Tag Archives: Sven Heiberg

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2016/2017

Managing Security Risks Using Attack-Defense Trees
Abstract: The In this thesis, we have addressed risk management using Attack Tree. The contribution to resolve the problem in this thesis includes three steps. Obtaining an alignment from Attack-Defense trees to ISSRM. Measurement of the metrics of the nodes of tree using historical data.
Student: Salman Lashkarara
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Meelis Roos
Defense: 01.06.2017, Tartu, J.Liivi 2-404

On Secure Bulletin Boards for E-Voting
Abstract: In this thesis, we propose a formal model for analysis of security and functionality of a bulletin board system motivated by the security requirements Culnane and Schneider introduced in Computer Security Foundations Symposium 2014.
Student: Annabell Kuldmaa
Curriculum: Computer Science (MSc)
Supervisor: Helger Lipmaa
Reviewer: Ahto Buldas
Defense: 01.06.2017, Tartu, J.Liivi 2-404

Research and Proof of Concept of Selected ISKE Highest Level Integrity Requirements
Abstract: This work takes integrity domain under detail research to meet ISKE requirements and security objectives demanded for data with highest integrity needs.
Student: Deivis Treier
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevičius
Reviewer: Andrey Sergeev
Defense: 02.06.2017, Tartu, J.Liivi 2-404

Method for Effective PDF Files Manipulation Detection
Abstract: The aim of this thesis is to ease the process of detecting manipulations in PDF files by addressing its source code, before having to use other methods such as image processing or text-line examination.  The result is the construction of a solid and effective method for PDF file investigation and analysis to determine its integrity.
Student: Gema Fernández Bascuñana
Curriculum: Cyber Security (MSc)
Supervisor: Pavel Laptev, Inna Ivask, Raimundas Matulevičius
Reviewer: Hayretdin Bahsi
Defense: 02.06.2017, Tartu, J.Liivi 2-404

Establishing, Implementing and Auditing Linux Operating System Hardening Standard for Security Compliance
Abstract: This paper provides a proof-of-concept solution for being compliant with operating system hardening requirements of the company by establishing, implementing and auditing Linux (Debian) operating system hardening standard.
Student: Martin Jõgi
Curriculum: Cyber Security (MSc)
Supervisor: Truls Tuxen Ringkjob, Raimundas Matulevičius
Reviewer: Marko Kääramees
Defense: 02.06.2017, Tartu, J.Liivi 2-404

A Prototype For Learning Privacy-Preserving Data Publising
Abstract:  This master thesis will discuss different threats to privacy, discuss and compare different privacy-preserving methods to mitigate these threats. The thesis will give an overview of different possible implementations for these privacy-preserving methods. The other output of this thesis is educational purpose software that allows students to learn and practice privacy-preserving methods.
Student: Rain Oksvort
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevičius
Reviewer: Benson Muite
Defense: 05.06.2017, Tartu, J.Liivi 2-404

Filesystem Fuzz Testing Framework
Abstract: In the present thesis a fuzz testing framework was built, which can be used for finding time-of-check-to-time-of-use type bugs in Linux filesystems.
Student: Vladislav Alenitsev
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos, Kristjan Krips
Reviewer: Karl Tarbe
Defense: 07.06.2017, Tartu, J.Liivi 2-404

Performance Testing Bulletin Board Implementations for Online Voting
Abstract: This work takes a look at two software solutions that can be used for such purpose and analyses their performance in testing environment imitating real election workload.
Student: Marek Pagel
Curriculum: Computer Science (BSc)
Supervisor: Sven Heiberg, Janno Siim
Reviewer: Ivo Kubjas
Defense: 07.06.2017, Tartu, J.Liivi 2-404

Cybersecurity theses defence on June 9, 2017 in Tartu J. Liivi 2-403 at 10.00 AM.
Defence Committee: Raimundas Matulevičius (chairman), Olaf Manuel Maennel, Vitaly Skachek, Meelis Roos, Hayretdin Bahsi.
Grades received (random order): A, B, C, C, D.

Improving and Measuring Learning at Cyber Defence Exercises
Abstract:  This thesis takes a fresh look at learning in Cyber Defence Exercises (CDXs) and focuses on measuring learning outcomes. As such exercises come in a variety of formats, this thesis focuses on technical CDXs with Red and Blue teaming elements.
Student: Kaie Maennel
Curriculum: Cyber Security (MSc)
Supervisor: Rain Ottis, Liina Randmann, Raimundas Matulevičius
Reviewer: Sten Mäses
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Federation of Cyber Ranges
Abstract: This study compares two cyber ranges and looks into possibilities of pooling and sharing of national facilities and to the establishment of a logical federation of interconnected cyber ranges. The thesis gives recommendations on information flow, proof of concept, guide-lines and prerequisites to achieve an initial interconnection with pooling and sharing capabilities.
Student: Allar Vallaots
Curriculum: Cyber Security (MSc)
Supervisor: Jaan Priisalu, Uko Valtenberg, Raimundas Matulevičius
Reviewer: Rain Ottis
Defense: 09.06.2017, Tartu, J.Liivi 2-403

A New Heuristic Based Phishing Detection Approach Utilizing Selenium Webdriver
Abstract: In this paper, we focus on detecting login phishing pages, pages that contain forms with email and password fields to allow for authorization to personal/restricted content. We present the design, implementation, and evaluation of our phishing detection tool “SeleniumPhishGuard”, a novel heuristic-based approach to detect phishing login pages.
Student: Ahmed Nafies Okasha Mohamed
Curriculum: Cyber Security (MSc)
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius
Reviewer: Hayretdin Bahsi
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Analysis of Exploit-kit Incidents and Campaigns Through a Graph Database Framework
Abstract: A great deal of automation can be achieved here by using public APIs such as VirusTotal, whois databases, IP blacklists, etc during the analysis and a first part of our work is dedicated to that. We will then show that this approach reveals patterns and clusters from which decisions can be made from a defensive perspective.
Student: Guillaume Brodar
Curriculum: Cyber Security (MSc)
Supervisor: Toomas Lepik, Raimundas Matulevicius
Reviewer: Arnis Paršovs
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Investigation of JTAG and ISP Techniques for Forensic Procedures
Abstract: This thesis is focusing on JTAG and ISP physical acquisitions techniques. The aim is to give an overview of these techniques from a forensic point of view and in addition to some other tests will try to prove that are forensically equivalent to any other method.
Student: Stefanos Pappas
Curriculum: Cyber Security (MSc)
Supervisor: Pavel Laptev, Raimundas Matulevičius
Reviewer: Emin Caliskan
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Links:
https://www.cs.ut.ee/sites/default/files/cs/kaitsmiste_ajakava_1_2_5_06.pdf
https://www.cs.ut.ee/sites/default/files/cs/kaitsmiste_ajakava_6_7_8_9_06_.pdf

ETV “Suud Puhtaks” debate on internet voting security

Is the cyber security in Estonia ensured? Why the government wants to change the period of i-voting and what signal with that we send to the world? Talk show host Urmas Vaino helps to set things straight.

Debating:
Indrek Saar, Minister of Culture, Social Democratic Party
Jaanus Karilaid, Member of Parliament, Center Party
Priidu Pärna, Member of Tallinn City Council, Pro Patria and Res Publica Union
Anto Veldre, RIA analytic
Kristjan Vassil, UT senior researcher
Märt Põder, organizer of journalism hackathon
Arti Zirk, TUT IT faculty student
Tarvi Martens, Electoral Committee, Head of Internet Voting
Kristen Michal, Member of Parliament, Reform Party
Mihkel Slovak, UT senior researcher
Henrik Roonemaa, Geenius.ee editor
Erki Savisaar, Member of Parliament, Center Party
Andres Kutt, RIA, IT architect
Sven Heiberg, Cybernetica AS, Project Manager of Internet Voting System
Jaak Madison, Member of Parliament, Conservative People’s Party
Jaanus Ojangu, Chairman of Free Party
Agu Kivimägi, Stallion cyber security consultant
Jaan Priisalu, TUT researcher
Silver Meikar, Adviser to Minister of Culture
Kalev Pihl, SK ID Solutions, Board Member
Oskar Gross, Head of Cyber Crime Unit of Central Criminal Police
Klaid Mägi, RIA, Head of the department for handling incidents (CERT-EE)
Heiki Kübbar, Founder of ICEfire OÜ
Birgy Lorenz, Board Member of Network of Estonian Teachers of Informatics and Computer Science
Andres Kahar, KAPO Bureau Manager
Sven Sakkov, Director of NATO Cooperative Cyber Defence Centre
Heiki Pikker, TUT Cyber Security MSc student

Links:
http://www.err.ee/587007/suud-puhtaks-kui-turvalised-on-e-valimised
http://etv.err.ee/v/paevakajasaated/suud_puhtaks/saated/8d5babc5-cc33-4ed5-9bc0-927d4293ee21/suud-puhtaks
http://news.err.ee/310788/center-party-wants-to-shorten-e-voting-period

E-Vote-ID 2016: Improving the verifiability of the Estonian Internet Voting scheme

Estonian_internet_voting

Abstract. We describe an update of the Estonian Internet Voting scheme targeted towards adding verification capabilities to the central system. We propose measures to ensure the auditability of the correctness of vote decryption and i-ballot box integrity. The latter will be improved to a level where it would be possible to outsource the vote collection process to an untrusted party and later fully verify the correctness of its operations.

The short summary is that I-voting system used for local municipal elections in October 2017 will use ElGamal cryptosystem that can be plugged into mix-net. Currently it is not clear whether the general public will be allowed to verify mix-net inputs and outputs.

Links:
http://research.cyber.ee/~jan/publ/ivxv-evoteid.pdf

 

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2015/2016

university_of_tartu_logo

Defense committee: Dominique Unruh (chairman), Siim Karus, Vitaly Skachek, Dirk Oliver Theis, Raimundas Matulevicius.

A Cost-Effective Approach to Key Management in Online Voting Scenarios
Abstract: Since smart cards both offer reasonable prices and expose an API for development, this document evaluates different approaches to implement threshold encryption over smart cards to support an electoral process.
Student: Sergio Andrés Figueroa Santos
Curriculum: NordSecMob (MSc)
Supervisor: Sven Heiberg, Helger Lipmaa, Tuomas Aura
Reviewer: Ivo Kubjas
Defense: 02.06.2016, 09:00, Liivi 2-405

Revision of Security Risk-oriented Patterns for Distributed Systems
Abstract: In this thesis, we target the secure system development problem by suggesting application of security risk-oriented patterns. The applicability of these security risk-oriented patterns is validated on business processes from aviation turnaround system.
Student: Silver Samarütel
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Alexander Horst Norta
Defense: 02.06.2016, 09:00, Liivi 2-405

Role Based Access Control as SecureUML Model in Web Applications Development with Spring Security
Abstract: In order to support and simplify the model-driven approach for a web application development with Spring platform, realization of a concept plugin for Eclipse IDE is proposed. This plugin supports the recognition of Spring Security notations with capability to visualize the RBAC model on top of them.
Student: Andrey Sergeev
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Henri Lakk
Defense: 02.06.2016, 09:00, Liivi 2-405

Secure and Efficient Mix-Nets
Abstract: This thesis studies a zero-knowledge shuffle argument proposed by J. Furukawa in 2005. Firstly, we provide a more detailed and easily readable description of the shuffle and shuffle-decryption zero-knowledge protocols than in the original paper. Secondly, we provide two new characterizations of a permutation matrix and two simple modifications of the shuffle protocol that reduce the computational complexity.
Student: Janno Siim
Curriculum: Computer Science (MSc)
Supervisor: Helger Lipmaa
Reviewer: Sven Laur
Defense: 02.06.2016, 09:00, Liivi 2-405

A Comprehensive Protocol Suite for Secure Two-Party Computation
Abstract: In some scenarios, a two-party model is a better fit when no natural third party is involved in the application. In this work, we design and implement a full protocol suite for two-party computations on Sharemind, providing an alternative and viable solution in such cases.
Student: Sander Siim
Curriculum: Computer Science (MSc)
Supervisor: Dan Bogdanov, Pille Pullonen
Reviewer: Dominique Unruh
Defense: 06.06.2016, 09:00, Liivi 2-405

An improved type system for a privacy-aware programming language and its practical applications
Abstract: he goal of this thesis is to make it easier to add protection domain kinds to the SecreC language by allowing the programmer to define the protection domain kind data types, arithmetic operations and type conversions in the SecreC language without changing the compiler.
Student: Ville Sokk
Curriculum: Computer Science (MSc)
Supervisor: Dan Bogdanov, Jaak Randmets
Reviewer: Vesal Vojdani
Defense: 06.06.2016, 09:00, Liivi 2-405

Energy Harvesting in Cooperative Communications
Abstract: Energy harvesting (EH) is a crucial technology for a variety of wireless systems that have limited access to a reliable electricity supply or recharging sources. In this thesis, the design of a multiple access relay system (MARS) using EH is considered.
Student: Akashkumar Rajaram
Curriculum: Cyber Security (MSc)
Supervisor: Nalin Jayakody, Vitaly Skachek
Reviewer: Bin Chen
Defense: 06.06.2016, 09:00, Liivi 2-405

Security of Eduroam Passwords
Abstract: The University of Tartu has decided that the university’s eduroam accounts will share the same user credentials as the rest of the university’s services. This could potentially be abused by exploiting weaknesses in wireless security in order to gain access to a user’s university account. The aim of this research was to uncover any such weaknesses.
Student: Raul-Martin Rebane
Curriculum: Computer Science (BSc)
Supervisor: Dominique Unruh
Reviewer: Meelis Roos
Defense: 06.06.2016, 09:00, Liivi 2-405

Applying a Security Testing Methodology: a Case Study
Abstract: This thesis aims to describe and apply a process necessary to verify the security of a web application. A checklist of security requirements was gathered combining OWASP ASVS web application security standard and OWASP Top Ten project.
Student: Karin Klooster
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos, Margus Freudenthal
Reviewer: Kritjan Krips
Defense: 08.06.2016

Word frequency based log analysis
Abstract: The purpose of this bachelor thesis is to explore if you can use word frequency based analysis for log files and find interesting events without knowing the log structure.
Student: Karl Lääts
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos
Reviewer: Artjom Lind
Defense: 08.06.2016

Randomly Distributed PIN Code Input Layout
Abstract: This thesis examines the possibility of reducing the visual security breach of PIN code input by randomising the input field.
Student: Rain Tõugjas
Curriculum: Computer Science (BSc)
Supervisor: Tauno Palts, Kristjan Krips
Reviewer:
Defense: 08.2016

Smart Home Hacking
Abstract: This work investigates the security and privacy issues found at an emerging smart home technology such as the CoSSMic platform.
Student: Suela Kodra
Curriculum: NordSecMob (MSc)
Supervisor: Danilo Gligoroski, Marie Moe, Dominique Unruh
Reviewer: Raimundas Matulevičius
Defense: 18.08.2016, 09:30, Liivi 2-403

Cache-Timing Techniques: Exploiting the DSA Algorithm
Abstract: This work explains some of the cache-timing techniques commonly used to exploit vulnerable software. Using a particular combination of techniques and exploiting a vulnerability found in the implementation of the DSA signature scheme in the OpenSSL shared library, a cache-timing attack is performed against the DSA’s sliding window exponentiation algorithm.
Student: Cesar Pereida Garcia
Curriculum: NordSecMob (MSc)
Supervisor: Billy Bob Brumley, Dominique Unruh, N. Asokan
Reviewer: Arnis Paršovs
Defense: 26.08.2016, 11:00, Liivi 2-403

Links:
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2016
http://www.cs.ut.ee/sites/default/files/2016/loput88d/Kaitsmiste%20ajakava.pdf

Log Analysis of Estonian Internet Voting 2013 – 2015

Log server

Conclusions
In this work we developed a systematic data analysis method that can be used to assess the state of an ongoing i-voting and to perform post-election analysis.
The log monitoring solution developed has been a useful tool for detecting software bugs and logging deficiencies, which might not have been otherwise detected.

Although the three elections analyzed in this study were different types of elections, we can see that most of the measured values are similar. Furthermore, taking into account all the observations, we can conclude that in KOV2013, EP2014 and RK2015, no large-scale attack against i-voters was carried out.

Links:
http://eprint.iacr.org/2015/1211.pdf
http://kodu.ut.ee/~arnis/slides_logmon.pdf

E-enabled elections in Estonia: Forum on research and development in 2015

Estonian_internet_voting

During the first half day, Estonian researchers will present the results of a 3-year scientific project that studied the Estonian flavour of verifiable Internet voting from both technical and social aspects. The second half of the first day will be devoted to the presentation of the development ideas of the Estonian solution. The second day holds additional interventions on the topic of remote online voting and offers brainstorming activity where feedback to the ideas of the first day will be gathered interactively.

Thursday (05.11.2015)
09:00 – 09:30 Registration
09:30 – 09:45 Opening keynote
09:45 – 10:30 Kristjan Vassil “Diffusion of Internet Voting in Estonia”
10:30 – 11:15 Mihkel Solvak “Impact of Verification on Trust toward Internet Voting”
11:15 – 11:45 Coffee break
11:45 – 12:15 Taavi Unt “Usage Patterns in Internet Voting Log Files”
12:15 – 13:45 Jan Willemson, Sven Heiberg and Arnis Paršovs “Log analysis of Estonian Internet
voting 2013-2015”
14:00 – 15:00 Lunch
16:00 – Coffee break
15:00 – 17:30 Tarvi Martens, Sven Heiberg and Jan Willemson “Estonian Internet voting 2017+”

Friday (06.11.2015)
10:00 – 10:30 Bingsheng Zhang “How to Achieve Unconditional Integrity in an End-to-end Verifiable E
voting System”
10:30 – 11:00 Kristjan Gjøsteen “A security usability study on the Norwegian e-voting system”
11:00 – 11:30 Carsten Schürmann “Creating Credible Elections”
11:30 – 12:00 Coffee break
12:00 – 12:30 Jurlind Budurushi “An Investigation into the Usability of Electronic Voting Systems with
Paper Audit Trails in the Context of Complex Elections”
12:30 – 13:00 Helger Lipmaa “Privacy and Accountability in Networks via Optimized Randomized Mixnets”
13:00 – 13:30 Filip Zagorski “Improving security of remote voting”
13:30 – 14:30 Lunch
15:00 – Coffee break
14:30 – 17:00 Argument game

Links:
http://cyber.ee/en/news/e-enabled-elections-in-estonia-forum-on-research-and-development-in-2015/

Call for ideas to improve Estonian Internet voting

Estonian_internet_voting

Electronic Voting Committee invites those interested in Internet voting to attend the day of ideas event, which will take place on Thursday, 18 June, 2015 from 11:00 to 15:00 in the hall of commandant house at Toompea street 1, Tallinn.

I-voting in Estonia has been used already for 8 elections in 10 years. The system has been continuously developed, but since the time of the next regular elections is after little more than two years, it is an opportune time for introducing something larger and more substantial.

Hence the aim for the day of ideas: everyone will have the opportunity to present his ideas or thoughts on how to make i-voting even better, more secure, more transparent, more reliable, etc. – invited are both technical and organizational improvement proposals.

To have a smooth management of the event:
a) register your participation no later than 16 June by sending an e-mail to vvk dot ee.
b) describe in a few sentences the idea and give an estimate on the time needed for the presentation. If you wish, you can show the slides.

Invited are also those who do not have their ideas, but still would like to participate in the debate about the ideas.

Additional information: Tarvi Martens (Head of the Committee)

Presentations:

Sven Heiberg “What is possible for 2017”
Ivo Kubjas “Mixnets – why, what and how?
Arnis Paršovs “Homomorphic Tallying for Estonian Internet Voting”
Tanel Tammet “About e-election problems”
Ahto Truu “Data integrity detection KSI service”

Links:
http://www.vvk.ee/valimiste-korraldamine/vvk-uudised/kutse-ideepaev-e-haaletamise-parenduseks/
http://vvk.ee/valimiste-korraldamine/elektroonilise-haaletamise-komisjon/ideepaev-2015/

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2014/2015

university_of_tartu_logo

An Empirical Comparison of Approaches for Security Requirements Elicitation
Abstract: Security Quality Requirements Engineering (SQUARE) and Security Requirements Elicitation from Business Processes (SREBP). This thesis compares the two methods based on an empirical case study of the Estonian Football Association. The elicited security requirements are categorized and the completeness of their coverage is compared.
Student: Karl Kolk
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Fredrik Payman Milani
Defense: 26.02.2015

The Analysis and Design of a Privacy-Preserving Survey System
Abstract: This master’s thesis describes the design and business processes of the prototype of a secure survey system using secure multi-party computation. The design of the system is also described in this paper and is illustrated with a deployment model.
Student: Meril Vaht
Curriculum: Cyber Security (MSc)
Supervisor: Dan Bogdanov
Reviewer: Raimundas Matulevicius
Defense: 04.06.2015, 09:00, Liivi 2-405

Pattern Based Security Requirement Derivation with Security Risk-aware Secure Tropos
Abstract: In this master thesis we investigate the integration of a pattern based security requirement elicitation process in the goal-oriented IS development. By performing this integration we aim at providing a process that enables the elicitation of security requirements from Security Risk-aware Secure Tropos (RAST) models. The contribution of this thesis are five Security Risk-aware Patterns expressed using RAST.
Student: Atilio Rrenja
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Peep Küngas
Defense: 04.06.2015, 09:00, Liivi 2-405.

Comparing Security Risk-oriented Modelling Languages to Manage Social Engineering Risks
Abstract: The paper applies structured approach in identification of one security risk management standard that can be applied with different modelling languages. For a more in-depth analysis in this paper considered several modelling languages as BPMN, Secure Tropos and Misuse case.
Student: Sarbar Tursunova
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevicius
Defense: 04.06.2015, 09:00, Liivi 2-405.
Reviewer: Olga Altuhhova

Analysis and Mitigation of Recent Attacks on Mobile Communication Backend
Abstract: This thesis presents a broad and thorough overview and analysis of the known attacks against mobile network signaling protocols and the possible mitigation strategies. The attacks are presented in a uniform way, in relation to the mobile network protocol standards and signaling scenarios. Moreover, this thesis also presents a new attack that enables a malicious party with access to the signaling network to remove lost or stolen phones from the blacklist that is intended to prevent their use.
Student: Siddharth Prakash Rao
Curriculum: NordSecMob (MSc)
Supervisor: Tuomas Aura
Supervisor: Dominique Unruh
Supervisor: Silke Holtmanns
Supervisor: Ian Oliver
Reviewer: Arnis Paršovs
Defense: 09.06.2015, 09:00, Liivi 2-405.

Entropy Based Robust Watermarking Algorithm
Abstract: In this work, multiple robust watermarking algorithms are introduced. They embed watermark image into singular values of host image’s blocks with low entropy values. The quantitative and qualitative experimental results are indicating that the proposed algorithms are imperceptible and robust against many signal processing attacks.
Student: Lauri Laur
Curriculum: Software Engineering (MSc)
Supervisor: Gholamreza Anbarjafari
Supervisor: Mary Agoyi
Reviewer: Kaveh Khoshkhah
Defense: 09.06.2015, 09:00, Liivi 2-405.

NFC Security Solution for Web Applications
Abstract: This thesis compares existing and possible security solutions for web applications, analyses NFC compatibility for security solutions and proposes a new NFC authentication and signing solution using Google Cloud Messaging service and NFC Java Card. This new proposed solution enables authentication and signing via NFC enabled mobile phone and NFC Java Card without any additional readers or efforts to be made.
Student: Jonas Kiiver
Curriculum: Software Engineering (MSc)
Supervisor: Eero Vainikko
Reviewer: Meelis Roos
Defense: 09.06.2015, 09:00, Liivi 2-404.

Applying Estonian Internet Voting Individual Verification System to Other Electoral Systems
The current paper gives an overview of the Estonian internet voting individual verification system and introduces different ballot styles. It proposes and describes modifications to the Estonian system, so it could be used for individual verification with the introduced ballot styles and multiple elections.
Student: Joonas Lõmps
Curriculum: Informatics (BSc)
Supervisor: Sven Heiberg
Reviewer: Arnis Paršovs
Defense: 12.06.2015, 09:00, Liivi 2-404

Secure Bitcoin Wallet
This report outlines various methods and solutions targeting security concerns and aims to understand their effectiveness. It also describes Secure Bitcoin Wallet, standard Bitcoin transactions client, enhanced with various security features and services.
Student: Sevil Guler
Curriculum: NordSecMob (MSc)
Supervisor: Sead Muftic, Vitaly Skachek
Reviewer: Arnis Paršovs
Defense: 27.08.2015

Links:
http://comserv.cs.ut.ee/forms/ati_report/index.php?language=en
http://www.cs.ut.ee/en/msc/theses/deadlines

EVOTE2014: Verifiable Internet Voting in Estonia

estonian_internet_voting_protocol

Abstract
This paper introduces an extension to the Estonian Internet voting scheme allowing the voters to check the cast-as-intended and recorded-as-cast properties of their vote by using a mobile device. The scheme was used during the 2013 Estonian local municipal elections and the 2014 European Parliament elections. 3.43% and 4.04% of all Internet votes were verified, respectively. We will present the details of the protocol, discuss the security thereof and the results of implementation.

Links:
http://www.e-voting.cc/en/portfolio-item/proceedings-evote2014/