Tag Archives: Jaan Priisalu

Cyber Security master’s theses defense in TalTech (May 2019)

May 27th, 2019, Akadeemia Tee 15a, Room ICT-411.

Time: 10:00
Student: Olesia Yaremenko
Title: Skills Evaluation of Participants of Cybersecurity Exercises on the Example of a Virtual Hands-on Forensic Lab
Supervisor: Sten Mäses
Reviewer: Kaie Maennel

Time: 10:40
Student: Saber Yari
Title: Creating Cyber Security Exercises for Open Source Intelligence and Reverse Engineering
Supervisor: Sten Mäses
Reviewer: Birgy Lorenz

Time: 11:20
Student: Heleri Aitsam
Title: Teaching Cyberethics and Measuring Cyberethical Behavior in a Classroom Setting
Supervisor: Sten Mäses
Reviewer: Birgy Lorenz

LUNCH 12:00-12:40

Time: 12:40
Student: Jaana Metsamaa
Title: Framework for Measuring and Maximizing Security Feature Impact in Business to Business SaaS Products
Supervisor: Andro Kull
Reviewer: Erwin Orye

Time: 13:20
Student: Bitchiko Kodua
Title: Creating Labs for Web Application Security and Methods of Defining Difficulty Levels
Supervisor: Hayretdin Bahsi
Reviewer: Kaie Maennel

BREAK 14:00-14:30

Time: 14:30
Student: Jorge Alberto Medina Galinda
Title: Generation of Malware Behavioral Datasets in a Medium Scale IoT Networks
Supervisor: Hayretdin Bahsi
Reviewer: Olaf Maennel

Time: 15:10
Student: Roman Kononov
Title: Macintosh Operating System Exploitation and Intrusion Prevention
Supervisor: Toomas Lepik
Reviewer: Olaf Maennel

Time: 15:50
Student: Kristine Hovhannisyan
Title: Applying Confidence-Building Measures to Cyber Conflict: Computer Emergency Response Cooperation and Cyber Espionage
Supervisor: Eneken Tikk; Olaf Maennel
Reviewer: Anna-Maria Osula

May 28th, 2019, Akadeemia Tee 15a, Room ICT-315.

Time: 10:00
Student: Alberto Zorrilla Garza
Title: Beaconleak: Use and Detection of 802.11 Beacon Stuffing as a Covert Channel
Supervisor: Olaf Maennel
Reviewer: Hayretdin Bahsi

Time: 10:40
Student: Krishna Vaishnav
Title: Analysis of WhatsApp Data Obtained before the General Election (Lok Sabha) 2019 in India
Supervisor: Olaf Maennel
Reviewer: Adrian Venables

Time: 11:20
Student: Alessandro Mirani
Title: Unintentional Cybercrime
Supervisor: Tiia Sõmer
Reviewer: Sten Mäses

LUNCH 12:00-12:40

Time: 12:40
Student: Abenezer Berhanu Weldegiorgis
Title: Developing National Cybersecurity Strategy for Ethiopia
Supervisor: Mika Kerttunen
Reviewer: Tiia Sõmer

Time: 13:20
Student: Tambet Paljasma
Title: Validating Docker Image and Container Security Using Best Practices and Company Policies
Supervisor: Margus Ernits
Reviewer: Alejandro Guerra Manzanares

BREAK 14:00-14:20

Time: 14:20
Student: Kirke Pralla
Title: Creation of Freely Accessible Interactive Training Materials for Secure Android Development
Supervisor: Margus Ernits
Reviewer: Alejandro Guerra Manzanares

Time: 15:00
Student: Annika Aavaste
Title: How to Improve Data Protection and Information Security in Local Governments Using GDPR compliant training
Supervisor: Eneken Tikk
Reviewer: Matthew Sorell

Time: 15:40
Student: Randel Raidmets
Title: A Comparative Analysis of Open-Source Full Packet Capture Software Solutions
Supervisor: Mauno Pihelgas
Reviewer: Risto Vaarandi

May 29th, 2019, Akadeemia Tee 15a, Room ICT-315.

Time: 10:00
Student: Nikita Kuznietsov
Title: Researching Underground Forums to Improve Fraud Detection at TransferWise [RESTRICTED defense]
Supervisor: Jaan Priisalu; Sandra Horma
Reviewer: Aleksandr Lenin

Time: 10:40
Student: Kristopher Ryan Price
Title: Analysis of the Impact of Poisoned Data within Twitter Classification Models
Supervisor: Jaan Priisalu; Sven Nõmm
Reviewer: Kieren Lovell

Time: 11:20
Student: Andreas Jürimäe
Title: The Security Implications of DMARC in Estonian Goverment Institutions Based on Phishing Attacks in Cambridge University
Supervisor: Kieren Lovell
Reviewer: Hayretdin Bahsi

LUNCH 12:00-12:40

Time: 12:40
Student: Vita Krainik
Title: Distributed Consensus Problems and Protocols: a Systematic Literature Review
Supervisor: Ahto Buldas
Reviewer: Alex Norta

Time: 13:20
Student: Deniz Basar
Title: Uniqueness Criteria for Blockchain Type Distributed Ledgers
Supervisor: Ahto Buldas
Reviewer: Jaan Priisalu

BREAK 14:00-14:20

Time: 14:20
Student: Henry Okere
Title: Analysis of a Node-based Integrity Attack on Networked SCADA Power Plant
Supervisor: Hayretdin Bahsi
Reviewer: Ahto Buldas

Time: 15:00
Student: Mostafa Hadi
Title: Making the shift from DevOps to DevSecOps at Distribusion Technologies GmbH
Supervisor: Hayretdin Bahsi
Reviewer: Kieren Lovell

Time: 15:40
Student: Joanna Rose Castillon Del Mar
Title: Automated Photo Categorization for Digital Forensic Analysis Using a Machine Learning-Based Classifier
Supervisor: Hayretdin Bahşi; Leo Mršić; Krešimir Hausknecht
Reviewer: Matthew Sorell

May 30th, 2019, Akadeemia Tee 15a, Room ICT-315.

Time: 10:00
Student: Kayla Marie Cannon
Title: America’s Panopticon: Privacy Implications of Facial Recognition By Law Enforcement
Supervisor: Mika Kerttunen
Reviewer: Hayretdin Bahsi

Time: 10:40
Student: Andres Antonen
Title: Securing an Automated Code Testing System
Supervisor: Ago Luberg
Reviewer: Toomas Lepik

Time: 11:20
Student: Jessica Ai Truong
Title: Evaluating the Detection Accuracy of JA3 and JA3S in Security Monitoring of SSL Communication
Supervisor: Hayretdin Bahsi
Reviewer: Toomas Lepik

LUNCH 12:00-12:40

Time: 12:40
Student: Tornike Nanobashvili
Title: Improving the Use of a Cyber-Insurance Product in Georgia: the Example of Commercial Banks
Supervisor: Eneken Tikk; Mika Kerttunen
Reviewer: Hayretdin Bahsi

Time: 13:20
Student: Arefeh Fathollahi Kalkhoran
Title: Data Breach: NIST and GDPR
Supervisor: Eneken Tikk
Reviewer: Mika Kerttunen

BREAK 14:00-14:20

Time: 14:20
Student: Chinmay Khandekar
Title: Cookie Security and its Implementation in the Light of GDPR and E-Privacy Regulation
Supervisor: Eneken Tikk
Reviewer: Rain Ottis

Time: 15:00
Student: Nurbanu Konayeva
Title: Application of Active Learning for Botnet Detection
Supervisor: Hayretdin Bahsi; Sven Nõmm
Reviewer: Risto Vaarandi

Time: 15:40
Student: Raul Ezequiel Jimenez Haro
Title: Forensic Tool to Study and Carve Virtual Machine Hard Disk Files
Supervisor: Pavel Laptev
Reviewer: Hayretdin Bahsi

May 31th, 2019, Akadeemia Tee 15a, Room ICT-315.

Time: 10:00
Student: Maarja Heinsoo
Title: Implications of Information Security Culture on Risk Management – Case of a Technology Company
Supervisor: Hayretdin Bahsi
Reviewer: Kaie Maennel

Time: 10:40
Student: Prabin Krishna Subedi
Title: Forensics Analysis of Client-Side Artifacts in Cloud-Based Applications
Supervisor: Hayretdin Bahsi
Reviewer: Matthew Sorell

Time: 11:20
Student: John Chukwufumnanya George
Title: Analysis of the Impact of Bank Verification Number on Financial Security in Nigeria and Potential Cyber Threat Through Social Engineering
Supervisor: Andro Kull
Reviewer: Sten Mäses

LUNCH 12:00-12:40

Time: 12:40
Student: Roman Müller
Title: Analysis of the Estonian X-tee network based on centralized log data [RESTRICTED defence]
Supervisor: Jaan Priisalu; Sven Nõmm
Reviewer: Peeter Laud

Time: 13:20
Student: Ragnar Kobin
Title: A Model for Evaluating State Cyber Security Exercises
Supervisor: Rain Ottis; Kim Joonsoo
Reviewer: Tiia Sõmer

Time: 14:20
Student: Sasan Rezaeifars
Title: Hands-on Lab for Teaching Security Misconfiguration and Broken Authentication
Supervisor: Sten Mäses
Reviewer: Andro Kull

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2017/2018

Cyber Security Msc thesis:

Cost-Benefit Analysis of a Hybrid Terrorist Attack on a Power Plant
Student: Avramenko Valeriia
Supervisor: Hayretdin Bahşi, Raimundas Matulevičius

HoneyProxy Implementation in Cloud Environment with Docker HoneyFarm
Student: Ahmed Elazazy
Supervisor: Anton Vedeshin, Truls Tuxen Ringkjob, Raimundas Matulevicius

Testing the Security Awareness Using Open-Source Tools – Spear Phishing
Student: Karina Filipczak
Supervisor: Sten Mäses, Raimundas Matulevičius

Assessing Generational Differences in Susceptibility to Social Engineering Attacks. A Comparison Between Millennial and Baby Boomer Generations
Student: Lejla Islami
Supervisor: Olaf Manuel Maennel, PhD Raimundas Matulevicius, PhD

How to Conduct Email Phishing Experiments
Student: Kaspar Jüristo
Supervisor: Sten Mäses, Olaf M. Maennel, Raimundas Matulevičius

Evaluation of Efficiency of Cybersecurity
Student: Mikko Luomala
Supervisor: Yannick Le Moullec, Jyri Paasonen, Meelis Roos

Fingerprinting a Organization Using Metadata of Public Documents
Student: Karl Mendelman
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius

Detecting Social Spamming on Facebook Platform
Student: Ghada Zakaria Mohamed
Supervisor: Innar Liiv , Raimundas Matulevičius

Forensic Data Properties of Digital Signature BDOC and ASiC-E Files on Classic Disk Drives
Student: Raul Nugis
Supervisor: Pavel Laptev, Raimundas Matulevičius

Online Cyber Security Exercise to Evaluate and Improve Individual Technical Specialists’ Cyber Incident Reporting Skills
Student: Andres Oras
Supervisor: Sten Mäses, Margus Ernits, Raimundas Matulevicius

Ensuring the Integrity of Electronic Health Records
Student: Alvar Ristikivi
Supervisor: MSc Jaan Priisalu, PhD Raimundas Matulevičius

Related thesis from other curricula:

A Tool for Supporting Multi-Perspective System Development Through Security Risk Management
Student: Madis Kaasik
Supervisor: Raimundas Matulevičius
Master – Software Engineering

Post-Quantum Secure Time-Stamping
Student: Raul-Martin Rebane
Supervisor: Dominique Peer Ghislain Unruh
Master – Computer Science

Prediction Model for Tendencies in Cybersecurity
Student: Erik Räni
Supervisor: Justinas Janulevičius, Raimundas Matulevičius
Master – Software Engineering

Quantum-Secure Coin Toss Protocol Using Collapse-Binding Commitments
Student: Kristiine Saarmann
Supervisor: Dominique Unruh
Bachelor – Computer Science

Tool Support for Privacy-Enhanced Business Process Model and Notation
Student: Aivo Toots
Supervisor: Pille Pullonen, Luciano García-Bañuelos
Bachelor – Computer Science

Dangers of Phishing Based on a Tech-Company
Student: Lauri Välja
Supervisor: Kristjan Krips
Bachelor – Computer Science

Finding Java Security Vulnerabilities Using Static Analysis: Whence the Problem?
Student: Harald Astok
Supervisor: Vesal Vojdani
Bachelor – Computer Science

Links:
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2018

Cyber Security master’s theses defense in Tallinn University of Technology (May 2018)

Monday, May 28th 2018, Akadeemia Tee 15a, Room ICT-315.

Time: 09:30
Student: Kristiina Renel
Title: Compliance with EU Personal Data Protection Framework in the Context of Public Sector Logging
Supervisor: Kaie Maennel
Supervisor: Kristjan Kikerpill
Reviewer: Andro Kull

Time: 10:10
Student: Belgin Tastan
Title: Securing Systems and Networks Using Deceptions With Cyber Kill Chain Methodology
Supervisor: Ahmed Tauseef
Reviewer: Risto Vaarandi

Time: 11:00
Student: Raquel Tabuyo Benito
Title: Forensic Analysis of a Steam Based Online Game
Supervisor: Hayretdin Bahsi
Reviewer: Jens Getreu

Time: 11:40
Student: Kim Vahturov
Title: Using Indicators of Compromise to Automate Incident Triage. Proof of Concept
Supervisor: Toomas Lepik
Supervisor: Lauri Palkmets
Reviewer: Hayretdin Bahsi

Time: 13:00
Student: Alejandro Guerra Manzanares
Title: Application of Full Machine Learning Workflow for Malware Detection in Android on the Basis of System Calls And Permissions
Supervisor: Hayretdin Bahsi
Supervisor: Sven Nõmm
Reviewer: Toomas Lepik

Time: 13:40
Student: Romet Saaliste
Title: Estonian Government Related Challenges in Protection of Personal Data
Supervisor: Olaf Maennel
Reviewer: Birgy Lorenz

Time: 14:20
Student: Moira Gabriella Nguegaum
Title: A Structured Approach to the Identification of IPV6 Vulnerabilities in IPV4-only Local Area Networks
Supervisor: Olaf Maennel
Reviewer: Bernhards Blumbergs

Time: 15:20
Student: Stefano Panarese
Title: Nessuno: A Friend-to-Friend Anonymous Communication Protocol
Supervisor: Olaf Maennel
Reviewer: Ahto Buldas

Time: 16:00
Student: Amirhossein Akbari
Title: A Novel Approach for Securing HTML5 Client-Side Database, INDEXEDDB
Supervisor: Olaf Maennel
Reviewer: Aleksander Lenin

Tuesday, May 29th 2018, Akadeemia Tee 15a, Room ICT-315.

Time: 09:30
Student: Andres Rauschecker
Title: User-Oriented Privacy Enhancements for Web-Browsers
Supervisor: Olaf Maennel
Reviewer: Hayretdin Bahsi

Time: 10:10
Student: Artur Luik
Title: The Design and Implementation of Automated Vulnerability Application Framework
Supervisor: Tanel Tetlov
Reviewer: Toomas Lepik

Time: 11:00
Student: Daniele Mucci
Title: TED – The ELF Doctor. A Container Based Tool to Perform Security Risk Assessment for ELF Binaries
Supervisor: Bernhards Blumbergs
Reviewer: Toomas Lepik

Time: 11:40
Student: Aleks Koha
Title: Impact Assessment of an EU GDPR Self-Assessment Qestionnaire on Entrepreneurs
Supervisor: Sten Mäses
Supervisor: Anu Baum
Reviewer: Tiia Sõmer

Time: 13:00
Student: Kayode Olaitan Omotoye
Title: Business Process-Based Cyber Risk Assessment Using Healthcare System as Case Study
Supervisor: Hayretdin Bahsi
Reviewer: Alexander Norta

Time: 13:40
Student: Mari Jääger
Title: Developing Records of Processing Activities in a Small Enterprise
Supervisor: Priit Raspel
Reviewer: Raimundas Matulevicius

Time: 14:20
Student: Simo Antero Hurttila
Title: From Information Security to Cyber Security Management – ISO 27001 & 27032 Approach
Supervisor: Andro Kull
Reviewer: Kaie Maennel

Time: 15:20
Student: Aditya Raj Das
Title: Comparing Battery Consumption of Malware Scanning Applications
Supervisor: Hayretdin Bahsi
Reviewer: Sten Mäses

Time: 16:00
Student: Danny Lopez Murillo
Title: A Balanced Lab for Teaching Ethical Hacking to Undergraduate and Graduate Students
Supervisor: Hayretdin Bahsi
Reviewer: Sten Mäses

Wednesday, May 30th 2018, Akadeemia Tee 15a, Room ICT-315.

Time: 09:30
Student: Sille Laks
Title: Basic cyber security awareness training in a paramilitary organization (RESTRICTED)
Supervisor: Sten Mäses
Supervisor: Markko Liutkevičius
Reviewer: Rain Ottis

Time: 10:10
Student: Andres Elliku
Title: Scalable Course on Cyber Attack Detection
Supervisor: Margus Ernits
Reviewer: Mauno Pihelgas

Time: 11:00
Student: Javid Asadli
Title: Proposing Action Plan in Cyber Security Capacity Building for Azerbaijan
Supervisor: Tiia Sõmer
Supervisor: Leyla Aliyeva
Reviewer: Sten Mäses

Time: 11:40
Student: Even Langfeldt Friberg
Title: The Cyber-Insurance Market in Norway: An Empirical Study of the Supply-Side and a Small Sample of the Maritime Demand-Side
Supervisor: Hayretdin Bahsi
Supervisor: Ulrik Franke
Reviewer: Birgy Lorenz

Time: 13:00
Student: Nishaant Verma
Title: Comparative Analysis of Online Privacy and Security Concerns Between Generation Y and Generation Z in North India: A Pilot Study
Supervisor: Hayretdin Bahsi
Supervisor: Mare Teichmann
Reviewer: Maria Claudia Solarte Vasquez

Time: 13:40
Student: Taimur Tufail
Title: Comparing the National Cyber Security Framework of Pakistan with India and United Kingdom
Supervisor: Hayretdin Bahsi
Reviewer: Tiia Sõmer

Time: 14:40
Student: Fernando Rafael Garcia-Granado
Title: Cybersecurity Knowledge Requirements for Non-IT Strategic Level Decision Makers
Supervisor: Hayretdin Bahsi
Reviewer: Andro Kull

Time: 15:20
Student: Hindrek Baum
Title: Detection of VLAN Hopping Attacks Using Switch’s Monitoring Options
Supervisor: Jaan Priisalu
Reviewer: Aleksander Lenin

Estonian “data embassy” to open in Luxembourg

Data of the Estonian administration may be stored on servers in Luxemburg as well as in Estonia already towards the end of this year. The “data embassy” created this way will contain information vital to the functioning of the state, and make an attack on the country’s systems more difficult.

As cyber security expert of Tallinn’s NATO Cyber Defence Centre of Excellence, Jaan Priisalu, says, “If an operator is planning to occupy another country, one of their objectives is going to be to take over the existing institutions, or to suppress them, and if you can make these institutions ex-territorial, take them out of reach of the potential attacker, you increase the political price of the attack.”

According to advisor to the ministry’s state information systems department, Laura Kask, negotiations were held with other countries as well, but the ones with Luxembourg had developed the furthest. “For one thing, they offer data centers with a very high level of security, and for another they are quite similar to us in terms of their IT development and their way of thinking,” Kask said. In terms of money, there are no exact figures available, but the data center in Luxemburg will be markedly more expensive than running a similar infrastructure in Estonia. There is one entry in the government’s schedule concerning the data embassies, showing an allocation of €240,000.

The physical location of the servers will remain secret, and only people will have access to them that are cleared by the Estonian state.

The data to be backed up in Luxembourg so far covers ten priority databases, including the information system of the Governmental Payments Office (the Estonian treasury), the pensions insurance register, the business register, the population register, the cadaster, and the identity documents database.

Even now nothing forbids Estonian state to store data backups in Estonian embassies located in foreign states. Most likely the plan is to build failover system that is kept in sync in real time.

Links:
http://news.err.ee/592384/first-data-embassy-to-open-in-luxembourg
http://www.opengovasia.com/articles/7597-exclusive%E2%80%94whats-next-for-data-management-in-estonian-government%E2%80%93data-embassies-expanding-e-residency
http://news.err.ee/602273/estonian-government-approves-setting-up-data-embassy-in-luxembourg

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2016/2017

Managing Security Risks Using Attack-Defense Trees
Abstract: The In this thesis, we have addressed risk management using Attack Tree. The contribution to resolve the problem in this thesis includes three steps. Obtaining an alignment from Attack-Defense trees to ISSRM. Measurement of the metrics of the nodes of tree using historical data.
Student: Salman Lashkarara
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Meelis Roos
Defense: 01.06.2017, Tartu, J.Liivi 2-404

On Secure Bulletin Boards for E-Voting
Abstract: In this thesis, we propose a formal model for analysis of security and functionality of a bulletin board system motivated by the security requirements Culnane and Schneider introduced in Computer Security Foundations Symposium 2014.
Student: Annabell Kuldmaa
Curriculum: Computer Science (MSc)
Supervisor: Helger Lipmaa
Reviewer: Ahto Buldas
Defense: 01.06.2017, Tartu, J.Liivi 2-404

Research and Proof of Concept of Selected ISKE Highest Level Integrity Requirements
Abstract: This work takes integrity domain under detail research to meet ISKE requirements and security objectives demanded for data with highest integrity needs.
Student: Deivis Treier
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevičius
Reviewer: Andrey Sergeev
Defense: 02.06.2017, Tartu, J.Liivi 2-404

Method for Effective PDF Files Manipulation Detection
Abstract: The aim of this thesis is to ease the process of detecting manipulations in PDF files by addressing its source code, before having to use other methods such as image processing or text-line examination.  The result is the construction of a solid and effective method for PDF file investigation and analysis to determine its integrity.
Student: Gema Fernández Bascuñana
Curriculum: Cyber Security (MSc)
Supervisor: Pavel Laptev, Inna Ivask, Raimundas Matulevičius
Reviewer: Hayretdin Bahsi
Defense: 02.06.2017, Tartu, J.Liivi 2-404

Establishing, Implementing and Auditing Linux Operating System Hardening Standard for Security Compliance
Abstract: This paper provides a proof-of-concept solution for being compliant with operating system hardening requirements of the company by establishing, implementing and auditing Linux (Debian) operating system hardening standard.
Student: Martin Jõgi
Curriculum: Cyber Security (MSc)
Supervisor: Truls Tuxen Ringkjob, Raimundas Matulevičius
Reviewer: Marko Kääramees
Defense: 02.06.2017, Tartu, J.Liivi 2-404

A Prototype For Learning Privacy-Preserving Data Publising
Abstract:  This master thesis will discuss different threats to privacy, discuss and compare different privacy-preserving methods to mitigate these threats. The thesis will give an overview of different possible implementations for these privacy-preserving methods. The other output of this thesis is educational purpose software that allows students to learn and practice privacy-preserving methods.
Student: Rain Oksvort
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevičius
Reviewer: Benson Muite
Defense: 05.06.2017, Tartu, J.Liivi 2-404

Filesystem Fuzz Testing Framework
Abstract: In the present thesis a fuzz testing framework was built, which can be used for finding time-of-check-to-time-of-use type bugs in Linux filesystems.
Student: Vladislav Alenitsev
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos, Kristjan Krips
Reviewer: Karl Tarbe
Defense: 07.06.2017, Tartu, J.Liivi 2-404

Performance Testing Bulletin Board Implementations for Online Voting
Abstract: This work takes a look at two software solutions that can be used for such purpose and analyses their performance in testing environment imitating real election workload.
Student: Marek Pagel
Curriculum: Computer Science (BSc)
Supervisor: Sven Heiberg, Janno Siim
Reviewer: Ivo Kubjas
Defense: 07.06.2017, Tartu, J.Liivi 2-404

Cybersecurity theses defence on June 9, 2017 in Tartu J. Liivi 2-403 at 10.00 AM.
Defence Committee: Raimundas Matulevičius (chairman), Olaf Manuel Maennel, Vitaly Skachek, Meelis Roos, Hayretdin Bahsi.
Grades received (random order): A, B, C, C, D.

Improving and Measuring Learning at Cyber Defence Exercises
Abstract:  This thesis takes a fresh look at learning in Cyber Defence Exercises (CDXs) and focuses on measuring learning outcomes. As such exercises come in a variety of formats, this thesis focuses on technical CDXs with Red and Blue teaming elements.
Student: Kaie Maennel
Curriculum: Cyber Security (MSc)
Supervisor: Rain Ottis, Liina Randmann, Raimundas Matulevičius
Reviewer: Sten Mäses
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Federation of Cyber Ranges
Abstract: This study compares two cyber ranges and looks into possibilities of pooling and sharing of national facilities and to the establishment of a logical federation of interconnected cyber ranges. The thesis gives recommendations on information flow, proof of concept, guide-lines and prerequisites to achieve an initial interconnection with pooling and sharing capabilities.
Student: Allar Vallaots
Curriculum: Cyber Security (MSc)
Supervisor: Jaan Priisalu, Uko Valtenberg, Raimundas Matulevičius
Reviewer: Rain Ottis
Defense: 09.06.2017, Tartu, J.Liivi 2-403

A New Heuristic Based Phishing Detection Approach Utilizing Selenium Webdriver
Abstract: In this paper, we focus on detecting login phishing pages, pages that contain forms with email and password fields to allow for authorization to personal/restricted content. We present the design, implementation, and evaluation of our phishing detection tool “SeleniumPhishGuard”, a novel heuristic-based approach to detect phishing login pages.
Student: Ahmed Nafies Okasha Mohamed
Curriculum: Cyber Security (MSc)
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius
Reviewer: Hayretdin Bahsi
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Analysis of Exploit-kit Incidents and Campaigns Through a Graph Database Framework
Abstract: A great deal of automation can be achieved here by using public APIs such as VirusTotal, whois databases, IP blacklists, etc during the analysis and a first part of our work is dedicated to that. We will then show that this approach reveals patterns and clusters from which decisions can be made from a defensive perspective.
Student: Guillaume Brodar
Curriculum: Cyber Security (MSc)
Supervisor: Toomas Lepik, Raimundas Matulevicius
Reviewer: Arnis Paršovs
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Investigation of JTAG and ISP Techniques for Forensic Procedures
Abstract: This thesis is focusing on JTAG and ISP physical acquisitions techniques. The aim is to give an overview of these techniques from a forensic point of view and in addition to some other tests will try to prove that are forensically equivalent to any other method.
Student: Stefanos Pappas
Curriculum: Cyber Security (MSc)
Supervisor: Pavel Laptev, Raimundas Matulevičius
Reviewer: Emin Caliskan
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Links:
https://www.cs.ut.ee/sites/default/files/cs/kaitsmiste_ajakava_1_2_5_06.pdf
https://www.cs.ut.ee/sites/default/files/cs/kaitsmiste_ajakava_6_7_8_9_06_.pdf

Cyber Security master’s theses defense in Tallinn University of Technology (May 2017)


Monday, May 29, 2017, Akadeemia Tee 15a, Room ICT-315.

Grades received (random order): 5, 4, 4, 3, 3, 3, 2, 2.

Time: 10:00
Student: Kristjan Oja
Title: Cyber Security Awareness For IT Students Through Practical Assignments
Supervisor: Sten Mäses
Reviewer: Tiia Sõmer

Time: 10:40
Student: Sander Arnus
Title: Providing guaranteed log delivery and proof value of logs
Supervisor: Risto Vaarandi
Reviewer: Tiit Hallas

Time: 11:20
Student: Bolaji Ayoola Ladokun
Title: An Analytical Approach to Characterization of Targeted and Untargeted Attack in Critical Infrastructure Honeypot
Supervisor: Hayretdin Bahsi
Reviewer: Risto Vaarandi

Time: 12:00-13:00 – Lunch

Time: 13:00
Student: Iryna Bondar
Title: LUDROID: Evaluation of Android Malware Detection Tools and Techniques and Development of a First Line of Defense For the User
Supervisor: Emin Caliskan
Reviewer: Toomas Lepik

Time: 13:40
Student:  Seifollah Akbari
Title: A New Method for the SYNful Knock Attack Implementation
Supervisor: Truls Ringkjob
Reviewer: Bernhards Blumbergs

Time: 14:20
Student: Safak Tarazan
Title: GPS Spoofing/Jamming Resilient Mini UAV Implementation Strategy
Supervisor: Truls Ringkjob
Reviewer: Juhan Ernits

Time: 15:20
Student: Danielle Morgan
Title: Security of Loyalty Cards Used in Estonia
Supervisor: Rain Ottis, Arnis Paršovs
Reviewer: Aleksandr Lenin

Time: 16:00
Student: Katrin Kukk
Title: Ensuring the digital continuity of e-Estonia in different crisis scenarios
Supervisor: Rain Ottis
Reviewer: Jaan Priisalu

Tuesday, May 30, 2017, Akadeemia Tee 15a, Room ICT-315.

Grades received (random order): 4, 4, 3, 3, 2, 1.

Time: 10:00
Student: Christopher David Raastad
Title: Euro 2.0 – Securing an Ethereum Crypto Fiat Currency System
Supervisor: Alex Norta
Reviewer: Raimundas Matulevicius

Time: 10:40
Student: Mobolarinwa Taofeek Balogun
Title: Comparative Analysis of Industrial IoT and HealthCare System IoT for Cyberterrorism
Supervisor: Hayretdin Bahsi
Reviewer: Ahto Buldas

Time: 11:20
Student: Chengxiang Wang
Title: Classification of Black-Box Security Reductions and Oracle Separation Techniques
Supervisor: Ahto Buldas
Reviewer: Peeter Laud

Time: 12:00-13:00 – Lunch

Time: 13:00
Student: Celik Neslisah
Title: Anomaly Detection Using Locked Shields Logs
Supervisor: Olaf Maennel
Reviewer: Mauno Pihelgas

Time: 13:30
Student: Sophio Sakhokia
Title: Developing a Cyber Security Master Programme for Georgia
Supervisor: Tiia Sõmer
Reviewer: Olaf Maennel

Time: 14:20
Student: Zaghum Awan
Title: Analytical Comprehensive Approach to Cyber Laundering and its Solutions
Supervisor: Tiia Sõmer
Reviewer: Andro Kull

Ten years since cyber attacks following 2007 Bronze Night riots

Opinion by Jaan Priisalu, at that time the head of SIRT at Swedbank:

Jaan Priisalu, senior researcher at Tallinn’s NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), told ERR in an interview last week that through Estonia’s initiative and the public debate that followed the attacks, a topic was now getting attention that before was talked about only behind closed doors, and that some even looked at as an embarrassment.

Estonia’s 2008-2013 cyber strategy shows that after the attacks, development in the field went in several different directions. As Priisalu puts it, the strategy was a collection of the lessons learned, and based on them, a system to respond to this sort of incident was put in place.

People involved in cyber security were brought together and asked what could have been done differently, and what else should have been done. Instructions were written up, lines of communication laid out, and a cyber security curriculum put together at the Tallinn University of Technology (TUT). With it, systematic education in the field of cyber security began in Estonia.

Opinion by Klaid Mägi, the current head of CERT-EE:

Estonia’s capability to manage cyber crises has substantially improved over the past ten years, CERT Estonia chief Klaid Mägi said at a conference dedicated to the 10th anniversary of the April 2007 cyber attacks.

According to Mägi, compared to ten years ago, Estonia is substantially more capable of managing cyber crimes. “We have created systems that identify attacks and protect [us] from them, have practiced cooperation with public and private institutions, have substantially contributed to improving the knowledge of end users and are taking part in substantial international cooperation in order to manage crisis situations better,” he highlighted.

Links:
http://news.err.ee/592075/estonia-s-reaction-to-cyber-attacks-influenced-global-security-policy
http://news.err.ee/592250/cert-chief-estonia-s-cyber-crisis-management-capability-improved-in-decade

Conference “The Present and Future of Cybersecurity”

Conference “The Present and Future of Cybersecurity”
April 26, 2017, National Library of Estonia

13.00-13.30 – Registration and welcome coffee
13.30-13.40 – Opening words – Urve Palo (Minister of Entrepreneurship and Information Technology)
13.40-14.00 – Keynote – Jaak Aaviksoo (Rector of TUT)
14.00-15.00 – Discussion “Evolution of cyber attacks – what has changed in ten years?” Klaid Mägi (RIA, head of CERT-EE) leader. Debating: Hillar Aarelaid (Police and Border Guard Board), Jaan Priisalu (TUT), Merike Käo (Farsight Security CTO)
15.00-15.30 – Cofee break
15.30-17.00 – Discussion “Discurses, paradigms and form of cyber policy in practice” Taimar Peterkop (Director General of RIA) leader. Debating: Sven Sakkov (Director of NATO CCD CoE), Heli Tiirmaa-Klaar (European Union, Head of Cyber Policy Coordination at European External Action Service), Lauri Lugna (Secretary General at the Ministry of Interior), Lauri Almann (Co-Founder of BHC Laboratory)
17.00-17.30 – Closing words – Toomas Vaks (RIA, Head of Cyber Security Branch)
17.30-19.30 – After conference reception. Appearance of RIA band VaRIA.

Work language of the conference is Estonian.

Links:
http://kyberkonverents.publicon.ee/registreerimine/

ETV “Suud Puhtaks” debate on internet voting security

Is the cyber security in Estonia ensured? Why the government wants to change the period of i-voting and what signal with that we send to the world? Talk show host Urmas Vaino helps to set things straight.

Debating:
Indrek Saar, Minister of Culture, Social Democratic Party
Jaanus Karilaid, Member of Parliament, Center Party
Priidu Pärna, Member of Tallinn City Council, Pro Patria and Res Publica Union
Anto Veldre, RIA analytic
Kristjan Vassil, UT senior researcher
Märt Põder, organizer of journalism hackathon
Arti Zirk, TUT IT faculty student
Tarvi Martens, Electoral Committee, Head of Internet Voting
Kristen Michal, Member of Parliament, Reform Party
Mihkel Slovak, UT senior researcher
Henrik Roonemaa, Geenius.ee editor
Erki Savisaar, Member of Parliament, Center Party
Andres Kutt, RIA, IT architect
Sven Heiberg, Cybernetica AS, Project Manager of Internet Voting System
Jaak Madison, Member of Parliament, Conservative People’s Party
Jaanus Ojangu, Chairman of Free Party
Agu Kivimägi, Stallion cyber security consultant
Jaan Priisalu, TUT researcher
Silver Meikar, Adviser to Minister of Culture
Kalev Pihl, SK ID Solutions, Board Member
Oskar Gross, Head of Cyber Crime Unit of Central Criminal Police
Klaid Mägi, RIA, Head of the department for handling incidents (CERT-EE)
Heiki Kübbar, Founder of ICEfire OÜ
Birgy Lorenz, Board Member of Network of Estonian Teachers of Informatics and Computer Science
Andres Kahar, KAPO Bureau Manager
Sven Sakkov, Director of NATO Cooperative Cyber Defence Centre
Heiki Pikker, TUT Cyber Security MSc student

Links:
http://www.err.ee/587007/suud-puhtaks-kui-turvalised-on-e-valimised
http://etv.err.ee/v/paevakajasaated/suud_puhtaks/saated/8d5babc5-cc33-4ed5-9bc0-927d4293ee21/suud-puhtaks
http://news.err.ee/310788/center-party-wants-to-shorten-e-voting-period

Cyber Security master’s theses defense in Tallinn University of Technology (January 2017)

Monday, January 9, 2016, Akadeemia Tee 15a, Room ICT-315.
Defense committee: Rain Ottis (chairman), Hayretdin Bahsi, Raimundas Matulevicius, Andro Kull.
The grades received (in random order): 5, 4, 4, 3, 3, 2.

Time: 10:00
Student: Christian Ponti
Title: Use of ICMPv6 in a Scenario-based Experiment for Computer Network Exfiltration and Infiltration Operations
Supervisor: Bernhards Blumbergs
Reviewer: Olaf Manuel Maennel

Time: 10:40
Student: Terézia Mézešová
Title: Attack Path Difficulty – An Attack Graph-based Security Metric
Supervisor: Hayretdin Bahsi
Reviewer: Aleksandr Lenin

Time: 11:20
Student: Jens Getreu
Title: Forensic-Tool Development with Rust
Supervisor: Olaf Manuel Maennel
Reviewer: Toomas Lepik

Break – 12:00

Student: Chengxiang Wang
Title: Classification of Black-Box Security Reductions and Oracle Separation Techniques
Supervisor:
Reviewer:

Time: 13:00
Student: Dineta Mahno
Title: Design of Cyber Security Awareness Program for the First Year Non-IT Students
Supervisor: Truls Ringkjob
Reviewer: Kaido Kikkas

Time: 13:40
Student: Gvantsa Grigolia
Title: Evaluation of Data Ownership Solutions in Remote Storage
Supervisor: Ahto Buldas
Reviewer: Jaan Priisalu

Time: 14:20
Student: Kasper Prei
Title: Measuring Personnel Cyber Security Awareness Level Through Phishing Assessment
Supervisor: Olaf Manuel Maennel, Bernhards Blumbergs
Reviewer: Sten Mäses