COINS summer school 2016 in Metochi

Welcome to the COINS summer school 2016 on Authentication

The COINS summer school is a one week intensive course for Ph.D. students in computer and information security and in related fields. In 2016 the summer school is offered at the UiA study centre in Metochi on Lesbos island, Greece.

outside of the rooms (two floors)

Identification and the verification of identity through authentication are essential aspects of security and privacy. Innovation in mechanisms for identification and authentication of entities is progressing fast, and new processes become increasingly complex by integrating multiple types of technology, abstraction layers, and platforms. The business models driving this innovation are partially based on the need for security and privacy, but also on the potential for data collection and tracing of users and devices in cyberspace and the IoT.

The COINS summer school 2016 will host a range of lectures by thought leaders and experts in the area of security and IAM (Identity and Access Management). Participants will learn a set of highly relevant technologies related to identification and authentication, such as

  • Low level technologies: biometrics, authentication protocols, 2/3/4G authentication, SS7 tracing, MAC identification, Wi-Fi authentication, Bluetooth authentication, Bluetooth beacons, Device identity and authentication, TPM (Trusted Platform Module) attestation and authentication, Digital signatures, WYSIWYS (What You See Is What You Sign)
  • Infrastructure technologies like Identity federation, Facebook Connect, BigData Machine Learning and Profiling, Online Privacy, FIDO (Fast Identity Online), SQRL (Secure Quick Reliable Login), OffPAD (Offline Personal Authentication Device), Browser PKI, DNS-PKI, DANE (DNS-based Authentication of Named Entities, Network forensics, Attack attribution, IMSI-catchers.

Report by Herman Galteland on the COINS summer school 2016

Report by Martin Strand on the COINS summer school 2016

Important dates:

Registration is closed

ENISA visit: Friday 29/7

Summer school: Saturday 30/7 to Saturday 6/8


kveldssamling_large_fullwidthThe University of Agder’s (UiA) study centre in Greece is located in a monastery annex which forms part of the well-known Limonos Monastery, on the island of Lesbos in the Aegean Sea. As a monastery annex Metochi was founded in the 16th century, and it has been renovated for seminars and study purposes in recent times. The monastery and study centre is characterized by simplicity, good opportunities for studies and reflection, and a traditional Greek kitchen. Metochi has its “agora” – a small “amphitheater” – for the good dialogue, a library for private studies, a lecture room for the good monologue, and a small courtyard and garden for thought and reflection.

Limonos, the main monastery, is a cultural centre in the Northeast Aegean. It was founded early in the 16th century, and holds great treasures from the Byzantine period. The monastery is central in the Byzantine tradition, and it was also important in the Greek people’s fight for independence almost a century ago.

Lesbos is the third largest island in Greece. It is about 100 km long and 50 km wide, and has approximately 125.000 inhabitants. The surroundings are beautiful, with a diverse flora and fauna. The monastery is located in the countryside 4-5 km away from the sandy beaches of the bay of Kalloni.


Mike Just, Heriot-Watt University, Edinburgh, UK: Usable security and authentication
Paris Kitsos, Digital IC dEsign and Systems Lab (DICES Lab), Computer and Informatics Engineering Dept (CIED), TEI of Western Greece, Patras, Greece: Hardware authenticity – Detection of Hardware Trojans and PUFs
Herbert Leitold, A-SIT, Austria: Federated identity management, STORK, eIDAS
Ravi Borgaonkar, University of Oxford: Authentication and related threats in 2G/3G/4G networks
Yong Guan, Iowa State University, USA: Network Forensics – Challenges and Open Problems

Titles of sessions might change while we finalize the programme.


Thursday 28/7 Travel to Athens for those visiting ENISA

Friday 29/7 Visit to ENISA’s authentication experts

  • 0915 Introduction and organization of the day (Dr. Andreas Mitrakas)
  • 0930 Technical guidelines implementing eIDAS Regulation – ENISA actions (Mr. Slawomir Gorniak)
  • 1000 Secure & privacy-preserving eID systems (Dr. Prokopis Drogkaris)
  • 1030 Coffee break
  • 1100 The eIDAS framework (Mr. Ilias Bakatsis)
  • 1130 Privacy by Design – from policy to technology (Dr. Stefan Schiffner)
  • 1200 TBD (Dr. Eugenia Nikolouzou)
  • 1230 Wrap up discussion; Q/A

Saturday 30/7 Arrival to Lesbos/Metochi, e.g. ATH-MJT 1615-1705

Sunday 31/7 Teaching

  • 0900-0930 Information meeting
  • 0930-1300 Session 1 – Mike Just: Usable security and authentication
    In this session you will learn about the importance of “human factors” for security, with a particular emphasis on authentication. Our focus will be on understanding how to evaluate the security of authentication techniques, and at the same time assess their usability. We will consider several techniques during our session, including passwords, challenge questions, and biometrics. Our focus will include currently deployed techniques, and we will also consider more recent proposals such as sensor-based techniques for authentication on mobile devices. At the end of this session, you should have a better understanding of the issues and challenges for usable authentication, and also have a basic understanding of how to examine the usability of other security technologies.
    Introduction: HCI & HCISec
    Password authentication
    Secondary and partial passwords: Are they secure and usable?
    Challenge question authentication
    Usable security & authentication: Implicit mobile authentication
  • 1700-1900 Session 2 – Mike Just: Usable security and authentication
  • After dinner – Dimitra Anastasopoulou: Secure control of smart thermal grids

Monday 1/8 Teaching

  • 0900-1200 Session 1 – Paris Kitsos: Detection of Hardware Trojans and PUFs
    Lecture and lab tutorial in hardware Trojan detection, e.g. covering FPGA implementation of an algorithm with an integrated Trojan and some initial method for detection.
    Please download and install the Vivado HL WebPACK on your laptop before you travel. We have Eduroam at Metochi, but many people downloading multiple GBs puts a load on the fiber cable for which it was not designed in that rural area…
  • 1200-1300 Session 2 – Paris Kitsos: PUFs (Physical Unclonable Functions)
  • 1700-1900 Session 3 – Paris Kitsos: PUFs (Physical Unclonable Functions)
  • After dinner – ArcticCrypt 2016, movie in the amphitheatre

Tuesday 2/8 Teaching

  • 0900-1300 Session 1 – Herbert Leitold: Federated identity management, STORK, eIDAS
    The EU eIDAS Regulation gives a legal framework on electronic identity (eID) and trust services in the EU and EEA. It asks Member States to recognise other Member States’ notified eIDs and to integrate those in public services by 2018. This European eID federation to some extent started with the Large Scale Pilots STORK and STORK 2.0. The summer school session “Federated Identity Management” will explain the technical basis of eID and eID federation. STORK is presented and the challenges and lessons learned are discussed from a technical, organisational, and legal perspective. The session will explain how that evolved to eIDAS, including the its technical specifications and their implementation.
    Slides (1 of 2)
    Slides (2 of 2)
    Demo ECAS
    Demo representation
  • 1700-1900 Session 2 – Herbert Leitold: Federated identity management, STORK, eIDAS
  • After dinner: TBD

Wednesday 3/8 Break/Independent Study

  • Social event: Molyvos Mithymna castle – Skala Sikamineas – Mandamados – Agia Paraskevi olive oil museum – Molyvos Captain’s Table

Thursday 4/8 Teaching

  • 0900-1300 Session 1 – Ravi Borgaonkar: Authentication and related threats in 2G/3G/4G networks
    Worldwide more than 6 billion people have active mobile subscription and more than 90% of the world’s population is covered by mobile networks. These mobile communication technologies including 2G,3G, and 4G provides a high level of security and trustworthiness for users and service providers. In this talk, we will look into their general architecture and security pillars in protecting users.
    The first part of this talk gives overview of subscriber authentication mechanisms and protocols used in 2G/3G/4G networks in detail. We then continue to discuss shortcomings in authentication and practical examples of real-world attacks. Finally, we will discuss challenges in securing next generation mobile communication networks.
    Authentication and related threats in 2G/3G/4G networks
  • 1700-1900 Session 2 – Ravi Borgaonkar: Authentication and related threats in 2G/3G/4G networks
  • After dinner: COINS 2017

Friday 5/8 Teaching

Saturday 6/8 Departure

Programme committee

Audun Jøsang, COINS steering committee, UiO
Hanno Langweg, COINS Scientific Director, NTNU

General chair

Hanno Langweg, COINS Scientific Director, NTNU

IMT6003 3 ECTS

Participants can register for the IMT6003 COINS Summer School course at NTNU. Successful completion is documented with 3 ECTS that can be used towards the taught component of a Ph.D. programme. COINS students can register free of charge for IMT6003. Students outside of COINS might be subject to an administrative fee. Please contact us if you are interested.

Students enrolling in IMT6003 need to actively participate in the summer school and document this participation. Documentation comprises:

  • A report on “Security challenges of cross-border authentication under special consideration of ENISA’s work on electronic identification and trust services”. Students may choose to focus on cross-border authentication aspects related to their Ph.D. projects, e.g. management/legal issues, interoperability, forensics, cryptography, biometrics. Minimum 4 pages A4, submitted as pdf to no later than Monday 2016-07-25T2359.
  • Students need to ask at least one question per day and need to document the question and answer in a reflection report.
  • A report on the summer school, summarizing all sessions, establishing connections between the topics of the session and relating authentication to the student’s own Ph.D. project. Minimum 6 pages A4, submitted as pdf to no later than Monday 2016-08-29T2359.

Practical information

dining area

Metochi Study Centre is located in a monastery dedicated to two Greek Orthodox saints, Saints Anargyroi (Kosmas and Damianos). The monastery was founded in the 16th Century as one of several annexes to the well-known Limónos Monastery. The monasteries are connected by a stone path from the same time period, stretching two kilometres over the hills. The annex Metochi has been restored in recent years, but is still characterized by its original simplicity.

Metochi study centre houses 25 bedrooms, 13 showers, 9 toilets, auditorium/lounge, library/reading room, dining hall, courtyard and churches. The conditions are simple with bedrooms for 1-4 persons in old monk cells. The bedrooms are modestly equipped.

(If you prefer to stay in a hotel, you can do so in Kalloni, e.g. at Hotel Malemi. Please note that COINS does not cover hotel accommodation outside of the study centre and that you would have to organise your own transfer between hotel and the study centre.)

The monastery is situated in the countryside by the bay of Kalloni, approximately one hour’s drive from the airport. The nearest town, Kalloni, is 3 km from the monastery. Kalloni is a local trading centre with banks, a post office, medical assistance, pharmacies and different shops. The sandy beaches of the bay of Kalloni are at a distance of 4,5 km from Metochi. By the beach is a small fisherman’s village, Skala Kalloni, with hotels, taverns, restaurants and bars. The landscape between the monastery and the villages is flat and well suited for bike rides.

The monastery is not in daily use by the church, but there are still restrictions as to activities and clothing. Participants are advised not to wear clothes equivalent to bathing outfits within the monastery walls. While visiting the main monastery Limónos, shoulders and knees should be covered.

Regular standard: Breakfast, lunch and dinner (warm meal) is included, with beverages (juice and wine) during the meals. The participants are provided with sheets (but not towels).

We recommend bringing a flashlight for dark nights and a sunhat for use during bike rides and excursions.

The participants are responsible for being covered by their own travel insurance. Those who have a European Social Security Card should bring it.

There is internet access and eduroam most places at Metochi.

Special diets

The kitchen at Metochi will, as far as possible, make alternative dishes for vegetarians and guests with allergies. It is not possible to obtain gluten-free bread locally, so guests with gluten allergies are requested to bring their own bread or crackers. Gluten-free options for breakfast are yogurt and honey, for lunch salad and cheese. It is possible to make a gluten-free dinner option. Gluten-free dessert will usually be fruit. Please contact the course-coordinator before the start of the seminar if there is a need for special diets or a vegetarian diet. Guests who require special diets may contact the office staff at the start of the course to review the menu.


Arriving at the monastery, cars might not be able to drive all the way to the entrance gate because of the narrow roads. The participants must therefore be prepared to walk for approx. 5 minutes with their luggage. If the arrival is scheduled after dark, having a small flashlight available will be helpful. If the arrival is after 20:00 sandwiches and drinks are served, otherwise dinner is served at 19:00-20:00. The Metochi information meeting usually takes place in the lecture room at 09:00-09.30 the day after arrival. Bike rental by a local partner can be arranged.

Getting there

When booking your flights, please note that COINS will reserve hotel rooms in Athens for those visiting ENISA: Athens Odeon Hotel. We will show up at ENISA on Friday morning, so your flight to ATH needs to arrive on Thursday.

1615-1705 ATH to MJT seems to be a practical and popular option to get to Lesbos from Athens on Saturday. Those arriving late usually come in with the 2130 plane from ATH.

Please let us know when you are going to arrive so that we can arrange for transfer from MJT airport to Metochi.

For direct connections from Norway, please investigate the offers from Lilleput – They offer direct flights OSL-MJT (with a stopover on Chios). The arrival time in Gardermoen on the return trip is a bit special, though; the upshot is that you can spend most of Saturday on Lesbos. They mostly sell packaged trips, so you might have to ask them for prices for the flight only.

It takes approximately one hour to get to Metochi from the airport. We envision to have common transfer for participants arriving within the same time window. Let us know in the registration from when you plan to land.

Check-out in Metochi is planned to happen right after breakfast so that the rooms can be prepared for the next group arriving on the same day.


COINS students/faculty: COINS covers travel and accommodation using the least expensive practical alternative. COINS will book hotel rooms in Athens. You need to pay for travel and will be reimbursed later following the usual procedures. The hotel in Athens and the Metochi study centre are being paid for by COINS centrally. Depending on the total number of participants, students may need to share rooms (though most probably everybody will have a single room). If you have preferences on sharing, please let us know.

SWITS/COINS partner students: COINS covers travel and accommodation under the same conditions as for COINS students. The offer is limited to a certain number of students. Students need to write a travel report reflecting on their experience and need to send us a picture of them wearing a COINS t-shirt in a summer school session.

Other students/faculty: COINS covers accommodation at Metochi under the same conditions as for COINS partner students, but participants have to cover their travel themselves. In addition, a fee of 300 EUR is to be paid for the week (Saturday-Saturday). If you would love to attend, but could not because of a lack of funds, please get in touch with us. We have a limited support budget for students that do research in the field of authentication and who make a compelling case on why their attendance would contribute to the summer school.