Tag Archives: Riivo Talviste

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2020 (June)

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2020 (June)

The defences are taking place on the first and second week of June.

Student: Eric Cornelissen (Computer Science MSc)
Title: Cryptographic Analysis of the Message Layer Security Protocol in the Static Corruption Model
Supervisor: Chris Brzuska, Dominique Unruh
Reviewer: Behzad Abdolmaleki

Student: Risto Pärnapuu (Computer Science MSc)
Title: Verifiable Photo Snapshots
Supervisor: Sven Laur, Ahto Truu
Reviewer: Arnis Paršovs

Student: Anita Onyinye Nwaokolo (Cyber Security MSc)
Title: A Comparison of Privacy Enhancing Technologies in Internet of Vehicle Systems
Supervisor: Raimundas Matulevicius, Abasi-amefon Obot Affia
Reviewer: Pille Pullonen

Student: Rando Tõnisson (Software Engineering MSc)
Title: Security Risk Management in Autonomous Driving Vehicles: Architecture Perspective
Supervisor: Raimundas Matulevičius, Abasi-Amefon O. Affia
Reviewer: Danielle Morgan

Student: Silver Maala (Computer Science BSc)
Title: A Proof of Concept Malware for Interacting with the Smart-ID Android Application
Supervisor: Arnis Paršovs
Reviewer: Mart Oruaas

Student: Kärt Ilja (Computer Science BSc)
Title: Intercepting Network Traffic of the Smart-ID Android Application
Supervisor: Arnis Paršovs
Reviewer: Mart Oruaas

Student: Siim-Alexander Kütt (Computer Science BSc)
Title: Security Analysis of Tartu Smart Bike Share Android Application
Supervisor: Arnis Paršovs
Reviewer: Kristjan Krips

Student: Gregor Eesmaa (Computer Science BSc)
Title: Authorization of Web Requests Based on Merkle Trees
Supervisor: Kristjan Krips
Reviewer: Arnis Paršovs

Student: Hendrik Eerikson (Computer Science BSc)
Title: Privacy Preserving Fingerprint Idenfication
Supervisor: Riivo Talviste, Kristjan Krips
Reviewer: Jan Villemson

Student: Sergei Kuštšenko (Computer Science BSc)
Title: Implementation of election bulletin board using HyperLedger Fabric
Supervisor: Ivo Kubjas
Reviewer: Jan Villemson

Student: Markus Punnar (Computer Science BSc)
Title: Cryptosystem for Post-Quantum Age Based on Moderate-Density Parity Check (MDPC) Codes
Supervisor: Vitaly Skachek, Irina Bocharova
Reviewer: Raul Martin Rebane


Cybersecurity related bachelor’s and master’s theses in University of Tartu 2018/2019 (June)

The defences are taking place on the first and second week of June.

Student: Ivo Pure (Cyber Security MSc)
Title: An Automated Methodology for Validating Web Related Cyber Threat Intelligence by Implementing a Honeyclient
Supervisor: Risto Vaarandi, Raimundas Matulevicius
Reviewer: Alejandro Manzanares

Student: Bruno Didier Produit (Cyber Security MSc)
Title: Optimization of the ROCA (CVE-2017-15361) Attack
Supervisor: Arnis Paršovs
Reviewer: Jan Villemson

Student: Kärt Padur (Cyber Security MSc)
Title: Information Security Risk Assessment in the Context of Outsourcing in a Financial Institution
Supervisor: Raimundas Matulevičius, Liis Rebane, Toomas Vaks
Reviewer: Andro Kull

Student: Marek Matsalu (Cyber Security MSc)
Title: The Development of Digital Forensics Workforce Competency on the Example of Estonian Defence League
Supervisor: Raimundas Matulevičius, Hillar Põldmaa
Reviewer: Hayretdin Bahsi

Student: Pubudini Gayanjalie Dissanayake (Cyber Security MSc)
Title: A Comparison of Security Risk Analysis in the In-house IT Infrastructure and Cloud Infrastructure for the Payment Gateway System
Supervisor: Hayretdin Bahsi, Raimundas Matulevičius
Reviewer: Alexander Horst Norta

Student: Lukáš Bortník (Cyber Security MSc)
Title: Mobile Phone Digital Evidence Providers to Investigate Driver’s Distraction
Supervisor: Pavel Laptev, Satish Narayana Srirama
Reviewer: Matthew Sorell

Student: Mari Seeba (Conversion Master in IT)
Title: A Specification of Layer-Based Information Security Management System for the Issue Tracking System
Supervisor: Raimundas Matulevičius, Ahto Buldas
Reviewer: Meelis Roos

Student: Doris Sarapuu (Conversion Master in IT)
Title: Penetration Testing of Glia’s Web Application
Supervisor: Kristjan Krips, Carlos Paniagua
Reviewer: Riivo Talviste

Student: Kaspar Kala (Conversion Master in IT)
Title: Refinement of the General Data Protection Regulation (GDPR) Model: Administrative Fines Perspective
Supervisor: Raimundas Matulevičius, Jake Tom
Reviewer: Eneken Tikk

Student: Maksym Yerokhin (Software Engineering MSc)
Title: Multi-level Policy-aware Privacy Analysis
Supervisor: Pille Pullonen, Luciano García-Bañuelos
Reviewer: Sara Belluccini

Student: Reelika Tõnisson (Computer Science MSc)
Title: Tighter Post-quantum Secure Encryption Schemes Using Semi-classical Oracles
Supervisor: Dominique Peer Ghislain Unruh
Reviewer: Sven Laur

Student: Helen Tera (Computer Science BSc)
Title: Introduction to Post-Quantum Cryptography in Scope of NIST’s Post-Quantum Competition
Supervisor: Dominique Unruh
Reviewer: Raul-Martin Rebane

Student: Omar Purik (Computer Science BSc)
Title: Creation of Practical Assignments on Information Security for High School Students
Supervisor: Kristjan Krips, Tauno Palts


Study on the lifecycle of cryptographic algorithms 2016


This study is a natural continuation of three previous studies conducted in 2011, 2013 and 2015. The fourth version of cryptographic algorithms life cycle study published on June 9, has more than 10 authors and has 163 reference source. The 2016 report is the first one in its sequence to be written in English, because the study is unique on a global scale, and the previous versions has been of great international interest.

The foreword of the report has been written by Anto Veldre:

The Dutch DigiNotar case in 2011 demonstrated the hard choices a country faces if a PKI supporting its government’s IT systems is compromised. [..] Therefore, it was decided in 2011 to assemble a scientific task force to analyse the problems and risks that reliance on cryptography is posing on the sustainable functioning of our society.

Among the usual topics in cryptography, there is quite revealing section “Cryptographic protocols over radio connection”. For example, there the authors find that Estonian public transportation cards are vulnerable to various kinds of Denial of Service and cloning attacks:

The transportation cards in Tallinn are built on MIFARE Classic, whereas in Tartu MIFARE Ultralight C cards are used. However, even though both of the cards support cryptographic authentication, this functionality is not used. In both cases, the protocol running between the card and the reader is essentially the same, consisting of transmitting the card’s unique ID and a signature. [..] While this measure prevents unauthorised parties from issuing new cards, it does not stop the card cloning attack. [..] Cloning a card that carries a monthly ticket causes direct financial loss to the transportation service provider and must hence be urgently addressed.

Even though the ID fields of transportation cards are not writeable, other fields may be. This is for example the case with Tartu bus cards that allow e.g. the signature field to be overwritten by a standard app working on a regular NFC-capable smartphone. As a result, the card will become invalid, giving us a potential Denial of Service attack.

The report analyzes different radio frequency card technologies used for physical access control.  There are many problems – transparency issues, use of weak cryptography or no cryptography at all. The authors have also interviewed Hardmeier and G4S to study deployment issues. Some of the deployment issues revealed are quite disturbing:

Interview with a company installing NFC-based access control systems revealed that it is common practice to use same keys also in several installations, making e.g. door keys of one company work at the door of another company, too.


PhD thesis: “Applying Secure Multi-party Computation in Practice”

Riivo Talviste PhD thesis: “Applying Secure Multi-party Computation in Practice”
Defense date: 14.03.2016 – 16:15 (J. Liivi 2-405, Tartu, Estonia)

Thesis supervisor: Senior Research Fellow Sven Laur, Project manager Dan Bogdanov

Professor Stefan Katzenbeisser, Technische Universität Darmstadt (Germany)
Associate Professor Kurt Rohloff, New Jersey Institute of Technology (Newark, USA)

In this work, we present solutions for technical difficulties in deploying secure multi-party computation in real-world applications. We will first give a brief overview of the current state of the art, bring out several shortcomings and address them.
The main contribution of this work is an end-to-end process description of deploying secure multi-party computation for the first large-scale registry-based statistical study on linked databases. Involving large stakeholders like government institutions introduces also some non-technical requirements like signing contracts and negotiating with the Data Protection Agency.


Summary of master’s theses: Attack-tree based risk analysis of Estonian i-voting


This report analyzes two independent works published in 2014 that model security threats of Estonian i-voting scheme using attack trees. The first one, the master’s thesis of Tanel Torn [11] constructs several realistic attack trees for various types of attacks on Estonian i-voting system and evaluates them using three different state-of-the-art methodologies proposed in attack-tree literature. The second work, the master’s thesis of Ruud Verbij [13], proposes a general framework to allow comparison of different internet voting schemes. Verbij evaluates the proposed framework by applying it on Estonian i-voting protocol.

Despite using different approaches, both Torn and Verbij agree on some of the results. First, they both consider attacks on the Central System to be much more expensive, involving more risk and thus less probable. Second, results of both authors’ analyzes show that revocation attacks are more profitable than vote modification attacks. This in mainly due to the fact that in the former case the attack does not have to go through undetected.

The report has been published for UT course “Research Seminar in Cryptography (MTAT.07.022)”.