. The attacks are presented in a uniform way, in relation to the mobile network protocol standards and signaling scenarios. Moreover, this thesis also presents a new attack that enables a malicious party with access to the signaling network to remove lost or stolen phones from the blacklist that is intended to prevent their use.
Student: Siddharth Prakash Rao
Curriculum: NordSecMob (MSc)
Supervisor: Tuomas Aura
Supervisor: Dominique Unruh
Supervisor: Silke Holtmanns
Supervisor: Ian Oliver
Reviewer: Arnis Paršovs
Defense: 09.06.2015, 09:00, Liivi 2-405.

Entropy Based Robust Watermarking Algorithm
Abstract: In this work, multiple robust watermarking algorithms are introduced. They embed watermark image into singular values of host image’s blocks with low entropy values. The quantitative and qualitative experimental results are indicating that the proposed algorithms are imperceptible and robust against many signal processing attacks.
Student: Lauri Laur
Curriculum: Software Engineering (MSc)
Supervisor: Gholamreza Anbarjafari
Supervisor: Mary Agoyi
Reviewer: Kaveh Khoshkhah
Defense: 09.06.2015, 09:00, Liivi 2-405.

NFC Security Solution for Web Applications
Abstract: This thesis compares existing and possible security solutions for web applications, analyses NFC compatibility for security solutions and proposes a new NFC authentication and signing solution using Google Cloud Messaging service and NFC Java Card. This new proposed solution enables authentication and signing via NFC enabled mobile phone and NFC Java Card without any additional readers or efforts to be made.
Student: Jonas Kiiver
Curriculum: Software Engineering (MSc)
Supervisor: Eero Vainikko
Reviewer: Meelis Roos
Defense: 09.06.2015, 09:00, Liivi 2-404.

Applying Estonian Internet Voting Individual Verification System to Other Electoral Systems
The current paper gives an overview of the Estonian internet voting individual verification system and introduces different ballot styles. It proposes and describes modifications to the Estonian system, so it could be used for individual verification with the introduced ballot styles and multiple elections.
Student: Joonas Lõmps
Curriculum: Informatics (BSc)
Supervisor: Sven Heiberg
Reviewer: Arnis Paršovs
Defense: 12.06.2015, 09:00, Liivi 2-404

Secure Bitcoin Wallet
This report outlines various methods and solutions targeting security concerns and aims to understand their effectiveness. It also describes Secure Bitcoin Wallet, standard Bitcoin transactions client, enhanced with various security features and services.
Student: Sevil Guler
Curriculum: NordSecMob (MSc)
Supervisor: Sead Muftic, Vitaly Skachek
Reviewer: Arnis Paršovs
Defense: 27.08.2015

Links:
http://comserv.cs.ut.ee/forms/ati_report/index.php?language=en
http://www.cs.ut.ee/en/msc/theses/deadlines