Tag Archives: Mari Seeba

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2021 (June)

The defences are taking place on the first and second week of June.

June 2, 2021:

Time: 09:45
Student: Toomas Aleksander Veromann (Software Engineering MSc)
Title: WYSIWYS Extensions to the Estonian ID Card Browser Signing Architecture
Supervisor: Arnis Paršovs
Reviewer: Mart Sõmermaa

Time: 10:30
Student: Sébastien René Baptistin Boire (Computer Science MSc)
Title: Credential Provisioning and Peer Configuration with Extensible Authentication Protocol
Supervisor: Tuomas Aura, Dominique Unruh
Reviewer: Arnis Paršovs

Time: 10:30
Student: Mariia Bakhtina (Innovation & Technology Management MA)
Title: Securing Passenger’s Data in Autonomous Vehicles
Supervisor: Raimundas Matulevičius, Mari Seeba
Reviewer: Abasi-Amefon Obot Affia

Time: 11:30
Student: Burak Can Kus (Cyber Security MSc)
Title: Use of Electronic Identity Documents for MultiFactor Authentication
Supervisor: Arnis Paršovs
Reviewer: Inguss Treiguts

Time: 12:15
Student: Priit Põdra (Cyber Security MSc)
Title: Web tracking in the most popular Estonian websites
Supervisor: Arnis Paršovs
Reviewer: Raimundas Matulevičius

Time: 13:00
Student: Mikus Teivens (Cyber Security MSc)
Title: Analysis of Security and Privacy Issues in Common Smart Home Products
Supervisor: Arnis Paršovs
Reviewer: Alo Peets

June 4, 2021:

Time: 11:30
Student: Magnus Valgre (Computer Science BSc)
Title: Tracking And Privacy: The Case of News Site Delfi
Supervisor: Arnis Paršovs
Reviewer: Mari Seeba

June 7, 2021:

Time: 09:00
Student: Hain Luud (Computer Science BSc)
Title: An Analysis of the HID® Indala and Seos™ Protocols
Supervisor: Danielle Morgan
Reviewer: Kristjan Krips

Time: 09:30
Student: Geio Illus (Computer Science BSc)
Title: Wi-Fi Positioning System
Supervisor: Danielle Morgan
Reviewer: Jakob Mass

Time: 11:00
Student: Peeter Vahe (Computer Science BSc)
Title: Tartu Smart Bike Share Access Cards Authentication Analysis
Supervisor: Danielle Morgan
Reviewer: Alo Peets

June 11, 2021:

Time: 09:30
Student: Jan Erik Kriisk (Computer Science BSc)
Title: Security Analysis of RIA’s Authentication Service TARA
Supervisor: Arnis Paršovs
Reviewer: Kristjan Krips

Time: 11:00
Student: Siim Markus Marvet (Computer Science BSc)
Title: Collecting Statistics and Security Data on Estonian Domains
Supervisor: Alo Peets
Reviewer: Kristjan Krips

Links:
https://www.cs.ut.ee/sites/default/files/cs/defence_schedule_01-11.06.2021.pdf
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2021&language=en

Cybersecurity related master’s theses in University of Tartu 2021 (January)

Student: Jayavarshini Thirumalai (Cyber Security MSc)
Title: An integrated approach for certification and re-certificationbased on the case study
Supervisor: Liina Kamm, Mari Seeba
Reviewer: Raimundas Matulevičius

Student: Valeh Farzaliyev (Computer Science MSc)
Title: Towards Practical Post-Quantum Voting Protocol: Shorter Exact Lattice-Based Proof of a Shuffle
Supervisor: Dominique Unruh, Jan Villemson
Reviewer: Janno Siim

Student: Jamil Gurbanzade (Computer Science MSc)
Title: Malicious Android app for security testing
Supervisor: Alo Peets
Reviewer: Denizalp Kapisiz

Cyber Security master’s theses defense in TalTech/UT (August 2020)

Defences of master theses of Cyber Security curriculum on August 17th 2020. The defences will take place online.

Time: 9:30
Student: Tarmo Oja
Title: X-ROAD TRUST MODEL AND TECHNOLOGY THREAT ANALYSIS
Supervisor: Ahto Buldas, Mari Seeba
Reviewer: Aleksandr Lenin

Time: 10:10
Student: Nikita Snetkov
Title: PRACTICAL IMPLEMENTABILITY OF TWO-PARTY ECDSA SIGNATURE SCHEMES
Supervisor: Ahto Buldas
Reviewer: Aleksandr Lenin

Time: 10:50
Student: Liubomyr Kushnir
Title: BENCHMARKING OF POST-HOC LOCAL INTERPRETABILITY METHODS FOR CLASSIFYING MALICIOUS TRAFFIC
Supervisor: Hayretdin Bahsi, Sven Nõmm
Reviewer: Pavel Tšikul

Time: 12:00
Student: Timm Jeff E Luyten
Title: RAISING CYBER AWARENESS WITH NON-IT PROFESSIONALS WORKING IN A HOME OFFICE ENVIRONMENT USING A PILOT VIDEO GAME CONCEPT
Supervisor: Birgy Lorenz
Reviewer: Sten Mäses

Time: 12:40
Student: Andrew J Roberts
Title: Development of a cybersecurity evaluation test bed for autonomous self-driving vehicles
Supervisor: Olaf Maennel
Reviewer: Tobias Eggendorfer

Time: 13:20
Student: Ilkin Huseynov
Title: THE ANALYSIS OF THE CURRENT CYBER SECURITY ACTIONS TAKEN IN THE E-GOVERNMENT OF AZERBAIJAN AND PROPOSAL OF THE IMPROVEMENT PLAN
Supervisor: Mika Kerttunen
Reviewer: Adrian Venables

Time: 14:15
Student: Andres Pihlak
Title: CONTINUOUS DOCKER IMAGE ANALYSIS AND INTRUSION DETECTION BASED ON OPEN-SOURCE TOOLS
Supervisor: Mauno Pihelgas
Reviewer: Kristian Kivimägi

Time: 14:55
Student: Eduard Iltšuk
Title: Two-Party ECDSA Protocol for Smart-ID
Supervisor: Arnis Paršovs
Reviewer: Jan Villemson

Time: 15:35
Student: Aivo Toots
Title: Zero-Knowledge Proofs for Business Processes
Supervisor: Peeter Laud
Reviewer: Marlon Dumas, Janno Siim

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2018/2019 (June)

The defences are taking place on the first and second week of June.

Student: Ivo Pure (Cyber Security MSc)
Title: An Automated Methodology for Validating Web Related Cyber Threat Intelligence by Implementing a Honeyclient
Supervisor: Risto Vaarandi, Raimundas Matulevicius
Reviewer: Alejandro Manzanares

Student: Bruno Didier Produit (Cyber Security MSc)
Title: Optimization of the ROCA (CVE-2017-15361) Attack
Supervisor: Arnis Paršovs
Reviewer: Jan Villemson

Student: Kärt Padur (Cyber Security MSc)
Title: Information Security Risk Assessment in the Context of Outsourcing in a Financial Institution
Supervisor: Raimundas Matulevičius, Liis Rebane, Toomas Vaks
Reviewer: Andro Kull

Student: Marek Matsalu (Cyber Security MSc)
Title: The Development of Digital Forensics Workforce Competency on the Example of Estonian Defence League
Supervisor: Raimundas Matulevičius, Hillar Põldmaa
Reviewer: Hayretdin Bahsi

Student: Pubudini Gayanjalie Dissanayake (Cyber Security MSc)
Title: A Comparison of Security Risk Analysis in the In-house IT Infrastructure and Cloud Infrastructure for the Payment Gateway System
Supervisor: Hayretdin Bahsi, Raimundas Matulevičius
Reviewer: Alexander Horst Norta

Student: Lukáš Bortník (Cyber Security MSc)
Title: Mobile Phone Digital Evidence Providers to Investigate Driver’s Distraction
Supervisor: Pavel Laptev, Satish Narayana Srirama
Reviewer: Matthew Sorell

Student: Mari Seeba (Conversion Master in IT)
Title: A Specification of Layer-Based Information Security Management System for the Issue Tracking System
Supervisor: Raimundas Matulevičius, Ahto Buldas
Reviewer: Meelis Roos

Student: Doris Sarapuu (Conversion Master in IT)
Title: Penetration Testing of Glia’s Web Application
Supervisor: Kristjan Krips, Carlos Paniagua
Reviewer: Riivo Talviste

Student: Kaspar Kala (Conversion Master in IT)
Title: Refinement of the General Data Protection Regulation (GDPR) Model: Administrative Fines Perspective
Supervisor: Raimundas Matulevičius, Jake Tom
Reviewer: Eneken Tikk

Student: Maksym Yerokhin (Software Engineering MSc)
Title: Multi-level Policy-aware Privacy Analysis
Supervisor: Pille Pullonen, Luciano García-Bañuelos
Reviewer: Sara Belluccini

Student: Reelika Tõnisson (Computer Science MSc)
Title: Tighter Post-quantum Secure Encryption Schemes Using Semi-classical Oracles
Supervisor: Dominique Peer Ghislain Unruh
Reviewer: Sven Laur

Student: Helen Tera (Computer Science BSc)
Title: Introduction to Post-Quantum Cryptography in Scope of NIST’s Post-Quantum Competition
Supervisor: Dominique Unruh
Reviewer: Raul-Martin Rebane

Student: Omar Purik (Computer Science BSc)
Title: Creation of Practical Assignments on Information Security for High School Students
Supervisor: Kristjan Krips, Tauno Palts
Reviewer:

Links:
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2019
https://www.cs.ut.ee/sites/default/files/www_ut/kaitsmised_v_30-05.pdf

Study on the lifecycle of cryptographic algorithms 2017

This year we have ordered and will publish cryptographic algorithms life cycle report in parts. The first part is now available.

The first and the most important chapter gives overview of the current state of algorithms.

The second chapter writes about the cryptographic side of the last fall ID card crisis. The report describes what happened, what was done and how on the cryptographic side the new solution (elliptic curves) for ID cards works.

The third chapter gives overview of block-chain technologies and in addition provides Estonian-language terminology for block-chain related English terms.

The report has been ordered by RIA and written by Cybernetica researchers Ahto Buldas, Jan Willemson and Arne Ansper.

Links:
https://blog.ria.ee/ria-kruptouuring-id-kaart-ja-plokiahelad/
https://www.ria.ee/public/RIA/kruptograafiliste_algoritmide_elutsukli_uuring_2017.pdf
https://geenius.ee/uudis/nsa-usub-et-eesti-id-kaart-peaks-vastu-pidama-ka-kvantarvuti-runnakule/

Study on the lifecycle of cryptographic algorithms 2016

cybernetica_ria_crypto_algorithms_report

This study is a natural continuation of three previous studies conducted in 2011, 2013 and 2015. The fourth version of cryptographic algorithms life cycle study published on June 9, has more than 10 authors and has 163 reference source. The 2016 report is the first one in its sequence to be written in English, because the study is unique on a global scale, and the previous versions has been of great international interest.

The foreword of the report has been written by Anto Veldre:

The Dutch DigiNotar case in 2011 demonstrated the hard choices a country faces if a PKI supporting its government’s IT systems is compromised. [..] Therefore, it was decided in 2011 to assemble a scientific task force to analyse the problems and risks that reliance on cryptography is posing on the sustainable functioning of our society.

Among the usual topics in cryptography, there is quite revealing section “Cryptographic protocols over radio connection”. For example, there the authors find that Estonian public transportation cards are vulnerable to various kinds of Denial of Service and cloning attacks:

The transportation cards in Tallinn are built on MIFARE Classic, whereas in Tartu MIFARE Ultralight C cards are used. However, even though both of the cards support cryptographic authentication, this functionality is not used. In both cases, the protocol running between the card and the reader is essentially the same, consisting of transmitting the card’s unique ID and a signature. [..] While this measure prevents unauthorised parties from issuing new cards, it does not stop the card cloning attack. [..] Cloning a card that carries a monthly ticket causes direct financial loss to the transportation service provider and must hence be urgently addressed.

Even though the ID fields of transportation cards are not writeable, other fields may be. This is for example the case with Tartu bus cards that allow e.g. the signature field to be overwritten by a standard app working on a regular NFC-capable smartphone. As a result, the card will become invalid, giving us a potential Denial of Service attack.

The report analyzes different radio frequency card technologies used for physical access control.  There are many problems – transparency issues, use of weak cryptography or no cryptography at all. The authors have also interviewed Hardmeier and G4S to study deployment issues. Some of the deployment issues revealed are quite disturbing:

Interview with a company installing NFC-based access control systems revealed that it is common practice to use same keys also in several installations, making e.g. door keys of one company work at the door of another company, too.

Links:
https://www.ria.ee/public/RIA/Cryptographic_Algorithms_Lifecycle_Report_2016.pdf
https://www.ria.ee/ee/eriik-2018-valmis-2016-aasta-kruptograafiliste-algoritmide-elutsukli-uuring.html
https://blog.ria.ee/ria-aastakonverentsi-i-sessiooni-otseblogi/