Tag Archives: Liisa Past

Interdisciplinary Cyber Research (ICR) workshop 2018


9th of June, 2018 — Tallinn, Estonia

The aim of the workshop is to bring together young as well as established scholars undertaking research in various disciplines related to information and communication technologies such as computer sciences, political and social sciences, and law.

Agenda:
8:30 Registration
9:00 Opening words, Dr Anna-Maria Osula & Prof Olaf Maennel on behalf of Tallinn University of Technology (SOC-209)
9:10 Keynote presentation, “Maximising Cyber Resilience”, Mr Luc Dandurand, Head of Cyber Operations at Guardtime (SOC-209)
10:05 Keynote presentation, “Command, Control & Communications within Cyber Incidents”, Mr Kieren Nicolas Lovell, Head of Computer Emergency Response at University of Cambridge (SOC-209)

11:30–13:00
SESSION 1: eID (ROOM 1 / SOC-209)
Session moderated by Dr Anna-Maria Osula, NATO CCD COE
Ms Liisa Past, “ROCA Vulnerability and eID: Lessons Learned”, Information System Authority
Mr Arnis Parsovs, “Legal Issues in Solving the Estonian ID Card Crisis”, University of Tartu
Ms Liisa Tallinn, “Estonian eID Vulnerability: a PR Problem?”, SpectX
Mr Arne Koitmäe, “Internet Voting and ID Card Crisis: Elections Manager’s Perspective”, State Electoral Office

SESSION 2: Tech 1 (ROOM 2 / SOC-211)
Session moderated by Dr Hayretdin Bahsi, Tallinn University of Technology
Mr Raymond Yin & Mr Isaac Burgess, “Dual IP Stack Exfiltration – Methods and Defences”, University of Adelaide
Mr Andrei Perapiolkin, “Time Lock Puzzles for Distributed Systems”, Tallinn University of Technology
Mr Alexander Manariotis, “Private but Public on the Blockchain”, University of Adelaide
Ms Kristiina Renel, “Public Sector Logging & Compliance with GDPR“, Tallinn University of Technology

13:00 Lunch
14:00–15:30
SESSION 3: State & Cyber (ROOM 1 / SOC-209)
Session moderated by Prof Tobias Eggendorfer, University of Applied Sciences Ravensburg-Weingarten
Dr Kristan Stoddart, “Cyber Espionage: Anarchy in Cyberspace”, Aberystwyth University
Ms Kateryna Gorbanova, “International Normative Framework of Cyber Espionage”, Tallinn University of Technology
Mr Siim Alatalu, “Cyber Commands – Universal Solution to a Universal Cyber Security Problem?”, NATO CCD COE
Mr Roman Müller, “Manipulation Resistant Opinion Forming in Online Communities”, Tallinn University of Technology

SESSION 4: Tech 2 (ROOM 2 / SOC-211)
Session moderated by Prof Olaf Maennel, Tallinn University of Technology
Ms Tiiu Mamers, “The Information Security Investment Problem for Small Enterprises and the RORPI Model”, Tallinn University of Technology
Mr Alvaro Schuller, “Exploiting Spectre: Reading Kernel Memory from a User Process”, Tallinn University of Technology
Mr Michael Pfeiffer & Mr Lazarus Lai De Oliveira, “The Challenges of Building a Universal CAN Bus Emulation Testbed Environment for Security and Vulnerability Analysis of Internal Networks in Vehicles”, University of Adelaide
Mr Richard Matthews, “Thermal Effects of Dark Current on Blind Source Camera Identification”, University of Adelaide

15:30 Coffee break

15:50–17:00
SESSION 5: Data & Privacy (ROOM 1 / SOC-209)
Session moderated by Dr Agnes Kasper, Tallinn University of Technology
Ms Isabella Oldani, “Technology as an Alternative to Geography in Protecting Personal Data”, University of Trento
Ms Kärt Salumaa, “Risks and Incidents Deriving from Breaching Data Protection Regulation”, KPMG Law Firm
Ms Munirah DeVries, “Biometric Profiling of Wearable Devices for Medical Monitoring and Authentication”, University of Adelaide
Mr Raul Nugis, “Forensic Data Properties of Digital Signature BDOC and ASICE Files”, Tallinn University of Technology

SESSION 6: Tracking Watches (ROOM 2 / SOC-211)
Session moderated by Dr Matthew Sorell, University of Adelaide
Ms Sasha de Vries & Mr Brent Williams, “Penetration Testing of the SpaceTalk Tracking Watch”, University of Adelaide
Mr Narayan Shanmuganathan & Mr Nooragha Sharifi, “Security Framework for Children’s Safety Watches”, University of Adelaide
Mr Luke Jennings & Mr Inderbir Singh, “Improving the Technical Functionality of Children’s Tracking Watches”, University of Adelaide
Ms Kristine Hovhannisyan, “Arkangel: Investigation of Children’s Tracking Smartwatch Ecosystem. Forensic Value and Privacy Implications”, Tallinn University of Technology

18:00 Social event at Pipedrive office, Paldiski maantee 80

Links:
http://cybercentre.cs.ttu.ee/icr2018/

ID card “The Lessons We Learned” conference

Estonian Information System Authority (RIA) is organising an international conference on 9th of May in 2018 in Tallinn (Tallinn Creative Hub – Kultuurikatel) to discuss the impact and consequences of the security risk found in the Infineon chips in autumn 2017 by the researchers at Masaryk University in the Czech Republic.

The aim of this conference is to bring together parties affected by the security risk to discuss our lessons, experiences and responsibility, because the security flaw affected many companies and countries in Europe as well as elsewhere in the world. If possible, we aim to agree on a joint plan of follow-up activities or a memorandum to provide input to different authorities who establish regulative rules. Researchers from Masaryk University have announced their participation in the conference – they will make an opening presentation about their research.

The conference is aimed at policymakers as well as specialists in the eID field, opinion leaders, representatives of authorities and companies that are dependent on the functioning of Estonian ID-cards and e-services, developers of e-government and IT systems, and other parties related to the issue from both Estonia and Europe.

Agenda:
09.30-10.00 Delegate registration opens. Welcome coffee
10.00-11.30 Welcome and Opening of the Conference / Session 1
• Welcome by moderator Andres Kütt
• Welcome speech by the Prime Minister Jüri Ratas
• The goal of the research (ROCA vulnerability ) – Petr Svenda, the University of Masaryk
• The influence and the distinctness on Estonian ID-card and its use – Taimar Peterkop, the head of Information System Authority
• The examples of actions of different countries – Ulrich Latzenhofer, Austrian Regulatory Authority for Broadcasting and Telecommunications
11.30-12.00 Coffee break
12.00-13.30 Session 2
• Lessons we learned (Estonia) – Rain Ottis, Associate Professor at Tallinn University of Technology
• The contract of ID-card – who´s responsible of what? – Kaija Kirch, Police and Border Guard Board, ID expert
• Discussion How did we manage and what to do better next time? Expert panel lead by Rain Ottis. Attending: Kaija Kirch, Margus Arm, Ilmar Raag
13.30-14.30 Lunch
14.30-16.30 Session 3
• eIDAS perspective of the ROCA vulnerability – Security Expert and Information Security Officer, Marnix Dekker, ENISA
• Lessons we learned (global view) – Liisa Past, Chief research officer, Information System Authority
• Lessons we learned (Commission view) – Andrea Servida, European Commission
• Discussion What can we do better in the future? Expert panel lead by Liisa Past. Attending: Marnix Dekker, Andrea Servida, Ulrich Latzenhofer, Petr Svenda
• Conference conclusion by moderator Andres Kütt
16.30-17.30 Goodbye coffee and networking

Links:
https://lessonslearned.publicon.ee/conference-agenda/

Liisa Past, Kaur Virunurm: E-State and Proactive Risk Management

The presentation was given in cybersecurity conference “Cyberchess 2017” held on October 5, 2017 in Riga. The presentation touched upon the recent events such as i-voting and the flaw found in the ID card chip.

The last question from the audience was worth a dime:

Is PPA considering any legal action against the vendor, because, as I understand, you have been informed by the researchers, but the vendor has not informed you.
And the second one: in the new procurement, what are are the lessons learned? Are you planing to change or include some clauses on liability?

The question was not answered in full, but the answer would be interesting indeed.

Links:
https://www.youtube.com/watch?v=6N_ZeFDNzvg
https://cert.lv/uploads/pasakumi/liisapastkaurvirunurm.pdf