COINS supported Mazaher Kianpour with the internship at the partner’s institution, KTH  in Stockholm, Sweden.

Ali Khodabakhsh successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Friday, the 18th of June 2021, and will be awarded the degree of Doctor of Philosophy in Information Security and Communication Technology.

The title of his thesis is “Automated Authentication of Audiovisual Contents: A Biometric Approach” and the given topic for his trial lecture was “Active and Proactive methods for Face Synthesis forensics”.

We are no longer strangers to the phenomenon of Deepfakes and the immense risks it poses to societies. To counter the threat, it is of utmost importance to develop technical tools which facilitate content authentication and hinder the spread of fake content in the media. In this thesis, studies have been undertaken to assess the threat surface and identify subjective vulnerabilities that require immediate attention. Accordingly, effective detection mechanisms have been proposed for the alleviation of the discovered vulnerabilities. In addition, the efficacy of the state-of-the-art detection techniques has been evaluated and solutions have been proposed for the problem of generalizability which is the largest impediment to the deployment of these solutions.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Hazim Ekenel, Department of Computer Engineering, Istanbul Technical University (ITU), Istanbul, Turkey.
• Second external opponent: Professor Siwei Lyu, School of Engineering and Applied Sciences, University at Buffalo, State University of New York, Buffalo, USA.
• Internal member and committee administrator: Associate Professor Katrien De Moor, Department of Information Security and Communication Technology, NTNU, Trondheim, Norway.

Ali Khodabakhsh carried out his PhD work at the Department of Information Security and Communication Technology, Gjøvik, NTNU.

His main supervisor was Professor Christoph Busch, IIK, NTNU and co-supervisor Professor Raghavendra Ramachandra, IIK, NTNU.

Congratulations!

Georgios Kavallieratos successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Wednesday, the 16th of June 2021, and will be awarded the degree of Doctor of Philosophy in Information Security and Communication Technology.

The title of his thesis is “Security of the Cyber Enabled Ship” and the given topic for his trial lecture was “The usage of gamification for cyber security education”.

Today’s leading ship builders and operators go beyond traditional engineering to create remotely controlled and autonomous ships – both variants of the cyber enabled ship. Unless such ships are built with cyber security in mind right from their design phase, we will soon be facing cyber security issues in the shipping industry, similar to those that we are experiencing in other industries that have adopted ICT without properly addressing cyber security issues. Taking a cyber physical system perspective, this research focuses on ensuring the safe and secure operation of the cyber enabled ship. To this end, a reference architecture for the cyber physical systems onboard has been proposed, to allow the security analysis of the cyber enabled ship. Further, relevant security threats and risks have been identified and assessed; security and safety requirements have been identified; and potential attack paths between the ship’s components have been analyzed towards defining a secure system architecture of such vessels. Additionally, the treatment of the assessed security risks has been studied, and optimal sets of security controls have been proposed. Last, a reference architecture of a testbed to validate the results of this project and to test the security posture of the cyber enabled ship’s cyber physical systems has been proposed.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Jianying Zhou, iTrust Centre for Research in Cyber Security, Singapore University of Technology and Design, Singapore, Singapore.
• Second external opponent: Associate Professor Cristina Alcaraz, Computer Science Department, University of Malaga, Malaga, Spain.
• Internal member and committee administrator: Associate Professor Basel Katt, Department of Information Security and Communication Technology, NTNU Gjøvik.

Georgios Kavallieratos carried out his PhD work at the Department of Information Security and Communication Technology, Gjøvik, NTNU.

His main supervisor was Professor Sokratis Katsikas, IIK, NTNU and co-supervisors Professor Slobodan Petrović, IIK, NTNU, Associate Professor Edmund Førland Brekke, ITK, NTNU and Associate Professor Hao Wang, IDI, NTNU.

Congratulations!

Aida Mehdipour Pirbazari successfully completed her PhD trial lecture and thesis defense at the University of Stavanger, the 31st of May 2021 and was awarded the degree of Doctor of Philosophy.

The title of her thesis is “Predictive Analytics for Maintaining Power System Stability in Smart Energy Communities”.

Aida Mehdipour Pirbazari carried out her PhD work at the Department of Electrical Engineering and Computer Science, University of Stavanger in Stavanger.

Her main supervisor was Professor Chunming Rong, University of Stavanger and co-supervisor Associate Professor Antorweep Chakravorty, University of Stavanger.

Congratulations!

Manish Shrestha

The title of his thesis is “LightSC: A light-weight security classification methodology to design and evaluate security of IoT systems” and the given topic for his trial lecture was “Privacy-preserving Machine Learning: Overview and discussion of privacy-enhancing technical approaches for privacy challenges with ML”.

The Internet of Things (IoT) emerged with purely functional purposes providing sensing, connectivity, and control features at a lower cost with little concern for security.

However, the increasing number of cyber-attacks and wider adoption of IoT systems in diverse domains have raised security and privacy challenges. Despite available mechanisms, several IoT systems still lack adequate security implementation. We observed that current security approaches are expensive, time-consuming, and are substantially dependent on security experts and thus are not feasible for low-cost consumer IoT systems. Therefore, this thesis proposes a new goal-based, light-weight methodology called LightSC for IoT systems. The LightSC is tailored for non-security-experts, who can select appropriate connectivity and security mechanisms to obtain the desired security level in their system. We also have proposed a tool to support to make the LightSC methodology, which can be integrated into a DevSecOps tool-chain. DevSecOps refers to a set of practices of integrating development, security, and operation to streamline the system development life cycle process.

The LightSC tool was evaluated by real stakeholders (mostly non-experts) by successfully applying it to nineteen different IoT systems. We believe that our work will help industries to design and develop secure IoT systems, regulatory bodies to establish and enforce security regulations, and end-users to become aware of selecting adequately secure IoT products.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Sokratis Katsikas, NTNU, Norge.
• Second external opponent: Professor Simone Fischer-Hübner, Karlstad Universitet, Sverige.
• Internal member: Professor Paal Engelstad, Department of Technology Systems, University of Oslo, Norway.
• Chair of defence: Professor Cecilie Rolstad Denby, Department of Technology Systems, UiO.

Manish Shrestha carried out his PhD work at the Department of Technology Systems, University of Oslo.

His main supervisor was Dr Christian Johansen, Department of Informatics, UiO and co-supervisors Professor Josef Noll, Department of Technology Systems, UiO and Dr Davide Roverso, eSmart Systems AS.

Congratulations!

The title of her thesis is “Cryptographic Tools for Cloud Security” and the given topic for her trial lecture was “Fully Homomorphic Encryption and its Applications”.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

• First external opponent: Professor Ivan Damgård, Aarhus University, Denmark.
• Second external opponent: Professor Liqun Chen, University of Surrey, United Kingdom.
• Internal member and committee administrator: Associate Professor Jiaxin Pan, Department of Mathematical Sciences, NTNU.

Yao Jiang carried out her PhD work at the Department of Mathematical Sciences, Trondheim, NTNU.

Her main supervisor was Professor Kristian Gjøsteen, IMF, NTNU and co-supervisor Professor Colin Boyd, IIK, NTNU.

Congratulations!

The title of her thesis is “Analysis, classification and construction of optimal cryptographic Boolean functions”.

Irene Villa carried out her PhD work at the Department of Informatics, University of Bergen.

Her main supervisor was Lilya Budaghyan.

Congratulations!

Andrea Tenti

The title of his thesis is “Sufficiently overdetermined random polynomial systems behave like semiregular ones” and the topic of her trail lecture was: “Cryptanalysis of AES”.

Andrea Tenti carried out his PhD work at the Department of Informatics, University of Bergen.

His supervisors were  Igor A. Semaev and Tor Helleseth.

Congratulations!

Elahe Fazeldehkordi successfully completed her PhD trial lecture and thesis defense at the Department of Technology Systems, University of Oslo on Tuesday, the 16th of March 2021 and will be awarded the degree of Doctor of Philosophy.

The title of her thesis is “Security and Privacy Solutions in IoT and Distributed Systems Design” and the given topic for her trial lecture was “Executable UML models: formal modelling and verification of functional correctness and safety properties”.

New distributed systems in computing technology are appearing on the market day by day. Consequently, new security and privacy challenges arise when designing these systems. These challenges demand a need to look for comprehensive and more precise approaches that can provide higher levels of security, privacy, and trust from the design phase in these systems.

In order to develop systems including open distributed systems, we need techniques and tools for specification, design, and code generation. For the initial ideas of such systems, it is desirable to use graphical notations, so that ideas can easily be understood. This is relevant for the early design phase. Once the ideas are agreed upon, it is then desirable to have a formal basis for the specifications of the desired system, in order to support rigorous reasoning about specifications and designs. This can be done in the late design phase.

Existing documents for security and privacy requirements and functionalities in IoT systems lack some of the security functionalities, and in particular, they do not focus on privacy issues or are presented only in textual form, without defining a framework. Structures of these documents are also complicated. Systems are often made without the help of security and privacy experts. So a comprehensive graphical representation framework is needed and should be easy to follow, even for non-experts.

Formal methods have come into wide use in the design and verification of safety, security, and privacy of systems in the industry, because they are very effective in verifying safety, security, and privacy requirements of systems, requirements for which testing is mostly ineffective. Formal verification techniques can guarantee that a design is free of specific flaws.

Provability of IoT and distributed systems depends on the language used to model the system, its semantics, and the kind of system properties to prove and the techniques used to verify them. One may take a bottom-up approach, starting with low level languages in use, or one may take a top-down approach, starting with a more abstract language with an expressiveness suitable for IoT and distributed systems. Such a language can be used to model IoT and distributed systems, and if the language is executable, it can be used for simulation and prototyping of IoT and distributed systems, and if the language is imperative with standard mechanisms such as object orientation, IoT and distributed models made in the language can easily be translated to more low level languages. The latter approach also has the advantage that one can define the language and its semantics so that it is amenable to semantical analysis and verification. Additionally, this approach makes program reasoning simple and powerful.

The active object paradigm provides a natural way of modeling distributed systems in general, and IoT systems in particular, because it covers the fundamental aspects of IoT systems such as distribution of concurrent, autonomous units communicating by message passing, where each unit can run on a device with limited processing power and limited storage.

In this thesis, we focus on two aspects of the design phase to develop methodologies to improve security, privacy, and trust levels of IoT and distributed systems. Firstly, we consider the early design phase, where the architecture of a system is being developed, focusing on the setting of IoT systems. Secondly, we consider the late design phase, where models, in particular executable models and prototypes are designed, focusing on IoT systems and also the more general setting of distributed systems. For the modeling related to the late design phase, we limit our work to the active object paradigm. In particular, we find techniques for increasing the security level of the overall IoT systems using a security and privacy functionality framework, and a technique for detecting potential vulnerabilities that can cause distributed denial of service (DDoS) attacks using static analysis technique. In addition, we developed a language-based approach to provide trust, safety, security, and privacy for smart contracts.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

• First external opponent: Jüri Vain, Tallinn University of Technology, Department of Software Science, Estonia.
• Second external opponent: Svetlana Boudko, Norwegian Computing Center, Norway.
• Internal member: Professor Paal Engelstad, Department of Technology Systems, UiO.
• Chair of defence: Head of Department Stian Løvold, Department of Technology Systems, UiO

Elahe Fazeldehkordi carried out her PhD work at the Department of Technology Systems, University of Oslo.

Her main supervisor was Professor Olaf Owe, Department of Informatics, University of Oslo and co-supervisors Professor Josef Noll, Department of Technology Systems, University of Oslo, Postdoctoral Fellow Toktam Ramezanifarkhani, Department of Informatics, University of Oslo and Associate Professor Christian Johansen NTNU, Norway.

Congratulations!

Ashish Rauniyar successfully completed his PhD trial lecture and thesis defense at the Department of Informatics, University of Oslo on Tuesday, the 2nd of March 2021 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Exploring and Enhancing Spectral and Energy Efficiency of Non-Orthogonal Multiple Access in Next-Generation IoT Networks” and the given topic for his trial lecture was “Analysis of 5G backbone as fibre replacement in rural areas”.

The next generation of Internet of Things (IoT) networks is expected to meet the capacity demand of billions of IoT devices. Moreover, to provide massive connectivity requirements of IoT sensors and devices and to ameliorate their capacity demands, Non-Orthogonal Multiple Access (NOMA) has been considered as a potential candidate for the 5G and future network. Another key objective of the next generation of IoT network is also to maximize the energy-efficiency. To this end, Simultaneous Wireless Information and Power Transfer (SWIPT) has been contemplated as a viable solution to self-sustainable communication in IoT networks.

In this dissertation, different from the state-of-the-art methods and architectures, we propose and investigate several spectral and energy-efficient NOMA-SWIPT architectures for future IoT networks. We also discuss user pairing issues in NOMA. We propose an adaptive user pairing scheme that shows the capacity enhancement of NOMA systems. Since NOMA is fragile to interference, an energy-efficient distributed power control in NOMA using Reinforcement Learning (RL) based Game Theoretic approach is also proposed. Finally, this dissertation proposes and investigates different models by consolidating direct links to enhance the cooperative NOMA-SWIPT systems’ performance significantly. We believe that the study and results presented in this dissertation might be potentially useful to network operators, researchers, and scientists in the wireless networking community who want to assess NOMA characteristics to design next-generation IoT networks.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Associate Professor Chiara Buratti, Department DEI, University of Bologna, Italy.
• Second external opponent: Professor Ingrid Moerman, Ghent University, Belgium.
• Internal member: Professor Josef Noll, Department of Technology Systems, University of Oslo, Norway.
• Chair of defence: Professor Stephan Oepen, Department of Informatics, UiO.

Ashish Rauniyar carried out his PhD work at the Department of Informatics, University of Oslo.

His main supervisor was Professor Paal Engelstad, Department of Technology Systems, UiO and co-supervisor Senior Researcher Olav Norvald Østerbrø, Telenor.

Congratulations!

Cristina Viorica Heghedus successfully completed her PhD trial lecture and thesis defense at the University of Stavanger, the 7th of February 2020 and was awarded the degree of Doctor of Philosophy.

The title of her thesis is “Dynamic Machine Learning Approaches for Data Driven Energy Informatics”.

Cristina Viorica Heghedus carried out her PhD work at the Department of Electrical Engineering and Computer Science, University of Stavanger in Stavanger.

Her main supervisor was Professor Chunming Rong, University of Stavanger and co-supervisor Associate Professor Antorweep Chakravorty, University of Stavanger.

Congratulations!

Flávia Dias Casagrande successfully completed her PhD trial lecture and thesis defense at the Department of Informatics, University of Oslo on Friday, the 13th of December 2019 and was awarded the degree of Doctor of Philosophy.

The title of her thesis is “Sensor Event and Activity Prediction using Binary Sensors in Real Homes with Older Adults” and the given topic for her trial lecture was “Ambient Intelligence for Sensor Network”.

A fair amount of research on smart home functions has aimed at assisting older adults in their everyday life. The implementation of these functions relies on the performance of activity recognition and prediction algorithms. The research literature contains a number of well-performing algorithms for activity recognition and prediction. However, most of this work uses data collected in controlled environments (e.g. lab environments) using scripted activities.

This thesis applied, evaluated, and compared the performance of state-of-the-art prediction algorithms in real-world scenarios. The project conducted a field trial including eight smart homes with one resident each, located in a care facility in Oslo for older adults over 65 years old. The homes have about 15 sensors, including motion, magnetic, and power sensors. Probabilistic methods and neural networks were applied to predict the next sensor event and activity of daily living in the home, as well as its time of occurrence.

The work shows that it is possible to achieve acceptable prediction accuracy with few sensors and about three weeks of collected data. Transfer learning between apartments has also shown to be well performing. In addition, the study can be useful for deciding which prediction methods to use depending on the case, and in accordance with project constraints (e.g. the number of sensors, user privacy).

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

• First external opponent: Professor Ahmad Lotfi, School of Science & Technology, Nottingham Trent University, United Kingdom.
• Second external opponent: Professor Svetlana Yanushkevich, Department of Electrical and Computer Engineering, University of Calgary, Canada.
• Internal member: Professor Carsten Griwodz, Department of Informatics, University of Oslo, Norway.
• Chair of defence: Lecturer Dag Langmyhr, Department of Informatics, University of Oslo.

Flávia Dias Casagrande carried out her PhD work at the Department of Informatics, University of Oslo.

Her main supervisor was Associate Professor Evi Zouganeli, Oslo Metropolitan University, Norway and co-supervisor Professor Jim Tørresen, Department of Informatics, University of Oslo, Norway.

Congratulations!

Siri Bromander successfully completed her PhD trial lecture and thesis defense at the Department of Informatics, University of Oslo on Friday, the 19th of March 2021 and will be awarded the degree of Doctor of Philosophy.

The title of her thesis is “Understanding Cyber Threat Intelligence – Towards Automation” and the given topic for her trial lecture was “The JOSE security scheme”.

Cyberattacks have the realistic potential of causing serious harm to humans, their assets and business processes. Cybersecurity is aimed at detecting, blocking and mitigating such threats and cyber threat intelligence is used to inform the decisions on how to respond to the ever-changing threats in and from cyber space. Increasing the effectiveness of cyber threat intelligence strengthens the collective digital defense.

Cyber threat intelligence is collection, analysis and dissemination of relevant data, information and knowledge about cyber threats. Automation of such efforts increases the efficiency and allows use of advanced analysis techniques which requires large computational power. Such automation requires machine readable content. Standardization and structure provides a computer with the ability to read and process data, information and potentially knowledge.

This thesis gives an overview of what cyber threat intelligence is and the status of standardization efforts within the domain. A datamodel which provides automation possibilities is suggested and explained.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

• First external opponent: Professor Geir Myrdahl Køien, University of South-East Norway (USN), Norway.
• Second external opponent: Professor Kathryn Laskey, George Mason University, USA.
• Internal member: Professor II Ketil Stølen, Department of Informatics, University of Oslo, Norway and SINTEF.
• Chair of defence: Professor Carsten Griwodz, Department of Informatics, UiO

Siri Bromander carried out her PhD work at the Department of Informatics, University of Oslo.

Her main supervisor was Professor Audun Jøsang, Department of Informatics, University of Oslo and co-supervisors Senior Security Analyst and Head of Research Martin Eian, mnemonic, Associate Professor Christian Johansen, NTNU, Norway and Professor Katrin Franke, NTNU, Norway.

Congratulations!

Shukun Tokas successfully completed her PhD trial lecture and thesis defense at the University of Oslo on Friday, the 19th of February 2021 and will be awarded the degree of Doctor of Philosophy.

The title of her thesis is “Analysis and Enforcement of GDPR-related Privacy Principles in Object-Oriented Distributed Systems” and the given topic for her trial lecture was “Temporal logics: Theory, tools and applications”.

Main research findings

Privacy is recognized as a fundamental human right in the European Union, giving the right to a private life and associated freedom. In the midst of digital disruption, to have a meaningful balance between the fundamental privacy rights, innovation, and economic growth, it is therefore important to consider privacy as a primary requirement in system engineering. This thesis provides fundamental computing concepts for privacy, in order to facilitate construction of privacy-compliant systems.

By making privacy as an intrinsic component in design and development of systems, contributions of this thesis provide a way to turn privacy needs into tangible controls and a way to verify if the system is privacy compliant. In particular, the thesis focus on GDPR’s specific privacy requirements: data protection by design and data subject access request. There is a growing demand for verifiable privacy compliance in order to produce evidence for regulatory requirements such as accountability, transparency, etc. And this research work is at the intersection of GDPR-related privacy requirements and formal methods to facilitate a formal specification and verification of privacy compliance.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

• First external opponent: Professor Issa Traore, University of Victoria, Canada.
• Second external opponent: Professor Erika Ábrahám, RWTH Aachen University, Germany.
• Internal member: Researcher Silvia Lizeth Tapia Tarifa, Department of Informatics, University of Oslo, Norway.
• Chair of defence: Professor Carsten Griwodz, Department of Informatics, UiO

Shukun Tokas carried out her PhD work at the Department of Informatics, University of Oslo.

Her main supervisor was Professor Olaf Owe, Department of Informatics, UiO and co-supervisors Professor Martin Steffen, Department of Informatics, UiO and Postdoctoral Fellow Toktam Ramezanifarkhani, Department of Informatics, UiO.

Congratulations!

Songpu Ai successfully completed his PhD trial lecture and thesis defense at the University of Stavanger, the 30th of April 2019 and was awarded the degree of Doctor of Philosophy.

The title of his thesis is “Household energy management system in energy internet”.

Songpu Ai carried out his PhD work at the Department of Electrical Engineering and Computer Science, University of Stavanger in Stavanger.

His main supervisor was Professor Chunming Rong, University of Stavanger and co-supervisor Associate Professor Antorweep Chakravorty, University of Stavanger.

Congratulations!

Adam Szekeres successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Tuesday, the 1st of December 2020, and will be awarded the degree of Doctor of Philosophy in Information Security and Communication Technology.

The title of his thesis is “Human Motivation as the Basis of Information Security Risk Analysis” and the given topic for his trial lecture was “Cybersecurity and AI”.

The importance of human decision-making in security is highlighted by the fact that the concept of security exists for a fundamental reason: stakeholder incentives can be misaligned i.e. there may exist at least one person who would benefit from causing a loss to another entity. The previously established Conflicting Incentives Risk Analysis (CIRA) method places the strength of human motivation at the centre of the risk analysis process. As the purpose of risk analysis is to make predictions about potential future events to guide resource allocations, CIRA relies on predictions about the behavior of key stakeholders in the future. The method’s real-world applicability depends on the accuracy with which strategic stakeholder decisions can be predicted. Therefore, there is a need for the reliable and valid assessment of human motivation underlying observable behaviour. This thesis contributes to the literature of information security risk analysis by investigating the predictability of human behavior and by integrating a major motivational theory into CIRA’s existing framework. This work assumes highly restricted environments with adversarial stakeholders who may be inaccessible for traditional psychological assessment methods and non-cooperative with an analyst, which requires the use of unobtrusive methods for inferring relevant motivational profile information about stakeholders. The overall goal is to provide a better understanding about the connection between basic human motivations and the resulting risks which may pose a threat to the safety and security of societies relying on Smart Grids enabled by IoT technologies.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Steven Furnell, School of Computer Science, University of Nottingham, Nottingham, United Kingdom.
• Second external opponent: Professor Mariëlle Stoelinga, Faculty of Electrical Engineering, Mathematics and Computer Science, University of Twente, Enschede, The Netherlands.
• Internal member and committee administrator: Associate Professor Basel Katt, Department of Information Security and Communication Technology, NTNU Gjøvik.

Adam Szekeres carried out his PhD work at the Department of Information Security and Communication Technology, Gjøvik, NTNU.

His main supervisor was Professor Einar Snekkenes, IIK, NTNU and co-supervisor Associate Professor Laura Georg Schaffner, IIK, NTNU.

Congratulations!

The aim of the annual NISK conference series was to be presenting new research and developments in the field of ICT security and privacy, and bringing together people from universities, industry, and public authorities. Both national and international contributions by researchers, practitioners, and PhD- and Master thesis students presenting new problems and solutions within topics on ICT security were invited.

COINS supported several students to attend the NISK 2020 online:

1. Lise Millerjord, NTNU
2. Bálint Zoltán Téglásy, NTNU
3. Prosper Yeng, NTNU
4. Wrya Kadir, UiB
5. Muhammad Mudassar Yamin, NTNU
6. Aida Akbarzadeh, NTNU
7. Merve Bas Seyyar, NTNU
8. Livinus Obiora Nweke, NTNU
9. Kelsey Moran, NTNU

COINS supported Aida Akbarzadeh to attend the ACM CCS 2020 online.

Antonio Gonzalez Burgueño

The title of his thesis is “Formal Analysis for Security Ceremonies” and the given topic for his trial lecture was “Verifying and attacking machine learning systems for cyber security”.

In this thesis, he has developed a mathematical framework that can be used to accurately represent and reason about communication processes that include different kinds of actors, including human beings, with different capabilities and knowledge.

He has also used this mathematical framework to analyze the security properties of a range of systems, including the YubiKey authentication device and its secure hardware module (YubiHSM) used by a wide range of companies like Google, Facebook, GitHub or Microsoft. Furthermore, it provided him with the possibility to analyze security properties as secrecy and authentication in communication processes in which different actors with different capabilities and knowledge, including human beings, can interact to achieve a common goal.

He also presents how some of today’s modern security systems, as the RSA Laboratories Public Key Standards PKCS#11, a standard in the industry, the YubiKey, and the YubiHSM, can be logically and automatically analyzed using the state-of-the-art Maude-NPA security analysis tool. This research progresses with the research on the PKCS#11 verification by performing the API analysis in a more general and realistic model than in other previous works. Besides, by using the Maude-NPA tool, we can perform the analysis of the PKCS#11 API in a fully-unbounded session model. Furthermore, in the YubiKey and YubiHSM devices’ analysis, we automatically prove the secrecy and authentication properties of YubiKey and found two different attacks on the YubiHSM HSM, going further than any other previous work.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Associate Professor Osman Hasan, National University of Science & Technology, Pakistan.
• Second external opponent: Senior Scientist Gudmund Grov, Norwegian Defence Establishment, Norway.
• Internal member and committee administrator: Associate Professor Nils Gruschka, Department of Informatics, University of Oslo, Norway.
• Chair of defence: Associate Professor Petter Nielsen, Department of Informatics, UiO

Antonio Gonzalez Burgueño carried out his PhD work at the Department of Informatics, Faculty of Mathematics and Natural Sciences, University of Oslo.

His main supervisor was Professor Peter Csaba Ølveczky, Department of Informatics, UiO and co-supervisor Professor Olaf Owe, Department of Informatics, UiO.

Congratulations!

Srimathi Varadharajan successfully completed her PhD trial lecture and thesis defense at the University of Bergen, on the 22nd November 2019 and on the 28th of April 2020, respectively, and will be awarded the degree of Doctor of Philosophy.

The title of her thesis is “Hard Mathematical Problems in Cryptography and Coding Theory” and the topic of her trail lecture was: “Fermat’s last theorem”.

Cryptography and code theory are two important fields of communication exchange. Code theory is about how information can be represented in a way that makes it possible to automatically correct errors that occur during shipping. Cryptography deals with techniques to keep information secret and to ensure that information has not been changed between sender and recipient. Both fields are based on difficult mathematical problems.

Srimathi’s dissertation deals with a variety of such problems and studies possible algorithms to solve them. One example of such a problem is the factoring of large numbers into their prime factors, which form the basis for much of the security of the Internet today. Another example is the problem of finding the shortest vector in a so-called lattice. It is known that a quantum computer can effectively solve the factorization problem, while it is believed that it is not possible to effectively solve the shortest-vector problem, even with a quantum computer. Lattice-based cryptography is therefore a good candidate for securing the Internet of the future, and it is important to understand how difficult this problem is and what makes it difficult.

Srimathi Varadharajan carried out her PhD work at the Department of Informatics, University of Bergen.

Her main supervisor was Håvard Raddum, Simula.

Congratulations!

Samson Yoseph Esayas successfully completed his PhD trial lecture and thesis defense at the University of Oslo on Monday, the 20th of April 2020 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Data Privacy and Competition Law in the Age of Big Data. The Commercialization of Personal Data and Its Implications for the Foundations and Policy Boundaries of Data Privacy and Competition Law” and the given topic for his trial lecture was “The Interface between Data Protection Rules and Competition Law”.

In recent years, we have seen the emergence of companies where the core of business models is built around monetization of users’ personal data. At the forefront of this effort, we find companies such as Google and Facebook, which collect and analyze huge amounts of consumer data – where they are, what devices they use, what they buy and various categories of their online behavior. The availability of such huge amounts of data allows these companies to deliver accurate online advertising. This ad-based business model has enabled these companies to climb to the top of the hierarchy of the most valuable businesses.

The commercialization of personal data drives companies to expand the scope and scope of data collection, which in turn creates significant challenges for the application of EU privacy rules. Google’s aggressive expansion into a number of new product areas is a case in point, as the company collects and combines personal information from more than 100 consumer-focused services.

The thesis argues that such a development gives rise to two important challenges – one institutional and the other material. The institutional challenge is related to the difficulty of applying current rules as companies begin to collect and combine data across hundreds of services – that is, a scaling issue. This is because the application of the rules is based on the possibility of separating the various services for which the data is collected (processing activities) and relating each individual personal data to one specific service (processing activity). The material challenge is linked to the inadequacy of current rules when dealing with emergent privacy risks, such as overexposure of the individual and loss of practical access barriers. These risks are “emergent” in the sense that the sum, that is, the data aggregated from the numerous services contains risks not found in the individual data sets (treatment activities). In light of these challenges, the dissertation emphasizes the need for a holistic approach that considers imposing increased responsibilities on some entities, taking into account the totality of the processing activities and the practice of data aggregation.

With the commercialization of personal data, competition supervision in the EU and the US has begun to recognize privacy as a competitive parameter that is not about price. Despite this recognition, there is little general theoretical literature on this topic. The dissertation seeks to fill this void by outlining various claims theories to incorporate privacy as a non-price element into merger assessments, and to discuss various anti-competitive practices affecting privacy.

Privacy cartels: At the center of the competition rules is the ban on cartels – rival companies are prohibited from entering into price agreements. However, price as a competitive parameter is largely absent in many digital services, where users often “pay” by handing over their personal information. The question is whether users’ privacy can become the new arena for cartel agreements. The answer is yes, it can be – and it has been. The agreement between Google and Eyeo, the company that owns the Adblock Plus anti-tracking and ad blocking software, is a good example. Google paid Eyeo millions for Eyeo agreeing to curtail ad blocking activity and scale down investment in the market. The German and Austrian Competition Authority decided that the agreement was anti-competitive.

The thesis makes use of elements of system theory, in particular the concept of emergent properties to answer the research questions. In particular, two lessons learned from emergent properties are worth highlighting: first, although the idea of ​​”one thing at a time” is a useful guiding principle in life, it may not be appropriate in a world where the line between one thing and another is unclear. Even more important is that the law in general, but the privacy and competition law in particular, recognizes the possibility that the sum of fully lawful behaviors can nevertheless create behaviors that are not in compliance with the law or that violate the intent of the law.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Björn Lundqvist, Stockholm University, Sweden.
• Second external opponent: Professor Orla Lynskey, London School of Economics and Political Science, UK.
• Internal member: Professor Eirik Østerud, University of Oslo.
• Head of defence: Deputy Dean Tarjei Bekkedal

Samson Yoseph Esayas carried out his PhD work at the Department of Private Law, University of Oslo.

His main supervisor was Professor Lee Andrew Bygrave, Department of Private Law, University of Oslo and co-supervisor Professor Inger Ørstavik, Department of Private Law, University of Oslo.

Congratulations!

Desta Haileselassie Hagos successfully completed his PhD trial lecture and thesis defense at the University of Oslo on Wednesday, the 15th of April 2020 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Discovering the Dynamic Complexity of TCP Using Machine Learning and Deep Learning Techniques” and the given topic for his trial lecture was “MultiPath TCP and RTP / RTCP protocols: motivations, mechanisms, deployment, and performances”.

The doctoral thesis mainly focuses on monitoring of internal TCP conditions in the end nodes, based on analysis of passive traffic measurements carried out in an intermediate node in the network. The research is believed to be industry-relevant, as passive traffic measurement is a method increasingly used by network operators and Internet service providers to analyze the communication performance of network-based applications and services. The work proposes different models and solutions for predicting TCP conditions in the end node, and presents experiments that indicate that the predictions provide relatively good accuracy over different validation scenarios and over the use of different TCP variants.

The work presented in this dissertation aims to obtain detailed knowledge about the end hosts by monitoring information of the packets that pass through the network, and by employing machine learning and deep learning-based techniques on the monitored network traffic. Since machine learning and deep learning methods are good at coping with complex tasks and massive amounts of data, they might play an important role in predicting the TCP per-connection internal states. Understanding the dynamic complexity of the internal states of TCP is a fundamental challenge, and especially demanding due to the dynamics and complexity of modern networks. Even though this is the main objective of the dissertation, our work shows that related techniques can also be used to find other information about the hosts,

The analyzes of this dissertation focus mainly on TCP internal state monitoring from passive traffic measurements. We believe that our work will be useful to the industry as passive measurements are becoming increasingly useful for network operators and Internet Service Providers to evaluate the communication performance of applications and services running on their networks. Our experimental results indicate the effectiveness of the proposed prediction models with reasonably good accuracy across different validation scenarios and multiple TCP variants

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Nadjib Aait Saadi, UVSQ Paris-Saclay University, France.
• Second external opponent: Associate Professor Marija Slavkovik, University of Bergen, Norway.
• Internal member and committee administrator: Professor Josef Noll, Department of Technology Systems, University of Oslo.

Desta Haileselassie Hagos carried out his PhD work at the Department of Technology Systems, University of Oslo.

His main supervisor was Professor Paal Einar Engelstad, Department of Technology Systems, University of Oslo and co-supervisors Professor Øivind Kure, Department of Technology Systems, University of Oslo and Professor Anis Yazidi, OsloMet.

Congratulations!

Benjamin James Knox successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Friday, the 29th of May 2020 and will be awarded the degree of Doctor of Philosophy in Information Security and Communication Technology.

The title of his thesis is “Cyberpower Praxis: A Study of Ways to Improve Understanding and Governance in the Cyber Domain” and the given topic for his trial lecture was “Gamification and information privacy education”.

His thesis presents a route to better cyberpower praxis by encouraging a more open, holistic and flexible way of thinking about competence development for learners in the cyber domain. Attempting to combine capacities and skills on multiple plains via alternative forms of education can help build understanding around a common goal of harnessing or defeating cyberpower effects.

Deterring threats and reducing an adversary’s attack surface in the cyber domain is complex and requires multiple levels of control. One such level is the human cyber operator. The task characteristics of cyberspace operations require effective coordination between multiple agents and asset types (human, technical, tangible and intangible). To support performance, cyberoperators will likely benefit from the psychological characteristics of cognitive agility: self-regulated individuals with openness, flexibility, and adaptability. Therefore, the objective of his thesis is to identify ways to develop the cognitive competencies that support better domain cognisance and self-governance capabilities among novice level cyber operators.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Emeritus Rossouw von Solms, Department of Computer Science & Information Technology, School of Information and Communication Technology, Nelson Mandela University, Port Elizabeth, South Africa.
• Second external opponent: Assistant Professor Aggeliki Tsohou, Department of Informatics, Faculty of Information Sciences and Informatics, Ionian University, Corfu, Greece.
• Internal member and committee administrator: Associate Professor Basel Katt, Department of Information Security and Communication Technology, NTNU Gjøvik.

Benjamin James Knox carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

His main supervisor was Professor Sokratis Katsikas, Department of Information Security and Communication Technology, NTNU and co-supervisors Professor Kirsi Helkala, Norwegian Defence Cyber Academy, and Professor Stefan Sütterlin, Østfold University College.

Congratulations!

The title of his thesis is “A Multi-Discipline Approach for Enhancing Developer Learning in Software Security” and the given topic for his trial lecture was “Quantitative Approaches to Software Quality Measurement”.

Today’s software is still insecure. Many software developers lack knowledge about secure software development and that is a major problem.

Wen’s thesis investigates how developers’ learning of software security can be enhanced and draws from cross-disciplinary thinking at the intersections of sociology, education, software engineering and others.

The contextual factors that affect developers’ learning of software security are investigated and a context-based learning tool for effective security education and learning is suggested. With that, this thesis contributes to the fields of software development and security education.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Associate Professor Lynn Futcher, Department of Information Technology, School of Information and Communication Technology, Nelson Mandela University, Port Elizabeth, South Africa.
• Second external opponent: Associate Professor Anh Nguyen Duc, Department of Business and IT, School of Business, The University of South-Eastern Norway (USN), Bø, Norway.
• Internal member and committee administrator: Associate Professor Hao Wang, Department of Computer Science, NTNU, Gjøvik, Norway.

Shao-Fang Wen carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

His main supervisor was Associate Professor Basel Katt, Department of Information Security and Communication Technology, NTNU and co-supervisors Professor Stewart James Kowalski, Department of Information Security and Communication Technology, NTNU, and Professor Rune Hjelsvold, Department of Computer Science, NTNU.

Congratulations!

GDPR enforcement has begun, and your organization can’t afford inadequate compliance. As of July 2019, data protection authorities have announced 360 million euros in fines against organizations ranging from real estate management firms to hotel chains to airlines. More than 300,000 cases and complaints are pending with authorities across the EU.

The IAPP’s GDPR Ready training was organized to

• understand GDPR requirements,
• know which provisions apply to your organization,
• learn how to design a response that meets regulatory requirements and builds customers’ confidence
• gain the knowledge to become a GDPR-ready privacy pro or the certified DPO (data protection officer) so many organizations need. (The IAPP estimates it will take 75,000 DPOs to meet GDPR compliance requirements.)

GDPR compliance starts with knowledge.

Recent research has established that it takes more than 20 hours of training just to acquire a workable understanding of the GDPR, and even more to prepare for a DPO position. The IAPP’s GDPR Ready training courses are recognized as the most effective way to prepare for these all-important roles.

COINS supported Shukun Tokas to attend the IAPP’s GDPR Ready 4-Day Bundle in London, UK.

Pawel Grzegorz Drozdowski

The title of his thesis is “Efficient privacy-preserving biometric identification in large-scale multibiometric systems” and the given topic for his trial lecture was “Balancing Privacy vs Security in Modern Societies”.

Nowadays, biometrics find application as an integral component of identity management systems. The recent rapid growth of size and popularity of such systems has prompted research into technologies which support efficient, secure, and accurate processing of large amounts of biometric data.

The goal of this thesis is development of computationally efficient algorithms and data structures specifically for biometric identification (1:N search). The methods proposed in the thesis facilitate real-time search queries on large biometric datasets, while simultaneously assuring biometric data protection and incorporating multi-biometric information fusion.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Associate professor Vitomir Štruc, Faculty of Electrical Engineering, University of Ljubljana, Slovenia.
• Second external opponent: Associate Professor Hugo Pedro Proença, Department of Computer Science, University of Beira Interior, Portugal.
• Internal member and committee administrator: Associate Professor Sule Yildirim Yayilgan, Department of Information Security and Communication Technology, NTNU in Gjøvik, Norway.

Pawel Grzegorz Drozdowski carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

His main supervisor was Professor Christoph Busch, Department of Information Security and Communication Technology, NTNU and co-supervisor Dr. Christian Rathgeb, Hochschule Darmstadt, Germany.

Congratulations!

Asiacrypt 2019

Asiacrypt 2019 was organized by the International Association for Cryptologic Research (IACR) in cooperation with the technical group on Information Security(ISEC) of Institute of Electronics, Information and Communication Engineers(IEICE).

COINS supported Shuang Wu to attend the Asiacrypt 2019 in Kobe, Japan.

Herman Galteland successfully completed his fully digital PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Wednesday, the 15th of April 2020 and will be awarded the degree of Doctor of Philosophy in Mathematical Sciences.

The title of his thesis is “Malicious cryptography” and the given topic for his trial lecture was “Morality and Ethics of Cryptographic Work”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Liqun Chen, Department of Computer Science, University of Surrey, Surrey, UK.
• Second external opponent: Chief Research Scientist Martijn Stam, Simula UiB, Bergen, Norway.
• Internal member and committee administrator: Associate Professor Jiaxin Pan, Department of Mathematical Sciences, NTNU, Trondheim, Norway.

Herman Galteland carried out his PhD work at the Department of Mathematical Sciences, NTNU in Trondheim.

His main supervisor was Professor Kristian Gjøsteen, Department of Mathematical Sciences, NTNU and co-supervisor Professor Colin Alexander Boyd, Department of Information Security and Communication Technology, NTNU.

Congratulations!

The title of his thesis is “New Approaches to the Cryptanalysis of Block Ciphers” and the given topic for his trial lecture was “Side channel cryptanalysis and countermeasures”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Gregor Leander, Ruhr-University Bochum, Germany.
• Second external opponent: Senior Researcher HDR Maria Naya-Plasenci, INRIA Paris, France.
• Internal member and administrator: George Petrides, Associate Professor, Department of Informatics, University of Bergen.
• Leder of the defense Professor Trond Steihaug, Department of Informatics, University of Bergen.

Navid Ghaedi Bardeh carried out his PhD work at the Department of Informatics, University of Bergen.

His main supervisor was Associate Professor Sondre Rønjom, Department of Informatics, University of Bergen and co-supervisors were Professor Emeritus Tor Helleseth and Associate Professor Chunlei Li, both from Department of Informatics, University of Bergen.

Congratulations!

Norsk Kryptoseminar (The Norwegian Crypto Seminar) is an event that was started in 1998. The purpose was to bring together the cryptology environments in Norway to promote theory and practice in cryptology. The seminar was open to anyone who works with cryptology in Norway.

COINS supported seven students to attend the Norsk Kryptroseminar 2020 in Kjeller: Thor Tunge, Bor de Kock, Mattia Veroni, Morten Solberg, Lise Millerjord, Magnus Ringerud, Tjerand Aga Silde and Morten Øygarden. Here is their combined report from the event. A separete report of Morten Øygarden you can find here.

The title of his thesis is “Security in Interconnected Network Function Virtualisation Environments” and the given topic for his trial lecture was “Utilizing SDN in IoT-based Systems”.

Network Functions Virtualization (NFV) aims to change how network operators
handle their network equipment. It also aims to change how end-users shop their
network service. NFV is a paradigm shift of networking which consists of moving
the physical network appliances from hardware to software. This enables providers
to run these network devices in remote data centres. One example of this concept is
that end-users do no longer need to have a stack of residential network equipment.
They can simply move their network devices to the cloud. This concept of virtualising
network equipment has the potential to significantly reduce hardware cost,
decrease the time-to-market, expand the lifetime of the network devices and save
operational expenses. However, security remains a major concern for operators
and end-users before they are willing to adopt the technology more widely. The
border security arranged by physical network devices becomes more unclear for
the end-users, and they can easily question who has access to their virtual network
devices. The concept of virtualisation also enables the virtual network devices to
be run at any service provider. Then, this also questions what provider who has
access to what data. If all network traffic from the end-users are going through
multiple services at multiple providers, then the end-user can question, who has
access to what and who can access their data traffic? In fact, the end-users have
very little control over this. However, it is obvious that the privacy of the end-users
is important. They should be able to know what provider who can access their data
traffic, who can access what and whether they share an NFV network service with
someone else. They should also be able to know if their homes are protected from
cyber-attacks.
Correspondingly, the main objective of this research is to provide a mechanism
which ensures the confidentiality, integrity and availability of the end-users’ NFV
traffic. In particular, it aims to secure end-user communication when Internet Service
Providers are sharing virtual network service platforms between each other.
This includes protecting the integrity of the data traffic and achieving data traffic
confidentiality, which currently is very limited in NFV environments.
The first part of the research contains a study of the security implications of putting a virtual networking device into the cloud. This research aims to put a focus on
the aforementioned research challenge and investigate what security mechanisms
which can be used to achieve integrity and confidentiality. This research challenges
the current standards and asks whom the end-user can trust in a multi-provider
NFV environment. Further, this research results in a set of requirements which
must be fulfilled in order to achieve the security objectives.
These security concerns present a major obstacle for NFV adoption. Hence, the
second part of the research presents an architecture of how to overcome these
security challenges. The focus in these studies concerns how the access control can
be achieved by low-level packet isolation and how it can be abstracted to network
orchestration policies. The key elements in this research challenge are how to
exchange keys and how to steer encrypted data packets.
The last part of the research is related to the development of a framework which
supports the confidentiality, integrity and the availability of the data traffic in NFV.
Here, this research aimed to verify that the implementation of the architecture fulfils
the requirements which were developed in the first part of this research. The
final results show that these requirements are fulfilled. In the context of NFV adoption,
this research contribution of access control and confidentiality can affect the
perspective of security and trust in NFV networks for both end-users and operators.
Correspondingly, it can also have an impact on NFV adoption in general.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Lars Dittmann, Department of Photonics Engineering, Technical University of Denmark (DTU), Lyngby, Denmark.
• Second external opponent: Associate Professor Sandra Scott-Hayward, Institute of Electronics, Communications & Information Technology, Queen’s University Belfast, Belfast, United Kingdom.
• Internal member and committee administrator: Professor Peter Herrmann, Department of Information Security and Communication Technology, NTNU, Trondheim, Norway.

Håkon Gunleifsen carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

His main supervisor was Associate Professor Thomas Kemmerich, Department of Information Security and Communication Technology, NTNU and co-supervisor Professor Slobodan Petrović, Department of Information Security and Communication Technology, NTNU.

Congratulations!

Jayachander Surbiryala successfully completed his PhD trial lecture and thesis defense at the University of Stavanger, the 2nd of December 2019 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Information Processing in the Cloud. Resource Allocation and Security Perspective” and the given topic for his trial lecture was “Cryptographic Improvements in TLS 1.3 over 1.2: Whys and Hows”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Vladimir Oleshchuk, University of Agder, Grimstad, Norway.
• Second external opponent: Professor Tingting Zhang, Mid Sweden University, Sweden.
• Internal member: Associate Professor Leander Jehl, Department of Electrical Engineering and Computer Science, University of Stavanger.
• Leader of the defence: Head of department Tom Ryen, Department of Electrical Engineering and Computer Science, University of Stavanger.

Jayachander Surbiryala carried out his PhD work at the Department of Electrical Engineering and Computer Science, University of Stavanger in Stavanger.

His main supervisor was Professor Chunming Rong, University of Stavanger and co-supervisor Associate Professor Chunlei Li, University of Bergen.

Congratulations!

The aim of the NISK conference series was to be the principal Norwegian research venue for presenting and discussing developments in the field of ICT security and privacy, and bringing together people from universities, industry, and public authorities.

Both national and international contributions by researchers, practitioners, and PhD- and Master thesis students presenting new problems and solutions within topics on ICT security were invited.

NISK 2019 conference was co-located with COINS Ph.D. student seminar. COINS supported several students to attend the NISK 2019 in Narvik, Norway.

Here are their reports:

• Berglind Fjola Smaradottir
• Aida Akbarzadeh
• Mazaher Kianpour

Ambika Shrestha Chitrakar

The title of her thesis is “Constrained Approximate Search and Data Reduction Techniques in Cybersecurity and Digital Forensics” and the given topic for her trial lecture was “Quantum computing and security of the stream ciphers”.

Cybersecurity and digital forensics are two important fields for any society and business. Research in these fields is necessary to battle with the increasing digital crimes and investigations.

Advancement in digital technology, increasing number of digital sources, knowledge being easily accessible, and the increasing capability of the attackers bring many challenges in these domains. It is a necessity to be proactive and understand how the attackers think and how they can evade traditional defense tools and methods from their detection. This research work focuses on contributing to the state-of-the-art of mainly two issues in cybersecurity and digital forensics. The first one is for the challenges related to the search algorithms and the second one is for the challenges related to reducing the size of data for analysis.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

• First external opponent: Dr Luis Hernandez Encinas, Department of Information and Communication Technologies (TIC), Institute of Physical and Information Technologies (ITEFI), Spanish National Research Council (CSIC), Madrid, Spain.
• Second external opponent: Professor Vladimir Oleshchuk, University of Agder, Grimstad, Norway.
• Internal member and committee administrator: Associate Professor Sule Yildirim-Yayilgan, Department of Information Security and Communication Technology, NTNU, Gjøvik, Norway.

Ambika Shrestha Chitrakar carried out her PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

Her main supervisor was Professor Slobodan Petrović, Department of Information Security and Communication Technology, NTNU and co-supervisor Professor Katrin Franke, Department of Information Security and Communication Technology, NTNU.

Congratulations!

Decentralized has established itself as Europe’s premier conference on blockchain and digital currencies. Decentralized 2019 is one of the most popular events in Europe.

It hosted a total of 1500+ attendees, 40+ sponsors, 100+ speakers, 20+ exhibitors, 30+ media partners and attendees from 50+ countries. It was truly a global event with a focus on blockchain and decentralized ledger technology.

The Decentralized 2019 event brought the best academic experts and business executives from all around the world. They debated on future developments and current trends which were spread across three conference tracks.

• Business: Business leaders and executives discussed how digital currencies and blockchain have the potential to disrupt businesses.
• Technology: The professionals from digital currency and blockchain took on the latest development
• Academia: The researchers discussed how the blockchain space looks exciting and share their research.

COINS supported Abylay Satybaldy to attend the Decentralized 2019 in Athens, Greece.

The 3rd biannual IEEE Nordic Student and Young Professionals Congress 2019 was co-hosted by the IEEE Sweden Young Professionals affinity group and the IEEE Finland Young Professionals affinity group, with support from the respective student branches and women in engineering affinity groups.

The theme of this year’s event was sustainability, and all the lectures and workshops followed that theme. 5G solutions, smart cities, electric and smart vehicles, and smart energy storage are just some of the topics that were discussed during this year’s IEEE Nordic SYP.

The event began on Friday the 25th of October. Participants have taken from Arlanda airport to the cruise ship to set sail for Finland. Boarding began at 16:30. The attendees were then able to attend IEEE workshops and presentations on Friday evening before dinner, and a night’s entertainment.

After breakfast, the cruise arrived in Helsinki on Saturday morning at approximately 10:00 am. The day in Helsinki was based around the industry with talks from leading Nordic tech companies like Nokia.

Attendees then boarded the cruise ship again, for another evening of IEEE talks and workshops, followed by Gala dinner. After breakfast Sunday morning, the cruise arrived in Stockholm where there was a similar day of industry talks and workshops. The event was brought to a close Sunday evening and attendees were treated to a night of sightseeing and entertainment in Stockholm.

After breakfast on Monday morning, attendees were given help to get back to Arlanda to get their flights home.

COINS supported three students: Ashish Rauniyar, Debesh Jha and Desta Haileselassie Hagos to attend the IEEE Nordic Student and Young Professionals Congress 2019 in Helsinki, Finland / Stockholm, Sweden.

The title of his thesis is “Deep Learning for Fingerprint Recognition Systems” and the given topic for his trial lecture was “From Machine Learning to Deep Learning: Methods, Contour Conditions and Applications”.

Biometric recognition is a typical means to identify individuals or to verify claimed
identities. Use cases are manifold. For example, users can unlock their smartphones
for convenience by presenting their faces or fingerprints. Or one’s identity
is verified when crossing borders. Today, biometric recognition already has many
points of contact with our daily life and there are more to come.
Besides iris and face, fingerprint is the most wide spread biometric trait used for
recognition. Fingerprints are assumed to be unique for each and every finger. This
makes it an ideal trait for recognition. In addition, fingerprint recognition has more
than a century of tradition in the field of biometric recognition. A great amount
of expertise and engineering skill made it a quite mature technology over time.
Only few false positive and false negative errors are made in recognition in today’s
deployed systems.

However, fingerprint recognition is still far from being perfect. In contrast to popular
opinion, fingerprint recognition is not a solved problem. Actually, there is
still a lot of work to do. As biometric systems become larger and become more
inclusive, even new challenges arise. Systems need to deal with large amounts of
data while keeping performance with respect to recognition performance as well as
transaction times in a reasonable order. Recognition shall work for everyone and
shall not exclude a certain ethnic group or subset of the population. It will work
in unconstrained conditions. However, it shall still make no erroneous decisions.
Engineering may have come to its limits at this stage.
In contrast to classical engineering, machine learning based on artificial neural
networks may be a reasonable alternative. The emerging technologies of Deep
Learning achieve tremendous successes in many domains of image processing and
pattern recognition. This work assesses the application of such innovative machine
learning concepts to fingerprint recognition. Three central aspects and challenges
in fingerprint recognition are inspected in detail: fingerprint sample enhancement,
orientation field estimation, and efficient processing structures.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Raul Sanchez-Reillo, Electronics Technology Department, University Carlos III of Madrid (UC3M), Spain.
• Second external opponent: Associate Professor Raffaele Cappelli, Department of Computer Science and Engineering, University of Bologna, Italy.
• Internal member and committee administrator: Associate Professor Kerstin Bach, Department of Computer Science, NTNU.

Patrick Schuch carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

His main supervisor was Professor Christoph Busch, Department of Information Security and Communication Technology, NTNU and co-supervisor Professor Katrin Franke, Department of Information Security and Communication Technology, NTNU.

Congratulations!

The Training School featured a program of lectures delivered by leading experts in the area of 5G networks, from both academia and industry. The objective of the School was to give attendees a global view, with an insight into some specific aspects, on research in key features of the emerging 5G technologies from the networking perspective, addressing models, architectures and applications. Attendees had an opportunity to participate in stimulating discussions with lecturers, obtain useful feedback, and initiate new collaborations. Lectures provided the background on 5G wireless communications networks concepts, ranging from the more fundamental ones related to concepts and mathematical modelling to experimental and applied ones connected to the incoming standardisation features.

The School aimed at Ph.D. students who actively work on or are interested in future mobile networks.

COINS supported  Desta Haileselassie Hagos to attend the 8th Training School on Network Models, Architectures and Applications for 5G in Moscow, Russia.

COINS supported Elahe Fazeldehkordi to attend the GDPR course in Brussels, Belgium.

This OSM Hackfest offered a great opportunity to share and learn with OSM developers and module leaders, and explore opportunities for synergies and collaboration.

It allowed new users to get familiar with OSM Release SIX and exercise all the main functionalities, from basic operations (installation, setup, common operations, etc.) to most advanced capabilities, such as 5G network slicing with a big focus on VNF on-boarding activities covering Day 0/1/2 operations.

In addition, experienced users and developers had the opportunity to hack into OSM, build complex examples, fine-tune, test and demonstrate Release SEVEN and experimental features on the OSM Remote Labs network.OSM Hackfest participants learnt to:

• Install OSM and run some examples
• Get familiar with OSM’s GUI and CLI
• Create own VNF and NS descriptors and build packages
• Model and deploy NS/VNF with EPA capabilities
• Model dynamic Life Cycle Management operations with Day-1 and Day-2 actions
• Model 5G Network Slices and complex NS with PNFs
• Perform basic troubleshooting
• Configure Fault and Performance management and close-loop operations
• Modify and experiment with OSM source code
• Build complex examples and run own experimental testing

COINS supported Ali Esmaeily to attend the 7th OSM Hackfest in Patras, Greece.

CLEF 2019 was hosted by the Università della Svizzera italiana (USI), Switzerland, 09-12 September 2019.

CLEF 2019 was the 10th CLEF conference continuing the popular CLEF campaigns which have run since 2000 contributing to the systematic evaluation of information access systems, primarily through experimentation on shared tasks.
CLEF 2019 consisted of an independent peer-reviewed conference on a broad range of issues in the fields of multilingual and multimodal information access evaluation, and a set of labs and workshops designed to test different aspects of mono and cross-language Information retrieval systems. Together, the conference and the lab series maintained and expanded upon the CLEF tradition of community-based evaluation and discussion on evaluation issues.

This year, CLEF was open to a wider, industrial community. The Industry Days allowed the interaction between the scientific community, practitioners and decision-makers through panels, a special keynote and presentations. Additionally, the very best and most pertinent work of the academic CLEF participants was made accessible in a concise manner.

COINS supported Parisa Rezaee Borj to attend the PAN at CLEF 2019 in Lugano, Switzerland.

The summer school was organized in lectures and hackathons, providing a mix of in-depth research presentations and hands-on experience, and it was focused on published and current high-impact research projects. The school covered cutting-edge topics on blockchains and other distributed ledger technologies to foster understanding of their respective security and privacy specific requirements and guarantees by bringing together academic researchers and experts from industry. Example topics included: novel attacks on distributed systems; consensus protocols and fault tolerance; incentive structures, such as proof-of-work and proof-of-stake; recent results on blockchain scalability, payment channels and state channels; advancements on smart contracts; or, realistic adversarial capabilities.

Students had networking opportunities with experts from academia and industry, sponsors, and among each other. They also had the opportunity to present their own results in front of experts from academia and industry in the form of lightning talks and poster presentations.

COINS supported Shuang Wu to attend the 1st International Summer School on Security & Privacy for Blockchains and Distributed Ledger Technologies in Vienna, Austria.

The interdisciplinary summer school on privacy provided an intensive one-week academic post-graduate programme teaching privacy from a technical, legal and social perspective. The goal of the summer school was to provide students with a solid background in the theory of privacy construction, modeling and protection from these three different perspectives. It also aimed to help them to establish a first international network with peers and senior academics across these disparate disciplines.

According to Gray et al. dark patterns started as a practitioner led initiative uncovering features of interface design crafted to trick users into doing things they may not want to do, but which benefit the business in question. More formally, the authors define it as instances in which designers use their knowledge of human behavior (e.g., psychology), and the desires of end users to implement deceptive functionality that is not in the user’s best interest.
At this summer school, they focused on dark patterns that impact users’ privacy or their ability to practice their data protection rights. Dark patterns raise crucial questions regarding compliance with European data protection legislation and ethical technology deployment. In January 2019 the French Data Protection Authority (CNIL) imposed a fine of 50 million Euros on Google “in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization”, according to the CNIL. This sky-high fine illustrates the importance paid by regulators to combating dark patterns. Also, consumer organizations, like the Norwegian Consumer Council, have reported on how users are ‘deceived by design’ by tech companies, discouraging people to exercise their rights to privacy. In this summer school, they proposed to look beyond the interface, and ask, where do dark patterns emerge in the production of internet-based services, in the organizing of software and hardware infrastructures, in the elaboration and interpretation of laws, in the push for certain economic models, and conceptions of data, systems, users, and the social. How do we come to recognize, uncover, resist and prevent dark patterns in these different socio-technical contexts?

Dark patterns as a concept is not easy to pin down since manipulation of environment and behavior can be seen as a part of any design intervention. Yet, the rise of the concept is indicative that there is a considerable set of practices that are identified under the label of dark patterns. In this context, at the summer school, they discussed study dark matters and asked whether intentions matter, or outcomes can also serve as a way to identify whether a practice may qualify as a dark pattern in the context of privacy and data protection. Being able to think collectively about this hard question provided people with tools, methods and arguments to address the continuum between poor design or decisions, lack of resources, incompetence, recklessness, optimization, externalization of costs, and intentional patterns that lead to manipulation, deception or unwarranted levels of persuasion. They explored together where we can productively draw the line when it comes to patterns that harm vs. patterns that just do, and how technical, social, ethical, legal and economic practices may be reimagined to address these practices.

The summer school was interdisciplinary, involving the following disciplines: computer science, law and social sciences / media and communication studies.
The school lasted one week, with nine scheduled lectures (five-morning lectures and four-afternoon lectures) of two hours each. These nine lectures were equally distributed over the three disciplines, with top-notch lectures from each of the disciplines. The lectures laid the grounds for an interdisciplinary conversation among students and lecturers coming from a variety of backgrounds.

The remaining time was used for hands on working group sessions to study practical cases. The cases were offered by businesses, governments, government related institutions (like DPAs) and civil society/NGOs. Groups of six students, were formed to tackle the cases and reported back on their results in a plenary session.

The school was held in a location that encourages dialogue and social interactions between both the staff and the students, both during lectures and in the evening. Staff (i.e. lecturers) were encouraged to stay at the summer school for the whole length of the school. The summer school was foremost aimed at PhD students from computer science, law and social sciences.

Participants of the summer school were awarded two ECTS (study credits) and received a certificate of attendance issued by the Radboud University attesting this.

COINS supported Elahe Fazeldehkordi to attend the ISP 2019 in Nijmegen, The Netherlands.

5th World Congress on New Technologies (NewTech’19)

NewTech was aimed to become one of the leading international annual congresses in the fields of new technologies. The congress was composed of 4 conferences. While each conference consisted of an individual and separate theme, the conferences shared considerable overlap, which prompted the organization of this congress.

ICNFA’19 – 10th International Conference on Nanotechnology: Fundamentals and Applications
ICEPR’19 – 9th International Conference on Environmental Pollution and Remediation
ICBB’19 – 5th International Conference on Biotechnology and Bioengineering
ICERT’19 – 3nd International Conference on Energy Research and Technology

This congress provided excellent opportunities to the scientists, researchers, industrial engineers, and university students to present their research achievements and to develop new collaborations and partnerships with experts in the field.

COINS supported Elahe Fazeldehkordi to attend the NewTech’19 in Lisbon, Portugal.

While blockchain-based applications such as Bitcoin are still in their infancy, a dramatic increase in industrial and academic interest in blockchain technology is evident. In addition, start-ups, as well as industry initiatives, are presently working intensely on blockchain-based innovations, making the technology one of the most promising drivers of innovation in many sectors and industries. However, the design and implementation of blockchain-based systems requires know-how in several areas, as well as mindful consideration of larger economic and societal issues. These objectives provided the starting point for this summer school.

In this fourth blockchain summer school organized by the European Blockchain Center, they focused on educating students in blockchain technology to develop solutions within different industries. The participants learned how blockchain technology is disrupting existing business models and gained insights in paradigmatic changes occurring from economic, organisational and computer science viewpoints. As learning outcomes, the participants were submerged into computer science, information systems, and business knowledge background in order to analyse existing business processes and their potential to convert them into blockchain-based solutions. In so doing, they were able to co-create new blockchain-based systems, taking into consideration both cryptographic and economic aspects.

Within the summer school, participants learned how to set up a development environment and how to work with proven platforms such as Ethereum, NEO and others. They were able to design and implement their own smart contracts and coded their own Dapps (decentralized apps).

Once basic blockchain elements have been introduced, participants worked on their own blockchain development projects, supported by the participating industry partners. The outcomes were functioning demonstrators, as well as a written documentation and reports that illustrated the business process or mechanism realized in a blockchain implementation and how, in so doing, a real-world challenge was addressed.

In contrast to the three successful Blockchain Summer Schools in 2016 to 2018, this year lifted it to the next level by establishing three parallel tracks: Basic, Advanced and Improving blockchain / DLT systems as a technology.

An amount of 5 ECTS was provided to PhD students who successfully pass the exam. To pass the exam participants presented their blockchain solutions at the end of the summer school and defended these. In addition, they produced 15 pages of report after the summer school and/or wrote a paper that is to be submitted to an academic outlet, such as conference or journal, coached by the summer school organisers. The presentation, report as well as the working paper were mandatory deliverables and after they have been assessed at a satisfactory level, the ECTS points were granted and a certificate issued.
Independently, all participants received a certificate that they participate in the summer school.

COINS supported Befekadu Gebraselase to attend the Blockchain Summer school in Copenhagen, Denmark.

DeepLearn 2019 was a research training event with a global scope aiming at updating participants about the most recent advances in the critical and fast developing area of deep learning. This is a branch of artificial intelligence covering a spectrum of current exciting machine learning research and industrial innovation that provides more efficient algorithms to deal with large-scale data in neurosciences, computer vision, speech recognition, language processing, human-computer interaction, drug discovery, biomedical informatics, healthcare, recommender systems, learning theory, robotics, games, etc. Renowned academics and industry pioneers lectured and shared their views with the audience.

Most deep learning subareas were displayed, and main challenges identified through 2 keynote lectures, 24 four-hour and a half courses, and 1 round table, which tackled the most active and promising topics. Interaction were a main component of the event.

An open session gave participants the opportunity to present their own work in progress in 5 minutes. Moreover, there were two special sessions with industrial and recruitment profiles.

DeepLearn 2019 was addressed to students, researchers and practitioners who wanted to keep themselves updated about recent developments and future trends. All found it fruitful to listen and discuss with major researchers, industry leaders and innovators.

3 courses run in parallel during the whole event. Participants were able to freely choose the courses they wish to attend as well as to move from one to another.

COINS supported Ramtin Aryan to attend the DeepLearn 2019 in Warsaw, Poland.

The summer school was organized by Immanuel Kant Baltic Federal University in Kaliningrad.

COINS supported Thor Tunge and Bor de Kock to attend the IACR Summer school “Euclidean lattices: theory and applications” in Kaliningrad, Russia.

The school was open to graduate students, researchers, and practitioners from academia and industry. The school aimed at bringing together members from the international security research community to debate contemporary issues in the area of privacy and security of blockchain technology and designing new cryptocurrencies with better security guarantees. The main part of the school consisted of lectures given by world-leading researchers in this area. The school brought the participants through technical aspects of Blockchain and Cryptocurrencies Security. It was also their intention to build strong research relations and exchange opportunities between the involved institutions and participants.

COINS supported Mayank Raikwar to attend the International Summer School on Blockchain and Cryptocurrencies Security in Padua, Italy.

The summer school was jointly organized by the Digital Security (DiS) group, Radboud University (The Netherlands), ETH Zurich Information Security and Privacy Center (Switzerland) and Faculty of Electrical Engineering and Computing, University of Zagreb (Croatia).

The school aimed at bringing together Master/PhD students, academics and security experts from industry.
The focus of the summer school was on:

• Cryptography for the Internet
• Recent developments in cryptography
• Systems security
• Network security
• Machine learning in security & privacy
• Physical security & cryptographic implementations
• Privacy enhancing technologies

This year’s edition included a special one-day workshop on side-channel attacks and countermeasures. The workshop was sponsored by the Technology Foundation TTW (project 13499 – TYPHOON) from the Dutch government. They also had a hardware tutorial and run-time attack tutorial.

COINS supported Åvald Åslaugson Sommervoll and Farzane Karami to attend the Summer School on real-world crypto and privacy in Šibenik, Croatia.

Participants
IT security researchers and research groups of the following Universities/University Colleges are part of the network: Karlstad University, Chalmers University of Technology, Stockholm University, KTH, Skövde University, Linköping University, Örebro Univeristy, Blekinge Institute of Technology, Luleå University.

Activities
Annual 2-days SWITS seminars are held each spring in which:
– Supervisors give an overview to their research areas
– Ph.D. students have the possibility to present their research work, to get feedback and inspirations from other students and supervisors
– Research methodologies in IT security are discussed
– Introductory tutorials are given

This year the seminar SWITS seminar took place in June 3-4th, June 2019 in Karlstad, Sweden. COINS supported three PhD students to attend the seminar: Ahmed Amro, Livinus Obiora Nveke and Muhammad Mudasser Yamin.

The program included recent research in the sub-themes of consensus protocols, zero-knowledge proofs, privacy and anonymity-preserving techniques, language design and semantics for smart contracts, formal verification of cryptographic protocols and implementations, among other relevant topics. The workshop aimed to enable interdisciplinary research and foster collaboration among theoreticians and practitioners in blockchain protocols, distributed systems, and cryptography.

The TPBC19 was organized by Concordium Blockchain Research Centre Aarhus which is located at Department of Computer Science at Aarhus University.

COINS supported Mayank Raikwar to attend the TPBC 2019 in Aarhus, Denmark.

Boolean Functions and their Applications (BFA) 2019 took place in June 16-21st, 2019 in Florence, Italy.

Boolean functions and more generally all the discrete structures used in error correcting coding, cryptography or communications, are highly active areas of research. The workshop Boolean Functions and their Applications (BFA) was to provide a forum for researchers who are working on discrete functions and structures, particularly on Boolean functions, to exchange ideas and interests in open problems, and to further explore their applications in cryptography, error correcting codes and communications.

This workshop was organized by Selmer Center, University of Bergen in honor of Prof. Claude Carlet’s 70th birthday

COINS supported Irene Villa, Diana Davidova, Nikolay Kaleyski and Dan Zhang to attend the BFA 2019 in Florence, Italy.

BigDat 2019: 5th International Winter School on Big Data took place in January 7-11th, 2019 in Cambridge, UK.

BigDat 2019 was a research training event with a global scope aiming at updating participants on the most recent advances in the critical and fast developing area of big data, which covers a large spectrum of current exciting research and industrial innovation with an extraordinary potential for a huge impact on scientific discoveries, medicine, engineering, business models, and society itself. Renowned academics and industry pioneers have lectured and shared their views with the audience.

Most big data subareas were displayed, namely foundations, infrastructure, management, search and mining, security and privacy, and applications (to biological and health sciences, to business, finance and transportation, to online social networks, etc.). Major challenges of analytics, management and storage of big data were identified through 2 keynote lectures, 24 four-hour courses, and 1 round table, which tackled the most active and promising topics. The organizers were convinced that outstanding speakers attracted the brightest and most motivated students. Interaction was a main component of the event.

An open session gave participants the opportunity to present their own work in progress in 5 minutes. Moreover, there were two special sessions with industrial and recruitment profiles.

Master’s students, PhD students, postdocs, and industry practitioners were typical profiles of participants. Overall, BigDat 2019 was addressed to students, researchers and practitioners who wanted to keep themselves updated about recent developments and future trends.

COINS supported Ambika Shrestha Chitrakar to attend the BigDat 2019 in Cambridge, UK.

The title of his thesis is “Trusted Execution on Commodity Devices Use Case: Online User Authentication”.

Commodity computing devices, such as laptops and smartphones, are an essential part of
today’s society. We routinely rely on them for both our professional and personal lives. Furthermore, many of the client applications they run are security critical. The trusted computing base of these applications includes the devices’ underlying system software (operating system, hypervisor and firmware), which is large, complex, and vulnerable to compromise. To mitigate this risk, Trusted Execution Environments, TEEs, offer a security primitive which protects the confidentiality and integrity of user applications’ code and data, against the device’s underlying system software which can be malicious.

Online user authentication is a prominent example of user applications which can benefit from the security guarantees of TEEs. While different realizations of hardware TEEs are commonly deployed within today’s commodity devices, user authentication applications do not use their services. Instead, TEEs are heavily used by few premium Service Providers, SPs, such as original equipment manufacturers. In fact, TEEs have been primarily designed to meet the requirements of such premium SPs, and have consequently under-prioritized the needs of end-users and application developers. As a result, TEEs lack important functionalities, such as secure input/output channels to end-users.
This thesis shows that we can use available commodity TEEs as primitives to build systems which meet the specific security requirements for user authentication developers and their end-users.
We first study the security of passwords and Fast Identity online (FIDO) as two prominent
user authentication modalities. We then present TrustUI, a solution that enables secure
input/output channels from end-users to online service providers. TrustUI uses Intel SGX and personal security devices that are based on secure elements as TEE primitives. We finally present SMMDecoy, a new architecture which leverages System Management Mode and security by deception techniques, to detect firmware keyloggers that can compromise the confidentiality of the keyboard’s user interface.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

• First external opponent: Professor Geir Køien,  University of Agder, Norway.
• Second external opponent: Post Doc Elena Pagnin, University of Aarhus, Denmark.
• Internal member:Professor Olaf Owe, Department of Informatics, University of Oslo.

Chair of defence: Associate Professor Ragnhild Kobro Runde, University of Oslo

Ijlal Loutfi carried out her PhD work at the Department of Informatics , University of Oslo.

Her main supervisor was Professor Audun Jøsang, Department of Informatics, University of Oslo and co-supervisor Professor Frank Eliassen, Department of Informatics, University of Oslo.

Congratulations!

Eurocrypt 2019 took place in Darmstadt, Germany on May 19-23 2019. It was organized by the Cryptoplexity group of TU Darmstadt.

COINS supported Åvald Sommervoll, Mayank Raikwar, Bor de Kock, Mattia Veroni and Navid Ghaedi Bardeh to attend the EUROCRYPT 2019 in Darmstadt, Germany.

Åvald Sommervoll has also attended two affiliated events.

1. Code-based cryptography is the area of research that focuses on the study of cryptosystems based on error-correcting codes, following the seminal work of McEliece and Niederreiter in the late 1970s – early 1980s. These systems have shown no vulnerabilities to quantum attackers and the relevant research branch is widely regarded as one of the most promising in the so-called area of Post-Quantum Cryptography. Current efforts in code-based cryptography are directed at producing fast, secure and efficient schemes. Research in this area has also been fostered by the recent NIST’s Post-Quantum Standardization call. The goal of this two-day workshop was to bring together the community to discuss recent developments, as well as introduce the field to anyone interested in discovering more about this research area. The program includes invited talks, contributed talks and dedicated discussion sessions.
2. The topic of quantum algorithms is an area attracting increasing interest and is of particular importance for post-quantum cryptography. In order to build or cryptanalyse proposed quantum-safe schemes, an awareness of applicable quantum algorithms is essential. This is especially relevant given the ongoing NIST post-quantum standardisation process. This workshop gave an overview of the use of quantum algorithms in cryptanalysis. The program was comprised of invited talks from expert speakers who have worked in the development of quantum algorithms and their application in cryptanalysis. The target audience was cryptographers who would like to learn details of how the various quantum algorithms work as well as how they can be applied in cryptanalysis.

Zero Knowledge Proofs are a cutting edge cryptographic tool that is starting to see adoption. This breakthrough technology form the basis of several cryptographic applications, improving the trade-offs between data privacy and integrity. Zero Knowledge Proofs allow a prover to convince a verifier that some computational statement is correct without revealing any information except the veracity of the statement.

ZKProof.org is an open initiative of industry and academia to standardize the use of zero knowledge proofs.

The first day was dedicated to an Research & Industry Showcase of existing work around zero knowledge proofs. During the last two days, there was a Standards Workshop, where participants discussed an initial set of community standards proposed by the community.

COINS supported Tjerand Silde to attend the Zero Knowledge Proof Standardization Workshop in Berkeley, USA.

The General Data Protection Regulation (GDPR) is now in force. The course helped to understand what it takes to handle personal information, from one end of your organization to the other and to understand GDPR requirements. It explained which provisions apply to your own organization. It showed how to design a response that meets regulatory requirements and builds customers’ confidence. It gave the knowledge to become a GDPR-ready privacy pro or the certified DPO (data protection officer) so many organizations need.

GDPR compliance starts with knowledge.

COINS supported Shukun Tokas to attend the IAPP Europe Data Protection Congress 2018 Privacy training in Brussels, Belgium.

The school has focused on novel and advanced applications of cryptography and has discussed the impact of crypto research to society in a broader context. There were also lectures on good practices of innovation in cryptography and entrepreneurship as well as certification and standardisation of cryptographic primitives.

Since this was the last event of the ECRYPT-NET, the fellows from the network have been given the opportunity to present the research they have been performing during the last 3 years and to reflect on their experience and future opportunities.

The school was organised by Bart Preneel, Svetla Nikova and Saartje Verheyen (COSIC, KU Leuven).

COINS supported Dan Zhang and Irene Villa to attend The School on Applied Cryptography and its Impact on Society, Innovation and Entrepreneurship in Malaga, Spain.

The annual Global Solutions Summit held by the Global Solutions Initiative brought together international research organizations, thought-leaders and decision-makers from across political, business and civic communities.

In 2019 1,600 participants from various sectors and 120 countries have registered for the summit, met with 221 speakers and participated in over 60 sessions. The summit aimed to provide policy recommendations on major G20 issues and thereby served as a stepping stone to the Japanese T20 Summit in May 2019 and the Japanese G20 Summit in June 2019. The Global Solutions Summit 2019 was a T20 Japan associated event.

The Global Solutions Summit 2019 focused on the priorities of the Japanese G20 Presidency, including policy recommendations on sustainable development, infrastructure finance, financial architecture, trade and investment, climate change, future of work and education, social cohesion and the future of politics, SME policy, policies for aging populations, and more. All discussions linked to the overarching narrative of recoupling economic, environmental and social progress. We furthermore highlighted all relevant issues for the future of multilateralism and strengthened the implementation site in our discussions.

COINS supported Desta Haileselassie Hagos to attend the Global Solutions Summit in Berlin, Germany.

Oxford Post-Quantum Cryptography Workshop took place in March (18-22th), 2019 at the Mathematical Institute, University of Oxford, UK. The event brought together the top researchers in the field of Post-Quantum Cryptography for a week of fruitful discussions and exchange of ideas.

During the week, each morning there were two talks on various Post-Quantum fields. Each talk was an overview of the techniques used in each PQ field – lattice-based cryptography, hash-based cryptography, code-based cryptography, isogeny-based cryptography and multivariate-based cryptography – with a dedicated focus to NIST submissions, and their state-of-the-art cryptanalysis. One of the talks was on the NIST standardization process by Dustin Moody (NIST).

The morning talks were followed by (group) working sessions, where teams worked on previously agreed research problems.

COINS supported Wrya Kadir and Alessandro Budroni to attend the Oxford Post-Quantum Cryptography Workshop in Oxford, UK.

Over the last decade we have witnessed a series of impressive breakthroughs in data science and AI thanks to important advances in the algorithmic efficiency of data-driven approaches, such as deep learning. While the prime examples of disruptive progress have occurred in fields such as computer vision or natural language processing, there is still a huge potential for these improvements to carry over to other disciplines such as communications engineering. Incipient research has demonstrated the benefits of machine learning for the lower layers of the communication stack, including coding, modulation, equalization, detection, resource allocation, etc.

This training school  revolved around the application of Machine and Deep Learning techniques to the design of (beyond) 5G communication systems, with particular emphasis on physical and lower layers. The training school has comprised keynote and tutorial lectures by renowned researchers from academia and industry, focused presentations on recent advances in this research field and hands-on sessions.

The program included a student poster session and a Machine learning challenge, with prizes and awards for both activities.

COINS supported Ashish Rauniyar to attend the 6th Training School on Machine and Deep Learning Techniques for (Beyond) 5G Wireless Communication Systems in Barcelona, Spain.

The title of his thesis is “Robust Biometrics on Smartphones – Using Quality Assessment, Presentation Attack Detection, and Biometric Fusion” and the given topic for his trial lecture was “Blockchain technology, algorithms and benefits in Healthcare”.

With the technological advancements in mobile technology, there is a massive
adoption of biometrics as a security measure in today1s smartphones. Smartphones
are used in all day to day activities such as online banking, accessing
official and personal emails, social networking and also to store personal
data. Although smartphones provide high user convenience, there is
an inherent security threat as losing such a device could lead to a loss of
such sensitive data. This could cause disastrous effects on the smartphone
user. In order to reduce the privacy and security threats, basic solutions
are provided with every smartphone. However such solutions could cause
user inconvenience sometimes, for example, it is hard to remember complex
lock patterns, longer pin codes; also such patterns and pins could be easily
hacked. Thus, an inherent need of added security measure is there and
which could be conveniently fulfilled by biometrics on smartphones. As a
result of which, recently, most of the smartphones are manufactured with
inbuilt fingerprint sensor, or state-of-the-art face or iris recognition system.
Today, we can say that for any smartphone, a biometric system is one
of an essential component just like the front and rear cameras. However,
the inclusion of such a biometric system comes with a cost such as the
performance of a biometric system is depends on several factors such as the
input sample quality, systematic and random errors. Moreover, biometric
systems are highly vulnerable to direct and indirect attacks. The direct
attacks aka presentation attacks are carried out at the biometric sensor
level by presenting a fake biometric sample. If a biometric system does not
have an attack detection module also know as presentation attack detection
module, it is trivial to spoof any biometric system.

Thus, the primary objectives of this thesis are to address the challenges
of smartphone biometrics. The unconstrained nature biometric sample capture
in a smartphone environment could cause challenging input samples for
the recognition system and results in a lower comparison score. Therefore,
it is essential to assess the precise quality if the input samples. In this work,
we present and compare several quality assessment algorithms to formulate
a unified face recognition system. This thesis proposes two presentation attack
detection techniques for smartphone-based face recognition system and
one for fingerphoto recognition system. The thesis also extends the applications
of some concepts from Subjective Logic to fuse the comparison scores
from face and fingerprint recognition system. Additionally, this thesis proposes
a multi-biometric and multi-algorithmic fusion scheme to mitigate the
effects of body weight variations for face recognition systems. Although the
proposed framework does not use smartphone biometric data, the method
could be easily adapted for the smartphone-based face recognition.
The validity of proposed frameworks for consistent performance is demonstrated
through extensive experimentation on publicly available and newly
created databases. We have also presented a new smartphone based multimodal
biometric database as well as presentation attack database in this
work. Conclusively, the thesis proposes a robust Biometric Quality Assessment
(BQA), Presentation Attack Detection (PAD) and Biometric Fusion
techniques to address the issue of sample quality assessment, presentation
attacks, and multi-modal biometric fusion. A detailed experimental analysis
and comprehensive studies has been executed to evaluate the proposed
methods under the scope of this thesis work. The presented methods will
help the researchers and users of smartphone biometrics to improve the
robustness of the system.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Associate Professor Maria De Marsico, Department of Computer Science, Sapienza University of Rome, Italy.
• Second external opponent: Professor Martin Drahanský, Department of Intelligent Systems, Brno University of Technology, Czech Republic.
• Internal member and committee administrator: Associate Professor Sule Yildirim Yayilgan, Department of Information Security and Communication Technology, NTNU.

Pankaj Shivdayal Wasnik carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

His main supervisor was Professor Raghavendra Ramachandra, Department of Information Security and Communication Technology, NTNU and co-supervisor Professor Christoph Busch, Department of Information Security and Communication Technology, NTNU.

Congratulations!

JEEIT 2019 provided a unique forum to discuss practical approaches and state of the art findings in using the applied electrical engineering and information technologies to

solve national problems that face Jordan and other developing countries. JEEIT 2019 merged three conferences: The 5th IEEE Jordan Conf. on Applied Electrical Eng. and Computing Technologies (AEECT 2019), The 11th Jordanian Int’l Electrical and Electronic Eng. Conf. (JIEEEC 2019) and The 9th Int’l Conf. on Information Technology (ICIT 2019) in one big conference with one organizing committee, one program, and one proceedings.

COINS supported Ahmed Amro to attend the 2019 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology took place in Amman, Jordan.

Winter school on the mathematical foundations of asymmetric cryptography took place in Aussois, France, March 17–22, 2019.

This winter school on the mathematical foundations of asymmetric cryptography lasted 5 days. Diverse and particularly active aspects of this research area were covered, via mini-courses and talks.

This school was a session of the Etats de la Recherche organized by the French Mathematical Society (SMF). The school was targeted mathematicians and computer scientists with a background in algebra: M2 and PhD students, post-docs and researchers, not necessarily specialized in this area.

COINS supported Mattia Veroni to attend the winter school on the mathematical foundations of asymmetric cryptography in Aussois, France.

The title of his thesis is “Attribute Based Cryptographic Enforcements for Security and Privacy in E-health environments” and the given topic for his trial lecture was “Cryptographic improvements in TLS 1.3 over 1.2: Whys and hows”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor James B. D. Joshi, School of Computing and Information, University of Pittsburgh, USA.
• Second external opponent: Professor Øyvind Ytrehus, Department of Informatics, University of Bergen, Norway.
• Internal member and committee administrator: Ole-Christoffer Granmo, Department of ICT, UiA.

Harsha Sandaruwan Gardiyawasam Pussewalage carried out his PhD work Engineering and Science with Specialisation in Information- and Communication Technology (ICT), Univeristy of Agder.

His main supervisor was Professor Vladimir Oleshchuk, Department of Information and Communication Technology, UiA and co-supervisor Professor Geir Myrdahl Køien, Department of Information and Communication Technology, UiA  .

Congratulations!

The title of his thesis is “Towards Fairness and Decentralisation in Modern Cryptocurrencies” and the given topic for his trial lecture was “Universally verifiable random sources”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Peter Ryan, University of Luxembourg.
• Second external opponent: Dr. Vanessa Teague, University of Melbourne.
• Internal member and committee administrator: Professor Slobodan Petrovic, Department of Information Security and Communication Technology, NTNU.

Christopher Alan Carr  carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

His main supervisor was Professor Colin Boyd, Department of Information Security and Communication Technology, NTNU.

Congratulations!

The summer school was jointly organized by the Digital Security (DiS) group, Radboud University (The Netherlands), ETH Zurich Information Security and Privacy Center (Switzerland) and Faculty of Electrical Engineering and Computing, University of Zagreb (Croatia).

The school aimed at bringing together Master/PhD students, academics and security experts from industry. The focus of the summer school was on:

• Cryptography for the Internet
• Recent developments in symmetric key cryptography
• Security proofs in cryptography
• Wireless security
• Crypto for systems security
• Software and hardware security
• Privacy enhancing technologies
• Blockchain security (special session).

This year’s edition included a special session on distributed ledgers, where participants learned from several experts in the area about broad security aspects associated with these technologies. This session has been sponsored by the Glass Houses project, which is funded by the UK’s Engineering and Physical Sciences Research Council (EPSRC).

COINS supported  Ijlal Loutfi to attend Summer School on real-world crypto and privacy 2018 in Šibenik, Croatia.

The school provided students/professionals with the prerequisite fundamentals of mathematics, statistics, programming and paper reading skills required for starting a career in AI research and with an overview of state-of-the-art research in ML and AI.
It also inspired early stage researchers from Nepal and the region to take on challenging high impact AI problems in visual recognition, natural language processing, medical science etc.
The summer school provided a venue for sharing and discussing cutting-edge technological advances in AI among both veteran and young researchers from around the world and created new opportunities for the participants and well as played an important role in democratizing AI by inspiring the next generation of leaders in AI from developing countries.

The Nepal School consisted of series of lectures, lab sessions, and scientific paper reading/writing sessions given by invited world-class experts. The experts included a number of alumni who graduated from the local engineering schools and had good knowledge of the teaching methodology there and the key gaps that need to be filled. The social events (a day hiking and dinner) provided ample opportunities for the like-minded people to network and collaborate.

COINS supported Ashish Rauniyar and Debesh Jha to attend First Nepal Winter School in AI in Kathmandu, Nepal.

The school has aimed at students at all levels (BSc/MSc/PhD) and postdocs. The school has featured 4 introductory mini-courses, special talks, and talks contributed by the participants.

COINS supported  Dan Zhang to attend the summer school Number theory and coding theory – contemporary applications in security in Turku, Finland.

Real World Crypto Symposium aimed to bring together cryptography researchers with developers implementing cryptography in real-world systems. The conference goal was to strengthen the dialogue between these two communities. Topics covered focus on uses of cryptography in real-world environments such as the Internet, the cloud, and embedded devices.

The RWC series of events was initiated by Kenny Paterson and Nigel Smart in 2012, as part of a celebration at the Isaac Newton Institute in Cambridge to celebrate the 100th anniversary of the birth of Alan Turing. At that point the rather less punchy title was Is Cryptographic Theory Practically Relevant?. The event was an amazing success and within a week we had been contacted about organizing a follow up event; and so Real World Cryptography was born.

Talks were selected on the basis of impact on the real world (potential or current), interest to the audience, and our perceived quality of the speaker.

COINS supported  Tjerand Silde to attend Real World Crypto 2019 in San Jose, USA.

Smart grid technology is currently entering the electrical market by the deployment of smart meters. Electric vehicles introduce new challenges on the grid capacity but may also support grid stability. Volatile renewable energy challenges grid stability. Wind power electricity produced at shore regions has to be transported to industrial regions by high-capacity power links. Local photovoltaic sources may make residents independent for some time periods. The new power grid becomes smart, when all prosumers can communicate fast, securely, and reliably.

In its 2018 Edition, IEEE SmartGridComm kept its acronym, but the full title of the conference has been changed to IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids. This enlarged the scope of the conference towards more general cyber-physical systems and Internet of Things, which were research topics that become inseparable from the future smart energy.

COINS supported Handunneththi V. Kalpanie Mendis to attend IEEE SmartGridComm 2018 in Aalborg, Denmark.

COINS supported Navid Ghaedi Bardeh to attend Symmetric Proof Techniques school in Bertinoro, Italy.

The title of his thesis is “An Access Control Model to Facilitate Healthcare Information Access in Context of Team Collaboration”.

The delivery of healthcare relies on the sharing of patients’ information among a group of healthcare professionals. At present, electronic health records (EHRs) are widely utilized system to create, manage and share patient healthcare information among healthcare teams. While it is necessary to provide healthcare professionals (member of the healthcare team) with privileges to access patient health information, providing too many privileges may backfire when healthcare professionals accidentally or intentionally abuse their privileges. Ensuring patient privacy and improving patient care quality are two of the most significant challenges faced by healthcare systems around the world. Hence, finding a middle ground, where the necessary privileges are provided and malicious usage are avoided, is necessary. This PhD study highlights the access control matters in collaborative healthcare domain.Focus  is mainly on the collaborative activities that are best accomplished by organized healthcare team within or among healthcare organizations with an objective of accomplishing a specific task (patient treatment).

We investigate the importance and challenges of effective healthcare team treatment, the sharing of patient health records in healthcare delivery, patient data confidentiality and the need for flexible access of the members of the team corresponding to the requirements to fulfill their duties. The focus is on developing an access control model that balance between healthcare team collaboration and safeguarding sensitive patient information.

The major contributions of our access control model include ensuring that access rights are adapted to the actual needs of healthcare providers and providing fine-grained control of access with the minimum necessary standard, whereby healthcare providers are granted minimal access to carry out their duties.

The title of the trial lecture was: “Strategies and challenges of role mining in access control“.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Tuomas Aura,  Aalto University, Finland.
• Second external opponent: Associate Professor Lillian Røstad, Department of Informatics, University of Oslo, Norway.
• Committee administrator: Professor José Julio Cabeza Gonzalez, University of Agder, Norway.

Mohamed Ali Saleh Abomhara carried out his PhD work at the Department of Information and Communication Technology, University of Agder. His main supervisor was Professor Geir Myrdahl Køien, Department of Information and Communication Technology, University of Agder and co-supervisor was Professor Vladimir Oleshchuk, Department of Information and Communication Technology, University of Agder.

Congratulations!

The title of his thesis is “Systems of Boolean equations, elimination theory, and applications to cryptography” and the title of the trial lecture was: “On fault injection attacks on cryptographic hardware implementations, and techniques for preventing such attacks“.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor, Dr.rer.nat. habil. Martin Kreuzer, Universität Passau, Germany.
• Second external opponent: Professor, Dr.rer.nat. Patrick Felke, Hochschule Emden-Leer, Germany.
• Internal member: Director, Ph.d. Kjell Jørgen Hole, SIMULA, University of Bergen, Norway.
• Chair of the defence: Professor Jaakko Timo Henrik Järvi, Department of Informatics, University of Bergen, Norway.

Bjørn Møller Greve carried out his PhD work at the Department of Informatics, University of Bergen. His main supervisor was Professor Øyvind Ytrehus, Department of Informatics, University of Bergen and co-supervisor was Senior Research Scientist Håvard Raddum, Simula, University of Bergen.

Congratulations!

NordSec is an annual research conference series that has been running since 1996. The events brought together security researchers from the Nordic countries, Northern Europe, and beyond. In addition to being a venue for academic publishing, NordSec was an important meeting place for university faculty, students, and industry researchers and experts from the region. The proceedings consisted of peer-reviewed articles and are published in the Springer Lecture Notes in Computer Science series.

COINS supported Åvald Sommervoll to attend NordSec 2018 in Oslo, Norway.

With the increasing focus on modelling and simulation in the fields of cyber-networks, data mining, cyber security, distributed computing, mobile computing, cognitive computing, cloud computing, computing tools, applications, simulation tools, system performance and data and computer communications, the demand for high quality research outcomes has never been greater. ITNAC has been the forum for researchers and engineers to present and discuss topics related to advanced computing and data communication network technologies, services and applications.

Novel contributions were presented in the form of keynote speeches by international experts, peer-reviewed technical papers, and posters. ITNAC 2018 captured highly innovative and state-of-the-art research from academia, industry and standardization bodies.

COINS supported Aryan Ramtin to attend ITNAC 2018 in Sydney, Australia.

The title of his thesis is “Context-Aware Adaptive Authentication for the IoT in eHealth” and the given topic for his trial lecture was “Privacy and Safety for Mobile Devices”.

The Internet of Things (IoT) presents a concept of smart world around us, where things are trying to assist and benefit people. Patient monitoring outside the hospital environment is one case for the IoT in healthcare. The healthcare system can get many benefits from the IoT such as patient monitoring with chronic disease, monitoring of elderly people, and monitoring of athletes fitness. The IoT in eHealth aims to assist the existing healthcare system by monitoring the vital signs of patient’s health data. The dynamic and heterogeneous environment of the IoT may facilitate the patient with mobility options. However, security-related problems may obstruct the development of such a comprehensive patient monitoring system. While standards and technologies are continuously developed for the IoT, the ethical aspects of these developments must be addressed and it may be incorporated in the system development life cycle.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• • First external opponent: Professor Denis Trček, University of Ljubljana, Faculty of Computer and Information Science, Slovenia.
  • Second external opponent: Professor Rose-Mharie Åhlfeldt, Högskolan i Skövde, Sweden.
  • Internal member and committee administrator: Associate Professor Bian Yang, Department of Information Security and Communication Technology, NTNU.

Kashif Habib carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik and at Norwegian Computing Center. His main supervisor was Dr. rer.nat. Wolfgang Leister, Norwegian Computing Center and co-supervisors Professor Einar Snekkenes, Department of Information Security and Communication Technology, NTNU and Professor Ilangko Balasingham, Rikshospitalet and Department of Electronic Systems, NTNU.

Congratulations!

Boolean functions and more generally all the discrete structures used in error correcting coding, cryptography or communications, are highly active areas of research. The workshop Boolean Functions and their Applications (BFA) was to provide a forum for researchers who are working on discrete functions and structures, particularly on Boolean functions, to exchange ideas and interests in open problems, and to further explore their applications in cryptography, error correcting codes and communications.

COINS supported Diana Davidova, Irene Villa, Nikolay Kaleyski and Dan Zhang to attend The 3rd International Workshop on Boolean Functions and their Applications in Loen, Norway.

The Conference was dedicated to the memory of Emil Artin, an Austrian mathematician of Armenian descent. He was one of the leading mathematicians of the twentieth century. The scientific talks involved all branches of mathematics and its applications. There were around 100 participants from all over the world, for example, Russia, Italy, France, Poland, Slovakia, Serbia, USA, China, South Africa, Brazil and more.

The aim of the conference was to provide a forum where specialists will meet to share ideas of the latest research in Algebraic Structures, Mathematical Logic, Number Theory, Pure and Applied Mathematics, Discrete Mathematics and Computer Science.

COINS supported Diana Davidova, Nikolay Kaleyski and Irene Villa to attend the Emil Artin International Conference in Yerevan, the Republic of Armenia.

The aim of the NISK conference series was to be the principal Norwegian research venue for presenting and discussing developments in the field of ICT security and privacy, and bringing together people from universities, industry, and public authorities.

There were invited both national and international contributions by
researchers, practitioners, and PhD- and Master thesis students
presenting new problems and solutions within topics on ICT security.

COINS supported many PhD students and former students to attend to attend the NISK 2018 conference in Longyearbyen, Norway. Here are they travel reports:

• Berglind Fjola Smaradottir
• Muhammad Mudassar Yamin
• Ramtin Aryan
• Aida Mehdipourpirbazari
• Cristina Viorica Heghedus
• Manish Shrestha 
• Dhanya Therese Jose 
• Songpu Ai
• Isaac Andrés Canales Martinez
• Tjerand Silde
• Nikita Rajendra Karandikar
• Elahe Fazeldehkordi
• Shukun Tokas
• Alessandro Budroni
• Jayachander Surbiryala
• Andrea Tenti
• Merve Bas Seyyar
• Shao-Fang Wen
• Nikolay Stoyanov Kaleyski
• Navid Ghaedi Bardeh
• Jens-Petter Sandvik
• Dan Zhang
• Irene Villa
• Xiaojie Zhu
• Martin Brodin
• Ambika Shrestha Chitrakar
• Diana Davidova
• Parisa Rezaee Borj

SSIC’2018 was the third conference in the area of cyber security focusing on the industry control system, cloud platform and smart cities. City and industrial control infrastructures are changing with new interconnected systems for monitoring, control and automation. The conference provided an international forum for scientists, researchers, professionals, industry practitioners, policy makers, and users to exchange ideas, techniques and tools, and share experience related to all practical and theoretical aspects of communications and network security.

SSIC’2018 conference was technically co-sponsored by IEEE. Topics of interest encompassed not only all practical and theoretical aspects of communications, and network security, but also security mechanism put into some critical applications.

COINS supported Xiaojie Zhu to attend the SSIC 2018 in Shanghai, China.

CrossFyre aimed to bring together female researchers in cyber security (e.g., in cryptography, information security, safety, but not only), to promote their research topics and help develop the careers of women in science and engineering. Thus, CrossFyre’s main cohort was generally formed of female early-career researchers (ECRs), as well as female undergraduate students interested in or working in cybersecurity.

COINS supported Martha Norberg Hovd to attend the CrossFyre 2018 in Guildford, UK.

The summer school has featured a teaching staff of well-known researchers and was targeted at Ph.D. students, engineers, and junior faculty. The first summer school was focused on advanced topics in Distributed Systems. The summer school featured five 50-minute lectures a day on August 15, 16, and 17, for a total of 15 lectures. In the evenings there were social activities and/or poster sessions. The summer school was co-sponsored by the Norwegian Research Council and the Corpore Sano project.

COINS supported Ramtin Aryan, Shukun Tokas and Ijlal Loutfi to attend the ACM SIGOPS Summer School on Advanced Topics in Systems in Tromsø, Norway.

ISSAC 2018 was the premier conference for research in symbolic computation and computer algebra. ISSAC 2018 was the 43rd meeting in the series, which started in 1966 and has been held annually since 1981. The conference presented a range of invited speakers, tutorials, poster sessions, software demonstrations and vendor exhibits with a center-piece of contributed research papers.

COINS supported Alessandro Budroni to attend the ISSAC 2018 in New York, USA.

The goal of this summer school was to bring together the world-class researchers in Fog Computing with undergraduate, graduate students and interested researchers from academia and engineers from industry, to educate the audience on both basics and recent advancements in Fog Computing overview, IoT, Optimization, Big Data, and Deep Learning, and to encourage collaborations on related topics. This summer school also included a 24 hours’ hackathon after the two-days’ classes on Fog Computing, to encourage the students gather to collaborate and challenge themselves to build a project about Fog Computing from start to finish. It was an invaluable opportunity for the participants to gain coding experience, learn fog computing, and win awesome prizes.

COINS supported Desta Haileselassie Hagos and Ashish Rauniyar to attend the 2018 Summer School on “Fog Computing” in Shanghai, China.     

The title of his thesis is “Privacy, Security, and Repair in Distributed Storage Systems” and the title of the trial lecture was: “Age of Information”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Assistant Professor Salim El Rouayheb, Department of Electrical & Computer Engineering, Rutgers University, USA.
• Second external opponent: Professor Camilla Hollanti, Department of Mathematics and Systems Analysis, Aalto University, Finland.
• Internal member and committee administrator: Dr Håvard Raddum, SIMULA, University of Bergen, Norway.

Siddhartha Kumar carried out his PhD work at the Department of Informatics, University of Bergen. His main supervisors were Associate Professor Eirik Rosnes, University of Bergen, Professor Alexandre Graell i Amat, Department of Electrical Engineering,
Chalmers University of Technology, Sweden and Professor Øyvind Ytrehus, Department of Informatics, Univerity of Bergen.

Congratulations!

Seraj Fayyad successfully completed his PhD trial lecture and thesis defense at the University of Oslo on Friday, the 11th of October 2018 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Measurable Security for Systems built upon the Internet of Things” and the given topic for his trial lecture was “Security by design in safety critical systems”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• • First external opponent: Senior Researcher Aida Omerovic, Software and Service Innovation Department, Sintef.
  • Second external opponent: Professor Lothar Fritsch, Department of Computer Science, Karlstad University, Sweden.
  • Internal member and committee administrator: Professor Martin Steffen, Department of informatics, University of Oslo.

Seraj Fayyad carried out his PhD work at the Department of Informatics, University of Oslo. His main supervisors were Professor Josef Noll, Department of Technology Systems, University of Oslo and Professor Einar Arthur Snekkenes, Department of Information Security and Communication Technology, Norwegian University of Science and Technology.

Congratulations!

Vivek Agrawal successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Friday, the 4th of October 2018 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Information Security Risk Management Practices – Community-Based Knowledge Sharing” and the given topic for his trial lecture was “Technological Obsolescence Implications for Information Security”.

“The trial lecture described the concepts of technology, information security, and technological obsolescence, and presented both the challenges and the possible utility of technological obsolescence and its impacts on information security. Both historic and practical perspectives are taken into consideration when analyzing the cause and impact from technological obsolescence on information security. International standards on managing technology obsolescence were also reviewed. The trial lecture received positive feedback from the PhD assessment committee on its well-organized structure and excellent presentation manner.”

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• • First external opponent: Professor Louise Yngström, Department of Computer and Systems Sciences, Stockholm University and KTH – Kungliga Tekniska Högskolan, Sweden.
  • Second external opponent: Professor Alexandre Ardichvili, University of Minnesota, USA.
  • Internal member and committee administrator: Associate Professor Bian Yang, Department of Information Security and Communication Technology, NTNU.

Vivek Agrawal carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik. His main supervisor was Professor Einar Snekkenes, Department of Information Security and Communication Technology, NTNU in Gjøvik and co-supervisors was Professor Stewart Kowalski, Department of Information Security and Communication Technology, NTNU in Gjøvik.

Congratulations!

The title of her thesis is “Exploring Microservice Security” and the given topic for her trial lecture was “Containerization, clustering and service deployment”.

The following committee has been appointed to evaluate his thesis, trial lecture and defence:

• First opponent: Dr Coen De Roover, Vrije Universiteit Brussel, Belgium.
• Second opponent: Dr Tor Erling Bjørstad, mnemonic AS, Norway.
• Internal opponent and administrator of the committee: Dr Noeska Smit, Department of Informatics, University in Bergen, Norway.

Tetiana Yarygina carried out her PhD work at the Department of Informatics, University of Bergen. Her main supervisor was Associate Professor Anya Helene Bagge, Department of Informatics, University of Bergen and co-supervisor was Professor Jaakko Timo Henrik Järvi, Department of Informatics, University of Bergen.

Congratulations!

The title of her thesis is “On Classification and Some Properties of APN Functions” and the given topic for her trial lecture was “Differential cryptanalysis”.

The following committee has been appointed to evaluate his thesis, trial lecture and defence:

• First opponent: Dr Marco Calderini, Researcher, Department of Informatics, University of Bergen, Norway.
• Second opponent: Dr Lars Eirik Danielsen, Senior Consultant, Miles Bergen AS, Norway.
• Third opponent: Dr Natalia Tokareva, Senior Researcher, Sobolev Institute of Mathematics, Russia
• Committee member: Dr Marco Calderini, Researcher, Department of Informatics.

Bo Sun carried out her PhD work at the Department of Informatics, University of Bergen. Her supervisors were: Dr Lilya Budaghyan, Department of Informatics, University of Bergen, Associate Professor Nian Li, Faculty of Mathematics and Statistics, Hubei University, China and Associate Professor Chunlei Li, Department of Informatics, University of Bergen.

Congratulations!

EUROCRYPT 2018 is the 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Covering all aspects of cryptology, including theoretical foundations, deployment of cryptographic schemes, cryptanalysis of widely used standards, cryptographic protocols, quantum cryptography, and cryptographic currencies.

This year’s edition took place in Tel Aviv, Israel on April 29-May 3 2018, at the Dan Panorama’s conference center. EUROCRYPT 2018 was one of the flagship conferences of the International Association for Cryptologic Research (IACR), and was organized by the Technion Hiroshi Fujiwara Cyber Security Research Center.

COINS supported Alessandro Budroni, Andrea Tenti and Isaac Canales Martinez to attend the EUROCRYPT 2018 in Tel Aviv, Israel.

Over 1,100 participants, official delegates from T20 Argentina 2018 and T20 Japan 2019, Nobel Laureates and German Chancellor Angela Merkel – this was the Global Solutions Summit 2018 on 28 and 29 May in Berlin.

The Global Solutions Summit brought together policy thinkers and policy leaders from around the world. In over 40 sessions, insights and ideas on the most pressing issues of our times were discussed, focused primarily around the Task Forces of the Argentinian T20 and the priorities of the Argentinian G20 Presidency. This sets the corner stone for key policy recommendations that will recouple the world. 
We also welcomed more than 120 Young Global Changers at the summit, representing the next generation of global problem solvers. Throughout the summit as well as during the Summer School they developed specific ideas on recoupling politics, economics and business.

COINS supported Ashish Rauniyar to attend the Global Solutions Summit 2018 in Berlin, Germany.

The training school was co-organised with the COST action IC1306 “Cryptography for Secure Digital Interaction” and contained lectures on symmetric cryptography as well as lectures and discussions on blockchain technologies.

One of the focuses of the school was on modes of operation and authenticated encryption. Many applications require to guarantee both confidentiality and integrity of the data. A standard algorithm for symmetric encryption consists in using a block cipher, typically the AES, together with a mode of operation (e.g. CBC or CTR) which enables to handle variable-length messages. There is no such solution for authenticated encryption which is satisfactory both in terms of performance and security. Therefore, the on-going Caesar competition has been launched in 2014 in order to design and analyze new authenticated encryption schemes suitable for widespread adoption.

One of the hot topics in cryptology at the moment is blockchain. Bitcoin is the first example of a blockchain and it has spawned a lot of attention. A block chain is constructed using a cryptographic hash function. Cryptologists do not seem to agree on the impact and importance of the blockchain technology. Thus, there was a session in the school with different views on the topic.

The goal of the school was to give students a thorough introduction to the state-of-the-art within symmetric cryptology covering both the theoretical side (design and cryptanalysis of symmetric cryptographic primitives and provable security) and the practical side (practical cryptanalysis in exercise sessions). The school had two streams: basic principles of symmetric cryptography and advanced topics, like modes of operation, authenticated encryption and blockchain technologies.

The school was suitable for Master students with a background in cryptography and security; PhD students and security experts from industry.

COINS supported Diana Davidova and Navid Ghaedi Bardeh to attend the COST Training School on Symmetric Cryptography and Blockchain in Torremolinos, Spain.

The Norwegian Information Security Conference (no. Norsk Informasjonssikkerhetskonferanse – NISK) is a national conference that brings together researchers in IT-security, mainly from national community, but also from the international community.

NISK 2017 was organized in conjunction with NIK, NOKOBIT, and UDIT conferences. The conference was supported by the IKTPluss programme of the Norwegian Research Council (NFR).

COINS supported Ijlal Loutfi to attend the NISK 2017 conference in Oslo, Norway.

The title of his thesis is “Selected x86 Low-level Attacks and Mitigations” and the given topic for his trial lecture was “Blockchain, nyere trender innenfor digital valuta, alternativer til bitcoin”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First opponent: Postdoctoral Researcher Dennis Andriesse, Department of Computer Science, Vrije Universiteit Amsterdam, The Netherlands.
• Second opponent: Postdoctoral Fellow Laszlo Erdodi, Department of Informatics, University of Oslo, Norway.
• Committee member: Senior Research Scientist Håvard Raddum, Simula, University of Bergen.

Christian Wilhelm Otterstad carried out his PhD work at the Department of Informatics, University of Bergen. His main supervisor was Professor Øyvind Ytrehus, Department of Informatics, University of Bergen and Co-supervisor was Professor Kjell Jørgen Hole, Department of Informatics, University of Bergen.

Congratulations!

OffensiveCon Berlin was a highly technical international security conference focused on offensive security only. The aim of OffensiveCon was to bring the community of hackers together for high quality and deep technical talks, engaging and renowned technical trainings. The talks at OffensiveCon were focused on offensive IT security topics such as vulnerability discovery, advanced exploitation techniques and reverse engineering.

The conference brought superb and unique speakers while offering affordable ticket prices for everyone. The conference was constructed as a single track of talks for two full days as well as technical trainings held in the days before the conference. Moreover, the conference was hosting lightning talks as well, where attendees had a chance to present any topic related to offensive security for 15 minutes to the entire audience.

COINS supported Ramtin Aryan to attend the Offensive Security Conference 2018 in Berlin, Germany.

Andrii Shalaginov successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Friday, the 16th of February 2018 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Advancing Neuro-Fuzzy Algorithm for Automated Classification in Largescale Forensic and Cybercrime Investigations: Adaptive Machine Learning for Big Data Forensic” and the given topic for his trial lecture was “Internet of Things security and forensics: Challenges and opportunities”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• • First external opponent: Professor Ajith Abraham, IEEE, Faculty of Electrical Engineering and Computer science VSB-Technick Univerzita Ostrava, Czech Republic.
  • Second external opponent: Associate Professor Magnus Almgren, Institution før Data- och informationsteknik, avdelning Nätverk och system, Chalmers Tekniska Høgskola, Sweden.
  • Internal member: Associate Professor Basel Katt, Department of Information Security and Communication Technology, NTNU.
  • Committee administrator: Associate Professor Laura Georg, Department of Information Security and Communication Technology, NTNU.

Andrii Shalaginov carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik. His main supervisor was Professor Katrin Franke, Department of Information Security and Communication Technology, NTNU in Gjøvik and co-supervisors was Professor Slobodan Petrovic, Department of Information Security and Communication Technology, NTNU in Gjøvik and Professor Mario Köppen, Graduate School for Creative Informatics, Kyushu Institute of Technology.

Congratulations!

COINS supported Shukun Tokas to attend Andrii Shalaginov’s defence in Gjøvik, Norway.

The title of his thesis is “Securing Tactical Service Oriented Architectures” and the given topic for his trial lecture was “Intrusion Detection Systems for Collaborative Mobile Ad Hoc Networks”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Associate Professor Paulo Cesar G. da Costa, George Mason University, C4I & Cyber Center, Volgenau School of Engineering, USA.
• Second external opponent: Associate Professor Orazio Tomarchio, University of Catania, Dep. of Electrical, Electronic and Computer Engineering, Italy.
• Internal member: Associate Professor Karin Bernsmed, Department of Information Security and Communication Technology, NTNU, Norway.
• Committee administrator: Professor Sokratis Katsikas, Department of Information Security and Communication Technology, NTNU.

Vasileios Gkioulos carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik. His main supervisor was Professor Stephen Wolthusen, Department of Information Security and Communication Technology, NTNU in Gjøvik and co-supervisor was Professor Slobodan Petrovic, Department of Information Security and Communication Technology, NTNU in Gjøvik.

Congratulations!

Martin Strand successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Thursday, the 1st of February 2018 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Fully homomorphic encryption with applications to electronic voting” and the given topic for his trial lecture was “Multilinear maps and indistinguishability obfuscation”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

First external opponent: Associate Professor Berry Schoenmakers, Technische Universiteit Eindhoven, The Netherlands.
Second external opponent: Professor Kristian Ranestad, University of Oslo, Norway.
Committee member and administrator: Professor Øyvind Solberg, Department of Mathematical Sciences, NTNU, Norway.

Martin Strand carried out his PhD work at the Department of Mathematical Sciences, NTNU in Trondheim. His main supervisor was Professor Kristian Gjøsteen, Department of Mathematical Sciences, NTNU in Trondheim and co-supervisor was Professor Aslak Bakke Buan, Department of Mathematical Sciences, NTNU in Trondheim.

Congratulations!

Ctirad Sousedik successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Tuesday, the 30th of January 2018 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Presentation Attack Resistant Fingerprint Biometrics –using Optical Coherence Tomography” and the given topic for his trial lecture was “OCT Fingerprint Sensing Technology: Benefits and Challenges”.

Fingerprints are one of the best investigated biometric characteristics with a long history of person identification regarding law enforcement. A wide range of automated fingerprint sensing and recognition solutions exist.

However, the existing solutions still suffer from significant weaknesses regarding the problem of detecting artefact fingerprint representations, which greatly limit their applicability for unsupervised identification scenarios such as automated border control.

In his thesis, Sousedik investigated Optical Coherence Tomography as a novel scanning technology for fingerprint sensing, with the aim of developing a fingerprint sensor that is very difficult to deceive with artefact fingerprints and as such would offer a solution to the problem.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

First external opponent: Professor Dr. Anil K. Jain, Department of Computer Science and Engineering , Michigan State University, USA.
Second external opponent: Dr. Arjan Kuijper, Fraunhofer Institute for Computer Graphics Research IGD & Technische Universität Darmstadt, Germany.
Internal member: Professor Dr. Anne C. Elster, Department of Computer Science, NTNU, Norway.
Committee administrator: Professor Stephen Wolthusen, Department of Information Security and Communication Technology, NTNU.

Ctirad Sousedik carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik. His main supervisor was Professor Christoph Busch, Department of Information Security and Communication Technology, NTNU in Gjøvik and co-supervisor was Professor Patrick Bours, Department of Information Security and Communication Technology, NTNU in Gjøvik.

Congratulations!

The title of his thesis is “Data Loss Prevention for Cross-Domain Information Exchange”.

In this thesis, novel methods are introduced for preventing and detecting incidents where sensitive data is leaked to third parties. The methods proposed are especially suitable for situations where isolated military systems are to be connected.

Loss of sensitive data is a widespread problem with potentially severe consequences. The topic of this thesis revolves around the construction of methods for detecting and preventing such incidents in situations where it is necessary to exchange information across computer systems. This is a scenario which is common in the military sector where one often needs to transfer information between systems that have been compartmentalised for security reasons. Increasingly data labellingbased security mechanisms are also being utilized in the civilian sector.

The users of existing systems must manually specify the security classification level for each individual file before it can be transferred. For example, an email can be labelled as “Unclassified” before it is sent to an external recipient. This assumes that the user is behaving non-maliciously and always assigns the correct security labels. To address this shortcoming, we have developed mathematical methods that, using the textual contents, predicts the appropriate security classification level. By inspecting all documents that are transferred between computer systems we are then able to decrease the likelihood of sensitive data leaking to third parties.

The work has been conducted at the Norwegian Defence Research Establishment in collaboration with the Institute of Technology Systems.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

First opponent: Associate Professor Stefan Axelsson, Department of Information Security and Communication Technology, NTNU, Norway.
Second opponent: Research Associate Kellyn Rein, Fraunhofer FKIE, Standort Wachtberg, Germany.
Third opponent: Professor Tor Skeie, Department of Informatics, University of Oslo.
Chair of defence: Professor Fritz Albregtsen, Department of Informatics, University of Oslo.

Kyrre Wahl Kongsgård carried out his PhD work at the Department of Informatics, University of Oslo. His main supervisor was Associate Professor Nils Agne Nordbotten, Department of Informatics, University of Oslo and Co-supervisor was Professor Federico Mancini, Norwegian Defence Research Establishment.

Congratulations!

22nd of September Kyiv became an epicentre of blockchain-insights and expertise. Leading world and Ukrainian experts shared relevant information on successful applications of advanced blockchain technology in various industries and told about fintech trends, the future of ICO and crypto currency. BlockchainUA brought together 1000+ participants, including leading industry experts, representatives of the state sector, business and financial sector, investors, start-ups and IT-developers.

More than 50 experts from 10 countries spoke about their experiences and development opportunities of blockchain technology in the financial industry.

The conference included the following platforms: Main Stage that covered the issues of key blockchain trends, practical application of the technology and its prospects; Product Stage, where product solutions with the use of distributed technologies were represented; and the Tech Stage, where a pitch-session for start-ups took place.
All participants were able to visit exhibition area – Startup Alley, where leading blockchain industry companies presented their solutions.

COINS supported Dmytro Piatkivskyi to attend the BlockchainUA in Kyiv, Ukraine.

The title of her thesis is “Low-Latency Key Exchange and Secure Channels” and the given topic for his trial lecture was “Functional encryption”.

In this growing and changing world, flexibility and adaptability in communication are
increasingly prioritized. As such, security demands must also adapt, and there is an
ever-present challenge to achieve optimal security in these new settings. Consequently,
Britta Hale’s thesis addresses security considerations under non-traditional settings. She starts by considering data sent before a key exchange, progressing to data sent in parallel to a protocol, and then to varying data and channel demands after a key exchange has taken place. These results are meaningful for researchers and implementors alike, providing constructions and models and enabling identification of the strengths and weaknesses of cryptographic schemes and protocols.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

First external opponent: Dr. Jan Camenisch, IBM Research, Zürich, Switzerland.
Second external opponent: Adjunct Professor Michel Abdalla, Ecole Normale Supérieure, Paris, France.
Committee member and administrator: Professor Kristian Gjøsteen, Department of Mathematical Sciences, NTNU, Norway.

Britta Hale carried out her PhD work at the Department of Information Security and Communication Technology, NTNU in Trondheim. Her main supervisor was Professor Colin Boyd, Department of Information Security and Communication Technology, NTNU Trondheim, Norway.

Congratulations!

The title of his thesis is “A Modular Security Analysis of EAP and IEEE 802.11” and the given topic for his trial lecture was “Group key exchange”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

First external opponent: Professor Liqun Chen, University of Surrey, Great Britain.
Second external opponent: Professor Tibor Jager, Paderborn University, Germany.
Committee member and administrator: Professor Kristian Gjøsteen, Department of Mathematical Sciences, NTNU.

Håkon Jacobsen carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Trondheim. His main supervisor was Professor Danilo Gligoroski, Department of Information Security and Communication Technology, NTNU in Trondheim and co-supervisor was Professor Colin A. Boyd, Department of Information Security and Communication Technology, NTNU in Trondheim.

Congratulations!

CHES is the leading conference on hardware security and the largest international cryptography conference.

The annual CHES conference highlighted new results in the design and analysis of cryptographic hardware and software implementations. The workshop built a valuable bridge between the research and cryptographic engineering communities and attracted participants from industry, academia, and government organizations. In addition to a single track of high-quality presentations, CHES 2017 offered invited talks, tutorials, a poster session, and a rump session.

COINS supported Xiaojie Zhu to attend the Conference on Cryptographic Hardware and Embedded Systems 2017 in Taipei, Taiwan.

The use of data science for cyber-security applications is a relatively new paradigm. This includes deployment of statistical methodology, machine learning, and Big Data analytics for network modelling, anomaly detection, forensics, risk management, and more.

This conference aimed to showcase cutting-edge research in statistical cyber-security in academia, business and government, as well as helped to align these endeavours.

This was the third of a biennial series of workshops on the topic.

COINS supported Ijlal Loutfi to attend the Data Science for Cyber-Security conference in London, UK.

The MMS workshop was held in Svolvær, in the archipelago Lofoten, Norway during September 4-8, 2017.

The program was constructed around a series of tutorial talks by the number of invited speakers. Topics included:

• foundational theory in cryptography
• the design, proposal, and analysis of cryptographic primitives
• coding theory
• sequences and their applications in coding theory and cryptography
• correlation and transformation of Boolean functions
• finite fields theory and its application in cryptography in cryptography.

COINS supported six students to attend the Mathematical Methods for Cryptography workshop in Svolvær, Norway.

Here are their pictures and reflection reports:

• Bo Sun
• Irene Villa
• Navid Ghaedi Bardeh
• Isaac Andres Canales Martinez
• Andrea Tenti
• Nikolay Stoyanov Kaleyski

Workshops were held in conjunction with the Symposium, on September 14-15, 2017

COINS supported four students to attend the ESORICS 2017 in Oslo, Norway.

Here are their pictures and reflection reports:

• Dmytro Piatkivskyi
• Sergii Banin
• Ijlal Loutfi
• Christopher Carr

The Secure Cloud Services and Storage Workshop 2017 was held in Oslo, Norway on the 10th of September 2017.

COINS supported three students to attend the Secure Cloud Services and Storage Workshop 2017s in Oslo, Norway.

Here are their pictures and reflection reports:

• Britta Hale
• Martin Strand
• Ijlal Loutfi

The BFA  workshop 2017 was held in Os, south of Bergen, Norway during July 3-8, 2017.

Topics included:

• foundational theory of Boolean functions and discrete structures
• the design, proposal, and analysis of cryptographically significant (vectorial) Boolean functions
• the theory and construction of quantum Boolean functions
• the theory of finite fields and its applications in cryptography and coding theory
• the applications of Boolean and vectorial functions to FHE, SCA counter-measures, affine extractors etc.

COINS supported three students to attend the Boolean Functions and their Applications in Os, Norway.

Here are their pictures and reflection reports:

• Irene Villa
• Bo Sun
• Navid Ghaedi Bardeh

The title of his thesis is “Scalable Data Processing and Analytical Approach for Big Data Cloud Platform” and the given topic for his trial lecture was “Fog computing for big data processing”.

In the current “information explosion era”, data is increasing dramatically every year. Tackling the challenges posed by collecting large-scale data is trending to a superabundance of data management systems characterized by horizontal scalability.
Data has become a critical commodity in organizations and data analysts are struggling to make optimal business decisions, due to the challenges in Big Data management: volume, velocity, variety, veracity, and value. Large-scale data analytics is turning into a computational resource paradigm due to already unprecedented yet fast growing requirements such as scalability, data intensiveness, high availability, fault tolerance,
and the ability to handle diverse data structures. As these problems grow in scale, parallel computing resources are required to meet computational and memory requirements. The growing demand for large-scale data analysis and mining applications has resulted in both industry and academia designing highly scalable data-intensive computing platforms.
Large-scale analysis requires clusters of connected computers to allow high performance in environments such as cloud computing. As cloud computing clusters grow in size, the following key challenges have arisen: heterogeneity of the system, hidden complexities, time limitations, and scalability. Other challenges such as failure prediction and anomaly detection of components in the cluster components are also important factors that must be addressed while running Big Data applications. Although, some solutions to these challenges are already available for small-scale systems, a scalable approach for effective performance diagnosis and pre-diction is needed. This dissertation addresses these needs and proposes solutions (like a distributed scalable analytics framework) that enrich the cloud platform and enable high-performance processing on a large scale. The contribution of this dissertation is demonstrated by applying state-of-the-art processing framework and consequently improving data center overall performance by predicting failures and detecting anomalies. The framework enables Big Data applications to gain an advantage using cloud computing such as scalability and elasticity.
Additionally, it proposes a state-of-art solution for permanently deleting data stored by Big Data applications. Herein solutions for securely deleting cloud data are evaluated, and a novel secure deletion tool for Hadoopclusters is also proposed.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Assistant Professor Artur Klepaczko, Lodz University of Technology, Poland.
• Second external opponent: Professor Yan Zhang, University of Oslo, Norway.
• Committee member and administrator: Assistant Professor Erlend Tøssebro, Faculty of Science and Technology, Department of Electrical and Computer Engineering,  University of Stavanger, Norway.

Bikash Agrawal carried out his PhD work at the Department of Electrical Engineering and Computer Science, University of Stavanger. His main supervisor was Associate Professor Tomasz Wiktorski, University of Stavanger and a co-supervisor Professor Chunming Rong, University of Stavanger.

Congratulations!

COINS supported two students to attend the Summer School on Cybersecurity and Privacy (CySeP) in Stockholm, Sweden.

Here are their pictures and reflection reports:

• Jayachander Surbiryala
• Xiaojie Zhu

The title of his thesis is “Cyber Security Risk Assessment Practices. Core Unified Risk Framework” and the given topic for his trial lecture was “Security in the Internet of Things: Key Threats and Controls”.

The media reports new incidents caused by poor information security practices on a daily basis. Be it e-mail leakages, vulnerable industrial control systems, breached political parties, or third-parties causing trouble, it is all caused by poor security risk management practices. The complexity in the information and cyber security domain increases on a daily basis, which makes identifying, analyzing, and controlling the relevant risk events a major challenge. Gaining the upper hand and becoming proactive in the security work is a big piece of the puzzle. Wangen’s research addresses several aspects of Cyber and Information Security Risk Assessment (ISRA) and Management (ISRM) Practices and contributes to novel research problems, methods, models, and knowledge within the discipline.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Sabrina De Capitani Di Vimercati, Università degli Studi di Milano, Italy.
• Second external opponent: Professor Mathias Ekstedt, Royal Institute of Technology, Stockholm, Sweden.
• Committee member and administrator: Professor Guttorm Sindre, Department of Computer Science, Faculty of Information Technology and Electrical Engineering, NTNU.

Gaute Bjørklund Wangen carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik. His supervisor was Professor Einar Snekkenes, Department of Information Security and Communication Technology, NTNU in Gjøvik and co-supervisor was Professor Stewart Kowalski, Department of Information Security and Communication Technology, NTNU in Gjøvik.

Congratulations!

COINS supported Navid Ghaedi Bardeh to attend the Spring School on Lattice-Based Cryptography in Oxford, England.

The 2nd EuroS&P edition was held on April 26-28, 2017 in Paris at UPMC Campus Jussieu, right before EUROCRYPT 2017, which also has happened in Paris. The affiliated events were organized jointly with EUROCRYPT on April 29-30, 2017.

COINS supported three students to attend the 2nd EuroS&P in Paris, France.

Here are their pictures and reflection reports.

• Romina Muka
• Chris Carr
• Ashish Rauniyar

The conference brought together experts and young researchers from all over the world to exchange ideas and discuss recent developments in the areas that have interested Pr. C. Carlet. The presentations focused on some of the many topics that Claude has worked on during his career; like error correcting codes, Boolean functions for cryptography and bent functions, substitution boxes for block ciphers, authentication schemes, secret sharing, side channel attacks, and recently fully homomorphic encryption; and other topics as well, like information theory, algebraic cryptanalysis and polynomial systems, quantum cryptology, protocols based on the identity or attributes, algebraic identification, signature and non-repudiation, communications and network security, Internet of Things and Mobile agents security.

The presentations focused on some of the many topics that Claude has worked on during his career; like error correcting codes, Boolean functions for cryptography and bent functions, substitution boxes for block ciphers, authentication schemes, secret sharing, side channel attacks, and recently fully homomorphic encryption; and other topics as well, like information theory, algebraic cryptanalysis and polynomial systems, quantum cryptology, protocols based on the identity or attributes, algebraic identification, signature and non-repudiation, communications and network security, Internet of Things and Mobile agents security.

COINS supported Irene Villa to attend the Codes, Cryptology and Information Security Conference in Rabat, Morocco.

The title of his thesis is “Resilience of Infrastructure Networks: Byzantine Consensus, Interdependencies, and Optimisation in Sparse Networks” and the given topic for his trial lecture was “Software Defined Networking and complex networks”.

The thesis investigates topics regarding the fact that our growing dependence on critical infrastructure systems demands highly available systems that provide an efficient, reliable, and secure service, even in the presence of malicious attacks.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Researcher Dr. Gilles Tredan, Laboratory for Analysis and Architecture of Systems, France.
• Second external opponent: Associate Professor Rebecca Montanari, Department of Informatics, University of Bologna, Italy.
• Internal opponent: Professor Sokratis Katsikas, Department of Information Security and Communication Technology, NTNU in Gjøvik.
• Administrator for the assessment committee: Associate Professor Sokratis Katsikas, Department of Information Security and Communication Technology, NTNU in Gjøvik.
• Dean Nils Kalstad Svendsen, Department of Information Security and Communication Technology, NTNU in Gjøvik, led disputation.

Goitom Kahsay Weldehawaryat carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik. His supervisor was Professor Stephen Wolthusen, Department of Information Security and Communication Technology, NTNU in Gjøvik and co-supervisor was Professor Slobodan Petrovic, Department of Information Security and Communication Technology, NTNU in Gjøvik.

Congratulations!

The title of his thesis was “SPARQL on the Open, Decentralised Web“.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Research Associate Andreas Harth, AIFB, Karlsruhe Institute of Technology, Germany.
• Second external opponent: Associate Professor Katja Hose, Department Of Computer Science, Aalborg University, Denmark.
• Internal opponent: Associate Professor Volker Stolz, Department of Informatics, University of Oslo.
• Administrator for the assessment committee: Associate Professor Ellen Munte-Kaas, Department of Informatics, University of Oslo.

Kjetil Kjernsmo carried out his PhD work at the Department of Informatics, Univerity of Oslo. His main supervisor was Professor Martin Giese, Department of Informatics, University of Oslo. His co-supervisor was Arild Waaler, Department of Informatics, University of Oslo

Congratulations!

The title of his thesis is “Towards Practical Privacy-Preserving Distributed Statistical Computation of Health Data” and the given topic for his trial lecture was “Security and privacy of Bitcoin”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Alan F. Karr, CODA and Social Statistics Program RTI International, USA.
• Second external opponent: Professor Vladimir A. Oleshchuk, Department of Information and Communication Technology, University of Agder.
• Internal opponent: Associate Professor Weihai Yu, Department of Computer Science, UiT – The Arctic University of Norway.
• Administrator for the assessment committee: Associate Professor Weihai Yu, Department of Computer Science, UiT – The Arctic University of Norway.

Kassaye Yitbarek Yigzaw carried out his PhD work at the Department of Computer Science, UiT – The Arctic University of Norway. His main supervisor was Professor Johan Gustav Bellika, Department of Clinical Medicine, Faculty of Health Sciences, UiT – The Arctic University of Norway and the Norwegian Centre for E-health Research at the University hospital of North Norway. His co-supervisors were Associate Professor Anders Andersen, Department of Computer Science, UiT – The Arctic University of Norway; Professor Gunnar Hartvigsen, Department of Computer Science, UiT – The Arctic University of Norway; Professor Fred Godtliebsen, Department of Mathematics and Statistics, UiT – The Arctic University of Norway; Gro Berntsen, Chief Researcher, The National Research Center in Complementary and Alternative Medicine; and Associate Professor Stein Olav Skrøvseth, Centre Director, Norwegian Centre for E-health Research at the University hospital of North Norway.

Congratulations!

The Security Divas 2017 conference took place on the 26th and 27th of January at Strand Hotell in Gjøvik for seven years in a row and collected over 160 women.

Women with an interest in information security and ICT were gathered at Security Divas 2017, a two-day conference focused on the topic of “confidence and trust in the digital society”. New for this year’s conference was a setup of two slots at the end on the first day. One track was about “the digital society” and the second track was more technical and referred to “technology and development.”

Security Divas since its establishment in 2010 has grown to be an important network for women who have also been added positive international attention. It was a great pleasure over the years to have more lectures in English, including Aglika Klayn from the European Cybercrime Centre (EC3) in Europol, this year. Ms. Klayn opened the conference with a post where she explained EC3 its role in fighting cybercrime.

The conference place was full of participants, and professional expert presenters contributed with different perspectives on the topic “security and confidence in the digital society.” There were many opportunities to present and to acquire new insights and be inspired by others.

COINS supported Tetiana Yarygina to attend the Security Divas  2017 in Gjøvik, Norway. Here is her travel report

International Conference BIP001 was a focused and compact meeting of blockchain professionals, dedicated to discussing the application of Blockchain technology to existing problems in the society. The aim of the conference was to gather the greatest influencers within the blockchain space and combine several days of serious discussions with excellent networking.

COINS supported Dmytro Piatkivskyi to attend the BIP001 2017 in Kiev, Ukraine.

The conference was comprised of the NIK, NOKOBIT, NISK, and UDIT conferences which are all well-established, Norwegian, academic conferences spanning different branches of ICT, computer science, information sciences, and information systems.

The conference was supported by the IKTPluss programme of the Norwegian Research Council.

COINS supported 5 students to attend the NISKt 2016 in Bergen, Norway. Here are their travel reports:

• Dmytro Piatkivskyi
• Felix Schuckert
• Bo Sun
• Xiaojie Zhu
• Manish Shrestha          

The title of her thesis is “Process Tracking for Forensic Readiness” and the given topic for her trial lecture was “Search Algorithms for Intrusion Detection”.

Liao has looked at how companies can collect and preserve potential evidence in advance if they were to experience a cyber attack. Perpetrators need access to system resources to commit cybercrime. Liao has researched opportunities for companies to keep low-level operating system logs. She has found ways that a company can preserve reliable evidence and thus be prepared for a possible digital investigation.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

• First external opponent: Professor Felix Freiling, Lehrstuhl für Informatik 1, Universität Erlangen-Nürnberg, Germany.
• Second external opponent: Junior Professor Delphine Reinhardt, Institute of Computer Science, Rheinische Friedrich-Wilhelms, Universität Bonn, Germany.
• Internal opponent: Associate Professor Stefan Axelsson, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.
• Administrator for the assessment committee: Professor Slobodan Petrovic, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.
• Head of section Laura Georg, Faculty of Computer Science and Media Technology, NTNU in Gjøvik, led disputation.

Yi-Ching Liao carried out her PhD work at the Faculty of Computer Science and Media Technology, NTNU. Her supervisor was Professor Hanno Langweg, Faculty of Computer Science and Media Technology, NTNU in Gjøvik and Co-supervisor was Professor Katrin Franke, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.

Congratulations!

Kiran Bylappa Raja successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Friday, the 11th of November 2016 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Robust Biometric Verification based on the Eye Region – Algorithms for Visible Spectrum Image Data” and the given topic for his trial lecture was “Evading Ubiquitous Face Recognition”.

Popular mobile banking and e-commerce applications like Google Wallet, Apple Pay and Ali Pay have resulted in the use of smartphones for secure access of services via biometric data captured from an embedded sensor.

Now the improved optics on smartphones have been explored for biometric data capture in a contactless manner as well. This can be used for various secure authentication applications. Specifically, the applications are exploring face, periocular and iris characteristics for smartphone-based authentication using the embedded camera.

Raja presented a set of robust algorithms and techniques to use iris, periocular and face data for authentication applications when captured from smartphones in the visible spectrum. He has improved the biometric systems by detecting spoofing attacks and thereby making the authentication applications trustworthy on smartphones.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Dr. Arun Ross, Department of Computer Science and Engineering, Michigan State University, USA.
• Second external opponent: Professor  Dr. Raul Sanchez-Reillo, Electronics Technology Department, University Carlos III of Madrid, Spain.
• Internal opponent: Associate Professor Dr. Laura Georg, Norwegian Information Security Laboratory (NISlab), Faculty of Computer Science and Media Technology, NTNU in Gjøvik.
• Administrator for the assessment committee: Professor Stephen Wolthusen, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.
• Dean Nils Kalstad Svendsen, Faculty of Computer Science and Media Technology, NTNU in Gjøvik, led disputation.

Kiran Bylappa Raja carried out his PhD work at the Faculty of Computer Science and Media Technology, NTNU. His supervisor was Professor Christoph Busch, Faculty of Computer Science and Media Technology, NTNU in Gjøvik and Co-supervisor was Dr. Raghavendra Ramachandra, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.

Congratulations!

The title of his thesis is “Innovative methods for large-scale fingerprint identification systems” and the given topic for his trial lecture was “Privacy Threats Emanating from Personal Drones”.

Fingerprint recognition has gained wide acceptance and great popularity since fingerprint recognition based applications have been adopted in diverse scenarios. However, new challenges also emerge along with the extensive deployment of these systems. During the recognition process, a shorter response time is always desirable when an individual needs to be identified in a system with a database consisting of millions of fingerprints. Fingerprint protection is also important to avoid the fingerprints being accessible for a third party.

Li has investigated innovative methods which can benefit large-scale fingerprint identification systems in terms of accuracy, efficiency and security. This includes a fingerphoto quality assessment approach, fingerprint indexing in order to accurately and efficiently establish the identity of an individual in large-scale fingerprint identification systems and protection of fingerprint information.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Assistant Professor Dr. Paulo Lobato Correia, Universidade de Lisboa, Portugal.
• Second external opponent: Junior Assistant Professor  Dr. Matteo Ferrara, Universita di Bologna.
• Internal opponent: Associate Professor Dr. Sule Yildirim-Yayilgan, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.
• Administrator for the assessment committee: Professor Stephen Wolthusen, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.
• Professor Stephen Wolthusen led disputation.

Guoqiang Li carried out his PhD work at the Faculty of Computer Science and Media Technology, NTNU. His supervisor was Professor Christoph Busch, Faculty of Computer Science and Media Technology, NTNU in Gjøvik and Co-supervisors were Associate Professor Bian Yang, Faculty of Computer Science and Media Technology, NTNU in Gjøvik and Professor Patrick Bours, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.

Congratulations!

The title of her thesis is “User-centered Design and Evaluation of Health Information Technology“ and the given topic for her trial lecture was “Health Information Technology: Status, trends, issues and challenges”.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

• First opponent: Dr. Gareth Loudon, Cardiff School of Art & Design.
• Second opponent: Professor Elizabeth Borycki, University of Victoria.
• Professor Andreas Prinz, Univeristy of Agder, was the administrator for the assessment committee.

Berglind Fjóla Smáradóttir carried out her PhD work at the Faculty of Engineering and Science, Univeristy of Agder, Specialisation in Information and Communication Technology (ICT). Her supervisor has been Professor Rune Fensli, University of Agder, while co-supervisor has been Professor Vladimir Oleshchuk, University of Agder.

Congratulations!

The school brought together PhD students, postdoc researchers and security experts from industry of

• Secure hardware and physical security
• Cryptography for the Internet
• Formal methods in cryptography
• Wireless security
• Crypto for systems security
• Privacy enhancing technologies
• Traffic analysis and countermeasures
• Recent developments in symmetric-key crypto

COINS supported Ilir Bytyci to attend the Summer school on real-world crypto and privacy 2016 in in Šibenik, Croatia. Here is his travel report

The northernmost crypto workshop ever organised, Arctic Crypt 2016, took place in the period of July 17-22 in spectacular arctic surroundings under the midnight sun in Longyearbyen, Svalbard at 78° north.

The program was constructed around a series of 10-12 invited tutorial talks on any cryptographic topic including, but not limited to:

• Foundational theory
• The design, proposal, and analysis of cryptographic primitives
• Crypto protocols, side-channel attacks, and other aspects of implementation
• Information theoretic approaches to digital security
• Recent trends in cryptography.

COINS supported 7 students to attend the Arctic Crypt 2016 in Longyearbyen, Svalbard. Here are their travel reports:

1. Britta Hale
2. Martin Strand
3. Herman Galteland
4. Tetiana Yarygina
5. Stian Fauskanger
6. Bjørn Greve
7. Shahram Rasoolzadeh

IACR Summer School on Blockchain Technologies “From cryptographic e-cash to modern cryptocurrencies” was the the first summer school on blockchains and cryptocurrencies. The schooling was focused on helping “bridge the gap between the cryptocurrency community and academia”.

IACR was thrilled to host the event with many leading experts from academic backgrounds and executive positions in the industry. Students, researchers or professionals that were interested in the disruptive tech joined the classes in Greece.

COINS supported Chris Carr to attend the IACR Summer School Blockchain Technologies  2016 in Corfu, Greece. Here is his travel report

The title of his thesis is “Using Theories from Economics and Finance for Information Security Risk Management” and the given topic for his trial lecture was “Security and Insecurity with Open Source Software: Past, Present, and Future”.

In his thesis Pandey presents a method for investing in information security risk management. Information security practitioners face a challenging task of assessing the information security risks. Lack of complete information about all vulnerabilities in the system leads to difficulty in assessing the severity of vulnerabilities and estimation of the impact of an attack. There are technical tools to protect against cyber attacks, such as passwords, firewalls etc., and various insurance solutions if one were to be attacked. The problem is that conventional insurance does not have the capacity to cover huge losses. When it comes to cyber attacks losses may involve millions of dollars. In addition, an attack will have negative impact on share price and the organization’s reputation. Investors call for better risk mitigation strategies, and Pandey have chosen to address this issue from an economic perspective.

Gather knowledge to prevent attacks

With several scenarios taken from real life, Pandey presents a type of financial market related to information security, where anyone with knowledge and interest about information security can contribute to and profit from protecting against attacks. This type of market is called Information security prediction market, and can be an effective method to collect and take advantage of information that would otherwise be spread. The market is open to participate in buying and selling a variety of information security derivatives, such as Options. The economic benefit of investments in information security risk management is estimated as the value of the reduction in the impact of an uncertain future event, such as a cyber attack. In this regard it is important to be able to predict the events and their potential impact. All stakeholders have high interest in an attack not occurring. They will thus work towards a common goal to protect, by selling any information they have about software vulnerabilities. That way everyone will have the opportunity to profit from knowledge sharing. If an organization were to be attacked, the stakeholders are so many that it is possible to cover even huge losses. The system thus has the potential to help businesses in cases where they otherwise might not have survived.

Pandey’s research can help to prevent cyber attacks from happening and to mitigate the adverse effects after they have happened.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Dr. Wim Van Grembergen, Information Systems Management Group, University of Antwerp, Belgium.
• Second external opponent: Dr. Janne Hagen, Forsvarets forskningsinstitutt (FFI).
• Internal opponent and administrator for the assessment committee: Professor Dr. Stewart Kowalski, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.
• Dean Nils Kalstad Svendsen led disputation.

Pankaj Pandey carried out his PhD work at the Faculty of Computer Science and Media Technology, NTNU and Faculty of Applied Economics, University of Antwerp. His supervisors were Professor Einar Snekkenes, Faculty of Computer Science and Media Technology, NTNU in Gjøvik and Professor Steven De Haes, Department of Applied Economics, University of Antwerp, Belgium.

Congratulations!

The title of her thesis is “Cryptographic Enforcement of Attribute-based Authentication” and the given topic for her trial lecture was “Security in cloud storage”.

There are currently a lot of cloud-based services, such as cloud storage, cloud computing and data outsourcing. Consider Dropbox, one of the most popular cloud storage applications via which users can create special folders on their computers and save files within. Later, users can access these files from elsewhere, like mobiles, iPads or other computers. In addition, users can share files saved in Dropbox folders with other people. Cloud users can also employ cloud resources to perform complicated calculations. When utilizing cloud facilities, on the one hand, cloud users wish to keep their data safe and undisclosed from other Internet users and even service providers. On the other hand, users may also need more fine-grained control over their data, for example in term of how the data can be accessed.

Attribute-based authentication

To better protect users’ privacy, attribute-based authentication (ABA) offers a more privacy-preserving means of authentication in different access control systems. ABA is an approach of authenticating users according to their attributes, including name, address, phone number and age. By using attributes in place of users’ identity information, ABA presents anonymous authentication, or more specifically, ABA enables keeping users anonymous from their authenticators. In addition, the property of least information leakage provides superior protection of users’ privacy over popular public key-based authentication approaches. This property makes it possible to apply attribute-based authentication schemes in privacy preserving scenarios, like, cloud-based applications.

Cryptographic implementations of ABA schemes

The main focus of this dissertation is to investigate on the cryptographic implementations of ABA schemes, or ways to construct different types of ABA schemes according to various security requirements. In a traceable ABA scheme, normal users cannot acquire any information about the identity of a signer given their signature, but a special authority is necessary to trace the signer’s identity. On the contrary, neither normal users nor authorities can reveal signers’ identities in an untraceable ABA scheme.

More flexible and fine-grained authentication

Based on these two types of basic ABA schemes, hierarchical schemes can be achieved in combination with a hierarchical structure of users or attributes. By using hierarchical ABA schemes, a more flexible and fine-grained authentication and access control approach feasible.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

• First opponent: Professor Valtteri Niemi, Department of Computer Science, University of Helsinki, Finland.
• Second opponent: Professor Chunming Rong, Faculty of Science and Technology, University of Stavanger.
• Professor Ole-Christoffer Granmo, Univeristy of Agder, was the administrator for the assessment committee.

Huihui Yang carried out her PhD work at the Faculty of Engineering and Science, Univeristy of Agder, Specialisation in Information- and Communication Technology (ICT). Her supervisor has been Professor Vladimir Oleshchuk, University of Agder, while co-supervisor has been Associate Professor Geir Køien, University of Agder.

Congratulations!

The title of his thesis is “Adaptive Security in the Internet of Things” and the given topic for his trial lecture was “Big Data and Information Privacy: Approaches towards measurable Privacy”.

Internet of Things (IoT) aims to connect various devices or things including sensors, software, electronics and other physical objects to collect and exchange data. This interconnection makes it a heterogeneous and dynamic ecosystem in which achieving security efficacy has become a challenging task and critical concern.

Conventional security controls and risk management models have a limited protection scope, and they implement fixed or static mitigation strategies. Therefore, they cannot address the dynamic threat, they do not address other runtime objectives, such as usability, and respond to threats manually that increases latency in risk mitigation. Aman focuses on adaptive security, which can be an effective tool to address threats in IoT as it can observe, analyze and react to them dynamically.

Aman’s thesis contributes an Event-driven Adaptive Security (EDAS) model for IoT. The model feasibility is assessed using a developed prototype and a scenario-based evaluation method that provide clear evidence that EDAS is an efficient solution for IoT Security.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Pierangela Samarati, Universita`degli Studi di Milano, Italy.
• Second external opponent: Professor Josef Noll, UiO/UNIK – Universitetssenteret på Kjeller.
• Third external opponent: Associate Senior Lecturer Dr. Lothar Fritsch, Karlstads universitet, Faculty of Health, Science and Technology, Sweden.
• Professor Stephen Wolthusen, Faculty of Computer Science and Media Technology, NTNU in Gjøvik was the administrator for the assessment committee.
• Dean Nils Kalstad Svendsen led disputation.

Waqas Aman carried out his PhD work at the Faculty of Computer Science and Media Technology, NTNU. His principal supervisor was Professor Einar Snekkenes, NTNU in Gjøvik and co-supervisor was Senior Research Scientist Habtamu Abie, Norwegian Computing Centre (Norsk Regnesentral).

Congratulations!

Half of the US workforce is women and yet only 8-11% is in cybersecurity. So, to address the undeniable critical shortage of cybersecurity professionals in this country, it only makes sense to recruit from the other half …. to create opportunities and pathways such that more women can consider cybersecurity as a viable career option! Not to mention the power of diversity in solving complex challenges unique to this field. The WiCyS conference was created out of this common sense. WiCyS has become a community of opportunity/advice/answer seekers and providers, mentors and mentees, speakers and listeners, and most importantly, a community of peers.

COINS supported DijanaVukovic to attend the WICYS Women in Cybersecurity conference 2016 in Dallas. Here is her travel report.

COINS supported Antonio Gonzalez Burgueño to attend the ICISSP Doctoral Consortium 2016 in Rome. Here is his travel report.

COINS supported Seraj Fayyad to attend the HackCon 2016 conference in Oslo. Here is his travel report.

COINS supported Seraj Fayyad to attend the SECENTIS Winter School 2016 in Trento, Italy. Here is his travel report.

The title of his thesis is Continuous User Authentication and Identification: Combination of Security and Forensics.

It examines how to prevent unauthorized use of computers by using continuous authentication.

For most computer systems, once the user’s identity is verified at login, the system resources are available to that user until he/she locks the session. In fact, the system resources are available to any user during that period. This can lead to session hijacking, in which an attacker targets an open session, e.g. when the genuine user gets a cup of coffee, or leaves to talk to a colleague.

To avoid unauthorized use of a computer and its resources, a continuous check of the user’s identity is important. Continuous Authentication has built around the biometrics supplied by the user’s physical or behavioural characteristics and continuously checks the identity of the user throughout the session.

But once it is discovered that it is not the genuine user that is using the computer, it is important to be able to identify who the imposter is. Mondal is the first to look at the issue with identifying the imposter in this manner. He has contributed a dynamic model that is able to make a decision on the genuineness of the user after each single action performed by the current user, as well as an identification technique that has achieved good results.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Issa Traore, University of Victoria, ECE Department, ISOT Lab, Canada.
• Second external opponent: Assistant Professor Luuk Spreeuwers, University of Twente, Faculty of EEMCS, The Netherlands.
• Internal opponent: Associate Professor Basel Katt, AIMT, NTNU. Substitute for Basel Katt on 24 February was Professor Slobodan Petrovic, AIMT, NTNU.
• Associate Professor Sule Yildirim-Yayilgan, AIMT/NISlab, NTNU was the administrator for the assessment committee.
• Dean Nils Kalstad Svendsen led disputation.

Soumik Mondal carried out his PhD work at the Faculty of Computer Science and Media Technology, NTNU. His supervisor has been Professor Patrick Bours, NTNU, while co-supervisor has been Professor Christophe Rosenberger, ENSICAEN, France.

Congratulations!

Took place in June 15th-16th in Oslo, Norway, where participants got to experience world-class speakers like Raj Samani, Rik Fergusson and Ramsés Gallego, a fantastic three-track program, lots of perks and extras, and a hard-hitting rock-festival-party in the evening!

Some of the highlights of the program was: Jim Reavis, the CEO of Cloud Security Alliance gave a keynote on cloud security. The Cumulus-Project run a half-day workshop on certification of clouds services. A full-day track of e-health and government in joint-operation with IKT-Norge.

COINS supported Vivek Agrawal to attend the Cloud Security Alliance 2015 conference in Oslo. Here is his travel report.

Martin Aastrup Olsen successfully completed his PhD trial lecture and thesis defense at the Gjøvik University Collage on Thursday, the 17th of December 2015 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Fingerprint Image Quality ”.

It focuses on increasing ease of use, speed and reliability of systems for recognition of fingerprints on mobile, electronic ID cards and passports.

Biometric systems and specifically fingerprint recognition has been widely used in recent years, both in mobile and through increased use of electronic border controls and national IDs. It is critically important that the quality of the biometric information registered in the system are of the highest possible quality. With high quality minimizing one risk of getting fake discrepancies when comparing findings with data recorded. Among other things, the level of humidity in the fingerprint influence the final biometric performance, this is something Olsen has studied more closely.

In his thesis, Olsen rated quality assessment algorithms against known current algorithms, and has also conducted a survey of how skin moisture affects biometric performance. The research has resulted in a better understanding of the influence of environmental factors on biometric recognition, as well as a new dataset which supports research on the detection and reconstruction of the fingerprint images of low quality.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First Opponent: Prof. Dr. Javier Ortega-Garcia, Biometric Recognition Group, Escuela Politécnica Superior, Universidad Autonoma de Madrid, Spain.
• Other Opponent: Prof. Dr. Rasmus Larsen, Technical University of Denmark, DTU Informatics.
• Internal opponent: Prof. Dr. Laura Georg, Norwegian Information Security Laboratory (NISlab), IMT, GUC.
• Chairman of the Committee: Prof. Dr. Stephen Wolthusen, NISlab, IMT, GUC.
• Dean Nils Kalstad Svendsen led disputation.

Martin Aastrup Olsen carried out his PhD work at the Department of Computer Science and Media Technology , Gjøvik University College. His supervisor has been Professor Christoph Busch, while co-supervisor was professor Patrick Bours, both from Gjøvik University College.

Congratulations!

Mohsen Toorani successfully completed his PhD thesis defense at the University of Bergen on Monday, the 14th of December 2015 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Security protocols and related topics ”.

The following committee has been appointed to evaluate his thesis and defense:

• Pedro Peris-Lopez, Carlos III University of Madrid
• Stig Frode Mjølsnes, NTNU
• Håvard Raddum, Simula Research Laboratory

Mohsen Toorani successfully completed his trial lecture on Monday, the 16th of November 2015 and the given topic for his trial lecture was “Interactive Information Theory”.

Mohsen Toorani carried out his PhD work at the Department of Informatics, University of Bergen. His main supervisors were Professor Øyvind Ytrehus  and Professor Tor Helleseth, University of Bergen..

Congratulations!

NISK brought together people working in ICT security mainly from the national community, but also from the international community.

COINS student members participated in NISK.

Here are their pictures and reflection reports.

• Andrii Shalaginov

• Yi-Ching Liao

The title of his thesis is “Software-defined networking architecture framework for multi-tenant cloud environments enterprise”.

The Information and Communications Technology (ICT) infrastructure of a large-scale enterprise consists of a wide variety of computing, storage, and networking hardware and software. The demand for new services and business models is growing rapidly; however, traditional operating mechanisms and computing models can not cope with the trend.

Particularly, network infrastructure and services are complex and hard to manage. The reasons are various, including rudimentary interfaces and vertically integrated networking planes. The situation is more critical when network resources are off-premises. These resources have limited functionality, while offering less control.

The contribution of this thesis is twofold. First, several architectural improvements are proposed for network monitoring services. These proposals take advantage of the data-intensive computing model and SDN mechanisms to advance the state-of-the-art in monitoring backbone and data center networks. Second, various components of an SDN architecture framework are designed that enhance the efficacy, reliability, and manageability of a large-scale cloud infrastructure. The enhancements are particularly made to network virtualization techniques, which are the critical building blocks in the cloud service delivery.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• Professor Javier Lopez, University of Malaga, Spain
• Associate Professor Yan Zhang, University of Oslo
• Associate Professor Terje Kårstad, University of Stavanger, had been appointed as the administrator of the assessment committee.

Aryan TaheriMonfared carried out his PhD work at the Department of Electrical Engineering and Computer Science, University of Stavanger. His main supervisor was Professor Chunming Rong.

Congratulations!

Antorweep Chakravorty successfully completed his trial lecture and PhD thesis defense at the University of Stavanger and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Privacy preserving analytics on large scale data from smart homes”.

Antorweep Chakravorty carried out his PhD work at the Department of Electrical Engineering and Computer Science, University of Stavanger. His main supervisor was Professor Chunming Rong.

Congratulations!

Samson Gejibo successfully completed his trial lecture and PhD thesis defense at the University of Bergen on Thursday, November 5th, 2015 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Towards a Secure Framework for mHealth: A Case Study in Mobile Data Collection Systems”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• Associate Professor Bruce MacLeod, University of Southern Maine
• Dr. Patricia N. Mechael,  HealthEnabled
• Associate Professor Uwe Egbert Wolter, University of Bergen

Samson Gejibo carried out his PhD work at the Department of Infomratics, University of Bergen. His supervisors were Associate Professor Khalid Azim Mughal and Adjunct Associate Professor Federico Mancini.

Congratulations!

The conferences were co-located with the COINS Ph.D. student seminar.

Here are their pictures and reflection reports.

• Andrii Shalaginov

• Dijana Vukovic

• Ambika Shrestha Chitrakar

• Huihui Yang

• Britta Hale

• Leonardo Iwaya

• Tetiana Yarygina

• Håkon Gunleifsen
• Stian Fauskanger

The title of her thesis is “Understanding information security incident management practices: A case study in the electric power industry” and the given topic for her trial lecture was “Vehicular network security”.

The following committee has been appointed to evaluate her thesis, trial lecture and defence:

• Prof. Simone Fischer-Hübner, Karlstad University
• Dr. Klaus Kursawe, European Network for Cyber Security, The Hague
• Prof. Finn Arve Aagesen, Department of Telematics, NTNU

Prof. Finn Arve Aagesen, Department of Telematics, NTNU, had been appointed as the administrator of the assessment committee.

Maria Bartnes Line carried out her PhD work at the Department of Telematics, NTNU. Her main supervisor was Prof. Poul E. Heegaard.

Congratulations!