Presentation on theme: "Master track Computer security: studying at the Kerckhoffs Institute Lejla Batina Digital Security Group Institute for Computing and Information Sciences."— Presentation transcript:
Master track Computer security: studying at the Kerckhoffs Institute Lejla Batina Digital Security Group Institute for Computing and Information Sciences (ICIS) Digital Security Nijmegen November 11, 2013
Research topics that you study Cryptographic foundations of security Security mechanisms within network protocols (IPSec, SSL, scans, intrusions, DOS attacks and firewalls) Software security: buffer overflows, SQL injections, design an implementation, verification, proof-carrying code, software evaluation Hardware security: physical security, security of smartcards and RFID tags Privacy enhancing technologies - PETS Law in cyberspace Implementations of secure systems
4 Motivation: crypto/security is everywhere
Researchers working on these topics 1/2 Bart Jacobs: correctness and security properties of software Erik Poll: software security, smartcard security, smart grids etc. Jaap Henk Hoepman: design of a secure and privacy-friendly Internet of Things, Identity management
Researchers working on these topics 2/2 Mireille Hildebrandt: data protection, cyber crime, fundamental rights protection, privacy and non- discrimination Lejla Batina: physical security, lightweight cryptography, implementations of cryptography Peter Schwabe: high-speed cryptography, cryptanalysis
Mandatory and optional courses Mandatory courses Network Security (UT) Cryptography 1 (TU/e) Software security (RU) Verification of security protocols (TU/e) Security in organizations (RU) Security and privacy in mobile systems (UT) Optional courses Introduction to biometrics (UT) Secure data management (UT) Cryptography 2 (TU/e) Seminar Inf. Security Technology (TU/e) Hacker’s Hut (TU/e) Hardware security (RU) Law in cyberspace (RU) Privacy seminar (RU)
Examples of research projects – short term Privacy-friendly solutions for data aggregation and filtering in SmartGrids Tor vs. the NSA Experimental comparison of time memory trade-offs Cluster analysis for side-channel attacks Voting on mobile devices Power measurement acquisition from an FPGA board OV-chipkaart on a NFC-enabled mobile phone Trusted interfaces for secure devices Big data and non-discrimination Data retention (NSA)
Examples of research projects – publications Kostas Papagiannopoulos, Gergely Alpár, and Wouter Lueks. Desigated Attribute Proofs with the Camenish-Lysyanskaya Signature. In 34th WIC Symposium on Information Theory, Manu Drijvers, Pedro Luz, Gergely Alpár and Wouter Lueks. Ad Hoc Voting on Mobile Devices. In 34th WIC Symposium on Information Theory, Jip Hogenboom and Wojciech Mostowski. Full Memory Read Attack on a Java Card. Proceedings of 4th Benelux Workshop on Information and System Security, Louvain-la-Neuve, Belgium, November 2009.
Master thesis projects with companies
Examples of recent MSc thesis projects Kostas Papagiannopoulos. High-throughput implementations of lightweight ciphers in the AVR ATtiny architecture, 2013 – now PhD student at the DS group Mathias Morbitzer. TCP Idle scans in IPv6, 2013 – now with Fox-IT Christiaan Hillen. Beyond Smart Meters: Legal compliance of Home Energy Management Systems, 2013 – now PhD student at the DS group Barry Weymes. Recognising botnets in organisations, now with Fox-IT Arjan Blom. ABN-AMRO E-dentifier2 reverse engineering, 2011 – now with a start-up Ruben Muijrers. RAM: Rapid Alignment Method, 2011 – now with Riscure Brinio Hond. Fuzzing the GSM protocol, 2011 – now with KPMG Martijn Sprengers. GPU-based password cracking, 2011 – now with KPMG Jip Hogenboom. Principal component analysis and side-channel attacks, 2010 – now with KPMG Gerhard de Koning Gans. Analysis of the MIFARE classic used in the OV- chipkaart project, 2009 – now with the Dutch police
Master thesis projects – closer look and impact 1.Mathias Morbitzer. TCP Idle scans in IPv6, presented his thesis work at Hack in the Box 2013 in Malaysia and at HACK.LU in Luxemburg 2. Arjan Blom. ABN-AMRO E-dentifier2 reverse engineering, discovered a serious security flaw in the internet banking protocol of ABN- AMRO, which resulted in a publication at NordSec 2012 conference and attention in the Dutch press. 3. Ruben Muijrers. RAM: Rapid Alignment Method, 2011 found a new algorithm for the alignment of “power traces” based on image processing, which is now built into a commercial tool, published at CARDIS Martijn Sprengers. GPU-based password cracking, 2011 MD5crypt password hashing scheme is considered not secure any more as the results of Martijn’s thesis, published at SHARCS2012.
Why studying at the Kerckhoffs Institute – RU? ICT security is hot, with excellent job opportunities DS group performs multidisciplinary research DS group collaborates in developing better solutions for managing online privacy and electronic identities as a member of PI.lab DS promotes open standards and open source and has started many open source smartcard projects DS group has numerous projects with companies that specialise in security, such as (security) consultancy companies, evaluation laboratories etc. => many PhD study opportunities