Tag Archives: Tiit Hallas

Cyber Security master’s theses defense in Tallinn University of Technology (May 2017)


Monday, May 29, 2017, Akadeemia Tee 15a, Room ICT-315.

Grades received (random order): 5, 4, 4, 3, 3, 3, 2, 2.

Time: 10:00
Student: Kristjan Oja
Title: Cyber Security Awareness For IT Students Through Practical Assignments
Supervisor: Sten Mäses
Reviewer: Tiia Sõmer

Time: 10:40
Student: Sander Arnus
Title: Providing guaranteed log delivery and proof value of logs
Supervisor: Risto Vaarandi
Reviewer: Tiit Hallas

Time: 11:20
Student: Bolaji Ayoola Ladokun
Title: An Analytical Approach to Characterization of Targeted and Untargeted Attack in Critical Infrastructure Honeypot
Supervisor: Hayretdin Bahsi
Reviewer: Risto Vaarandi

Time: 12:00-13:00 – Lunch

Time: 13:00
Student: Iryna Bondar
Title: LUDROID: Evaluation of Android Malware Detection Tools and Techniques and Development of a First Line of Defense For the User
Supervisor: Emin Caliskan
Reviewer: Toomas Lepik

Time: 13:40
Student:  Seifollah Akbari
Title: A New Method for the SYNful Knock Attack Implementation
Supervisor: Truls Ringkjob
Reviewer: Bernhards Blumbergs

Time: 14:20
Student: Safak Tarazan
Title: GPS Spoofing/Jamming Resilient Mini UAV Implementation Strategy
Supervisor: Truls Ringkjob
Reviewer: Juhan Ernits

Time: 15:20
Student: Danielle Morgan
Title: Security of Loyalty Cards Used in Estonia
Supervisor: Rain Ottis, Arnis Paršovs
Reviewer: Aleksandr Lenin

Time: 16:00
Student: Katrin Kukk
Title: Ensuring the digital continuity of e-Estonia in different crisis scenarios
Supervisor: Rain Ottis
Reviewer: Jaan Priisalu

Tuesday, May 30, 2017, Akadeemia Tee 15a, Room ICT-315.

Grades received (random order): 4, 4, 3, 3, 2, 1.

Time: 10:00
Student: Christopher David Raastad
Title: Euro 2.0 – Securing an Ethereum Crypto Fiat Currency System
Supervisor: Alex Norta
Reviewer: Raimundas Matulevicius

Time: 10:40
Student: Mobolarinwa Taofeek Balogun
Title: Comparative Analysis of Industrial IoT and HealthCare System IoT for Cyberterrorism
Supervisor: Hayretdin Bahsi
Reviewer: Ahto Buldas

Time: 11:20
Student: Chengxiang Wang
Title: Classification of Black-Box Security Reductions and Oracle Separation Techniques
Supervisor: Ahto Buldas
Reviewer: Peeter Laud

Time: 12:00-13:00 – Lunch

Time: 13:00
Student: Celik Neslisah
Title: Anomaly Detection Using Locked Shields Logs
Supervisor: Olaf Maennel
Reviewer: Mauno Pihelgas

Time: 13:30
Student: Sophio Sakhokia
Title: Developing a Cyber Security Master Programme for Georgia
Supervisor: Tiia Sõmer
Reviewer: Olaf Maennel

Time: 14:20
Student: Zaghum Awan
Title: Analytical Comprehensive Approach to Cyber Laundering and its Solutions
Supervisor: Tiia Sõmer
Reviewer: Andro Kull

The head of SMIT’s security department Tiit Hallas gives public lecture on cryptography

tiit-hallas

The public lecture will be held in the building of the IT College, Raja 4C, auditorium 314, Tuesday, October 18, at 13:00. The public lecture will also be broadcast live on the website of the IT College.

The main purpose of Tiit Hallas public lecture is to answer various question on the topic. Tiit will talk about cryptography related terms, describe the overall level of how cryptography works and the need for cryptography to ensure the security. Tiit has promised to bring sophisticated content to listeners as simply
and understandably as possible.

Tiit Hallas has worked in information security for over eight years in both public and private sector and has gained plenty of practical as well as theoretical experience in the field. He has a BA in Information System Development from IT College and an MSc in Cyber Security from Tallinn University of Technology. As well as delivering lectures and talks on the subject, Tiit is involved with Information Security in his daily work as the Head of Information Security at the IT and Development Centre of the Ministry of the Interior, where he not only manages staff but is also engaged with finding solutions to practical information security issues.

The lecture will be in Estonian.

Links:
http://www.itcollege.ee/blog/2016/10/12/smiti-infoturbeosakonna-juhataja-tiit-hallas-peab-kuberturvalisuse-kuu-raames-it-kolledzis-avaliku-loengu-kruptograafiast/
https://www.youtube.com/watch?v=KLhbaSRjz2s

Court decision on alleged SMIT account blocker

Tor-Anonymity-Tor-path

We wrote about the case before. Here is a summary of court’s decision:

According to the first-level Harju County Court decision, Mart Pirita (45) was pleaded guilty for disrupting the remote services of Ministry of the Interior (SM). According to the verdict, he used anonymous Tor network to enter multiple wrong passwords for 14 users, thereby blocking their access to the infrastructure.

The actions were qualified according to Penal Code paragraph 207 part 1 for “Illegal interference with or hindering of the functioning of computer systems by way of uploading, transmitting, deleting, damaging, altering or blocking of data”.

Pirita’s attorney Raul Ainla challenged the qualification of the alleged crime. In county court’s opinion, the qualification was correct, since Mart Pirita entered without lawful permission wrong passwords for 14 user accounts, by which their accounts were disabled, interfering the functioning of the computer system for SM employees.

The first-level court’s decision was appealed and District Court of Tallinn made a decision, that it was not possible to certainly establish a connection between Mart Pirita and the attacks.

In the initial verdict, it was claimed that the attack was performed through three IP addresses which are known to be Tor exit nodes. Furthermore, it was established that Pirita downloaded Tor software from Debian repository (ftp.ee.debian.org). In addition, according to Pirita’s ISP Elion metadata logs, Pirita was connected to the Tor network approximately at the time of the attacks.

District court judged that the county court has incorrectly evaluated the evidence presented. Namely, the IP addresses, where the attacks were performed from, belong to the Tor exit nodes and thus the attacks were performed through Tor network. However, the county court did not consider the technology of the Tor network. Every connection through Tor network is established via random paths and are encrypted, thus it is impossible to know who is the initial source of the communication and what are the messages. Thus, even though Pirita connected to the Tor network, it is impossible to link him to the attacks from the exit nodes.

Additionally, the prosecuror Piret Paukštys claimed that, since on the Pirita’s hard drive was found file “cached-microdesc-consensus” which included the IP addresses of Tor exit nodes participating in the attack, it proves the connection between Pirita and the exit nodes. However, this claim was found to be false, since the file is a catalog of all public Tor nodes and is included in every Tor installation. Thus, every Tor user possibly could be behind the attack.

According to prosecutor, another evidence pointing to Pirita was that Pirita had Debian Linux installed in his virtual machine and attacker’s user agent “Mozilla/5.0 (Linux; U; Debian Linux; en-US; rv: 1.8.1.12) Gecko/20080201 Firefox/2.0.0.12” presented to the court has Debian Linux operating system in it.

However, Tiit Hallas, the head of information security of SMIT could not provide to the court any log file which backed the claim of this user agent being present. The claimant couldn’t even describe from which log file this user agent was given from and why the logs weren’t presented as evidence.

Finally, the court found that there is a clear discrepancy between the times in the log files provided as evidence. Firstly, according to ftp.ee.debian.org logs, Pirita downloaded Tor software on 17.08.2014 at 00:57. However, the attacks started on 17.08.2014 at 00:14. Elion’s metadata logs show that Pirita connected Tor network after attacks started. Furthermore, an independent expert from Estonian Forensic Science Institute (EKEI) Oliver Olt stated that there are no connections between Elion’s metadata logs and attacks in claimant’s logs. The expert added that he couldn’t explain how the attack could be performed which would correspond to the logs. Thus, by his opinion, the logs rather contradicted the prosecutor’s claim.

It was said that Pirita had motive to perform the attacks as he was fired from SMIT due to loss of trust. However, the management of SMIT acknowledged that he was not the only one to be fired for this reason. There were up to ten people who could have the motive to perform the attacks. Furthermore, the fact that the attacker knew correct access point is not sufficient to claim that it was performed by current or previous employee of SMIT.

Concluding these aspects, the district court decided that the indirect proof was not sufficient to claim the guilt of Pirita with high probability. According to previous National Court decision, if it is possible that there was anyone else who could have performed the attack, then the accused should not be convicted.

The district court reviewed the previous decision and acquitted Pirita. Additionally, he was compensated for the legal fees in the amount of 7500€. The fee for IT expertise was covered by the government. The disk copy of Pirita’s hard disk is to be destroyed to assure the privacy of Pirita.

The prosecutor did not appeal the district court’s decision.

Links:
https://www.riigiteataja.ee/kohtulahendid/detailid.html?id=180104716
http://www.delfi.ee/news/paevauudised/krimi/pevkuri-ja-vaheri-meilikontode-lukustamise-parast-kohtu-all-olnud-mart-pirita-oigeks-moistmine-on-nuud-loplik?id=74558039
http://www.postimees.ee/3149415/it-spetsialist-jai-ministeeriumi-arvutikontode-blokeerimises-suudi

Cyber Security master’s theses defense in Tallinn University of Technology (June 2016)

logo_tut

Monday, June 6th 2016, Akadeemia Tee 15a, Room ICT-315.

Defense committee: Rain Ottis (chairman), Hayretdin Bahsi, Ahto Buldas, Andro Kull, Risto Vaarandi, Raimundas Matulevicius.
The grades received (in random order): 4,4,4,3,3,3,3,3,2,1,0.

Time: 09:00
Student: Ferenc Szalai
Title: Does Cyber Security Exercise Information Sharing Work?
Supervisor: Olaf Manuel Maennel
Reviewer: Lauri Palkmets

Time: 09:40
Student: Taavi Sonets
Title: Improving User Simulation Team Workflow in the Context of Cyber Defense Exercise
Supervisor: Elar Lang, Rain Ottis
Reviewer: Priit Raspel

Time: 10:20
Student: Karl Kristjan Raik
Title: Improving Web Attack Campaign Overview in Cyber Defense Exercises
Supervisor: Elar Lang, Rain Ottis
Reviewer: Jaan Priisalu

Break 11:00 – 11:10

Time: 11:10
Student: Eve N Hunter
Title: A Comparative Analysis of Cybersecurity Guidelines and Standards for Nuclear Power Plants
Supervisor: Rain Ottis, Harry Kantola
Reviewer: Sten Mäses

Time: 11:40
Student: Alvar Ristikivi
Title: Failover test measurements of load balanced infrastructure
Supervisor: Toomas Lepik
Reviewer: Risto Vaarandi

Break 12:20 – 13:00

Time: 13:00
Student: Kristo Kapten
Title: Threat Modeling framework for Home Gaming Consoles
Supervisor: Hayretdin Bahsi
Reviewer: Emin Caliskan

Time: 13:40
Student: Sho Yano
Title: Security Analysis on Healthcare IoT Project
Supervisor: Olaf Manuel Maennel
Reviewer: Andro Kull

Time: 14:20
Student: Juan Manuel Rodríguez López
Title: Security Risk Assessment To The Use Of Digital Charting In Colombia
Supervisor: Alexander Horst Norta
Reviewer: Olaf Manuel Maennel

Break 15:00 – 15:10

Time: 15:10
Student: Florian Gasteiger
Title: R3AD an architecture to include UAVs in National Airspace
Supervisor: Olaf Manuel Maennel
Reviewer: Toomas Lepik

Time: 15:50
Student: Nisham Kizhakkedathil
Title: A Study Into the Prospects of Implementing End-to-End Verifiability in Estonian I-Voting
Supervisor: Tanel Tammet, Vadims Žuravļovs
Reviewer: Arnis Paršovs

Time: 16:30
Student: Rando Kulla
Title: Migrating PDF signing to New KSI Format
Supervisor: Jaan Priisalu, Ahto Truu
Reviewer: Ahto Buldas

Tuesday, June 7th 2016, Akadeemia Tee 15a, Room ICT-315.

The grades received (in random order): 5,5,4,0,?,?,?,?,?,?,?

Time: 09:00
Student: Teet Laeks
Title: Raising the Awareness of Cyber Security Based on Estonian Defence Forces
Supervisor: Tiia Sõmer, Danel Apse
Reviewer: Andri Rebane

Time: 09:40
Student: Andres Sumin
Title: Evaluation method for cyber awareness course
Supervisor: Sten Mäses, Liina Randmann
Reviewer: Sten Mäses

Time: 10:20
Student: Kevin Lwakatare
Title: Contributions of Understanding and Defending Against Social Engineering Attacks
Supervisor: Anton Vedeshin
Reviewer: Alexander Horst Norta

Break 11:00 – 11:10

Time: 11:10
Student: Alexandria Elaine Farár
Title: A Deceptive Methodology Towards Early Detection of Advanced Cyber Threats
Supervisor: Hayretdin Bahsi, Bernhards Blumbergs
Reviewer: Risto Vaarandi

Time: 11:40
Student: Onur Aydin Korkmaz
Title: Comprehensive Analysis of Cyber Attacks and Malware Using Low- and High-Interaction Honeypot
Supervisor: Truls Ringkjob
Reviewer: Mauno Pihelgas

Break 12:20 – 13:00

Time: 13:00
Student: Mina Gerges
Title: Log Monitoring and Event Correlation on Microsoft® Windows™ Using Simple Event Correlator
Supervisor: Risto Vaarandi
Reviewer: Tiit Hallas

Time: 13:40
Student: Chen Zhuge
Title: C-Based Implementation of Logcluster, a Data Clustering and Pattern Mining Algorithm for Event Logs
Supervisor: Risto Vaarandi
Reviewer: Innar Liiv

Time: 14:20
Student: Morteza Fakoorrad
Title: Application Layer of Software Defined Networking: pros and cons in terms of security
Supervisor: Olaf Manuel Maennel
Reviewer: Truls Ringkjob

Break 15:00 – 15:10

Time: 15:10
Student: Zaghum Wahab Awan
Title: A GUI Simulator For WSNs Based Protocols with Energy Harvesting and Proposed Hash Based Mathematical Modelling for the Security
Supervisor: Truls Ringkjob
Reviewer: Hayretdin Bahsi

Time: 15:50
Student: Jaan Vahtre
Title: Detection of ransomware on Windows operating systems
Supervisor: Jaan Priisalu
Reviewer: Toomas Lepik

Time: 16:30
Student: Vjatšeslav Panov
Title: Implementation of a Hash Function for Portable Executable Based on Structural Information
Supervisor: Truls Ringkob
Reviewer: Toomas Lepik

Wednesday, June 8th 2016, Akadeemia Tee 15a, Room ICT-315.

Defense committee: Raimundas Matulevicius (chairman), Hayretdin Bahsi, Rain Ottis, Meelis Roos, Vitaly Skachek.

Time: 09:00
Student: Luis Carlos Herrera Velasquez
Title: A Comprehensive Instrument for Identifying Critical Information Infrastructure Services
Supervisor: Olaf Manuel Maennel
Reviewer: Hayretdin Bahsi

Time: 09:40
Student: Camilo Andres Pantoja Viveros
Title: Analysis of the Cyber Attacks against ADS-B Perspective of Aviation Experts
Abstract: The present paper has a profound literature review of the relation between cyber security, aviation and the vulnerabilities prone by the increasing use of information systems in aviation realm.
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius
Reviewer: Sten Mäses

Time: 10:20
Student: Santiago Andres Sarmiento Bernal
Title: Detection solution analysis for simplistic spoofing attacks in commercial mini and micro UAVs
Abstract: This work analysis several spoofing detection methods found in the open literature, and selects the ones which can be suitable for mini and micro UAV technical specifications and operational scenario, for proposing a GPS spoofing detection solution developed in the application layer of an open source code Ground Control Station software SDK.
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius
Reviewer: Juhan-Peep Ernits

Break 11:00 – 11:10

Time: 11:10
Student: Allyson Ivy Hauptman
Title: Designing Digital Forensics Challenges for Multinational Cyber Defense Exercises
Supervisor: Patrycjusz Zdzichowski, Rain Ottis
Reviewer: Toomas Lepik

Time: 11:50
Student: Luis Alejandro Velasquez Hurtado
Title: Colombia and the intelligence cycle in the 21st century, the digital age
Supervisor: Olaf Manuel Maennel
Reviewer: Rain Ottis

Break 12:30 – 13:20

Time: 13:20
Student: Didier Dubey Suarez Medina
Title: Assessment of Web-based Information Security Awareness Courses
Supervisor: Maria Claudia Solarte Vasquez
Reviewer: Rain Ottis

Time: 14:00
Student: Yuri Andrea Pinto Rojas
Title: Development of National Cyber Security Strategies (NCSSs), and an Application of Perspective to the Colombian Case
Supervisor: Maria Claudia Solarte Vasquez
Reviewer: Hayretdin Bahsi

Break 14:40 – 14:50

Time: 14:50
Student: Alex Uriel Duran Santos
Title: Organizational Interaction Mechanisms Affecting Strategic Decision-Making During Cybercrime Investigations
Supervisor: Maria Claudia Solarte Vasquez
Reviewer: Jaan Priisalu

Time: 15:30
Student: Carlos Arturo Martinez Forero
Title: Tabletop Exercise For Cybersecurity Educational Training; Theoretical Grounding And Development
Abstract: The purpose of this thesis is to suggest the improvement of potential and perceived weaknesses on the educational components of cyber security strategies, discussing awareness-training models with significant impact on the participants, focusing on strategic decision-making level personnel that could partake of cyber related incidents.
Supervisor: Maria Claudia Solarte Vasquez, Raimundas Matulevicius
Reviewer: Uko Valtenberg, Tarmo Tuisk

Links:
https://livettu-my.sharepoint.com/personal/elena_vaarmets_ttu_ee/_layouts/15/WopiFrame.aspx?guestaccesstoken=rRFwY2aM1FudPqoucCsEwNvjb2YvdduB4x%2bLFywQvpo%3d&docid=0c199fcd8c7204b8b908fa40ad8e14730&action=view
http://www.cs.ut.ee/sites/default/files/2016/loput88d/DEFENCE%20OF%20CYBER%20SECURITY%20CURRICULUM%20THESES_in%20Tallinn_2016.pdf

District Court acquits alleged Ministry of the Interior user account blocker

ministry_of_the_interior_estonia

The District Court of Tallinn acquitted Mart Pirita (45), who was accused of locking down the e-mail accounts of the Minister of the Interior Hanno Pevkur and the Director General of Police and Border Guard Board (PPA) Elmar Vaher, because his guilt was not proved.

The District Court overruled the previous verdict by Harju County Court. The Harju County Court convicted Pirita and imposed a financial penalty of 270 daily rates, which is EUR 13’159.80.

The Prosecutor’s Office accused the ex-employee of IT and Development Centre at the Estonian Ministry of the Interior (SMIT) of illegal disrupting of computer systems by entering data. According to accusation, in August 2014 Pirita entered without permission different incorrect passwords for 14 user accounts in SM jurisdiction, which resulted in these user accounts being blocked. The attack was performed through TOR network which allows using the Internet anonymously and hide one’s tracks. The accusation noted that Pirita may have been motivated by the termination of his employment contract.

Presenting as a witness in the court, Tiit Hallas, the head of information security of SMIT described to the court that TOR network is used by child pornography and malware distributors. During the attack an IP address belonging to the company E-Positive.ee owned by Mart Pirita was logged into the TOR network.

The District Court found that the County Court made mistakes in evaluating the evidence and accidentally attested that the act was performed by Mart Pirita. Only the fact that Mart Pirita used the TOR network is not sufficient, as anyone using the network at that time could have performed the illegal act. The evidence collected by the prosecutor do not show direct relation to the act. The District Court admitted that several circumstances hinted that the blocker was related to SMIT but this is not enough for convicting someone. There are no direct evidence and indirect evidences are weak, found the District Court.

Links:
http://www.postimees.ee/3657891/ringkonnakohus-moistis-oigeks-hanno-pevkuri-ja-elmar-vaheri-vaidetava-meilikontode-lukustaja